Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
CF-Cache-Status
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Alt-Svc
X-Adblock-Key
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Age
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Request-Id
X-Amz-Id-2
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
EagleId
Grace
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Server-Id
X-WebKit-CSP
Server-Timing
Feature-Policy
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Host
Report-To
X-Rq
X-Ac
X-Node
Content-Location
X-OneAgent-JS-Injection
X-Request-ID
X-Cnection
X-Response-Time
X-Backend-Server
X-Cloud-Trace-Context
X-Origin-Cache
X-Application-Context
X-Readtime
Request-Id
Allow
Surrogate-Control
EagleEye-TraceId
X-ORACLE-DMS-ECID
X-Vhost
X-DynaTrace
X-Country
X-TTL
X-Cdn
X-Cache-Lookup
X-Rack-Cache
Pinterest-Generated-By
X-Origin-Upstream-Status
X-Url
X-Clacks-Overhead
NEL
X-Ua-Compatible
X-FTR-Request-ID
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Rating
X-Country-Code
X-Ruxit-JS-Agent
X-Dispatcher
X-Dns-Prefetch-Control
X-CST
X-HW
X-ORACLE-DMS-RID
X-Goog-Hash
X-Instart-Request-ID
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Template-Id
X-DataStream-Cache-Status
X-PC
X-Vname
X-DataDome
X-TtlSet
Edge-Control
X-Px
X-VARITI-CCR
Service-Worker-Allowed
Verso
X-Mod-Pagespeed
X-MS-InvokeApp
X-Recruiting
RTSS
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Build
X-Kinja
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Exp-Variant
X-GoogleNews-Bot
X-Varnish-TTL
X-D2id
SPRequestGuid
X-Vcap-Request-Id
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
TCN
X-GitHub-Request-Id
X-SharePointHealthScore
X-Navigation-Version
Display
Response
X-Sol
X-Middleton-Response
X-Middleton-Display
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Akam-SW-Version
X-Powered-By-Plesk
MS-Author-Via
X-RateLimit-Remaining
X-ESI
Charset
X-Forwarded-Proto
Realpath
DynaTrace
X-Shield-Request-Id
X-Powered-CMS
X-Amz-Rid
X-Upstream
ServerID
X-B3-TraceId
Public-Key-Pins
X-Version
X-Trace
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
Nginx-Cache
Fastly-Restarts
AR-CACHE
AR-ATIME
Ar-Sid
AR-PoweredBy
X-Cached
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
Content-MD5
X-Shard
X-Server-Name
X-Dw-Request-Base-Id
Accept-CH
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
MRF-Tech
AR-Request-ID
Pagespeed
X-Grace
Access-Control-Request-Method
Paypal-Debug-Id
X-MSEdge-Ref
Accept-Ch-Lifetime
X-Client-IP
SPRequestDuration
X-Goog-Storage-Class
SPIisLatency
X-DynaTrace-JS-Agent
S
X-Debug
X-Country-Code-Real
X-FTR-Expires
X-FTR-Realm
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
X-Id
Accept-Ch
X-Ezoic-Cdn
X-DataStream-MidMile-RTT
X-FastCGI-Cache
X-DataStream-Origin-MEX-Latency
X-Amz-Meta-S3cmd-Attrs
Front-End-Https
X-Fastly-Request-ID
X-N
X-B3-Traceid
X-Amzn-Trace-Id
X-T
X-Vcache
X-NF-Request-ID
Arr-Disable-Session-Affinity
X-DIS-Request-ID
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Proxy
X-Content-Type
MicrosoftSharePointTeamServices
X-XRDS-Location
X-Hits
X-B3-Sampled
X-FTR-Cache-Host
X-Frontend
X-Mobile-Rewrite
X-Acc-Meta-Resource-Type
Arc-Version
PB-PID
PB-RID
X-Ser
X-Varnish-Age
Fastcgi-Cache
X-Logged-In
X-Content-Digest
Server-Name
X-Correlation-Id
Alternate-Protocol
X-VCache
X-Cache-Key
X-Srv
X-Node-Name
Nel
X-Microsite
X-Request-Handler-Origin-Region
X-Pad
AMP-Access-Control-Allow-Source-Origin
FilterID
X-User-Agent
X-Rid
X-Forwarded-For
X-Type
TP-Cache
TP-L2-Cache
Powered
Healthy
X-LB-Cache
X-F-Cache
X-IPLB-Instance
X-Kinsta-Cache
X-Request-Processing-Time
X-Request-Received
Host
X-Zen-Fury
X-Amzn-RequestId
X-Cache-2
X-Amz-Apigw-Id
X-Revision
Edge-Cache-Tag
Powered-By-ChinaCache
X-Debug-Info
Accept-CH-Lifetime
X-AOL-HN
X-GUploader-UploadID
X-Via-JSL
X-Analytics
Backend-Timing
X-Cached-By
X-Cache-Age
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-HS-Hub-Id
X-HS-Content-Id
X-AppVersion
X-Hostname
X-Activity-Id
X-Az
X-XRDS-LOCATION
X-Accel-Expires
X-Cache-Rule
X-Esi
Surrogate-Key
X-Varnish-Backend
X-Content-Security-Policy-Report-Only
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Content-Options
X-Instance
X-BCube-Filmed-By
X-Amz-Replication-Status
X-PHP-Backend
X-Page-Id
X-Tumblr-User
Server-Node
X-Tumblr-Pixel-0
X-Varnish-Grace
X-Tumblr-Pixel
X-App-Environment
X-Akamai-Edgescape
X-Signature
X-Jobs
X-B-Cache
X-Request-Guid
X-Content-Powered-By
X-RateLimit-Limit
Cleartype
X-Forwarded-Host
Refresh
X-TT
Source
X-Cluster
X-FB-Debug
X-Framework
Cache-Status
X-FW-Static
X-FW-Type
X-FW-Server
X-FW-Serve
Liferay-Portal
X-FW-Hash
DC
X-Fastcgi-Cache
Tracecode
X-ATG-Version
Accept-Charset
X-Varnish-Hostname
Fastcgi-Useragent
Access-Control-Allow-Method
Host-Header
X-Time
X-APP-VERSION
X-Mobile
X-Cache-Operation
X-Cache-Action
X-Drupal-Cache-Tags
WPE-Backend
X-Edge-Location
X-Whom
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Cache-Control
X-B
X-Accel-Buffering
Payment
X-Hp-Webp
X-App-Server
X-Mobile-URL
X-Response-Served-From
X-WA-Info
NGB
X-Cache-Hit
X-Storage
Actual-Object-TTL
X-Git-Hash
Filters
X-TX-ID
X-Oracle-Dms-Rid
X-WebKit-CSP-Report-Only
X-Presslabs-Stats
X-Content-Age
Cache-Tv-Group
X-TT-TIMESTAMP
Cache-Tag
X-RequestSource
X-Handled-By
Upgrade-Insecure-Requests
Viewport
Retry-After
X-Cacheable-TTL
X-Yottaa-Optimizations
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-NWS-LOG-UUID
Eomportal-Instance
X-GeoIP
X-Yottaa-Metrics
X-UA-Device-Type
X-Status
X-Adobe-Loc
X-ProcessESI
X-RemovedCookies
X-Adobe-Content
X-SS-Set-Cookie
X-Cache-TTL
MS-CV
X-Geo-Country
X-FW-Dynamic
X-TA-CDN-Provider
X-VG-WebCache
Webserver
X-Seen-By
X-Cache-TTL-Remaining
X-Server-ID
Xserver
X-Host-Name
X-FB-TRIP-ID
X-Cache-Enabled
Datacenter
Ms-Operation-Id
X-RTag
X-B3-Spanid
Frame-Options
Cache
Server-Info
X-Hyper-Cache
X-Ratelimit-Limit
X-Contextid
From-Origin
X-Origin-Server
X-Generated-By
X-Mode
X-CF-Powered-By
SRV
Country
S-Cnection
GEO-INFO
X-Ratelimit-Reset
X-RN-RSRV
X-Cache-Var
X-ES-SERVER
Machine
X-Cache-Var-Map
Load-Balancing
X-Tumblr-Pixel-3
Meta-Geo
X-Path-Route
X-Cache-Config
X-Proxied
X-Cache-Grace
X-MP-GENERATED-AT
X-Upstream-HT
X-Zipkin-Id
Cache-Key
X-Upstream-CT
X-Drupal-Cache-Contexts
X-Routing-Service
X-Section
X-Access
Vix-Hermes-Req-Id
Rt-Fastcgi-Cache
X-Backend-Name
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
X-From
X-Hit
X-Varnish-Cache-Hits
X-Varnish-Server
X-TNCMS
X-Loop
X-Labrador-Cache-Channel
CACHE
X-Web-Node
X-AWS-Id
X-Akamai-Request-ID
X-VG-TLSProxy
X-Upgrade-Enabled
X-Trace-Id
ServedBy
X-Viewer-Country
Cache-Name
Mn-Server-Ip
Now
X-R9-Blue-Green-Version
X-Cache-Host
X-Timing-Wait
X-Origin-Response-Time
X-PCL
X-Region
X-Proxy-Build
X-OCL
X-Rule
X-EIG-Tracking-Id
X-Human
X-LJ-Flow-ID
X-Magnolia-Registration
Akamai-GRN
X-VWS-Id
X-Environment-Context
X-Site-Version
X-FC-Vary-Parameters
X-Generated
X-Endurance-Cache-Level
X-Device-Type
X-Via-Fastly
X-Cluster-Node
X-Debug-Cache
X-L-Path
DSUID
X-Proto
X-NCache
X-Locale
X-NewRelic-App-Data
Mail-Subject
X-Rendered-As
X-Www-Served-By
We-Hiring
X-Sorting-Hat-ShopId
Release
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-Guploader-Uploadid
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hosted-By
X-ShopId
X-JoinUs
DB-Nickname
X-Shopify-Stage
X-ShardId
X-RateLimit-Reset
X-CCM
OT-Force-Account-Verify
X-S
ProcessTime
X-Dc
Version
X-Xfnlog-Site
X-RCS-CacheZone
X-Time-Microsecs
X-Request-Time
X-Load-Cache
Uber-Trace-Id
X-IP
NtCoent-Length
X-VCT
X-Varnish-Hits
Time
X-Akamai-Request-ID2
X-FW-Version
TWC-Locale-Group
Azure-SiteName
Azure-RegionName
Azure-InstanceId
TWC-Privacy
Webcakes-Region
Azure-Version
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-Connection-Speed
Property-Id
S-Rt
Azure-SlotName
Webcakes-App-Name
Webcakes-App-Version
Cteonnt-Length
X-Origin-Hint
X-Wix-Request-Id
X-PressLabs-Stats
X-Origin
X-EdgeConnect-Cache-Status
X-Redis-Cache
X-No-Session
NGX
X-ProxyCache-Status
X-UUID
X-UA
X-ProxyCache-Key
X-Nginx-Cache
X-Via-CDN
X-BYPASS-REASON
X-GEO
X-CDN-Forward
X-Proxy
X-FireWall-Port
X-Platform-Server
X-ECACHE
X-MServer
X-PERF
X-ApacheServer
X-Hl-Ver
X-Cache-NE
X-Rocket-Nginx-Bypass
X-Vgn-Hpd-Reason
Origin
X-HTML-Minification-Powered-By
X-CS
X-Daa-Tunnel
Odigeo-Trace-Id
X-IPS-LoggedIn
X-Format
X-Cache-Server
X-Akamai-Transformed
Ec-Rule-Version
Accept-Language
X-Oneagent-Js-Injection
Access-Control-Request-Headers
LB
X-UnsetCookies
X-ServerID
Cache-Tags
X-Cache-Remote
X-Distributor
X-Tb
Fastly-SSL
X-Dynatrace-Js-Agent
X-Real-IP
X-Amzn-Remapped-Content-Length
X-Webkit-Csp
Selected-Fe
Hostname
L5d-Success-Class
X-Pubstack
X-NC
X-B3-Parentspanid
X-Microcachable
Proxy-Connection
X-Unique-ID
X-SERVER-NAME
X-Compress-Hint
Served-By
Fastly-SWR
X-Trv-Group
X-Developer
X-BACKEND-TTL
X-Cluster-Name
Fastcgi-X-Cache-Version
X-Transaction
Fastly-SIE
X-Vtex-Processado-Em
X-Twitter-Response-Tags
X-Varnish-Url
X-IN-APIGATEWAY
Cross-Origin-Window-Policy
GEO-REGION-INFO
X-VG-WebServer
Fly-Request-Id
X-Varnish-Cacheable
Fly-Cache
Content-Style-Type
X-External-Request-Id
X-PAYTM-SRV-ID
BehaviorPad-Version
A
Cache-Cookie-Set-From
X-D
AsisCache
AKAMAI
Arc-Country
X-DPWN-IS-SECURE
X-Edge-Server
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-Generated-On
X-CF-Lambda-Version
X-Vtex-Remote-Cache
X-Date
X-Connection-Hash
X-Destination
Content-Script-Type
Cache-Prefix
X-G
Cdn-Host
Cdn-Request-Time
X-Geo-Header
MD5-Digest
X-NU-AKA-ACS-Version
X-S-Maxage
X-S-Cookie
X-Rojux
Server-ID
X-ScT
X-A-Wwc
X-Aed
Rt-Proxy-Cache
X-Accel-Expires-Debug
Xc-Version
X-A-Dgt
X-Rebelmouse-Surrogate-Control
X-Region-Sid
X-A
Viewtype
VivaBuild
X-A-Ccd
X-A-Dam
X-Rewrite-Enabled
X-Request-UUID
X-A-Dcw
X-Org
REQUESTUUID
X-AIR-PT
Meta-Geo-Continent
X-Detected-As
Mobile-Detection-Method
Node
X-B-Cookie
X-Rebelmouse-Cache-Control
X-Cache-Bucket
X-Cdn-Srv
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-SRCache-Key
X-ARC
X-Worker
Rendered-Blocks
X-Level-Front-Cache
Request-Time
X-Server-Time
X-Is-Bot
Proxy-Firewall
X-Instart-Info
X-Application
X-Internal-Host
X-App-Name
X-CF-Lambda-Fn
X-ElasticPress-Search
Origin-Cache-Control
IBM-Web2-Location
Origin-Edge-Control
X-URL
X-Sn-Servicetimems
X-Cdn-Origin
X-Skip-Cache
Memcached
X-Backend-State
X-BBXSRF
HA-Ipaddr
Ha-Gx-Prefs
X-TrackingId
X-HS-Combine-CSS
X-Clientip
Gh-Request-Id
X-CGP
X-ServiceProvider
On-Server
X-Nginx-Cache-Key
Resin-Trace
UCS
Server-Int
Section-Io-Cache
X-Server-IP
X-Method
X-HS-Cache-Config
W
Request-Country
Request-EU
X-Location
X-NX-Host
X-Cache-Info
Content-Disposition
Apple-News-Services-Host
X-Debug-Cookies
Backend-Name
Apple-News-Services-Handled
X-Core-Mission
X-Developers
X-We-Are-Hiring
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Fastly-Cache
Esi-Enabled
X-C
X-Eu-Site
X-Debug-Log
Countrycode
X-Distil-CS
X-Cache-Category-Id
X-Grey
ServerName
Web-Mar-Node
X-Epic-Correlation-Id
X-Dispatch
X-Reqid
Wxu-Next-Commit
Who
X-Reboot
Kp-EeAlive
Wxu-Next-Hostname
Wxu-Next-Region
X-Device-Os
X-Request-URI
X-Release
X-Secret
X-FPC
X-PHP-Host
X-TH-Server
X-Gen-Mode
X-Cache-Id
X-Block-Status
X-Qloud-Router
X-Generation-Time
X-Hash
X-Variation
X-GeoIP-Country-Code
X-Thanos
X-Gannett-Site-Version
X-Bip
X-Wikidot-Static-Cache
X-Auto-Login
X-Hnp-Log
X-Irp-Debug
X-Key
X-Servername
X-Proxy-Upstream
X-SIPLIST1
X-Wikidot-Backend
X-Crawler
X-Webstats-RespID
X-Proxy-Cache-Status
RNT-Machine
RNT-Time
Country-Code
Server-Host
Fastly-Soc-X-Request-Id
Is-Eu
N-Cache
L
IsBot
CDCHOST
SS
True-Client-Country-4JS
Platform
X-Cache-Backend
Adler-Geo
User-Cache-Control
X-Urbn-Context-Path
X-Urbn-Site-Id
X-SERVER
Locale
X-Request-Start
X-Dispatcher-Server
X-Edge
X-Fetched-On
Thinkindot-CacheControl-Type
X-VC-Cache
X-Response-By
X-CUA
SD-X-WS
Thinkindot-CacheControl
X-Thinkindot-L3
X-SD-PageType
Thinkindot-Control
X-GeoIP-City
X-Pf-Uncompressing
X-Matched-Rule
X-Origin-Date
X-Origin-Expires
X-Owner
X-LI-UUID
X-LI-Proto
X-Nc
X-WADP-Cache
X-VServer
X-Li-Fabric
X-Li-Pop
X-Cms-Context
X-WebServer
V-Age
X-Azure-Ref-OriginShield
X-Cache-FS-Status
X-Amz-Meta-Cache-Control
X-CDN-Cache
X-Swa-Ws
X-Azure-Ref
GW-Server
Heartbleed
Powered-By
Pramga
X-Clara-WADP
PFcat
CF-IPCountry
X-OVcl-Cache
X-OVcl
X-FE
X-Varnish-Ttl
X-CLOUD-TRACE-CONTEXT
X-Hello
X-ABtesting
Magicmarker
X-Served-From
X-Flog
X-Via-NSCOPI
X-Processor
User-Agent
X-Powered-By-Defense
X-Via-Edge
X-Ratelimit-Remaining
X-Via-SSL
PageSpeed
X-LAGOON
X-Parent-Response-Time
Pagetype
X-Be
X-Backend-Url
Memory
X-Generated-In
X-User
X-Backend-Host
X-Varnish-Beresp-Ttl
Mime-Version
X-ND-Cache
X-Up
X-MSEdge-Features
X-Tt-Trace-Tag
X-GoCache-CacheStatus
X-Protected-By
X-MSEdge-Flight
X-Newrelic-Synthetics
X-Ua
X-Debug-Cache-Expiry
X-Page-Type
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Soup
X-Geo
X-Fstrz
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Ttl
X-COUNTRY
Pragrma
X-Cache-Ttl
X-Origin-TTL
Cache-Hits
X-ZONE
X-Backend-TTL
X-Origin-CC
X-Oss-Storage-Class
Geoip-Latitude
X-Check-Cacheable
Geoip-City
X-Oss-Server-Time
GeoIp-Country-Code
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Request-Id
X-Say-TTL
X-B3-SpanId
X-Akamai-SSL-Client-Sid
Dynatrace
X-SayCDN-TTL
X-Say-Cacheable
X-Zone
X-Core-Value
X-Phone
XServer
X-IN-WAF
X-Old-Content-Length
X-CSRF-TOKEN
X-Litespeed-Cache
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-DC
X-Cache-Time
X-TT-LOGID
X-Servedbyhost
X-Cdn-Forward
WZWS-RAY
Cdn
Fastly-Backend-Name
X-HS-Status
X-VCL-Version
X-Datadome
X-Aicache-OS
X-BC
X-Logtrace-Id
Inserted-Into-Cache-At
SN
Ajk
X-IN-APIGATEWAYSSL
X-Node-Id
X-MID
X-Mid
Amp-Access-Control-Allow-Source-Origin
X-Birta-Served
X-Ruxit-Js-Agent
X-Birta-Cache-Post
FSS-Cache
X-FORWARDED-FOR
X-UPSTREAM-Address
X-Vcl-Version
FSS-Proxy
X-EC-Lua
X-Amzn-Remapped-Date
X-RateLimit-Limit-Second
X-Wa
Selected-FE
X-Amzn-Remapped-Connection
X-Varnish-IP
X-Real-Ip
X-ServedByHost
X-Tec-Api-Version
X-Tb-Optimization-Total-Bytes-Saved
X-Tec-Api-Root
X-APP
X-Tec-Api-Origin
X-Info
X-RateLimit-Remaining-Second
X-Refresh
CF-Cached-On
Server-Surrogate-Control
HostName
HitType
X-Source
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-Varnish-Authentication
X-Proxy-Cacherz
Server-Cache-Control
Xkeyrz
X-Agile-Age
X-Agile
X-PJAX-URL
X-Agile-Id
MIME-Version
PICS-Label
RequestId
X-Cache-Debug
T-Server
Srv
X-CSRF-Token
X-Bc
X-GDPR
GeoIP-Country-Code
X-Render-Time
X-LiteSpeed-Cache-Control
X-App-Version
X-Nananana
Ohc-File-Size
GeoIP-Latitude
X-LB-ID
X-TIME
GeoIP-City
X-WR-MODIFICATION
X-ECache
X-Via-Ucdn
X-NWS-UUID-VERIFY
Ohc-Cache-HIT
WebServer
X-Web-Server
X-Policy
Cf-Ipcountry
X-Varnish-Beresp-TTL
SID
DataCenter
X-Unique-Id
X-Uri
X-CACHE-KEY
Is-Session-Tracking
Get-Access-Time
Xkeynj
X-Cache-Tag
X-SRV
URI
X-Micro-Cache
X-Fastly-Country-Code
X-BE
X-PAGE-TYPE
X-Request-Url
X-Sedo-Request-Id
X-Requestid
X-Service
CDN
Group
Cache-Provider
X-Cache-Miss-From
X-Fastly-Backend-Reqs
X-NGINX-Cache
X-GRACE
X-MCACHE
X-Lb-Id
X-Var-Ttl
HTTPS
Xet-Cookie
X-Apw-Access-Token
X-Swift-Error
X-Has-Esi
X-JWT-State
Pics-Label
X-Pjax-Url
Ohc-Response-Time
X-SN
Lb
X-Is-Gdpr
X-Edge-IP
Www
X-Apw-Access-Object
X-NGENIX-Cache
Backend
Cneonction
X-Apw-Hits
X-Vct
X-Apw-Access-Action
X-Dw-Trace-Id
Host-ID
X-WA
Correlation-Id
X-Cache-Expires
X-Instart-Isnd
X-Cf-Powered-By
X-Cdn-Request-ID
FNAC-ModuleRouting
Warning
X-Ecache
X-Newrelic-App-Data
X-Litespeed-Cache-Control
X-Serial
X-Fe
X-DSS
X-Fastly-Cache-Hits
X-Bug-Bounty
X-DB
X-Zalando-Child-Request-Id
Lfy
X-Flow-Id
X-Page-Impression-Id
X-Html-Edge-Cache
X-DI
X-DW
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-PF-Uncompressing
X-ServerName
X-Fpc
X-RPM
X-RPS
X-RSL
Requestid