Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
CF-Cache-Status
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Alt-Svc
X-Adblock-Key
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Age
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Request-Id
X-Amz-Id-2
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
EagleId
Grace
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Server-Id
Server-Timing
Feature-Policy
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Host
Report-To
X-Rq
X-Ac
X-Node
Content-Location
X-OneAgent-JS-Injection
X-Request-ID
X-Cnection
X-Response-Time
X-Backend-Server
X-Cloud-Trace-Context
X-Origin-Cache
X-Application-Context
X-Readtime
Request-Id
Allow
Surrogate-Control
EagleEye-TraceId
X-Dns-Prefetch-Control
X-ORACLE-DMS-ECID
X-Vhost
X-DynaTrace
X-Country
X-TTL
X-Cache-Lookup
X-Cdn
X-Rack-Cache
Pinterest-Generated-By
X-Origin-Upstream-Status
X-Url
X-Clacks-Overhead
NEL
X-Ua-Compatible
X-FTR-Request-ID
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Rating
X-Country-Code
X-Ruxit-JS-Agent
X-Dispatcher
X-CST
X-HW
X-ORACLE-DMS-RID
X-Instart-Request-ID
X-Goog-Hash
Fusion-Component-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
Fusion-Content-Id
X-DataStream-Cache-Status
X-PC
X-Vname
X-TtlSet
Edge-Control
X-Px
X-VARITI-CCR
X-DataDome
Service-Worker-Allowed
Verso
X-Mod-Pagespeed
X-MS-InvokeApp
X-Recruiting
RTSS
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja
X-Kinja-Server
X-Use-Magma
X-Exp-Id
X-Exp-Variant
X-Cdn-Fetch
X-Varnish-TTL
X-D2id
SPRequestGuid
X-Vcap-Request-Id
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
TCN
X-SharePointHealthScore
X-GitHub-Request-Id
X-Navigation-Version
Response
Display
X-Middleton-Display
X-Sol
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Middleton-Response
X-Akam-SW-Version
X-Powered-By-Plesk
MS-Author-Via
X-RateLimit-Remaining
X-ESI
Charset
X-Forwarded-Proto
Realpath
DynaTrace
X-Shield-Request-Id
X-Powered-CMS
X-Amz-Rid
X-Upstream
ServerID
X-B3-TraceId
Public-Key-Pins
X-Trace
X-Version
X-TEC-API-VERSION
X-TEC-API-ROOT
Fastly-Restarts
X-TEC-API-ORIGIN
Nginx-Cache
AR-ATIME
X-Cached
AR-CACHE
Ar-Sid
AR-PoweredBy
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
Content-MD5
X-Shard
X-Server-Name
X-Dw-Request-Base-Id
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
MRF-Tech
Mrf-Cache-Status
Accept-CH
Pagespeed
AR-Request-ID
X-Grace
Access-Control-Request-Method
Paypal-Debug-Id
X-MSEdge-Ref
Accept-Ch-Lifetime
SPIisLatency
X-Client-IP
SPRequestDuration
X-Goog-Storage-Class
X-DynaTrace-JS-Agent
S
X-Debug
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Expires
X-FTR-Realm
X-Id
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Backend
Accept-Ch
X-Ezoic-Cdn
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-FastCGI-Cache
X-Amz-Meta-S3cmd-Attrs
Front-End-Https
X-Fastly-Request-ID
X-B3-Traceid
X-N
X-T
X-Amzn-Trace-Id
X-NF-Request-ID
X-Vcache
Arr-Disable-Session-Affinity
X-DIS-Request-ID
X-Pinterest-Rid
MicrosoftSharePointTeamServices
Pinterest-Version
X-Upstream-Proxy
X-Content-Type
X-XRDS-Location
X-Hits
X-B3-Sampled
X-FTR-Cache-Host
X-Acc-Meta-Resource-Type
X-Frontend
PB-PID
X-Mobile-Rewrite
Arc-Version
PB-RID
X-Ser
X-Varnish-Age
X-Logged-In
Fastcgi-Cache
X-Content-Digest
Server-Name
X-Correlation-Id
Alternate-Protocol
X-VCache
X-Srv
X-Cache-Key
X-Node-Name
Nel
AMP-Access-Control-Allow-Source-Origin
X-Request-Handler-Origin-Region
X-Microsite
X-Pad
FilterID
X-User-Agent
X-Rid
X-Forwarded-For
TP-Cache
X-Type
TP-L2-Cache
Powered
Healthy
X-LB-Cache
X-IPLB-Instance
X-F-Cache
X-Request-Processing-Time
Host
X-Kinsta-Cache
X-Request-Received
X-Cache-2
X-Zen-Fury
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Revision
Edge-Cache-Tag
Powered-By-ChinaCache
X-Debug-Info
Accept-CH-Lifetime
X-AOL-HN
X-GUploader-UploadID
X-Via-JSL
X-Cached-By
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Backend-Timing
X-Analytics
X-Cache-Age
X-HS-Content-Id
X-Az
X-Activity-Id
X-HS-Hub-Id
X-AppVersion
X-Hostname
X-XRDS-LOCATION
X-Accel-Expires
X-Cache-Rule
X-Esi
Surrogate-Key
X-Varnish-Backend
VIX-Pulpo-Node
X-Content-Security-Policy-Report-Only
VIX-Pulpo-Upstream-Status
X-Content-Options
X-Instance
X-PHP-Backend
X-BCube-Filmed-By
X-RateLimit-Limit
X-Page-Id
X-Tumblr-Pixel
Server-Node
X-Varnish-Grace
X-Tumblr-User
X-Amz-Replication-Status
X-Tumblr-Pixel-0
X-Akamai-Edgescape
X-App-Environment
X-Jobs
X-Content-Powered-By
X-B-Cache
X-Signature
X-Request-Guid
X-Forwarded-Host
Cleartype
Refresh
Source
X-TT
X-Cluster
X-FB-Debug
Cache-Status
X-Framework
X-Server-ID
Liferay-Portal
X-FW-Static
X-FW-Hash
X-FW-Type
X-FW-Server
X-FW-Serve
X-Fastcgi-Cache
DC
X-ATG-Version
Tracecode
X-Varnish-Hostname
Accept-Charset
Access-Control-Allow-Method
Fastcgi-Useragent
X-Time
Host-Header
X-APP-VERSION
X-Mobile
X-Cache-Action
X-Cache-Operation
WPE-Backend
X-Whom
X-Drupal-Cache-Tags
X-Erf-Bev-Bev
X-Edge-Location
X-Cache-Control
X-Erf-Bev-Bev-Is-Generated
X-B
X-Response-Served-From
X-Hp-Webp
NGB
X-App-Server
X-Accel-Buffering
X-Mobile-URL
X-WA-Info
Payment
X-Storage
Actual-Object-TTL
X-Cache-Hit
Filters
X-Oracle-Dms-Rid
X-Presslabs-Stats
X-TX-ID
X-Git-Hash
X-WebKit-CSP-Report-Only
X-Content-Age
Cache-Tv-Group
Cache-Tag
X-TT-TIMESTAMP
X-Handled-By
Retry-After
Viewport
Upgrade-Insecure-Requests
X-RequestSource
X-Cacheable-TTL
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Tumblr-Pixel-2
X-GeoIP
X-Tumblr-Pixel-1
X-UA-Device-Type
X-NWS-LOG-UUID
Eomportal-Instance
X-RemovedCookies
X-Status
X-ProcessESI
X-Adobe-Content
X-Adobe-Loc
X-SS-Set-Cookie
X-Cache-TTL
MS-CV
X-Geo-Country
X-FW-Dynamic
X-TA-CDN-Provider
X-VG-WebCache
Webserver
X-Cache-TTL-Remaining
X-Seen-By
Xserver
X-FB-TRIP-ID
X-Host-Name
Ms-Operation-Id
X-RTag
Datacenter
X-B3-Spanid
X-Cache-Enabled
Frame-Options
Cache
Server-Info
X-Ratelimit-Limit
X-Hyper-Cache
From-Origin
X-Contextid
X-Origin-Server
X-Generated-By
X-Mode
Country
X-CF-Powered-By
S-Cnection
SRV
GEO-INFO
X-Path-Route
X-ES-SERVER
X-RN-RSRV
X-Cache-Var-Map
X-Cache-Var
X-Ratelimit-Reset
Load-Balancing
Meta-Geo
X-Cache-Config
X-Tumblr-Pixel-3
Machine
X-Cache-Grace
X-MP-GENERATED-AT
X-Upstream-HT
X-Zipkin-Id
Cache-Key
X-Proxied
X-Upstream-CT
X-Drupal-Cache-Contexts
X-Routing-Service
X-Section
X-Access
Vix-Hermes-Req-Id
ServedBy
X-Backend-Name
X-From
Rt-Fastcgi-Cache
Decoy-Debug-TTL
Decoy-Debug-Key
Decoy-Debug-Status
X-Hit
X-Human
X-Varnish-Cache-Hits
X-Varnish-Server
X-TNCMS
X-R9-Blue-Green-Version
X-Labrador-Cache-Channel
X-Loop
CACHE
X-Web-Node
X-PCL
X-OCL
Akamai-GRN
X-Proxy-Build
X-Region
X-Timing-Wait
X-Rule
Cache-Name
X-Magnolia-Registration
X-Cache-Host
X-AWS-Id
X-Akamai-Request-ID
X-Cluster-Node
X-EIG-Tracking-Id
X-LJ-Flow-ID
Now
X-Trace-Id
X-Origin-Response-Time
X-VWS-Id
X-Upgrade-Enabled
Mn-Server-Ip
X-VG-TLSProxy
X-Viewer-Country
X-Locale
DSUID
X-Www-Served-By
X-Site-Version
X-Device-Type
Release
X-L-Path
X-Endurance-Cache-Level
X-Environment-Context
X-FC-Vary-Parameters
X-Generated
X-Via-Fastly
X-NCache
X-Proto
X-Debug-Cache
X-JoinUs
X-Sorting-Hat-ShopId
X-Hosted-By
X-Goog-Meta-Goog-Reserved-File-Mtime
Mail-Subject
X-Rendered-As
X-NewRelic-App-Data
X-ShardId
X-ShopId
X-Shopify-Stage
DB-Nickname
X-Alternate-Cache-Key
We-Hiring
X-Sorting-Hat-PodId
X-Guploader-Uploadid
X-RateLimit-Reset
X-CCM
OT-Force-Account-Verify
ProcessTime
Version
X-Dc
X-Xfnlog-Site
X-S
X-IP
X-Time-Microsecs
X-Request-Time
Uber-Trace-Id
X-Load-Cache
X-RCS-CacheZone
X-VCT
X-Varnish-Hits
Time
NtCoent-Length
X-Akamai-Request-ID2
Webcakes-Region
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Privacy
X-Wix-Request-Id
Webcakes-App-Name
X-Origin-Hint
TWC-Device-Class
Webcakes-App-Version
TWC-Connection-Speed
Azure-SlotName
Azure-InstanceId
Azure-RegionName
Azure-SiteName
Cteonnt-Length
Azure-Version
X-FW-Version
S-Rt
Property-Id
X-PressLabs-Stats
X-Origin
X-Redis-Cache
X-EdgeConnect-Cache-Status
X-No-Session
NGX
X-UA
X-Via-CDN
X-Nginx-Cache
X-ProxyCache-Key
X-ProxyCache-Status
X-BYPASS-REASON
X-UUID
X-Proxy
X-GEO
X-CDN-Forward
X-Platform-Server
X-FireWall-Port
X-ECACHE
X-MServer
X-Vgn-Hpd-Reason
X-Cache-NE
X-Hl-Ver
X-Daa-Tunnel
X-PERF
X-Rocket-Nginx-Bypass
X-ApacheServer
X-HTML-Minification-Powered-By
X-IPS-LoggedIn
Odigeo-Trace-Id
X-Format
X-CS
Origin
X-Cache-Server
X-Akamai-Transformed
Ec-Rule-Version
Accept-Language
X-UnsetCookies
X-Oneagent-Js-Injection
Access-Control-Request-Headers
X-ServerID
X-Cache-Remote
Cache-Tags
X-Distributor
X-Tb
LB
X-Dynatrace-Js-Agent
Fastly-SSL
X-Real-IP
X-Amzn-Remapped-Content-Length
L5d-Success-Class
Hostname
X-Webkit-Csp
Selected-Fe
Proxy-Connection
X-SERVER-NAME
X-NC
X-B3-Parentspanid
X-Pubstack
X-Microcachable
X-Unique-ID
Served-By
X-Compress-Hint
Fastly-SIE
Fastcgi-X-Cache-Version
AKAMAI
X-DPWN-IS-SECURE
GEO-REGION-INFO
X-Date
Fly-Cache
X-Developer
X-Detected-As
X-Destination
Fly-Request-Id
Fastly-SWR
A
Cache-Cookie-Set-From
BehaviorPad-Version
X-Cdn-Srv
Meta-Geo-Continent
X-Generated-On
X-D
Cross-Origin-Window-Policy
X-Cache-Bucket
MD5-Digest
X-CF-Lambda-Fn
Mobile-Detection-Method
X-Instart-Info
X-External-Request-Id
X-CF-Lambda-Version
Arc-Country
X-Geo-Header
X-G
X-IN-APIGATEWAY
AsisCache
X-Edge-Server
X-BACKEND-TTL
X-Rebelmouse-Surrogate-Control
Cdn-Host
X-A-Wwc
X-A-Dgt
X-A-Dcw
X-Region-Sid
Server-ID
X-Accel-Expires-Debug
X-Internal-Host
X-AIR-PT
Rt-Proxy-Cache
X-Aed
X-Rebelmouse-Cache-Control
X-Connection-Hash
X-A-Dam
X-Server-Time
Content-Style-Type
X-Rojux
X-S-Cookie
X-S-Maxage
X-Worker
X-ScT
X-Rewrite-Enabled
X-Request-UUID
X-A-Ccd
Xc-Version
X-A
Cdn-Request-Time
VivaBuild
Viewtype
X-SVT-ORM-RULES
X-SRCache-Key
X-Vtex-Processado-Em
X-Level-Front-Cache
X-VG-WebServer
X-SVT-ORM-VERSION
X-Varnish-Cacheable
X-Varnish-Url
Content-Script-Type
Proxy-Firewall
X-ARC
X-Vtex-Remote-Cache
X-NU-AKA-ACS-Version
X-Cluster-Name
X-B-Cookie
Rendered-Blocks
Cache-Cookie-Set-Lfrom
X-App-Name
Request-Time
REQUESTUUID
X-Is-Bot
Node
Cache-Prefix
X-Transaction
X-Org
Cache-Cookie-Set-Idcheck
X-Twitter-Response-Tags
X-Trv-Group
X-PAYTM-SRV-ID
X-Application
X-ElasticPress-Search
IBM-Web2-Location
ServerName
Origin-Cache-Control
Origin-Edge-Control
X-URL
Esi-Enabled
Countrycode
X-Backend-State
Resin-Trace
Request-EU
Request-Country
Section-Io-Cache
Server-Int
W
UCS
On-Server
X-BBXSRF
Ha-Gx-Prefs
X-CGP
Gh-Request-Id
HA-Ipaddr
X-Cdn-Origin
Memcached
X-Cache-Info
X-Clientip
X-We-Are-Hiring
Content-Disposition
X-Method
X-HS-Combine-CSS
X-HS-Cache-Config
X-Fastly-Cache
X-C
X-Nginx-Cache-Key
X-NX-Host
X-ServiceProvider
X-Server-IP
X-Skip-Cache
X-Sn-Servicetimems
X-TrackingId
X-Qloud-Router
X-Eu-Site
X-Location
X-Debug-Cookies
X-Debug-Log
X-Developers
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
X-Core-Mission
Backend-Name
Apple-News-Services-Request-Url
X-Distil-CS
Apple-News-Services-Host
X-Grey
X-Cache-Category-Id
X-Crawler
X-Wikidot-Backend
X-SIPLIST1
X-Reboot
X-Gen-Mode
X-Proxy-Upstream
X-Generation-Time
X-Gannett-Site-Version
X-Release
Wxu-Next-Commit
X-FPC
X-Request-URI
Wxu-Next-Hostname
Wxu-Next-Region
Kp-EeAlive
X-Reqid
X-Wikidot-Static-Cache
X-Servername
X-Proxy-Cache-Status
X-Key
X-Block-Status
X-Webstats-RespID
X-Auto-Login
X-Irp-Debug
X-Secret
X-Bip
X-Dispatch
X-Device-Os
X-Hash
X-Cache-Id
X-TH-Server
X-PHP-Host
X-Swa-Ws
X-Thanos
X-Epic-Correlation-Id
Who
X-GeoIP-Country-Code
X-Variation
X-Hnp-Log
RNT-Machine
Adler-Geo
Pramga
IsBot
RNT-Time
Web-Mar-Node
Fastly-Soc-X-Request-Id
Powered-By
L
N-Cache
Platform
X-Cache-Backend
CDCHOST
Is-Eu
True-Client-Country-4JS
SS
GW-Server
User-Cache-Control
Server-Host
Country-Code
Heartbleed
X-SERVER
Locale
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Thinkindot-L3
X-Cms-Context
X-VServer
X-Li-Fabric
X-VC-Cache
X-CUA
X-Request-Start
X-Origin-Date
X-Origin-Expires
X-Matched-Rule
X-LI-UUID
X-Li-Pop
X-LI-Proto
X-Owner
X-Pf-Uncompressing
X-Response-By
X-SD-PageType
X-Edge
X-Fetched-On
X-GeoIP-City
X-Dispatcher-Server
X-Nc
SD-X-WS
PFcat
X-Amz-Meta-Cache-Control
X-WADP-Cache
X-Azure-Ref-OriginShield
X-Azure-Ref
Thinkindot-CacheControl
X-Cache-FS-Status
V-Age
X-WebServer
X-Clara-WADP
Thinkindot-CacheControl-Type
Thinkindot-Control
X-CDN-Cache
CF-IPCountry
X-OVcl
X-OVcl-Cache
X-FE
X-Varnish-Ttl
User-Agent
Magicmarker
X-Via-NSCOPI
X-Processor
X-Hello
X-CLOUD-TRACE-CONTEXT
X-Served-From
X-ABtesting
X-Flog
X-Powered-By-Defense
PageSpeed
X-Via-SSL
X-Via-Edge
Pagetype
X-Parent-Response-Time
X-LAGOON
X-Ratelimit-Remaining
X-Be
Mime-Version
Memory
X-Generated-In
X-Backend-Url
X-Backend-Host
X-User
X-ND-Cache
X-Up
X-GoCache-CacheStatus
X-Datadome
X-Varnish-Beresp-Ttl
X-Tt-Trace-Tag
X-Protected-By
X-MSEdge-Features
X-MSEdge-Flight
X-Newrelic-Synthetics
X-Ua
X-Debug-Cache-Store
X-Page-Type
X-Debug-Cache-Fetch
X-Soup
X-Debug-Cache-Expiry
X-Fstrz
Pragrma
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Ttl
X-COUNTRY
X-Planisys-CDN-Rules
X-Geo
X-Cache-Ttl
Cache-Hits
X-Backend-TTL
X-Origin-CC
X-Origin-TTL
X-ZONE
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
GeoIp-Country-Code
X-Oss-Server-Time
X-Oss-Storage-Class
Geoip-Latitude
X-Check-Cacheable
Geoip-City
Dynatrace
X-B3-SpanId
X-Say-Cacheable
X-SayCDN-TTL
X-Say-TTL
X-Akamai-SSL-Client-Sid
X-Zone
X-Phone
X-Core-Value
X-IN-WAF
X-Old-Content-Length
XServer
X-Litespeed-Cache
X-CSRF-TOKEN
X-Cache-Time
X-Servedbyhost
X-DC
X-Varnish-Beresp-Grace
X-TT-LOGID
X-Varnish-Beresp-Status
WZWS-RAY
X-Cdn-Forward
X-HS-Status
Fastly-Backend-Name
Cdn
SN
X-Node-Id
Ajk
X-VCL-Version
X-BC
X-IN-APIGATEWAYSSL
X-Aicache-OS
Inserted-Into-Cache-At
X-Logtrace-Id
X-Birta-Served
X-Mid
Amp-Access-Control-Allow-Source-Origin
X-Birta-Cache-Post
X-MID
X-Ruxit-Js-Agent
FSS-Proxy
X-Vcl-Version
FSS-Cache
X-FORWARDED-FOR
X-EC-Lua
X-UPSTREAM-Address
X-ServedByHost
X-APP
X-Tb-Optimization-Total-Bytes-Saved
X-Varnish-IP
X-RateLimit-Limit-Second
X-Wa
X-Real-Ip
X-Tec-Api-Root
X-Amzn-Remapped-Date
Selected-FE
X-Tec-Api-Version
X-RateLimit-Remaining-Second
X-Amzn-Remapped-Connection
X-Info
X-Tec-Api-Origin
X-Cache-ASPX
X-Source
Xkeyrz
X-Contensis-Viewer-Groups
Server-Cache-Control
HostName
X-Refresh
HitType
X-Varnish-Authentication
CF-Cached-On
Server-Surrogate-Control
X-Proxy-Cacherz
X-Cache-Debug
T-Server
PICS-Label
X-Agile
X-Agile-Id
RequestId
X-Agile-Age
X-Bc
X-CSRF-Token
Srv
GeoIP-Country-Code
X-GDPR
Ohc-File-Size
X-PJAX-URL
X-Render-Time
X-LiteSpeed-Cache-Control
X-App-Version
X-Nananana
MIME-Version
GeoIP-City
X-WR-MODIFICATION
GeoIP-Latitude
X-TIME
X-ECache
Ohc-Cache-HIT
X-Via-Ucdn
X-Varnish-Beresp-TTL
WebServer
X-NWS-UUID-VERIFY
DataCenter
Cf-Ipcountry
X-LB-ID
SID
X-Policy
X-Fastly-Country-Code
X-Web-Server
URI
Get-Access-Time
X-Micro-Cache
Is-Session-Tracking
X-Cache-Tag
X-Unique-Id
X-Uri
X-PAGE-TYPE
X-SRV
X-BE
Xkeynj
X-CACHE-KEY
X-Requestid
CDN
X-Cache-Miss-From
X-Request-Url
X-Sedo-Request-Id
X-Fastly-Backend-Reqs
Cache-Provider
X-NGINX-Cache
X-Lb-Id
X-Service
Group
X-MCACHE
X-GRACE
X-Pjax-Url
X-Var-Ttl
Lb
HTTPS
Xet-Cookie
X-JWT-State
Pics-Label
X-Edge-IP
X-Vct
X-Is-Gdpr
X-Apw-Access-Action
X-Has-Esi
Www
Backend
Cneonction
X-Apw-Access-Object
X-NGENIX-Cache
X-Apw-Access-Token
X-SN
X-Swift-Error
X-Apw-Hits
Ohc-Response-Time
X-Dw-Trace-Id
X-Cdn-Request-ID
FNAC-ModuleRouting
X-Ecache
X-Cache-Expires
Warning
Correlation-Id
X-Cf-Powered-By
Host-ID
X-Instart-Isnd
X-WA
X-Newrelic-App-Data
X-Akamai-ERPolicy
X-Litespeed-Cache-Control
X-Bug-Bounty
X-Akamai-ERRuleID
Lfy
X-Fastly-Cache-Hits
X-Fe
X-Html-Edge-Cache
Requestid
X-RPM
X-DW
X-RPS
X-RSL
X-Fpc
X-PF-Uncompressing
X-DSS
X-DI
X-Flow-Id
X-ServerName
X-Page-Impression-Id
X-Zalando-Child-Request-Id
X-DB
X-Serial