Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
CF-Cache-Status
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
P3P
X-Served-By
X-Xss-Protection
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
P3p
X-Adblock-Key
X-Drupal-Cache
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
Status
X-Template
X-Language
Timing-Allow-Origin
Content-Encoding
X-Content-Security-Policy
X-Iinfo
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Amz-Request-Id
X-Amz-Id-2
X-Pingback
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Hacker
X-Proxy-Cache
Grace
X-Server-Powered-By
EagleId
X-Varnish-Cache
X-UA-Device
X-Nginx-Cache-Status
Request-Context
Cf-Railgun
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
X-WebKit-CSP
X-LiteSpeed-Cache
X-Ua-Compatible
Ali-Swift-Global-Savetime
Feature-Policy
X-Device
Server-Timing
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Ac
X-Host
Report-To
X-Rq
X-OneAgent-JS-Injection
Content-Location
X-Server-Id
X-Node
X-Backend-Server
X-Request-ID
X-Response-Time
X-Cnection
EagleEye-TraceId
X-Origin-Cache
X-Cloud-Trace-Context
X-Application-Context
Allow
Request-Id
Surrogate-Control
X-Readtime
X-Dns-Prefetch-Control
X-Cache-Lookup
X-Country
X-ORACLE-DMS-ECID
Pinterest-Generated-By
X-ORACLE-DMS-RID
X-Url
X-Ruxit-JS-Agent
X-Cdn
X-Clacks-Overhead
X-Rack-Cache
X-DynaTrace
X-Vhost
X-Origin-Upstream-Status
X-CST
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-HW
NEL
Rating
X-FTR-Request-ID
X-Country-Code
X-TTL
X-Goog-Hash
X-Instart-Request-ID
X-Dispatcher
Edge-Control
X-Px
X-DataStream-Cache-Status
X-TtlSet
X-Vname
X-PC
Fusion-Component-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Source
Fusion-Template-Id
X-VARITI-CCR
Service-Worker-Allowed
X-Mod-Pagespeed
X-ESI
X-MS-InvokeApp
Verso
SPRequestGuid
X-B3-TraceId
X-Recruiting
X-Exp-Variant
X-Kinja-Revision
X-GoogleNews-Bot
X-Cdn-Fetch
X-Use-Magma
X-Kinja-Server
X-Kinja
X-Exp-Id
X-Kinja-Build
X-DataDome
X-D2id
X-Server-Name
X-Vcap-Request-Id
X-Varnish-TTL
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
X-SharePointHealthScore
X-Powered-By-Plesk
X-RateLimit-Remaining
Accept-Ch-Lifetime
Response
Display
X-Sol
TCN
X-Middleton-Response
X-Middleton-Display
X-GitHub-Request-Id
X-Navigation-Version
DynaTrace
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Content-MD5
RTSS
Charset
AR-PoweredBy
AR-ATIME
AR-CACHE
Ar-Sid
X-Akam-SW-Version
MS-Author-Via
X-Amz-Rid
X-Trace
ServerID
AR-Request-ID
X-Shield-Request-Id
X-Goog-Metageneration
Realpath
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Dw-Request-Base-Id
X-Cached
X-Powered-CMS
X-Version
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
Nginx-Cache
X-DynaTrace-JS-Agent
X-Server-ID
X-Forwarded-Proto
X-Shard
X-VCache
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Proxy
X-Goog-Storage-Class
X-Upstream
Public-Key-Pins
SPRequestDuration
Accept-Ch
SPIisLatency
X-Client-IP
Paypal-Debug-Id
X-MSEdge-Ref
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
Mrf-Cache-Status
MRF-Tech
Pagespeed
S
Access-Control-Request-Method
Fastly-Restarts
X-Amz-Meta-S3cmd-Attrs
X-Ezoic-Cdn
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Backend
X-FTR-Balancer
X-Debug
X-Country-Code-Real
X-Id
X-FTR-Expires
X-DIS-Request-ID
Accept-CH
X-T
X-Fastly-Request-ID
X-Ser
X-N
Alternate-Protocol
MicrosoftSharePointTeamServices
X-Mobile-Rewrite
PB-RID
PB-PID
Arc-Version
X-Varnish-Age
Arr-Disable-Session-Affinity
X-NF-Request-ID
Fastcgi-Cache
X-Acc-Meta-Resource-Type
X-Hits
Front-End-Https
X-Content-Type
X-XRDS-Location
X-B3-Sampled
X-Amzn-Trace-Id
X-FTR-Cache-Host
X-Frontend
X-Grace
Nel
X-Logged-In
Server-Name
X-Content-Digest
X-Pad
Host
X-Srv
X-Forwarded-For
X-Fastcgi-Cache
AMP-Access-Control-Allow-Source-Origin
X-Microsite
X-Node-Name
X-Request-Handler-Origin-Region
FilterID
X-FastCGI-Cache
Powered-By-ChinaCache
X-Correlation-Id
Healthy
X-Debug-Info
TP-L2-Cache
TP-Cache
X-LB-Cache
X-Kinsta-Cache
X-Rid
X-Type
Edge-Cache-Tag
X-IPLB-Instance
X-AOL-HN
X-Request-Received
X-Request-Processing-Time
X-User-Agent
X-XRDS-LOCATION
X-HS-Content-Id
X-HS-Hub-Id
X-Cached-By
X-Cache-2
X-GUploader-UploadID
X-Hostname
X-Cache-Rule
X-Revision
Surrogate-Key
Powered
X-Accel-Expires
X-F-Cache
X-Vcache
X-Page-Id
X-Cache-Age
X-Analytics
Backend-Timing
X-Zen-Fury
X-Amzn-RequestId
X-Amz-Apigw-Id
X-RateLimit-Limit
X-Content-Security-Policy-Report-Only
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Content-Options
X-BCube-Filmed-By
X-Varnish-Grace
X-Varnish-Backend
X-Cache-Key
X-Jobs
Source
X-Cluster
X-FB-Debug
Cache-Status
X-PHP-Backend
X-Amz-Replication-Status
X-Content-Powered-By
X-Instance
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
X-Request-Guid
X-TT
X-App-Environment
WPE-Backend
Cleartype
X-Akamai-Edgescape
X-Framework
Tracecode
X-Activity-Id
X-Varnish-Hostname
X-AppVersion
X-Az
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Cache-TTL
Server-Node
Host-Header
X-Mobile
Refresh
X-Forwarded-Host
X-Via-JSL
X-NWS-LOG-UUID
X-Cache-Operation
X-Cache-Control
X-ATG-Version
Actual-Object-TTL
X-TA-CDN-Provider
X-FW-Serve
X-FW-Hash
Accept-Charset
X-FW-Server
X-FW-Type
X-FW-Static
X-Time
X-B-Cache
X-Drupal-Cache-Tags
X-Signature
DC
X-Cache-Action
X-B3-Traceid
X-Whom
X-Accel-Buffering
X-Edge-Location
X-App-Server
Upgrade-Insecure-Requests
X-Cache-Hit
Access-Control-Allow-Method
X-Response-Served-From
X-Storage
X-TX-ID
Liferay-Portal
Payment
X-UA-Device-Type
X-Mobile-URL
X-WebKit-CSP-Report-Only
X-Hp-Webp
X-Handled-By
X-Yottaa-Metrics
X-TT-TIMESTAMP
X-VG-WebCache
X-Yottaa-Optimizations
Fastcgi-Useragent
X-RequestSource
X-GeoIP
Filters
X-Cacheable-TTL
Server-Info
X-SS-Set-Cookie
X-Content-Age
Cache
Eomportal-Instance
X-Git-Hash
X-B
X-Geo-Country
X-RemovedCookies
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-ProcessESI
X-Adobe-Loc
Viewport
X-Adobe-Content
Webserver
Cache-Tv-Group
Xserver
X-Litespeed-Cache
X-FB-TRIP-ID
X-WA-Info
Cache-Tag
X-Cache-TTL-Remaining
X-Ratelimit-Reset
Datacenter
Retry-After
X-Cache-Enabled
X-Presslabs-Stats
X-Ratelimit-Limit
X-Contextid
X-Status
NGB
X-Seen-By
S-Cnection
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-FW-Dynamic
X-CF-Powered-By
X-Ttl
X-Origin-Server
X-Mode
X-Magnolia-Registration
X-Real-IP
X-Guploader-Uploadid
X-Host-Name
X-APP-VERSION
X-Varnish-Hits
X-Rendered-As
X-Daa-Tunnel
Country
Meta-Geo
X-Cache-Config
Machine
X-VCT
X-Path-Route
Load-Balancing
X-ES-SERVER
X-RN-RSRV
X-Cache-NE
X-Cache-Var
X-Cache-Var-Map
X-LJ-Flow-ID
We-Hiring
X-AWS-Id
Mail-Subject
X-Zipkin-Id
X-VWS-Id
Vix-Hermes-Req-Id
GEO-INFO
X-Human
From-Origin
Cache-Key
Release
X-Cache-Host
DSUID
X-Cache-Grace
X-Proxied
X-Labrador-Cache-Channel
MS-CV
X-Routing-Service
X-Web-Node
X-Access
X-Section
X-Hit
X-PCL
X-Debug-Cache
ServedBy
Uber-Trace-Id
X-OCL
X-Backend-Name
X-Viewer-Country
X-Upstream-HT
X-Varnish-Cache-Hits
X-Varnish-Server
X-Device-Type
Mn-Server-Ip
X-Upstream-CT
X-TNCMS
X-Loop
X-RCS-CacheZone
Frame-Options
Now
X-BYPASS-REASON
X-Tumblr-Pixel-3
X-MP-GENERATED-AT
X-CCM
X-Cluster-Node
X-EIG-Tracking-Id
X-Origin-Response-Time
X-Upgrade-Enabled
X-Proto
X-ProxyCache-Status
X-Akamai-Request-ID
X-ProxyCache-Key
X-VG-TLSProxy
X-Rule
Rt-Fastcgi-Cache
OT-Force-Account-Verify
X-Redis-Cache
X-Cache-Remote
X-Hyper-Cache
Akamai-GRN
X-Xfnlog-Site
X-FC-Vary-Parameters
X-Proxy-Build
X-R9-Blue-Green-Version
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Platform-Server
X-Region
X-L-Path
X-S
X-Hosted-By
X-Environment-Context
X-Generated
X-Timing-Wait
X-JoinUs
X-From
NGX
X-NCache
X-Via-Fastly
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-ShopId
X-Shopify-Stage
X-ShardId
X-Alternate-Cache-Key
Cache-Name
X-UUID
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
X-Trace-Id
X-Site-Version
X-Endurance-Cache-Level
X-Www-Served-By
X-PressLabs-Stats
X-Nginx-Cache
X-Hl-Ver
X-Locale
X-Generated-By
DB-Nickname
X-EdgeConnect-Cache-Status
Ms-Operation-Id
X-RTag
X-GRACE
X-NewRelic-App-Data
X-Vgn-Hpd-Reason
X-ServerID
X-Drupal-Cache-Contexts
X-Rocket-Nginx-Bypass
X-ECACHE
Cteonnt-Length
X-MServer
X-Dc
X-Load-Cache
ProcessTime
Accept-CH-Lifetime
X-Wix-Request-Id
X-IPS-LoggedIn
L5d-Success-Class
X-Request-Time
X-IP
Time
X-Time-Microsecs
Served-By
S-Rt
NtCoent-Length
X-RateLimit-Reset
X-Microcachable
X-Esi
X-Origin
X-Cache-Backend
X-Via-CDN
Version
X-B3-Spanid
X-Origin-Hint
TWC-Locale-Group
TWC-Privacy
TWC-GeoIP-Country
TWC-Connection-Speed
Origin
TWC-Device-Class
X-Pubstack
TWC-GeoIP-LatLong
Webcakes-App-Name
Webcakes-App-Version
Property-Id
Origin-Cache-Control
Webcakes-Region
Origin-Edge-Control
X-Unique-ID
X-FW-Version
X-Nc
Fastcgi-X-Cache-Version
X-UA
Access-Control-Request-Headers
Azure-RegionName
Azure-Version
Azure-SiteName
X-Oneagent-Js-Injection
Azure-InstanceId
Azure-SlotName
PageSpeed
X-BACKEND-TTL
X-Cache-Server
X-Cache-Category-Id
X-Proxy
X-Grey
X-GEO
X-FireWall-Port
X-No-Session
X-Distributor
CACHE
X-Datadome
X-Via-NSCOPI
X-Detected-As
Fastly-SSL
X-Is-Bot
Hostname
X-PERF
Cache-Tags
X-ApacheServer
X-Webkit-Csp
IBM-Web2-Location
X-Format
X-Cdn-Forward
X-Powered-By-Defense
X-Edge
Proxy-Connection
Odigeo-Trace-Id
X-Varnish-Cacheable
X-HTML-Minification-Powered-By
Backend-Name
SRV
Ha-Gx-Prefs
HA-Ipaddr
Rt-Proxy-Cache
Request-EU
BehaviorPad-Version
AsisCache
Request-Time
Request-Country
Rendered-Blocks
Fly-Cache
Fly-Request-Id
GEO-REGION-INFO
Server-ID
Fastly-SWR
Ec-Rule-Version
Content-Style-Type
Fastly-SIE
Node
Content-Script-Type
X-Worker
Cdn-Host
Cache-Prefix
Mobile-Detection-Method
Meta-Geo-Continent
Proxy-Firewall
Cross-Origin-Window-Policy
MD5-Digest
X-CGP
X-Org
X-NX-Host
X-PAYTM-SRV-ID
X-Processor
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-NU-AKA-ACS-Version
X-ND-Cache
X-G
X-Fstrz
X-HS-Cache-Config
X-HS-Combine-CSS
X-Instart-Info
X-IN-APIGATEWAY
X-Region-Sid
X-Request-UUID
X-Twitter-Response-Tags
X-Trv-Group
Xc-Version
X-VG-WebServer
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-Transaction
X-SRCache-Key
X-Rojux
X-Rewrite-Enabled
X-S-Cookie
X-S-Maxage
X-Server-Time
X-ScT
X-External-Request-Id
X-Eu-Site
X-Aed
X-Accel-Expires-Debug
X-AIR-PT
X-App-Name
X-ARC
X-Application
X-A-Wwc
X-A-Dgt
VivaBuild
Viewtype
X-A
X-A-Ccd
X-A-Dcw
X-A-Dam
X-B-Cookie
X-Cache-Bucket
X-Debug-Log
X-Debug-Cookies
X-Destination
X-Developer
X-Edge-Server
X-DPWN-IS-SECURE
X-Date
X-D
X-CF-Lambda-Version
X-CF-Lambda-Fn
Arc-Country
X-Cluster-Name
X-Connection-Hash
ServerName
Cdn-Request-Time
A
X-Ua
X-Akamai-Transformed
X-CS
Mime-Version
X-Cdn-Srv
X-Cache-Id
X-Cache-Info
X-Core-Mission
X-Dispatcher-Server
X-Backend-State
X-Clientip
RNT-Time
On-Server
X-B3-Parentspanid
Memcached
Platform
Resin-Trace
Server-Host
X-Epic-Correlation-Id
RNT-Machine
True-Client-Country-4JS
X-Generated-On
X-Variation
X-Request-URI
X-Reqid
X-Server-IP
X-ServiceProvider
X-TH-Server
X-Sn-Servicetimems
X-Qloud-Router
X-PHP-Host
X-GeoIP-Country-Code
X-Geo-Header
Is-Eu
X-Hash
X-Irp-Debug
X-Level-Front-Cache
X-Key
X-We-Are-Hiring
X-Cdn-Origin
Countrycode
Apple-News-Services-Request-Url
Adler-Geo
X-C
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Country-Code
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-UnsetCookies
X-Fastly-Cache
X-Fetched-On
X-Gannett-Site-Version
X-Gen-Mode
Content-Disposition
X-Hnp-Log
X-Dispatch
X-Webstats-RespID
X-CDN-Cache
X-Block-Status
X-BBXSRF
AKAMAI
X-Crawler
X-Distil-CS
X-Developers
X-WebServer
X-ElasticPress-Search
X-LI-UUID
X-Servername
X-Secret
X-SD-PageType
X-Wikidot-Static-Cache
X-Skip-Cache
X-SVT-ORM-RULES
X-Tb
X-Swa-Ws
X-SVT-ORM-VERSION
X-Response-By
X-Request-Start
X-Amz-Meta-Cache-Control
X-LI-Proto
X-Li-Pop
X-Li-Fabric
X-Location
X-Nginx-Cache-Key
X-Reboot
X-Protected-By
X-Internal-Host
CDCHOST
X-Device-Os
Wxu-Next-Region
REQUESTUUID
SD-X-WS
PFcat
V-Age
Wxu-Next-Commit
Wxu-Next-Hostname
Section-Io-Cache
Server-Int
SS
Pramga
X-Wikidot-Backend
Gh-Request-Id
UCS
Who
User-Cache-Control
Web-Mar-Node
X-Parent-Response-Time
X-Compress-Hint
X-Via-Edge
X-VServer
Thinkindot-CacheControl
X-Generation-Time
Thinkindot-CacheControl-Type
X-GeoIP-City
Thinkindot-Control
X-Owner
GW-Server
Pragrma
X-SIPLIST1
IsBot
X-Thanos
Heartbleed
X-Thinkindot-L3
X-Served-From
X-Release
X-Origin-Date
X-Method
X-Origin-Expires
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Matched-Rule
X-Via-SSL
Fastly-Soc-X-Request-Id
X-Cache-FS-Status
Esi-Enabled
X-Bip
X-Cms-Context
X-Auto-Login
X-Birta-Cache-Post
X-Birta-Served
X-Origin-CC
X-Origin-TTL
X-Be
X-Akamai-Request-ID2
X-IN-WAF
X-OVcl-Cache
Powered-By
LB
X-VC-Cache
X-CDN-Forward
X-Phone
X-OVcl
X-Core-Value
X-B3-SpanId
X-Varnish-IP
X-Varnish-Ttl
X-App-Version
X-FPC
HitType
Selected-FE
X-CLOUD-TRACE-CONTEXT
Memory
X-Azure-Ref-OriginShield
X-Azure-Ref
X-Ratelimit-Remaining
X-CUA
X-LAGOON
X-NC
X-Info
X-CACHE-KEY
X-Geo
X-Clara-WADP
Accept-Language
X-Varnish-Url
X-WADP-Cache
W
X-Dynatrace-Js-Agent
CF-IPCountry
X-Page-Type
L
X-Source
X-Proxy-Cache-Status
X-Proxy-Upstream
N-Cache
X-Varnish-Beresp-Ttl
X-Web-Server
X-URL
Cdn
X-FE
X-TrackingId
X-Zone
Kp-EeAlive
X-Pf-Uncompressing
X-Cache-Debug
X-Agile-Age
X-Agile
X-Agile-Id
User-Agent
X-Amzn-Remapped-Content-Length
X-Varnish-Beresp-Grace
Selected-Fe
X-Varnish-Beresp-Status
X-Urbn-Context-Path
X-DC
Locale
X-Urbn-Site-Id
X-Refresh
Geoip-City
X-TT-LOGID
GeoIp-Country-Code
Geoip-Latitude
Magicmarker
CF-Cached-On
X-Servedbyhost
Pagetype
X-Vcl-Version
X-Hello
X-HS-Status
X-ABtesting
X-Flog
X-MID
X-NWS-UUID-VERIFY
X-Mid
X-Backend-TTL
X-Check-Cacheable
X-Real-Ip
X-User
X-Generated-In
Ohc-File-Size
X-Newrelic-Synthetics
Ohc-Cache-HIT
X-Backend-Host
X-Backend-Url
X-Aicache-OS
SN
Group
X-Ruxit-Js-Agent
Amp-Access-Control-Allow-Source-Origin
FSS-Cache
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
FSS-Proxy
X-ServedByHost
HTTPS
X-APP
X-Debug-Cache-Store
X-Tt-Trace-Tag
X-Soup
X-ZONE
X-UPSTREAM-Address
X-VCL-Version
X-Up
X-GoCache-CacheStatus
X-MSEdge-Features
X-MSEdge-Flight
X-Tb-Optimization-Total-Bytes-Saved
Www
Backend
WZWS-RAY
GeoIP-Country-Code
Srv
RequestId
X-SN
Cf-Ipcountry
X-EC-Lua
X-Oss-Storage-Class
Server-Surrogate-Control
X-Varnish-Authentication
GeoIP-City
X-Instart-Isnd
X-Cache-ASPX
GeoIP-Latitude
X-Oss-Hash-Crc64ecma
HostName
X-Oss-Server-Time
X-Oss-Object-Type
Server-Cache-Control
X-Oss-Request-Id
X-Contensis-Viewer-Groups
X-NGENIX-Cache
X-Akamai-SSL-Client-Sid
X-CSRF-Token
X-Via-Ucdn
X-Bc
X-Varnish-Beresp-TTL
X-Cache-Expires
X-COUNTRY
X-Oracle-Dms-Rid
X-SayCDN-TTL
X-Amzn-Remapped-Connection
Host-ID
X-BC
X-Say-Cacheable
Lb
X-Say-TTL
X-Old-Content-Length
X-ECache
X-Amzn-Remapped-Date
X-Nananana
Xkeyrz
URI
X-Cache-Tag
X-Varnish-Action
X-PF-Uncompressing
X-Proxy-Cacherz
Epwk-Cache
XServer
X-Unique-Id
X-Dynatrace
Fastcgi-X-Cache
Requestid
X-AssetVersion
X-PAGE-TYPE
Inserted-Into-Cache-At
X-Node-Id
Fastly-Backend-Name
X-FORWARDED-FOR
X-WR-MODIFICATION
Xkeynj
Get-Access-Time
X-TIME
Is-Session-Tracking
X-Fastly-Country-Code
X-LiteSpeed-Cache-Control
Cache-Hits
X-MCACHE
WebServer
X-Cache-Ttl
X-Edge-IP
Ajk
X-Sf
X-Requestid
X-Cache-Miss-From
X-Request-Url
X-Correlation-ID
X-IN-APIGATEWAYSSL
X-SERVER-NAME
X-Logtrace-Id
FNAC-ModuleRouting
X-Var-Ttl
X-Sedo-Request-Id
Dynatrace
Cneonction
Cache-Provider
X-Svr
X-Pjax-Url
X-CSRF-TOKEN
X-Fastly-Backend-Reqs
X-Cache-Time
X-SRV
DataCenter
Xet-Cookie
X-Fpc
X-Lb-Id
X-RateLimit-Remaining-Second
X-Fastly-Cache-Hits
X-Swift-Error
CDN
Correlation-Id
X-RateLimit-Limit-Second
X-WA
Pics-Label
X-NGINX-Cache
X-Dw-Trace-Id
X-Policy
X-BE
Sid
X-Wa
X-Apw-Access-Object
X-Apw-Access-Action
X-Apw-Access-Token
X-Apw-Hits
X-RSL
X-RPS
X-RPM
X-ServerName
PICS-Label
T-Server
X-Akamai-ERRuleID
X-WPE-Loopback-Upstream-Addr
X-Html-Edge-Cache
Lfy
RequestUuid
X-LiteSpeed-Tag
X-App
X-Alicdn-Da-Ups-Status
Ohc-Response-Time
Warning
X-Bug-Bounty
X-DB
X-DI
X-DSS
X-Zalando-Child-Request-Id
X-Page-Impression-Id
X-Akamai-ERPolicy
X-Flow-Id
X-DW