Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
CF-Cache-Status
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Request-Id
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Adblock-Key
X-Drupal-Cache
Alt-Svc
P3p
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
Status
X-Template
X-Language
Timing-Allow-Origin
Content-Encoding
X-Content-Security-Policy
X-Iinfo
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Amz-Id-2
X-Amz-Request-Id
X-Pingback
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Hacker
X-Proxy-Cache
Grace
X-Server-Powered-By
EagleId
X-Varnish-Cache
X-UA-Device
X-Nginx-Cache-Status
Request-Context
Cf-Railgun
X-Amz-Version-Id
X-WebKit-CSP
X-Swift-SaveTime
X-Swift-CacheTime
X-LiteSpeed-Cache
X-Ua-Compatible
Ali-Swift-Global-Savetime
Feature-Policy
X-Device
Server-Timing
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Ac
X-Host
Report-To
X-Rq
X-Server-Id
X-OneAgent-JS-Injection
Content-Location
X-Node
X-Backend-Server
X-Cnection
X-Response-Time
EagleEye-TraceId
X-Origin-Cache
X-Application-Context
X-Cloud-Trace-Context
Allow
Request-Id
X-Readtime
Surrogate-Control
X-Dns-Prefetch-Control
X-Cache-Lookup
X-Country
X-ORACLE-DMS-ECID
Pinterest-Generated-By
X-ORACLE-DMS-RID
X-Url
X-Ruxit-JS-Agent
X-Cdn
X-DynaTrace
X-Rack-Cache
X-Clacks-Overhead
X-Vhost
X-Origin-Upstream-Status
X-CST
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-HW
X-TTL
NEL
Rating
X-FTR-Request-ID
X-Country-Code
X-Goog-Hash
X-Instart-Request-ID
X-Dispatcher
X-DataStream-Cache-Status
Edge-Control
X-Px
X-PC
X-Vname
X-TtlSet
Fusion-Content-Id
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Source
X-VARITI-CCR
Service-Worker-Allowed
X-Mod-Pagespeed
X-B3-TraceId
X-ESI
X-MS-InvokeApp
Verso
SPRequestGuid
X-Recruiting
X-Request-ID
X-Kinja
X-GoogleNews-Bot
X-Kinja-Server
X-DataDome
X-Kinja-Revision
X-Exp-Variant
X-Use-Magma
X-Cdn-Fetch
X-Kinja-Build
X-Exp-Id
X-D2id
X-Server-Name
X-Vcap-Request-Id
X-Varnish-TTL
X-Abt-Application-Version
X-SharePointHealthScore
X-Amz-Server-Side-Encryption
X-RateLimit-Remaining
X-Powered-By-Plesk
Accept-Ch-Lifetime
X-Middleton-Response
X-Middleton-Display
TCN
Display
Response
X-Sol
DynaTrace
X-Navigation-Version
X-GitHub-Request-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Content-MD5
RTSS
Charset
AR-ATIME
Ar-Sid
AR-CACHE
AR-PoweredBy
X-Akam-SW-Version
MS-Author-Via
X-Amz-Rid
X-Trace
AR-Request-ID
ServerID
X-Shield-Request-Id
Realpath
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Dw-Request-Base-Id
X-Cached
X-Powered-CMS
X-DynaTrace-JS-Agent
X-Version
Nginx-Cache
X-Server-ID
X-Forwarded-Proto
X-Shard
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-VCache
X-Upstream-Proxy
X-Pinterest-Rid
Pinterest-Version
Pagespeed
X-Goog-Storage-Class
X-Upstream
SPIisLatency
SPRequestDuration
Public-Key-Pins
Accept-Ch
X-Client-IP
Paypal-Debug-Id
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Mrf-Item-Lastmod
MRF-Tech
X-Mrf-Section-Lastmod
X-MSEdge-Ref
Access-Control-Request-Method
S
Fastly-Restarts
X-DataStream-Origin-MEX-Latency
X-Amz-Meta-S3cmd-Attrs
X-DataStream-MidMile-RTT
X-Ezoic-Cdn
X-Debug
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-DC
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Backend
X-Id
X-FTR-Expires
X-DIS-Request-ID
Accept-CH
X-Fastly-Request-ID
X-T
X-N
MicrosoftSharePointTeamServices
Alternate-Protocol
PB-RID
Arc-Version
PB-PID
X-Ser
X-Mobile-Rewrite
X-Varnish-Age
Arr-Disable-Session-Affinity
X-NF-Request-ID
Fastcgi-Cache
X-Hits
X-Acc-Meta-Resource-Type
Front-End-Https
X-Amzn-Trace-Id
X-B3-Sampled
X-XRDS-Location
X-Content-Type
X-Frontend
X-FTR-Cache-Host
Nel
X-Grace
X-Logged-In
Server-Name
X-Content-Digest
X-Pad
Host
X-Srv
X-Forwarded-For
X-FastCGI-Cache
AMP-Access-Control-Allow-Source-Origin
X-Request-Handler-Origin-Region
X-Microsite
X-Node-Name
FilterID
X-Correlation-Id
Powered-By-ChinaCache
TP-Cache
Healthy
TP-L2-Cache
X-Debug-Info
X-LB-Cache
X-Kinsta-Cache
X-Rid
X-Fastcgi-Cache
X-Type
Edge-Cache-Tag
X-IPLB-Instance
X-GUploader-UploadID
X-AOL-HN
X-Request-Received
X-Request-Processing-Time
X-User-Agent
X-XRDS-LOCATION
X-HS-Content-Id
X-Cached-By
X-Cache-2
X-HS-Hub-Id
X-Hostname
X-Cache-Rule
X-Revision
Surrogate-Key
Powered
X-F-Cache
X-Accel-Expires
X-Vcache
X-Page-Id
X-Analytics
X-Cache-Age
Backend-Timing
X-Amz-Apigw-Id
X-Zen-Fury
X-Amzn-RequestId
X-RateLimit-Limit
X-Content-Security-Policy-Report-Only
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Varnish-Backend
X-BCube-Filmed-By
X-Cache-Key
X-Varnish-Grace
X-Content-Options
Source
X-Jobs
X-Cluster
X-FB-Debug
X-Content-Powered-By
Cache-Status
X-PHP-Backend
X-Instance
X-Amz-Replication-Status
X-Request-Guid
X-Tumblr-Pixel-0
X-TT
X-Tumblr-Pixel
Tracecode
X-App-Environment
WPE-Backend
X-Tumblr-User
Cleartype
X-Akamai-Edgescape
X-Framework
X-Az
X-AppVersion
X-Activity-Id
X-Varnish-Hostname
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Cache-TTL
Server-Node
Host-Header
X-Forwarded-Host
X-Mobile
Refresh
X-Via-JSL
X-Cache-Control
X-NWS-LOG-UUID
X-Cache-Operation
X-ATG-Version
X-FW-Server
X-FW-Static
X-FW-Type
X-FW-Serve
Actual-Object-TTL
X-FW-Hash
X-TA-CDN-Provider
Accept-Charset
X-Time
X-B-Cache
X-Drupal-Cache-Tags
X-Signature
DC
X-Cache-Action
X-Whom
Upgrade-Insecure-Requests
X-Accel-Buffering
X-App-Server
X-Edge-Location
X-Cache-Hit
Access-Control-Allow-Method
Liferay-Portal
X-Response-Served-From
Payment
X-Storage
X-TX-ID
X-Mobile-URL
X-Hp-Webp
X-WebKit-CSP-Report-Only
X-Content-Age
X-UA-Device-Type
X-VG-WebCache
X-Handled-By
Server-Info
X-TT-TIMESTAMP
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-SS-Set-Cookie
X-RequestSource
Filters
X-Cacheable-TTL
Fastcgi-Useragent
X-GeoIP
Eomportal-Instance
X-B
X-Adobe-Content
X-Git-Hash
X-Adobe-Loc
X-Tumblr-Pixel-2
Webserver
X-Tumblr-Pixel-1
X-RemovedCookies
Viewport
X-Geo-Country
Cache-Tv-Group
X-ProcessESI
Xserver
X-Litespeed-Cache
X-FB-TRIP-ID
X-WA-Info
Cache-Tag
X-Cache-TTL-Remaining
Datacenter
Cache
X-Ratelimit-Reset
X-Cache-Enabled
X-B3-Traceid
Retry-After
X-Status
X-Ratelimit-Limit
X-Presslabs-Stats
X-Contextid
NGB
S-Cnection
X-Seen-By
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-FW-Dynamic
X-CF-Powered-By
X-Ttl
X-Origin-Server
X-Mode
X-Host-Name
X-Magnolia-Registration
X-APP-VERSION
X-Real-IP
X-Rendered-As
X-Varnish-Hits
Country
X-Daa-Tunnel
X-Cache-Var-Map
X-Cache-Var
X-RN-RSRV
X-AWS-Id
X-VCT
X-VWS-Id
X-LJ-Flow-ID
X-Path-Route
X-ES-SERVER
X-Cache-NE
X-Cache-Config
Meta-Geo
Load-Balancing
Machine
X-Upstream-CT
X-Proxied
X-Upstream-HT
X-Cache-Grace
GEO-INFO
Vix-Hermes-Req-Id
Release
X-Labrador-Cache-Channel
X-Human
X-Routing-Service
X-Cache-Host
From-Origin
DSUID
MS-CV
Cache-Key
We-Hiring
X-Zipkin-Id
Mail-Subject
X-RCS-CacheZone
X-Viewer-Country
X-Debug-Cache
X-From
X-Loop
X-Web-Node
X-Hit
X-Access
X-Varnish-Cache-Hits
X-Section
X-Device-Type
Mn-Server-Ip
X-Varnish-Server
Frame-Options
X-Backend-Name
X-EIG-Tracking-Id
Uber-Trace-Id
X-PCL
ServedBy
X-TNCMS
X-OCL
X-Proto
X-Upgrade-Enabled
NGX
X-Rule
Now
X-Tumblr-Pixel-3
OT-Force-Account-Verify
Rt-Fastcgi-Cache
X-MP-GENERATED-AT
X-Hyper-Cache
X-BYPASS-REASON
X-Origin-Response-Time
X-Redis-Cache
X-ProxyCache-Status
X-R9-Blue-Green-Version
X-Akamai-Request-ID
X-VG-TLSProxy
X-ProxyCache-Key
X-Cluster-Node
X-CCM
X-Cache-Remote
X-JoinUs
Akamai-GRN
X-L-Path
X-Timing-Wait
X-Proxy-Build
X-S
X-Xfnlog-Site
X-Platform-Server
X-Environment-Context
X-Hosted-By
X-Region
X-UUID
X-FC-Vary-Parameters
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated
X-Guploader-Uploadid
X-ShardId
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-Via-Fastly
X-NCache
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-ShopId
Cache-Name
Decoy-Debug-Status
X-Trace-Id
Decoy-Debug-TTL
Decoy-Debug-Key
X-Endurance-Cache-Level
X-Nginx-Cache
X-PressLabs-Stats
X-Www-Served-By
X-Hl-Ver
X-Locale
X-Generated-By
DB-Nickname
X-Site-Version
X-NewRelic-App-Data
Ms-Operation-Id
X-RTag
X-GRACE
X-ECACHE
X-Vgn-Hpd-Reason
X-ServerID
X-EdgeConnect-Cache-Status
X-Drupal-Cache-Contexts
X-Rocket-Nginx-Bypass
X-MServer
Cteonnt-Length
X-Dc
X-Load-Cache
ProcessTime
Accept-CH-Lifetime
X-Wix-Request-Id
CACHE
X-IPS-LoggedIn
X-Request-Time
L5d-Success-Class
X-Cache-Backend
X-Time-Microsecs
X-IP
Time
X-RateLimit-Reset
Served-By
X-GEO
X-Microcachable
X-B3-Spanid
X-Origin
S-Rt
X-Esi
Version
X-Unique-ID
NtCoent-Length
X-Via-CDN
TWC-GeoIP-Country
TWC-Device-Class
Property-Id
TWC-GeoIP-LatLong
TWC-Connection-Speed
Webcakes-App-Name
X-Origin-Hint
Origin
Webcakes-Region
Webcakes-App-Version
TWC-Privacy
X-Pubstack
TWC-Locale-Group
Origin-Edge-Control
Origin-Cache-Control
Fastcgi-X-Cache-Version
Azure-Version
X-FW-Version
Azure-SlotName
X-Distributor
Azure-SiteName
X-Nc
Azure-InstanceId
X-UA
Azure-RegionName
X-BACKEND-TTL
X-Oneagent-Js-Injection
X-Cache-Server
X-Grey
X-Cache-Category-Id
Fastly-SSL
Access-Control-Request-Headers
X-Proxy
X-Datadome
X-No-Session
X-FireWall-Port
X-Is-Bot
X-Detected-As
X-Via-NSCOPI
IBM-Web2-Location
Cache-Tags
X-PERF
X-ApacheServer
X-Webkit-Csp
X-Powered-By-Defense
Proxy-Connection
X-Cdn-Forward
X-Format
X-Edge
SRV
Backend-Name
X-Varnish-Cacheable
Hostname
X-HTML-Minification-Powered-By
X-Akamai-Transformed
Odigeo-Trace-Id
X-Debug-Cookies
X-Debug-Log
Cache-Cookie-Set-Lfrom
Cache-Prefix
X-ARC
X-Application
Cross-Origin-Window-Policy
Ec-Rule-Version
X-D
Content-Style-Type
X-Date
Cdn-Request-Time
Content-Script-Type
Cdn-Host
Cache-Cookie-Set-From
X-CGP
X-DPWN-IS-SECURE
X-CF-Lambda-Fn
X-NX-Host
X-CS
X-Org
X-External-Request-Id
X-Eu-Site
X-Edge-Server
X-Developer
X-NU-AKA-ACS-Version
Arc-Country
AsisCache
Fastly-SIE
X-Destination
A
X-Cache-Bucket
X-ND-Cache
X-B-Cookie
Cache-Cookie-Set-Idcheck
Fly-Request-Id
X-Connection-Hash
Viewtype
VivaBuild
X-HS-Cache-Config
ServerName
X-HS-Combine-CSS
Rt-Proxy-Cache
Server-ID
X-A
X-A-Ccd
X-A-Dgt
X-A-Wwc
X-Accel-Expires-Debug
X-A-Dcw
X-Cluster-Name
X-A-Dam
X-AIR-PT
Request-Time
Request-EU
X-CF-Lambda-Version
HA-Ipaddr
MD5-Digest
Ha-Gx-Prefs
X-Instart-Info
Fly-Cache
X-Aed
GEO-REGION-INFO
X-IN-APIGATEWAY
Meta-Geo-Continent
Proxy-Firewall
Rendered-Blocks
Request-Country
Node
Mobile-Detection-Method
X-App-Name
X-G
Fastly-SWR
BehaviorPad-Version
X-S-Cookie
X-S-Maxage
X-Vtex-Remote-Cache
X-Rojux
X-Request-UUID
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Region-Sid
X-ScT
X-Vtex-Processado-Em
X-SRCache-Key
X-Transaction
X-Ua
X-Trv-Group
X-Twitter-Response-Tags
X-Server-Time
X-VG-WebServer
X-Worker
X-Rewrite-Enabled
X-PAYTM-SRV-ID
X-Processor
Xc-Version
Mime-Version
X-Geo-Header
X-B3-Parentspanid
On-Server
X-GeoIP-Country-Code
Memcached
X-Server-IP
X-PHP-Host
X-Key
X-Level-Front-Cache
X-Irp-Debug
X-Cache-Id
X-Backend-State
Adler-Geo
Is-Eu
X-Variation
Section-Io-Cache
RNT-Time
Server-Host
X-Hash
X-TH-Server
Server-Int
RNT-Machine
Resin-Trace
X-ServiceProvider
X-Dispatcher-Server
X-Epic-Correlation-Id
X-Sn-Servicetimems
X-Fastly-Cache
X-C
Platform
X-Generated-On
X-Clientip
X-Cache-Info
X-Reqid
Country-Code
Countrycode
PageSpeed
X-Fstrz
Apple-News-Services-Host
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Qloud-Router
X-Request-URI
X-Core-Mission
X-Cdn-Srv
X-Cdn-Origin
X-We-Are-Hiring
True-Client-Country-4JS
X-UnsetCookies
X-Gen-Mode
Wxu-Next-Commit
X-Distil-CS
X-Device-Os
Who
User-Cache-Control
UCS
V-Age
X-Dispatch
Wxu-Next-Hostname
Web-Mar-Node
X-Fetched-On
X-Block-Status
X-Webstats-RespID
X-Gannett-Site-Version
X-WebServer
X-Internal-Host
X-Amz-Meta-Cache-Control
X-BBXSRF
X-ElasticPress-Search
Wxu-Next-Region
X-CDN-Cache
X-Developers
X-Crawler
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-SVT-ORM-VERSION
X-Location
IsBot
X-Reboot
AKAMAI
X-Protected-By
X-LI-Proto
X-Method
X-Secret
X-LI-UUID
CDCHOST
X-Response-By
X-Li-Pop
Esi-Enabled
X-Li-Fabric
Gh-Request-Id
X-SD-PageType
Content-Disposition
X-Request-Start
X-Servername
X-Served-From
SS
X-SVT-ORM-RULES
REQUESTUUID
SD-X-WS
X-Swa-Ws
X-Hnp-Log
X-Tb
X-Skip-Cache
X-SIPLIST1
PFcat
Pramga
X-Nginx-Cache-Key
X-Compress-Hint
X-Owner
X-Origin-Expires
X-Origin-Date
Pragrma
X-Matched-Rule
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Cms-Context
X-Release
X-Cache-FS-Status
X-GeoIP-City
Fastly-Soc-X-Request-Id
X-VServer
X-Parent-Response-Time
X-Via-Edge
X-Thinkindot-L3
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Thanos
X-Auto-Login
X-Via-SSL
GW-Server
X-Generation-Time
X-Bip
Thinkindot-Control
Heartbleed
X-Birta-Served
X-Birta-Cache-Post
X-Origin-CC
X-Origin-TTL
X-CDN-Forward
X-Be
X-Akamai-Request-ID2
X-OVcl
X-VC-Cache
X-IN-WAF
Powered-By
X-OVcl-Cache
X-Phone
X-Core-Value
LB
X-B3-SpanId
X-App-Version
X-Varnish-IP
X-Varnish-Ttl
Selected-FE
X-FPC
HitType
X-CLOUD-TRACE-CONTEXT
X-Ratelimit-Remaining
X-LAGOON
W
Memory
X-Azure-Ref
X-Azure-Ref-OriginShield
X-CUA
X-Info
X-CACHE-KEY
X-NC
Accept-Language
X-Varnish-Url
X-Clara-WADP
CF-IPCountry
X-WADP-Cache
L
X-Source
X-Geo
N-Cache
X-Varnish-Beresp-Ttl
X-Page-Type
X-Proxy-Upstream
X-Proxy-Cache-Status
Cdn
X-URL
X-Web-Server
Kp-EeAlive
X-TrackingId
X-FE
X-Dynatrace-Js-Agent
X-Agile
User-Agent
X-Agile-Age
X-Agile-Id
X-Cache-Debug
X-Pf-Uncompressing
X-Zone
X-Amzn-Remapped-Content-Length
X-Varnish-Beresp-Grace
Magicmarker
X-Varnish-Beresp-Status
Selected-Fe
X-DC
Locale
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Refresh
Geoip-Latitude
GeoIp-Country-Code
Geoip-City
X-TT-LOGID
CF-Cached-On
X-HS-Status
Pagetype
X-Vcl-Version
X-Hello
X-ABtesting
X-Servedbyhost
X-Flog
X-MID
X-NWS-UUID-VERIFY
X-Mid
X-Generated-In
X-User
X-Backend-TTL
X-Real-Ip
Ohc-Cache-HIT
Ohc-File-Size
X-Newrelic-Synthetics
X-Backend-Url
SN
X-ZONE
Group
X-Backend-Host
X-Check-Cacheable
X-Aicache-OS
X-Ruxit-Js-Agent
Amp-Access-Control-Allow-Source-Origin
X-Up
X-Tt-Trace-Tag
X-Soup
X-Debug-Cache-Store
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
FSS-Proxy
FSS-Cache
X-ServedByHost
X-APP
HTTPS
X-MSEdge-Features
X-GoCache-CacheStatus
X-MSEdge-Flight
HostName
WZWS-RAY
X-VCL-Version
X-UPSTREAM-Address
X-Tb-Optimization-Total-Bytes-Saved
Www
GeoIP-Country-Code
Srv
X-SN
Backend
RequestId
X-EC-Lua
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Varnish-Authentication
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Object-Type
X-Instart-Isnd
GeoIP-City
X-Contensis-Viewer-Groups
Server-Surrogate-Control
Server-Cache-Control
X-Cache-ASPX
GeoIP-Latitude
X-NGENIX-Cache
X-CSRF-Token
Cf-Ipcountry
X-Akamai-SSL-Client-Sid
X-COUNTRY
X-Via-Ucdn
X-Cache-Expires
X-Varnish-Beresp-TTL
X-BC
X-Oracle-Dms-Rid
X-Amzn-Remapped-Date
Host-ID
X-Old-Content-Length
X-SayCDN-TTL
X-Bc
X-Amzn-Remapped-Connection
X-Say-TTL
X-Say-Cacheable
Lb
X-Nananana
X-PF-Uncompressing
URI
X-Varnish-Action
X-ECache
Epwk-Cache
X-Cache-Tag
X-Proxy-Cacherz
Xkeyrz
X-Dynatrace
XServer
X-PAGE-TYPE
Fastcgi-X-Cache
Requestid
X-AssetVersion
Cache-Hits
X-Node-Id
X-Fastly-Country-Code
Xkeynj
X-WR-MODIFICATION
X-Unique-Id
Fastly-Backend-Name
X-LiteSpeed-Cache-Control
Is-Session-Tracking
X-TIME
Get-Access-Time
X-FORWARDED-FOR
Inserted-Into-Cache-At
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
X-MCACHE
X-Requestid
Ajk
FNAC-ModuleRouting
X-Cache-Miss-From
X-Correlation-ID
X-SERVER-NAME
X-Sf
X-Request-Url
X-Cache-Ttl
WebServer
X-Var-Ttl
X-Edge-IP
X-IN-APIGATEWAYSSL
X-Sedo-Request-Id
X-Logtrace-Id
Dynatrace
X-Svr
Cneonction
X-Fastly-Backend-Reqs
Cache-Provider
X-Cache-Time
X-CSRF-TOKEN
X-Pjax-Url
Xet-Cookie
X-SRV
DataCenter
X-WA
Correlation-Id
Pics-Label
CDN
X-Fastly-Cache-Hits
X-Swift-Error
X-Lb-Id
X-RateLimit-Limit-Second
X-Fpc
X-RateLimit-Remaining-Second
X-Dw-Trace-Id
X-NGINX-Cache
X-BE
X-Policy
X-Apw-Hits
Sid
X-Wa
X-Apw-Access-Object
X-Apw-Access-Token
X-Apw-Access-Action
X-RSL
X-RPS
X-RPM
X-ServerName
T-Server
PICS-Label
X-Akamai-ERPolicy
X-WPE-Loopback-Upstream-Addr
X-Html-Edge-Cache
Lfy
RequestUuid
X-LiteSpeed-Tag
X-App
X-Alicdn-Da-Ups-Status
Ohc-Response-Time
Warning
X-Bug-Bounty
X-DB
X-DI
X-DSS
X-Zalando-Child-Request-Id
X-Page-Impression-Id
X-Akamai-ERRuleID
X-Flow-Id
X-DW