Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
CF-RAY
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Alt-Svc
X-Adblock-Key
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
CF-Ray
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Age
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Id-2
X-Amz-Request-Id
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
EagleId
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
X-Request-ID
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Server-Id
X-WebKit-CSP
Server-Timing
Feature-Policy
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Rq
X-Host
Report-To
X-Ac
X-Node
Content-Location
X-OneAgent-JS-Injection
X-Cnection
X-Response-Time
X-Backend-Server
X-Cloud-Trace-Context
X-Origin-Cache
X-Application-Context
X-Readtime
Request-Id
Allow
Surrogate-Control
EagleEye-TraceId
X-ORACLE-DMS-ECID
X-Country
X-Vhost
X-DynaTrace
X-TTL
X-Cache-Lookup
X-Cdn
Pinterest-Generated-By
X-Rack-Cache
X-Origin-Upstream-Status
X-Clacks-Overhead
X-Url
NEL
X-Ua-Compatible
X-FTR-Request-ID
Rating
X-Ruxit-JS-Agent
X-Country-Code
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Dispatcher
X-ORACLE-DMS-RID
X-Dns-Prefetch-Control
X-HW
X-CST
X-Goog-Hash
X-Instart-Request-ID
Fusion-Component-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
X-DataStream-Cache-Status
Edge-Control
X-Vname
X-TtlSet
X-PC
X-Px
X-VARITI-CCR
X-DataDome
Service-Worker-Allowed
Verso
X-Mod-Pagespeed
X-Recruiting
X-MS-InvokeApp
X-Varnish-TTL
X-Kinja-Revision
X-Use-Magma
X-Kinja-Server
X-Kinja-Build
X-Cdn-Fetch
X-Exp-Variant
X-Kinja
RTSS
X-GoogleNews-Bot
X-Exp-Id
X-D2id
SPRequestGuid
X-Vcap-Request-Id
X-Amz-Server-Side-Encryption
X-Abt-Application-Version
TCN
X-SharePointHealthScore
X-Navigation-Version
X-GitHub-Request-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Display
X-Middleton-Response
X-Sol
X-Middleton-Display
Response
X-Akam-SW-Version
X-Powered-By-Plesk
DynaTrace
X-RateLimit-Remaining
X-B3-TraceId
MS-Author-Via
X-ESI
Charset
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Shield-Request-Id
X-Forwarded-Proto
Realpath
X-Amz-Rid
ServerID
X-Powered-CMS
Content-MD5
Ar-Sid
AR-PoweredBy
AR-ATIME
AR-CACHE
X-Trace
X-Upstream
Public-Key-Pins
X-Version
Nginx-Cache
Fastly-Restarts
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-Cached
X-Goog-Stored-Content-Length
X-Server-Name
X-Shard
X-Dw-Request-Base-Id
Accept-CH
AR-Request-ID
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-Mrf-Section-Lastmod
Access-Control-Request-Method
Paypal-Debug-Id
X-Grace
X-DynaTrace-JS-Agent
X-MSEdge-Ref
Accept-Ch-Lifetime
Pagespeed
X-Goog-Storage-Class
SPIisLatency
SPRequestDuration
X-Client-IP
S
X-Debug
X-Country-Code-Real
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-Expires
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend
X-Id
X-Ezoic-Cdn
Accept-Ch
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Amz-Meta-S3cmd-Attrs
Front-End-Https
X-Fastly-Request-ID
X-N
X-Pinterest-Rid
X-T
X-Amzn-Trace-Id
Pinterest-Version
X-Upstream-Proxy
X-NF-Request-ID
X-DIS-Request-ID
Arr-Disable-Session-Affinity
X-Vcache
X-FastCGI-Cache
X-Content-Type
MicrosoftSharePointTeamServices
X-XRDS-Location
X-Hits
X-B3-Sampled
X-FTR-Cache-Host
X-Varnish-Age
X-B3-Traceid
X-Acc-Meta-Resource-Type
X-Ser
X-Frontend
X-Mobile-Rewrite
PB-PID
Fastcgi-Cache
PB-RID
Arc-Version
X-Logged-In
Server-Name
X-Content-Digest
X-Correlation-Id
Alternate-Protocol
X-VCache
X-Srv
X-Node-Name
X-Cache-Key
Nel
X-Pad
AMP-Access-Control-Allow-Source-Origin
X-Microsite
X-Request-Handler-Origin-Region
FilterID
TP-L2-Cache
X-Forwarded-For
TP-Cache
X-Type
X-User-Agent
X-Kinsta-Cache
X-Rid
Healthy
X-LB-Cache
Host
X-F-Cache
X-Request-Processing-Time
X-Request-Received
X-IPLB-Instance
Powered
X-Zen-Fury
X-Cache-2
X-Amzn-RequestId
Powered-By-ChinaCache
X-Amz-Apigw-Id
X-AOL-HN
Edge-Cache-Tag
X-Revision
X-Debug-Info
X-GUploader-UploadID
Accept-CH-Lifetime
X-Cached-By
Backend-Timing
X-Via-JSL
X-Analytics
X-Cache-Age
X-Hostname
X-HS-Hub-Id
X-HS-Content-Id
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Az
X-AppVersion
X-Activity-Id
X-Cache-Rule
X-Accel-Expires
X-XRDS-LOCATION
X-Esi
Surrogate-Key
X-Fastcgi-Cache
X-Varnish-Backend
X-Content-Security-Policy-Report-Only
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-RateLimit-Limit
X-Page-Id
X-Instance
X-BCube-Filmed-By
X-Content-Options
X-PHP-Backend
X-Cluster
X-Amz-Replication-Status
X-Content-Powered-By
X-FB-Debug
X-Varnish-Grace
X-Tumblr-Pixel-0
X-Tumblr-User
Server-Node
X-Tumblr-Pixel
X-Jobs
X-Request-Guid
X-Akamai-Edgescape
Refresh
Source
X-Signature
Cleartype
X-B-Cache
Cache-Status
X-App-Environment
X-TT
X-Forwarded-Host
X-Framework
Liferay-Portal
X-FW-Static
X-FW-Server
X-FW-Serve
X-FW-Hash
X-FW-Type
DC
X-Varnish-Hostname
X-ATG-Version
Tracecode
Accept-Charset
Fastcgi-Useragent
Access-Control-Allow-Method
Host-Header
X-Mobile
WPE-Backend
X-Cache-Operation
X-Cache-Action
X-Time
X-Drupal-Cache-Tags
X-Cache-Control
X-Edge-Location
X-B
X-Whom
X-APP-VERSION
Actual-Object-TTL
X-Cache-Hit
X-App-Server
X-Mobile-URL
X-Hp-Webp
X-Erf-Bev-Bev-Is-Generated
Payment
X-Accel-Buffering
X-Erf-Bev-Bev
X-Response-Served-From
X-WA-Info
X-TX-ID
X-Storage
X-WebKit-CSP-Report-Only
X-Content-Age
X-NWS-LOG-UUID
X-Git-Hash
NGB
X-Cacheable-TTL
X-TA-CDN-Provider
Cache-Tv-Group
Upgrade-Insecure-Requests
X-TT-TIMESTAMP
X-Yottaa-Optimizations
X-UA-Device-Type
X-Yottaa-Metrics
X-Handled-By
Filters
X-SS-Set-Cookie
Cache-Tag
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
Eomportal-Instance
X-RemovedCookies
X-Status
X-GeoIP
X-ProcessESI
X-Adobe-Loc
Viewport
X-Adobe-Content
X-RequestSource
X-Geo-Country
Retry-After
X-Presslabs-Stats
X-Cache-TTL
X-VG-WebCache
Webserver
X-FW-Dynamic
X-Cache-TTL-Remaining
MS-CV
Xserver
X-Seen-By
Cache
Datacenter
X-Server-ID
X-FB-TRIP-ID
Server-Info
X-Host-Name
X-Cache-Enabled
Frame-Options
X-Contextid
X-RTag
Ms-Operation-Id
X-Oracle-Dms-Rid
X-Ratelimit-Limit
From-Origin
X-Ratelimit-Reset
X-Hyper-Cache
X-Generated-By
X-Origin-Server
X-Mode
S-Cnection
X-B3-Spanid
Country
X-CF-Powered-By
X-RN-RSRV
X-Cache-Var
X-ES-SERVER
X-Cache-Var-Map
X-Cache-Config
X-Path-Route
X-Tumblr-Pixel-3
Load-Balancing
Meta-Geo
SRV
Machine
X-Labrador-Cache-Channel
Cache-Key
GEO-INFO
X-MP-GENERATED-AT
Vix-Hermes-Req-Id
X-Upstream-CT
X-Routing-Service
X-Proxied
X-Upstream-HT
X-Section
X-Zipkin-Id
X-Cache-Grace
X-Access
X-Viewer-Country
X-Web-Node
X-Varnish-Server
X-From
X-Varnish-Cache-Hits
X-Backend-Name
X-Drupal-Cache-Contexts
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
Now
X-Hit
X-Cache-Host
X-Human
X-OCL
X-PCL
X-Loop
X-TNCMS
X-Upgrade-Enabled
X-R9-Blue-Green-Version
X-ShardId
X-Region
X-Alternate-Cache-Key
Mn-Server-Ip
X-Origin-Response-Time
X-L-Path
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShopId
X-Rule
X-Sorting-Hat-ShopId
ServedBy
X-Trace-Id
X-LJ-Flow-ID
X-Via-Fastly
X-VG-TLSProxy
X-CCM
X-VWS-Id
X-Endurance-Cache-Level
X-Akamai-Request-ID
Rt-Fastcgi-Cache
X-Environment-Context
X-AWS-Id
X-Magnolia-Registration
X-Debug-Cache
X-EIG-Tracking-Id
X-S
Cache-Name
Akamai-GRN
We-Hiring
X-Proto
X-Proxy-Build
X-Cluster-Node
Mail-Subject
X-Xfnlog-Site
X-NCache
X-Locale
X-Hosted-By
X-JoinUs
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated
X-Site-Version
X-FC-Vary-Parameters
X-Rendered-As
OT-Force-Account-Verify
DB-Nickname
DSUID
X-Timing-Wait
Release
Version
X-PressLabs-Stats
X-Guploader-Uploadid
X-Www-Served-By
X-RCS-CacheZone
X-Device-Type
X-Varnish-Hits
Uber-Trace-Id
CACHE
X-Load-Cache
X-Request-Time
ProcessTime
X-NewRelic-App-Data
X-IP
X-VCT
X-Dc
X-Time-Microsecs
X-Nginx-Cache
Time
NtCoent-Length
X-ProxyCache-Status
X-ProxyCache-Key
X-BYPASS-REASON
S-Rt
Azure-RegionName
NGX
Azure-SlotName
X-Wix-Request-Id
Cteonnt-Length
X-Origin
Azure-Version
X-Redis-Cache
Azure-InstanceId
Azure-SiteName
X-FW-Version
X-Akamai-Request-ID2
X-UUID
X-RateLimit-Reset
X-Platform-Server
X-No-Session
Webcakes-App-Version
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Privacy
Webcakes-App-Name
TWC-GeoIP-Country
TWC-Device-Class
X-Via-CDN
Property-Id
TWC-Connection-Speed
Webcakes-Region
X-EdgeConnect-Cache-Status
X-Origin-Hint
X-GEO
X-Proxy
X-FireWall-Port
X-ECACHE
X-Cache-NE
X-Daa-Tunnel
X-CDN-Forward
X-MServer
X-UA
X-Hl-Ver
X-Rocket-Nginx-Bypass
X-HTML-Minification-Powered-By
X-Vgn-Hpd-Reason
X-IPS-LoggedIn
Origin
Odigeo-Trace-Id
X-Akamai-Transformed
X-ServerID
X-Cache-Remote
X-ApacheServer
X-PERF
X-CS
X-Format
X-Cache-Server
X-Distributor
Ec-Rule-Version
X-Oneagent-Js-Injection
Cache-Tags
Access-Control-Request-Headers
Fastly-SSL
X-UnsetCookies
LB
Accept-Language
X-Tb
L5d-Success-Class
Hostname
X-Pubstack
X-Microcachable
X-NC
X-Unique-ID
X-Webkit-Csp
Origin-Cache-Control
Origin-Edge-Control
X-SERVER-NAME
X-Real-IP
Fastcgi-X-Cache-Version
X-Amzn-Remapped-Content-Length
X-Varnish-Cacheable
Served-By
X-Generated-On
X-Geo-Header
X-Server-Time
X-G
AsisCache
BehaviorPad-Version
Arc-Country
AKAMAI
X-Cluster-Name
A
Server-ID
X-IN-APIGATEWAY
X-Level-Front-Cache
X-S-Maxage
X-CF-Lambda-Fn
X-Cdn-Srv
VivaBuild
Viewtype
X-Request-UUID
X-Is-Bot
X-Instart-Info
Cache-Cookie-Set-From
X-Rojux
X-Internal-Host
X-S-Cookie
X-Rewrite-Enabled
Cdn-Host
Mobile-Detection-Method
X-Date
Node
Meta-Geo-Continent
MD5-Digest
X-Detected-As
X-Destination
X-D
Proxy-Firewall
X-Connection-Hash
REQUESTUUID
Request-Time
Request-EU
Rendered-Blocks
Request-Country
X-Developer
Rt-Proxy-Cache
Content-Script-Type
Content-Style-Type
Cdn-Request-Time
X-External-Request-Id
Cache-Cookie-Set-Lfrom
Cache-Prefix
Cross-Origin-Window-Policy
Fastly-SIE
GEO-REGION-INFO
X-DPWN-IS-SECURE
Fly-Request-Id
Fly-Cache
X-Edge-Server
Fastly-SWR
Cache-Cookie-Set-Idcheck
X-CF-Lambda-Version
X-Grey
X-Transaction
X-Vtex-Remote-Cache
X-PAYTM-SRV-ID
X-B-Cookie
X-Cache-Bucket
X-A-Dcw
X-A-Dgt
X-SVT-ORM-VERSION
X-Aed
X-Vtex-Processado-Em
X-Twitter-Response-Tags
X-Accel-Expires-Debug
X-NU-AKA-ACS-Version
Proxy-Connection
Selected-Fe
X-Trv-Group
X-VG-WebServer
X-Varnish-Url
X-Org
X-A-Wwc
X-A-Dam
X-Application
X-App-Name
X-Rebelmouse-Surrogate-Control
X-SRCache-Key
X-ARC
X-Region-Sid
PageSpeed
X-B3-Parentspanid
X-Cache-Category-Id
X-SVT-ORM-RULES
X-A
X-ScT
X-BACKEND-TTL
X-A-Ccd
Xc-Version
X-AIR-PT
X-Rebelmouse-Cache-Control
IBM-Web2-Location
X-Worker
Backend-Name
X-Cache-Backend
X-Compress-Hint
ServerName
X-ElasticPress-Search
X-URL
True-Client-Country-4JS
X-Debug-Log
Memcached
X-Debug-Cookies
X-Sn-Servicetimems
Is-Eu
X-Developers
Gh-Request-Id
Ha-Gx-Prefs
HA-Ipaddr
X-Request-URI
RNT-Machine
X-Nginx-Cache-Key
X-Dynatrace-Js-Agent
W
X-Location
X-Method
X-ServiceProvider
Resin-Trace
X-Backend-State
X-Cdn-Origin
X-Core-Mission
X-Skip-Cache
X-C
On-Server
X-Cache-Info
Platform
RNT-Time
X-CGP
X-NX-Host
X-Variation
Server-Int
X-GeoIP-Country-Code
X-Eu-Site
X-Fastly-Cache
Section-Io-Cache
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-PHP-Host
X-Clientip
Content-Disposition
X-We-Are-Hiring
X-HS-Combine-CSS
Esi-Enabled
Countrycode
Adler-Geo
X-HS-Cache-Config
X-Cache-Id
X-Epic-Correlation-Id
X-Clara-WADP
X-Block-Status
X-Cms-Context
X-Bip
X-Cache-FS-Status
X-CDN-Cache
X-TrackingId
X-Generation-Time
X-SD-PageType
X-Request-Start
X-Owner
X-WADP-Cache
X-WebServer
UCS
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Proxy-Cache-Status
X-Thanos
X-SIPLIST1
X-Reboot
X-Servername
X-Secret
X-Proxy-Upstream
X-TH-Server
X-Swa-Ws
X-Reqid
X-BBXSRF
X-Device-Os
X-GeoIP-City
X-Hash
X-Hnp-Log
X-Gen-Mode
X-Gannett-Site-Version
X-Dispatcher-Server
X-Fetched-On
X-FPC
X-Response-By
X-Irp-Debug
X-Server-IP
X-Qloud-Router
X-Distil-CS
X-LI-UUID
X-LI-Proto
X-Key
X-Li-Fabric
X-Li-Pop
X-Dispatch
SD-X-WS
PFcat
Server-Host
Country-Code
User-Cache-Control
N-Cache
L
Fastly-Soc-X-Request-Id
CDCHOST
X-Edge
IsBot
V-Age
SS
X-Amz-Meta-Cache-Control
X-Auto-Login
Web-Mar-Node
X-SERVER
X-Webstats-RespID
CF-IPCountry
X-Release
X-Origin-Expires
Kp-EeAlive
X-Matched-Rule
X-Origin-Date
X-Thinkindot-L3
Wxu-Next-Region
Heartbleed
Powered-By
Pramga
Who
Wxu-Next-Commit
GW-Server
X-VC-Cache
X-VServer
X-Azure-Ref-OriginShield
Wxu-Next-Hostname
X-Crawler
X-Nc
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Thinkindot-Control
X-Azure-Ref
Locale
X-Urbn-Context-Path
X-Parent-Response-Time
X-Urbn-Site-Id
X-OVcl-Cache
X-Via-NSCOPI
X-CUA
X-Pf-Uncompressing
X-FE
X-Processor
X-Served-From
X-OVcl
X-Powered-By-Defense
X-Varnish-Ttl
Magicmarker
X-CLOUD-TRACE-CONTEXT
X-Via-Edge
User-Agent
X-Via-SSL
Mime-Version
X-Hello
X-Flog
X-ABtesting
X-Ratelimit-Remaining
X-LAGOON
X-Ua
X-Protected-By
X-ND-Cache
Pagetype
X-Varnish-Beresp-Ttl
Memory
X-Be
X-Page-Type
X-Backend-Host
X-User
X-Datadome
X-Generated-In
X-Backend-Url
X-Newrelic-Synthetics
X-MSEdge-Flight
X-Planisys-CDN-Rules
X-Tt-Trace-Tag
Pragrma
X-Up
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Fstrz
X-GoCache-CacheStatus
X-MSEdge-Features
X-B3-SpanId
X-Origin-TTL
X-Origin-CC
X-Ttl
X-Geo
X-COUNTRY
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-Soup
X-Backend-TTL
X-Cache-Ttl
X-Oss-Server-Time
X-Oss-Storage-Class
X-Check-Cacheable
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Zone
X-Core-Value
X-Phone
X-IN-WAF
Geoip-Latitude
GeoIp-Country-Code
Cache-Hits
Geoip-City
X-ZONE
X-DC
X-Varnish-Beresp-Grace
X-Servedbyhost
X-Old-Content-Length
X-Varnish-Beresp-Status
X-SayCDN-TTL
X-Cdn-Forward
X-Say-TTL
X-Say-Cacheable
X-TT-LOGID
X-Akamai-SSL-Client-Sid
X-Litespeed-Cache
X-CSRF-TOKEN
X-VCL-Version
Cdn
X-Real-Ip
XServer
X-Birta-Served
X-Cache-Time
X-Birta-Cache-Post
SN
X-Aicache-OS
X-Mid
Inserted-Into-Cache-At
X-Node-Id
X-HS-Status
WZWS-RAY
Fastly-Backend-Name
X-Varnish-IP
X-Info
Amp-Access-Control-Allow-Source-Origin
X-Ruxit-Js-Agent
X-MID
X-BC
Ajk
X-FORWARDED-FOR
FSS-Proxy
X-Logtrace-Id
HitType
X-Vcl-Version
Selected-FE
X-IN-APIGATEWAYSSL
FSS-Cache
X-EC-Lua
X-Amzn-Remapped-Date
X-ServedByHost
X-Refresh
X-Amzn-Remapped-Connection
X-Tb-Optimization-Total-Bytes-Saved
X-UPSTREAM-Address
X-Source
X-Cache-ASPX
Server-Surrogate-Control
X-Contensis-Viewer-Groups
Server-Cache-Control
HostName
CF-Cached-On
X-APP
X-RateLimit-Remaining-Second
X-Agile-Id
X-Varnish-Authentication
X-Agile
X-Wa
X-Agile-Age
X-RateLimit-Limit-Second
X-Cache-Debug
X-App-Version
X-Bc
GeoIP-Country-Code
Xkeyrz
RequestId
X-Proxy-Cacherz
Srv
Dynatrace
X-Nananana
X-CACHE-KEY
X-CSRF-Token
GeoIP-City
X-Via-Ucdn
X-GRACE
GeoIP-Latitude
T-Server
X-Web-Server
Ohc-File-Size
X-NWS-UUID-VERIFY
X-LiteSpeed-Cache-Control
X-PJAX-URL
X-Render-Time
PICS-Label
X-GDPR
X-WR-MODIFICATION
X-TIME
X-Varnish-Beresp-TTL
X-ECache
Ohc-Cache-HIT
MIME-Version
WebServer
Cf-Ipcountry
X-LB-ID
X-Fastly-Country-Code
X-Cache-Tag
Xkeynj
X-Unique-Id
X-Micro-Cache
X-Tec-Api-Root
X-BE
X-SRV
X-Tec-Api-Version
CDN
X-Tec-Api-Origin
X-Uri
Is-Session-Tracking
X-PAGE-TYPE
URI
Get-Access-Time
X-Policy
SID
Group
DataCenter
X-Requestid
X-Cache-Miss-From
HTTPS
X-Sedo-Request-Id
X-MCACHE
X-Lb-Id
X-SN
Www
X-Fastly-Backend-Reqs
Cache-Provider
X-Service
Lb
Pics-Label
X-Edge-IP
X-Pjax-Url
X-Request-Url
X-NGINX-Cache
Backend
Xet-Cookie
Cneonction
X-Swift-Error
Warning
X-Var-Ttl
X-Apw-Access-Action
X-Apw-Access-Object
X-Vct
X-Apw-Hits
X-Apw-Access-Token
X-Instart-Isnd
X-Dw-Trace-Id
X-Cache-Expires
X-Cdn-Request-ID
X-Ecache
X-WA
Requestid
FNAC-ModuleRouting
Correlation-Id
X-JWT-State
X-Is-Gdpr
X-Has-Esi
Ohc-Response-Time
X-Cf-Powered-By
Host-ID
X-PF-Uncompressing
X-Newrelic-App-Data
X-Fe
X-DSS
X-Akamai-ERRuleID
X-ServerName
X-DW
X-RPM
X-RSL
X-Fpc
X-RPS
X-Akamai-ERPolicy
X-Flow-Id
X-Page-Impression-Id
X-DB
X-Zalando-Child-Request-Id
X-Fastly-Cache-Hits
X-DI
X-Html-Edge-Cache
X-Varnish-Action
Lfy
X-Serial
X-Bug-Bounty