Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
X-Drupal-Cache
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
P3p
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
X-Template
Status
X-Language
Timing-Allow-Origin
X-FRAME-OPTIONS
Content-Encoding
X-Content-Security-Policy
X-Iinfo
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Amz-Request-Id
X-Amz-Id-2
X-Pingback
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
X-Server-Powered-By
EagleId
X-Varnish-Cache
X-UA-Device
X-Nginx-Cache-Status
Request-Context
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
X-WebKit-CSP
X-Ua-Compatible
Ali-Swift-Global-Savetime
Feature-Policy
X-Device
Server-Timing
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Host
X-Ac
Report-To
X-Rq
X-Server-Id
Content-Location
X-Node
X-OneAgent-JS-Injection
X-Backend-Server
X-Request-ID
X-Cnection
X-Response-Time
X-Origin-Cache
EagleEye-TraceId
X-Cloud-Trace-Context
X-Application-Context
Allow
Request-Id
X-Readtime
Surrogate-Control
X-Cache-Lookup
X-Country
X-ORACLE-DMS-ECID
X-Url
X-DynaTrace
X-Cdn
X-Vhost
X-ORACLE-DMS-RID
X-Rack-Cache
X-Clacks-Overhead
Pinterest-Generated-By
X-Origin-Upstream-Status
NEL
X-Ruxit-JS-Agent
X-CST
X-TTL
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Rating
X-Country-Code
X-HW
X-Dns-Prefetch-Control
X-Goog-Hash
X-FTR-Request-ID
X-Instart-Request-ID
X-Dispatcher
X-DataStream-Cache-Status
Edge-Control
X-Px
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
X-PC
X-Vname
X-TtlSet
X-VARITI-CCR
Service-Worker-Allowed
X-Mod-Pagespeed
X-MS-InvokeApp
SPRequestGuid
Verso
X-B3-TraceId
X-ESI
X-Recruiting
X-DataDome
X-Exp-Id
X-Kinja
X-Use-Magma
X-Kinja-Server
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja-Revision
X-Exp-Variant
X-Kinja-Build
X-D2id
X-Varnish-TTL
X-Vcap-Request-Id
X-SharePointHealthScore
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
X-Server-Name
X-RateLimit-Remaining
X-Powered-By-Plesk
TCN
DynaTrace
X-Navigation-Version
X-GitHub-Request-Id
Display
X-Middleton-Display
X-Sol
Response
X-Middleton-Response
RTSS
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Accept-Ch-Lifetime
Content-MD5
Charset
X-Akam-SW-Version
AR-PoweredBy
AR-ATIME
AR-CACHE
Ar-Sid
MS-Author-Via
X-Amz-Rid
ServerID
X-Shield-Request-Id
AR-Request-ID
Realpath
X-Trace
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-Dw-Request-Base-Id
X-Goog-Stored-Content-Length
X-Powered-CMS
X-DynaTrace-JS-Agent
X-Cached
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Version
Nginx-Cache
X-Server-ID
X-Forwarded-Proto
X-Shard
SPRequestDuration
SPIisLatency
X-Upstream
X-Goog-Storage-Class
X-Upstream-Proxy
X-Pinterest-Rid
Pinterest-Version
Pagespeed
Public-Key-Pins
Accept-CH
Paypal-Debug-Id
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
MRF-Tech
X-Client-IP
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-MSEdge-Ref
Fastly-Restarts
Access-Control-Request-Method
S
X-VCache
X-Amz-Meta-S3cmd-Attrs
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Ezoic-Cdn
Accept-Ch
X-Debug
X-Id
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Expires
X-DIS-Request-ID
X-Fastly-Request-ID
X-T
X-FTR-Backend
X-N
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-Balancer
X-FTR-DC
MicrosoftSharePointTeamServices
X-XRDS-Location
X-Ser
Arc-Version
PB-PID
X-Mobile-Rewrite
PB-RID
Arr-Disable-Session-Affinity
Alternate-Protocol
X-Varnish-Age
X-NF-Request-ID
X-Hits
Fastcgi-Cache
X-Amzn-Trace-Id
X-B3-Sampled
Front-End-Https
X-Acc-Meta-Resource-Type
X-Content-Type
X-Frontend
X-Logged-In
X-Grace
Server-Name
X-Content-Digest
X-FTR-Cache-Host
X-Pad
X-Srv
Host
X-Forwarded-For
X-Fastcgi-Cache
X-Correlation-Id
Nel
X-FastCGI-Cache
X-Request-Handler-Origin-Region
X-Node-Name
X-Microsite
FilterID
AMP-Access-Control-Allow-Source-Origin
Powered-By-ChinaCache
TP-L2-Cache
TP-Cache
Healthy
X-Debug-Info
X-Rid
X-LB-Cache
X-Kinsta-Cache
X-Type
Edge-Cache-Tag
X-IPLB-Instance
X-AOL-HN
X-Request-Received
X-Request-Processing-Time
X-User-Agent
X-Cached-By
X-Vcache
X-Cache-2
X-HS-Hub-Id
X-HS-Content-Id
X-Hostname
X-GUploader-UploadID
X-Revision
X-Cache-Rule
X-F-Cache
Powered
Surrogate-Key
X-XRDS-LOCATION
X-RateLimit-Limit
X-Accel-Expires
X-Zen-Fury
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Cache-Age
X-Analytics
Backend-Timing
X-Page-Id
VIX-Pulpo-Node
X-Content-Security-Policy-Report-Only
VIX-Pulpo-Upstream-Status
X-Content-Options
X-BCube-Filmed-By
X-Varnish-Backend
X-Cache-Key
X-Jobs
X-FB-Debug
X-Varnish-Grace
X-PHP-Backend
X-Amz-Replication-Status
Cache-Status
Source
X-Content-Powered-By
X-Cluster
X-App-Environment
X-Instance
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-TT
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Akamai-Edgescape
Cleartype
X-Az
X-AppVersion
X-Activity-Id
X-Framework
X-Request-Guid
Tracecode
WPE-Backend
X-Varnish-Hostname
Server-Node
X-Via-JSL
Refresh
X-Forwarded-Host
X-Cache-TTL
Host-Header
X-Mobile
X-NWS-LOG-UUID
X-Cache-Control
X-ATG-Version
X-Cache-Operation
X-FW-Type
X-Signature
X-FW-Server
X-FW-Hash
X-FW-Serve
X-FW-Static
X-B-Cache
Accept-Charset
Actual-Object-TTL
X-Time
X-Drupal-Cache-Tags
X-Cache-Action
X-Edge-Location
DC
X-B3-Traceid
Liferay-Portal
Access-Control-Allow-Method
Upgrade-Insecure-Requests
X-Cache-Hit
X-App-Server
X-Whom
X-Accel-Buffering
X-TA-CDN-Provider
X-Response-Served-From
X-Storage
X-Mobile-URL
X-TX-ID
X-Hp-Webp
X-Content-Age
X-WebKit-CSP-Report-Only
X-UA-Device-Type
Payment
X-TT-TIMESTAMP
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Handled-By
X-GeoIP
X-Cacheable-TTL
Cache
Filters
X-SS-Set-Cookie
X-RequestSource
X-VG-WebCache
Eomportal-Instance
Server-Info
X-Adobe-Loc
X-Adobe-Content
X-B
X-Ratelimit-Reset
Cache-Tv-Group
X-Geo-Country
Xserver
Viewport
X-ProcessESI
X-RemovedCookies
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Git-Hash
Fastcgi-Useragent
X-WA-Info
X-FB-TRIP-ID
Cache-Tag
X-Cache-TTL-Remaining
Webserver
Datacenter
X-Status
X-Cache-Enabled
Retry-After
X-Erf-Bev-Bev
NGB
X-Erf-Bev-Bev-Is-Generated
X-Contextid
S-Cnection
X-FW-Dynamic
X-CF-Powered-By
X-Ratelimit-Limit
X-Seen-By
X-Presslabs-Stats
X-Oneagent-Js-Injection
X-Origin-Server
X-Guploader-Uploadid
X-APP-VERSION
X-Host-Name
X-Mode
X-Magnolia-Registration
Accept-CH-Lifetime
X-Rendered-As
Country
X-Varnish-Hits
X-PressLabs-Stats
X-Daa-Tunnel
X-VWS-Id
X-Cache-Config
X-VCT
X-Cache-Var
X-Cache-Var-Map
X-Path-Route
X-LJ-Flow-ID
X-ES-SERVER
MS-CV
X-AWS-Id
X-RN-RSRV
Meta-Geo
Machine
Load-Balancing
GEO-INFO
Mail-Subject
X-Human
X-Labrador-Cache-Channel
X-Routing-Service
X-Proxied
X-Cache-Host
From-Origin
Vix-Hermes-Req-Id
X-Upstream-CT
Release
Cache-Key
DSUID
X-Cache-Grace
We-Hiring
X-Upstream-HT
X-Real-IP
X-Zipkin-Id
Uber-Trace-Id
X-RCS-CacheZone
X-Access
X-Hit
X-Varnish-Cache-Hits
ServedBy
X-Hyper-Cache
X-Cache-NE
X-Varnish-Server
X-Section
X-Viewer-Country
Mn-Server-Ip
X-Backend-Name
X-Web-Node
X-Device-Type
X-EIG-Tracking-Id
X-PCL
X-OCL
X-Debug-Cache
X-From
X-Tumblr-Pixel-3
X-TNCMS
X-ProxyCache-Status
X-BYPASS-REASON
X-Upgrade-Enabled
X-Origin-Response-Time
X-MP-GENERATED-AT
X-Rule
X-ProxyCache-Key
X-CCM
X-Akamai-Request-ID
X-R9-Blue-Green-Version
X-Loop
Now
X-Cluster-Node
Frame-Options
X-Esi
NGX
X-Shopify-Stage
X-Timing-Wait
X-VG-TLSProxy
X-ShopId
Akamai-GRN
X-Sorting-Hat-PodId
X-JoinUs
X-S
X-ShardId
X-L-Path
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Alternate-Cache-Key
X-Environment-Context
X-Proxy-Build
X-Redis-Cache
X-Xfnlog-Site
X-Proto
X-Sorting-Hat-ShopId
Rt-Fastcgi-Cache
OT-Force-Account-Verify
X-Region
X-Generated
X-Hosted-By
Decoy-Debug-Status
Decoy-Debug-TTL
X-FC-Vary-Parameters
Decoy-Debug-Key
X-Cache-Remote
X-Generated-By
X-NCache
X-Platform-Server
Cache-Name
X-UUID
X-Via-Fastly
Ms-Operation-Id
X-RTag
X-Endurance-Cache-Level
X-Trace-Id
X-Www-Served-By
DB-Nickname
X-Nginx-Cache
X-Site-Version
X-ECACHE
X-MServer
X-Drupal-Cache-Contexts
X-Hl-Ver
X-NewRelic-App-Data
X-Locale
X-GRACE
Cteonnt-Length
X-Vgn-Hpd-Reason
X-Rocket-Nginx-Bypass
X-ServerID
X-EdgeConnect-Cache-Status
X-Load-Cache
ProcessTime
X-Ttl
X-Dc
X-Request-Time
X-Wix-Request-Id
X-IP
X-Time-Microsecs
X-IPS-LoggedIn
L5d-Success-Class
Time
X-Litespeed-Cache
X-Via-CDN
X-Origin
S-Rt
Version
X-Cache-Backend
Webcakes-Region
TWC-Locale-Group
X-Origin-Hint
TWC-Device-Class
Webcakes-App-Version
TWC-Privacy
Webcakes-App-Name
TWC-GeoIP-Country
TWC-Connection-Speed
Property-Id
TWC-GeoIP-LatLong
Origin
X-Microcachable
NtCoent-Length
Azure-RegionName
X-Unique-ID
Azure-InstanceId
Azure-SlotName
Azure-SiteName
Azure-Version
X-FW-Version
X-Pubstack
X-Distributor
X-Proxy
Origin-Cache-Control
Origin-Edge-Control
Served-By
Fastcgi-X-Cache-Version
X-No-Session
X-B3-Spanid
X-FireWall-Port
X-GEO
X-Datadome
CACHE
X-Cache-Server
X-Grey
X-Cache-Category-Id
Fastly-SSL
X-Via-NSCOPI
X-RateLimit-Reset
Access-Control-Request-Headers
X-Is-Bot
X-BACKEND-TTL
X-Detected-As
X-UA
X-Nc
X-ApacheServer
SRV
X-PERF
Hostname
X-Ua
X-HTML-Minification-Powered-By
Odigeo-Trace-Id
X-Format
X-Webkit-Csp
Cache-Tags
X-CS
X-Edge
X-Powered-By-Defense
IBM-Web2-Location
X-Akamai-Transformed
Proxy-Connection
X-Cdn-Forward
X-Varnish-Cacheable
Xc-Version
Request-Time
Request-Country
Request-EU
X-Developer
X-ND-Cache
Cdn-Request-Time
X-PAYTM-SRV-ID
X-Processor
Server-ID
Cache-Cookie-Set-From
X-Destination
Rt-Proxy-Cache
X-NU-AKA-ACS-Version
AsisCache
X-NX-Host
X-Org
BehaviorPad-Version
Rendered-Blocks
Mobile-Detection-Method
X-Eu-Site
X-External-Request-Id
Ec-Rule-Version
X-Edge-Server
X-DPWN-IS-SECURE
GEO-REGION-INFO
X-G
A
Fastly-SWR
Fly-Cache
Fly-Request-Id
Ha-Gx-Prefs
HA-Ipaddr
Meta-Geo-Continent
X-Vtex-Processado-Em
Node
Arc-Country
MD5-Digest
X-Instart-Info
X-HS-Cache-Config
X-HS-Combine-CSS
Cross-Origin-Window-Policy
X-IN-APIGATEWAY
Proxy-Firewall
X-Region-Sid
X-SRCache-Key
X-AIR-PT
X-CGP
X-App-Name
X-Application
Cache-Prefix
X-Cluster-Name
X-A-Wwc
X-Accel-Expires-Debug
X-Aed
X-Connection-Hash
X-ARC
X-CF-Lambda-Version
X-VG-WebServer
X-Cache-Bucket
Content-Script-Type
X-Vtex-Remote-Cache
Cdn-Host
X-Twitter-Response-Tags
X-Trv-Group
X-B-Cookie
X-CF-Lambda-Fn
Content-Style-Type
X-Transaction
X-A-Dgt
X-Server-Time
X-D
X-Date
Cache-Cookie-Set-Idcheck
Viewtype
X-Request-UUID
X-Worker
X-Debug-Cookies
X-Rebelmouse-Surrogate-Control
ServerName
X-Debug-Log
Fastly-SIE
VivaBuild
X-Rewrite-Enabled
X-Rebelmouse-Cache-Control
Cache-Cookie-Set-Lfrom
X-A
X-A-Dam
X-ScT
X-S-Maxage
X-A-Dcw
X-Rojux
X-S-Cookie
X-A-Ccd
Backend-Name
Country-Code
Countrycode
Server-Host
X-Core-Mission
True-Client-Country-4JS
Server-Int
X-Clientip
X-Cdn-Srv
X-Cache-Info
X-Cdn-Origin
RNT-Time
RNT-Machine
X-Dispatcher-Server
X-Epic-Correlation-Id
Is-Eu
Mime-Version
Resin-Trace
Platform
X-Fastly-Cache
Apple-News-Services-Request-Url
X-C
X-Variation
X-Reqid
X-Hash
X-GeoIP-Country-Code
X-Internal-Host
X-ServiceProvider
X-Irp-Debug
X-Key
X-We-Are-Hiring
X-PHP-Host
PageSpeed
X-Qloud-Router
X-Server-IP
X-Level-Front-Cache
X-B3-Parentspanid
X-Geo-Header
X-Request-URI
X-Cache-Id
Adler-Geo
X-Sn-Servicetimems
Apple-News-Services-Host
X-Tb
X-Generated-On
X-UnsetCookies
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
X-Akamai-Request-ID2
X-Compress-Hint
X-B3-SpanId
X-ElasticPress-Search
SS
X-WebServer
X-Protected-By
X-SVT-ORM-VERSION
Section-Io-Cache
X-Served-From
X-SVT-ORM-RULES
Wxu-Next-Commit
Content-Disposition
V-Age
X-Amz-Meta-Cache-Control
Who
Web-Mar-Node
User-Cache-Control
X-Crawler
Wxu-Next-Region
Wxu-Next-Hostname
X-Request-Start
UCS
X-Wikidot-Static-Cache
PFcat
Gh-Request-Id
X-Wikidot-Backend
X-Hnp-Log
X-Distil-CS
IsBot
X-Dispatch
X-Fetched-On
X-Fstrz
X-Webstats-RespID
CDCHOST
X-Gen-Mode
AKAMAI
Esi-Enabled
X-Device-Os
X-Block-Status
X-TH-Server
X-Backend-State
X-Method
REQUESTUUID
X-Nginx-Cache-Key
X-BBXSRF
X-SIPLIST1
X-Developers
Memcached
On-Server
X-Skip-Cache
Pramga
X-Swa-Ws
X-Thanos
X-Via-SSL
X-CDN-Cache
X-Via-Edge
X-Thinkindot-L3
X-Origin-Expires
X-Li-Fabric
X-Li-Pop
X-LI-Proto
Powered-By
Pragrma
X-Gannett-Site-Version
X-Generation-Time
X-GeoIP-City
X-LI-UUID
X-Location
X-Response-By
X-SD-PageType
X-Secret
X-Release
X-Reboot
X-Matched-Rule
X-Origin-Date
X-Owner
X-Servername
X-Cms-Context
Thinkindot-CacheControl-Type
Fastly-Soc-X-Request-Id
Thinkindot-CacheControl
SD-X-WS
GW-Server
Heartbleed
X-Cache-FS-Status
Thinkindot-Control
X-Auto-Login
X-Parent-Response-Time
X-Bip
X-CDN-Forward
X-OVcl-Cache
X-Planisys-CDN-Rules
X-VC-Cache
X-Planisys-CDN-Cache
X-OVcl
X-Planisys-CDN-TTL
LB
X-VServer
X-NC
X-Be
X-Varnish-Ttl
X-FPC
X-Azure-Ref-OriginShield
X-Azure-Ref
X-Phone
X-CLOUD-TRACE-CONTEXT
X-IN-WAF
X-Birta-Cache-Post
X-Birta-Served
X-CUA
X-Core-Value
W
X-App-Version
X-Origin-TTL
X-Origin-CC
X-Varnish-IP
Accept-Language
X-Ratelimit-Remaining
X-Varnish-Url
X-WADP-Cache
X-Clara-WADP
HitType
CF-IPCountry
X-CACHE-KEY
Selected-FE
X-LAGOON
L
X-Geo
Memory
X-Info
X-Ruxit-Js-Agent
X-Page-Type
N-Cache
X-Proxy-Cache-Status
X-Proxy-Upstream
X-Varnish-Beresp-Ttl
Kp-EeAlive
X-FE
X-TrackingId
X-URL
X-Amzn-Remapped-Content-Length
Cdn
X-Source
User-Agent
X-Zone
X-Dynatrace-Js-Agent
X-DC
Selected-Fe
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Web-Server
Locale
Magicmarker
X-Pf-Uncompressing
X-Oracle-Dms-Rid
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Agile-Age
X-Cache-Debug
X-Agile-Id
X-Agile
X-Refresh
X-Flog
X-Hello
X-TT-LOGID
X-ABtesting
X-HS-Status
X-Servedbyhost
Pagetype
X-Newrelic-Synthetics
X-Backend-TTL
Amp-Access-Control-Allow-Source-Origin
GeoIp-Country-Code
X-User
Geoip-City
X-Generated-In
Geoip-Latitude
X-MID
X-Mid
X-Backend-Url
X-Aicache-OS
X-Real-Ip
X-Backend-Host
X-Check-Cacheable
X-Vcl-Version
X-NWS-UUID-VERIFY
CF-Cached-On
X-Tt-Trace-Tag
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-MSEdge-Features
X-Debug-Cache-Store
X-Soup
SN
X-MSEdge-Flight
X-Up
Ohc-File-Size
Ohc-Cache-HIT
X-ZONE
FSS-Cache
FSS-Proxy
X-Tb-Optimization-Total-Bytes-Saved
X-VCL-Version
X-APP
X-GoCache-CacheStatus
Group
X-Oss-Request-Id
X-ServedByHost
Srv
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
HTTPS
X-Oss-Object-Type
X-UPSTREAM-Address
GeoIP-Country-Code
WZWS-RAY
X-EC-Lua
X-Cache-ASPX
Backend
HostName
GeoIP-City
RequestId
X-Contensis-Viewer-Groups
Server-Cache-Control
Server-Surrogate-Control
X-SN
Cf-Ipcountry
Www
GeoIP-Latitude
X-Varnish-Authentication
X-SERVER-NAME
X-Bc
Lb
X-COUNTRY
X-SayCDN-TTL
X-BC
X-Say-TTL
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-Via-Ucdn
X-Instart-Isnd
X-Say-Cacheable
X-Old-Content-Length
X-CSRF-Token
X-Varnish-Beresp-TTL
X-NGENIX-Cache
X-Cache-Expires
X-Akamai-SSL-Client-Sid
Host-ID
X-Nananana
Xkeyrz
X-Proxy-Cacherz
X-ECache
X-Cache-Ttl
XServer
WebServer
X-Dynatrace
Cache-Hits
Inserted-Into-Cache-At
Fastly-Backend-Name
URI
X-Ftr-Request-Id
X-Varnish-Action
Requestid
Epwk-Cache
X-Request-Url
X-PF-Uncompressing
X-Cache-Tag
X-Node-Id
Is-Session-Tracking
X-Fastly-Backend-Reqs
Fastcgi-X-Cache
Ajk
X-IN-APIGATEWAYSSL
X-Unique-Id
X-Logtrace-Id
X-FORWARDED-FOR
X-TIME
Xkeynj
Get-Access-Time
X-WR-MODIFICATION
X-CSRF-TOKEN
X-Fastly-Country-Code
X-PAGE-TYPE
X-AssetVersion
X-MCACHE
X-Edge-IP
X-Sedo-Request-Id
X-Cache-Time
X-Cache-Miss-From
X-Requestid
Dynatrace
X-LiteSpeed-Cache-Control
X-Wa
X-Var-Ttl
Cneonction
X-Sf
X-Pjax-Url
Pics-Label
X-RateLimit-Remaining-Second
X-Svr
X-RateLimit-Limit-Second
FNAC-ModuleRouting
X-Ftr-Backend
Xet-Cookie
X-Ftr-Realm
X-SRV
DataCenter
X-Ftr-Dc
X-Ftr-Cache-Host
X-Ftr-Backend-Server
X-Ftr-Balancer
X-Swift-Error
X-BE
CDN
X-Fastly-Cache-Hits
X-Lb-Id
X-Fpc
Correlation-Id
Cache-Provider
X-NGINX-Cache
X-Dw-Trace-Id
X-Correlation-ID
X-Apw-Hits
T-Server
X-WA
X-Apw-Access-Object
X-Apw-Access-Action
X-Apw-Access-Token
X-RPS
X-RSL
X-GDPR
X-LB-ID
PICS-Label
X-RPM
X-ServerName
X-PJAX-URL
X-Policy
Lfy
Warning
X-Bug-Bounty
Ohc-Response-Time
X-LiteSpeed-Tag
RequestUuid
Sid
X-WPE-Loopback-Upstream-Addr
X-Html-Edge-Cache
X-App
X-Akamai-ERPolicy
X-DB
X-DI
X-DSS
X-Zalando-Child-Request-Id
X-Page-Impression-Id
X-Akamai-ERRuleID
X-Alicdn-Da-Ups-Status
X-Flow-Id
X-DW