Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Alt-Svc
X-Adblock-Key
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Age
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Id-2
X-Amz-Request-Id
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
EagleId
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
X-Request-ID
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Server-Id
X-WebKit-CSP
Feature-Policy
Server-Timing
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Rq
X-Host
Report-To
X-Ac
X-Node
Content-Location
X-OneAgent-JS-Injection
X-Cnection
X-Response-Time
X-Backend-Server
X-Cloud-Trace-Context
X-Origin-Cache
X-Application-Context
X-Readtime
Request-Id
Allow
Surrogate-Control
EagleEye-TraceId
X-ORACLE-DMS-ECID
X-Country
X-Vhost
X-DynaTrace
X-Cache-Lookup
X-TTL
X-Cdn
Pinterest-Generated-By
X-Rack-Cache
X-Origin-Upstream-Status
X-Clacks-Overhead
X-Url
NEL
X-Ua-Compatible
X-FTR-Request-ID
Rating
X-Ruxit-JS-Agent
X-Country-Code
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Dispatcher
X-Dns-Prefetch-Control
X-HW
X-CST
X-Goog-Hash
X-ORACLE-DMS-RID
X-Instart-Request-ID
Fusion-Component-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
X-DataStream-Cache-Status
X-DataDome
X-PC
X-TtlSet
X-Vname
Edge-Control
X-Px
X-VARITI-CCR
Service-Worker-Allowed
Verso
X-Mod-Pagespeed
X-Recruiting
X-MS-InvokeApp
X-Varnish-TTL
RTSS
X-D2id
X-Kinja
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Revision
X-Exp-Id
X-Use-Magma
X-Kinja-Build
X-Kinja-Server
X-Cdn-Fetch
SPRequestGuid
X-Vcap-Request-Id
X-Amz-Server-Side-Encryption
X-Abt-Application-Version
TCN
X-Navigation-Version
X-SharePointHealthScore
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-GitHub-Request-Id
Response
X-Middleton-Display
X-Middleton-Response
Display
X-Sol
X-Akam-SW-Version
X-Powered-By-Plesk
X-RateLimit-Remaining
MS-Author-Via
DynaTrace
Charset
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Shield-Request-Id
X-Forwarded-Proto
Realpath
X-Amz-Rid
ServerID
X-B3-TraceId
X-Powered-CMS
X-Upstream
Content-MD5
AR-CACHE
AR-ATIME
Ar-Sid
AR-PoweredBy
X-Trace
X-Version
Public-Key-Pins
X-ESI
Nginx-Cache
X-Goog-Generation
X-Goog-Stored-Content-Encoding
Fastly-Restarts
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Cached
X-Shard
X-Dw-Request-Base-Id
Accept-Ch-Lifetime
AR-Request-ID
MRF-Tech
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
Pagespeed
X-Server-Name
Access-Control-Request-Method
Paypal-Debug-Id
X-DynaTrace-JS-Agent
X-Grace
Accept-Ch
X-MSEdge-Ref
Accept-CH
X-Goog-Storage-Class
X-Client-IP
SPRequestDuration
SPIisLatency
S
X-Debug
X-FTR-Expires
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Backend
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-DC
X-Vcache
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Ezoic-Cdn
X-FastCGI-Cache
X-Amz-Meta-S3cmd-Attrs
X-Id
X-Fastly-Request-ID
Front-End-Https
X-N
X-Amzn-Trace-Id
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Proxy
X-NF-Request-ID
X-T
X-DIS-Request-ID
Arr-Disable-Session-Affinity
X-B3-Traceid
X-Content-Type
X-XRDS-Location
MicrosoftSharePointTeamServices
X-Hits
X-B3-Sampled
X-FTR-Cache-Host
X-Varnish-Age
X-Frontend
X-Ser
Arc-Version
Fastcgi-Cache
X-Acc-Meta-Resource-Type
X-Mobile-Rewrite
PB-PID
PB-RID
X-Logged-In
Server-Name
X-Content-Digest
X-Correlation-Id
Alternate-Protocol
X-Cache-Key
X-Srv
X-Node-Name
Nel
X-Pad
AMP-Access-Control-Allow-Source-Origin
X-Request-Handler-Origin-Region
X-Microsite
X-VCache
TP-Cache
FilterID
TP-L2-Cache
X-User-Agent
X-Type
X-Forwarded-For
Healthy
X-Rid
X-Kinsta-Cache
Host
X-LB-Cache
X-Request-Processing-Time
X-IPLB-Instance
X-F-Cache
X-Request-Received
Powered
X-Zen-Fury
X-Amzn-RequestId
X-Amz-Apigw-Id
Powered-By-ChinaCache
X-Esi
X-Cache-2
X-AOL-HN
Edge-Cache-Tag
X-Debug-Info
X-Revision
X-GUploader-UploadID
X-Cached-By
Backend-Timing
X-Analytics
X-Cache-Age
X-Via-JSL
X-HS-Hub-Id
X-HS-Content-Id
X-Hostname
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-XRDS-LOCATION
X-Accel-Expires
X-Cache-Rule
X-AppVersion
X-Az
X-Activity-Id
Surrogate-Key
Accept-CH-Lifetime
X-Varnish-Backend
VIX-Pulpo-Node
X-Content-Security-Policy-Report-Only
VIX-Pulpo-Upstream-Status
X-RateLimit-Limit
X-Instance
X-BCube-Filmed-By
X-Content-Options
X-Page-Id
X-Amz-Replication-Status
X-Content-Powered-By
X-FB-Debug
X-Varnish-Grace
X-Cluster
X-PHP-Backend
X-Tumblr-User
Server-Node
X-Tumblr-Pixel-0
X-Jobs
X-Tumblr-Pixel
X-Request-Guid
X-Akamai-Edgescape
Cleartype
Source
Refresh
X-B-Cache
X-Signature
X-Forwarded-Host
X-App-Environment
Cache-Status
X-TT
X-Framework
X-FW-Static
X-FW-Server
X-FW-Hash
X-Fastcgi-Cache
X-FW-Type
X-FW-Serve
Liferay-Portal
DC
X-Varnish-Hostname
X-ATG-Version
Tracecode
Accept-Charset
Fastcgi-Useragent
Access-Control-Allow-Method
Host-Header
X-Mobile
X-APP-VERSION
WPE-Backend
X-Cache-Action
X-Cache-Operation
X-Cache-Control
X-Edge-Location
X-Drupal-Cache-Tags
X-Time
X-Whom
X-B
Actual-Object-TTL
X-Cache-Hit
X-Mobile-URL
X-Accel-Buffering
X-Hp-Webp
Payment
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Response-Served-From
X-App-Server
X-WA-Info
X-TX-ID
X-Storage
X-NWS-LOG-UUID
X-WebKit-CSP-Report-Only
X-Oracle-Dms-Rid
X-Content-Age
NGB
X-Git-Hash
X-TT-TIMESTAMP
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cacheable-TTL
X-TA-CDN-Provider
Cache-Tv-Group
Upgrade-Insecure-Requests
Filters
X-SS-Set-Cookie
X-UA-Device-Type
Cache-Tag
X-Tumblr-Pixel-1
X-ProcessESI
X-GeoIP
X-Adobe-Loc
X-Adobe-Content
X-Handled-By
Viewport
Eomportal-Instance
X-Tumblr-Pixel-2
X-RemovedCookies
X-Status
X-RequestSource
X-Geo-Country
Retry-After
X-Presslabs-Stats
X-VG-WebCache
Webserver
X-FW-Dynamic
X-Cache-TTL-Remaining
X-Cache-TTL
Xserver
MS-CV
X-Seen-By
Datacenter
Cache
X-Server-ID
X-Host-Name
Server-Info
X-FB-TRIP-ID
X-Cache-Enabled
Frame-Options
X-B3-Spanid
X-Contextid
X-Ratelimit-Limit
X-RTag
X-Hyper-Cache
X-Ratelimit-Reset
Ms-Operation-Id
X-Generated-By
From-Origin
X-Origin-Server
X-Mode
Country
S-Cnection
X-CF-Powered-By
Load-Balancing
X-Cache-Var
X-Tumblr-Pixel-3
SRV
X-Cache-Config
X-RN-RSRV
X-Cache-Var-Map
Machine
X-ES-SERVER
X-Path-Route
Meta-Geo
X-MP-GENERATED-AT
X-Proxied
X-Cache-Grace
X-Section
X-Zipkin-Id
Vix-Hermes-Req-Id
X-Labrador-Cache-Channel
X-Upstream-HT
X-Upstream-CT
GEO-INFO
Cache-Key
X-Routing-Service
X-Access
X-PCL
X-Cache-Host
X-OCL
X-Loop
Decoy-Debug-Key
X-TNCMS
X-Upgrade-Enabled
X-Viewer-Country
X-Varnish-Cache-Hits
X-Web-Node
X-Drupal-Cache-Contexts
Decoy-Debug-Status
Decoy-Debug-TTL
X-Hit
Now
X-Varnish-Server
X-Backend-Name
X-From
X-Endurance-Cache-Level
X-Trace-Id
X-AWS-Id
X-CCM
X-Debug-Cache
X-Environment-Context
X-Akamai-Request-ID
X-Origin-Response-Time
X-LJ-Flow-ID
X-L-Path
X-VG-TLSProxy
Mn-Server-Ip
X-Human
X-Magnolia-Registration
X-Region
X-Rule
X-ShardId
X-Via-Fastly
X-Alternate-Cache-Key
X-ShopId
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
Rt-Fastcgi-Cache
X-EIG-Tracking-Id
X-VWS-Id
X-JoinUs
DSUID
X-R9-Blue-Green-Version
Cache-Name
X-Proxy-Build
X-Hosted-By
Mail-Subject
OT-Force-Account-Verify
We-Hiring
X-FC-Vary-Parameters
X-Timing-Wait
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated
DB-Nickname
X-Xfnlog-Site
X-Locale
ServedBy
X-Site-Version
X-Proto
X-NCache
X-Rendered-As
X-S
X-RCS-CacheZone
X-Guploader-Uploadid
X-PressLabs-Stats
X-Cluster-Node
X-Device-Type
Version
Akamai-GRN
X-Varnish-Hits
Release
X-Www-Served-By
Uber-Trace-Id
CACHE
X-Request-Time
X-Load-Cache
ProcessTime
X-IP
X-Time-Microsecs
X-VCT
X-Dc
X-Nginx-Cache
X-ProxyCache-Status
Time
X-ProxyCache-Key
NtCoent-Length
X-NewRelic-App-Data
X-BYPASS-REASON
X-Redis-Cache
Azure-Version
NGX
Azure-InstanceId
S-Rt
Azure-RegionName
Azure-SiteName
Cteonnt-Length
X-Wix-Request-Id
Azure-SlotName
X-Origin
X-FW-Version
X-Platform-Server
X-UUID
X-Akamai-Request-ID2
X-RateLimit-Reset
X-EdgeConnect-Cache-Status
X-CDN-Forward
X-Via-CDN
Property-Id
Webcakes-Region
X-No-Session
TWC-Connection-Speed
TWC-Privacy
Webcakes-App-Name
X-Origin-Hint
TWC-Locale-Group
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-LatLong
Webcakes-App-Version
X-GEO
X-Proxy
X-FireWall-Port
X-Daa-Tunnel
X-ECACHE
X-MServer
X-Cache-NE
X-Rocket-Nginx-Bypass
X-UA
X-Hl-Ver
X-IPS-LoggedIn
X-SERVER-NAME
X-HTML-Minification-Powered-By
X-Cache-Remote
X-ServerID
Odigeo-Trace-Id
X-Akamai-Transformed
Origin
X-PERF
X-ApacheServer
X-Vgn-Hpd-Reason
X-Format
X-CS
X-Distributor
X-Cache-Server
LB
Ec-Rule-Version
X-Oneagent-Js-Injection
Cache-Tags
Access-Control-Request-Headers
Fastly-SSL
Accept-Language
X-UnsetCookies
X-Tb
Hostname
L5d-Success-Class
X-Microcachable
X-Unique-ID
X-NC
X-Webkit-Csp
X-Pubstack
Origin-Edge-Control
Origin-Cache-Control
X-Real-IP
Served-By
X-Amzn-Remapped-Content-Length
X-Varnish-Cacheable
Fastcgi-X-Cache-Version
X-Connection-Hash
Xc-Version
MD5-Digest
Mobile-Detection-Method
Meta-Geo-Continent
X-D
X-DPWN-IS-SECURE
X-Cluster-Name
X-G
X-CF-Lambda-Version
X-Generated-On
X-Date
X-External-Request-Id
Node
X-Rebelmouse-Surrogate-Control
X-Edge-Server
Fly-Request-Id
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
X-Rebelmouse-Cache-Control
Cache-Prefix
Cdn-Host
A
Cache-Cookie-Set-From
AKAMAI
Arc-Country
AsisCache
BehaviorPad-Version
Cdn-Request-Time
Content-Script-Type
X-Region-Sid
Fly-Cache
X-Detected-As
GEO-REGION-INFO
X-Destination
Fastly-SWR
Fastly-SIE
X-App-Name
X-Application
Content-Style-Type
Cross-Origin-Window-Policy
X-AIR-PT
X-Cdn-Srv
X-Transaction
X-Trv-Group
X-Rojux
X-A-Ccd
X-B-Cookie
X-Twitter-Response-Tags
X-Developer
X-NU-AKA-ACS-Version
X-PAYTM-SRV-ID
VivaBuild
X-A
X-Org
X-A-Wwc
X-ARC
X-ScT
X-S-Maxage
X-A-Dgt
X-Server-Time
X-SRCache-Key
X-SVT-ORM-VERSION
X-A-Dam
X-SVT-ORM-RULES
X-A-Dcw
X-Varnish-Url
X-VG-WebServer
Request-Country
X-Aed
Request-EU
X-Request-UUID
Request-Time
Rendered-Blocks
X-Instart-Info
X-CF-Lambda-Fn
X-S-Cookie
X-IN-APIGATEWAY
Proxy-Firewall
REQUESTUUID
X-Internal-Host
X-Vtex-Remote-Cache
X-Is-Bot
X-Level-Front-Cache
X-Vtex-Processado-Em
X-Worker
X-Rewrite-Enabled
Server-ID
X-Accel-Expires-Debug
Viewtype
X-Cache-Bucket
X-Geo-Header
Rt-Proxy-Cache
X-BACKEND-TTL
Selected-Fe
X-B3-Parentspanid
IBM-Web2-Location
X-Grey
X-Cache-Category-Id
X-Compress-Hint
X-URL
X-Cache-Backend
X-ElasticPress-Search
Backend-Name
X-Location
True-Client-Country-4JS
Memcached
X-Epic-Correlation-Id
Is-Eu
HA-Ipaddr
X-NX-Host
X-PHP-Host
Gh-Request-Id
X-Nginx-Cache-Key
X-Eu-Site
Ha-Gx-Prefs
X-Method
X-HS-Combine-CSS
Section-Io-Cache
X-GeoIP-Country-Code
Resin-Trace
RNT-Machine
RNT-Time
Proxy-Connection
X-Fastly-Cache
X-HS-Cache-Config
X-Dynatrace-Js-Agent
On-Server
Server-Int
Platform
X-Backend-State
X-Developers
Apple-News-Services-Host
X-Skip-Cache
X-ServiceProvider
Content-Disposition
Apple-News-Services-Handled
X-Sn-Servicetimems
X-CGP
Apple-News-Services-Parsed-Url
X-We-Are-Hiring
X-Cdn-Origin
X-Variation
Apple-News-Services-Request-Url
X-Clientip
X-Debug-Cookies
X-C
X-Debug-Log
X-Cache-Id
X-Request-URI
Esi-Enabled
Countrycode
X-Core-Mission
X-Cache-Info
W
Adler-Geo
ServerName
X-Fetched-On
X-FPC
X-Clara-WADP
X-Dispatch
X-Cms-Context
X-Cache-FS-Status
X-Bip
X-Dispatcher-Server
X-Block-Status
X-Gannett-Site-Version
X-CDN-Cache
X-Li-Pop
X-TH-Server
X-Thanos
X-WADP-Cache
X-SIPLIST1
X-Servername
X-SD-PageType
X-Secret
X-WebServer
X-Wikidot-Backend
X-Distil-CS
X-TrackingId
X-Device-Os
X-BBXSRF
X-Wikidot-Static-Cache
UCS
X-Response-By
X-Request-Start
X-Irp-Debug
X-Key
X-Hnp-Log
X-Hash
X-Generation-Time
X-GeoIP-City
X-Li-Fabric
X-Auto-Login
X-Reboot
X-Reqid
X-Proxy-Cache-Status
X-Owner
X-LI-Proto
X-LI-UUID
X-Gen-Mode
X-Proxy-Upstream
SS
Server-Host
User-Cache-Control
V-Age
Web-Mar-Node
SD-X-WS
PFcat
Country-Code
CDCHOST
Fastly-Soc-X-Request-Id
L
N-Cache
X-Edge
IsBot
X-Amz-Meta-Cache-Control
X-SERVER
X-Server-IP
X-Swa-Ws
X-Webstats-RespID
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-VC-Cache
X-Azure-Ref-OriginShield
X-Pf-Uncompressing
X-Origin-Expires
X-Matched-Rule
X-Azure-Ref
CF-IPCountry
X-Thinkindot-L3
Kp-EeAlive
X-Origin-Date
Who
Thinkindot-Control
X-Release
X-Crawler
Wxu-Next-Region
X-VServer
Wxu-Next-Commit
Wxu-Next-Hostname
X-Nc
X-Qloud-Router
Locale
X-Parent-Response-Time
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Via-NSCOPI
X-Served-From
X-OVcl-Cache
X-Powered-By-Defense
X-OVcl
X-CUA
GW-Server
Powered-By
Heartbleed
Pramga
X-FE
X-Processor
X-Varnish-Ttl
X-Via-SSL
Magicmarker
X-Via-Edge
X-CLOUD-TRACE-CONTEXT
User-Agent
X-ABtesting
X-LAGOON
X-Flog
X-Ratelimit-Remaining
PageSpeed
X-Hello
X-Ua
X-Protected-By
X-Varnish-Beresp-Ttl
X-ND-Cache
Pagetype
Memory
Mime-Version
X-Be
X-Newrelic-Synthetics
X-Page-Type
X-Generated-In
X-User
X-Backend-Url
X-Backend-Host
X-Cache-Ttl
X-Up
X-Planisys-CDN-Rules
X-Fstrz
X-MSEdge-Flight
X-Tt-Trace-Tag
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
Pragrma
X-MSEdge-Features
X-GoCache-CacheStatus
X-Origin-TTL
X-Origin-CC
X-Ttl
X-Debug-Cache-Expiry
X-Soup
X-Geo
X-COUNTRY
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Backend-TTL
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Check-Cacheable
X-Zone
X-IN-WAF
Cache-Hits
Geoip-City
GeoIp-Country-Code
Geoip-Latitude
X-Core-Value
X-Phone
X-B3-SpanId
X-ZONE
X-DC
X-TT-LOGID
X-Say-TTL
X-Servedbyhost
X-SayCDN-TTL
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Say-Cacheable
X-Old-Content-Length
X-Litespeed-Cache
X-Akamai-SSL-Client-Sid
X-Cdn-Forward
X-CSRF-TOKEN
X-Real-Ip
X-Birta-Cache-Post
X-Birta-Served
X-VCL-Version
XServer
Cdn
X-Aicache-OS
X-Cache-Time
X-Mid
X-Datadome
Inserted-Into-Cache-At
X-HS-Status
WZWS-RAY
X-Node-Id
Dynatrace
SN
Fastly-Backend-Name
X-BC
X-MID
Amp-Access-Control-Allow-Source-Origin
X-Varnish-IP
X-Info
X-Ruxit-Js-Agent
X-Vcl-Version
X-IN-APIGATEWAYSSL
Ajk
X-Logtrace-Id
X-FORWARDED-FOR
Selected-FE
FSS-Proxy
FSS-Cache
HitType
X-EC-Lua
X-UPSTREAM-Address
X-Amzn-Remapped-Connection
X-Refresh
X-ServedByHost
X-Tb-Optimization-Total-Bytes-Saved
X-Amzn-Remapped-Date
X-Source
X-Contensis-Viewer-Groups
CF-Cached-On
Server-Surrogate-Control
X-Cache-ASPX
HostName
X-RateLimit-Remaining-Second
X-Agile-Id
X-RateLimit-Limit-Second
X-Agile-Age
X-Cache-Debug
X-Varnish-Authentication
X-Agile
X-Wa
Server-Cache-Control
X-APP
X-Bc
X-Proxy-Cacherz
GeoIP-Country-Code
Xkeyrz
RequestId
X-CSRF-Token
X-Nananana
Srv
PICS-Label
GeoIP-Latitude
X-GRACE
X-PJAX-URL
X-Via-Ucdn
MIME-Version
GeoIP-City
T-Server
X-NWS-UUID-VERIFY
X-App-Version
X-Web-Server
X-LiteSpeed-Cache-Control
X-WR-MODIFICATION
X-ECache
X-Render-Time
Ohc-File-Size
X-LB-ID
X-GDPR
X-TIME
WebServer
Cf-Ipcountry
Ohc-Cache-HIT
X-Varnish-Beresp-TTL
X-Policy
X-Micro-Cache
X-Tec-Api-Origin
X-Uri
URI
X-Unique-Id
X-Cache-Tag
X-SRV
SID
Xkeynj
X-Fastly-Country-Code
X-Tec-Api-Version
X-Tec-Api-Root
X-CACHE-KEY
CDN
X-BE
X-PAGE-TYPE
Is-Session-Tracking
Get-Access-Time
Group
DataCenter
X-Cache-Miss-From
HTTPS
X-Sedo-Request-Id
X-Requestid
X-MCACHE
Cache-Provider
X-Request-Url
X-SN
Backend
X-NGINX-Cache
Www
X-Fastly-Backend-Reqs
X-Service
X-ID
X-Edge-IP
Xet-Cookie
X-Pjax-Url
Warning
X-Apw-Access-Token
X-Vct
Lb
Pics-Label
X-Lb-Id
X-Instart-Isnd
X-Swift-Error
X-Apw-Access-Action
X-Apw-Hits
X-Var-Ttl
X-Apw-Access-Object
Cneonction
X-Dw-Trace-Id
X-Cache-Expires
X-Cf-Powered-By
Requestid
Correlation-Id
X-Ecache
X-WA
FNAC-ModuleRouting
X-Cdn-Request-ID
X-JWT-State
X-Has-Esi
Host-ID
Ohc-Response-Time
X-Is-Gdpr
X-Newrelic-App-Data
X-Bug-Bounty
Lfy
X-Fe
X-Html-Edge-Cache
X-Varnish-Action
X-Serial
X-Akamai-ERRuleID
X-DW
X-DSS
X-RPM
X-RPS
X-RSL
X-Fpc
X-ServerName
X-DI
X-Flow-Id
X-Fastly-Cache-Hits
X-Page-Impression-Id
X-Zalando-Child-Request-Id
X-PF-Uncompressing
X-DB
X-Akamai-ERPolicy