Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
CF-Cache-Status
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Alt-Svc
X-Adblock-Key
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-CDN
X-Via
X-Turbo-Charged-By
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Age
X-Server
X-Backend
X-Pingback
X-Amz-Request-Id
X-Amz-Id-2
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
EagleId
Grace
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
X-Request-ID
Cf-Railgun
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Amz-Version-Id
X-Server-Id
Ali-Swift-Global-Savetime
X-Ua-Compatible
X-WebKit-CSP
Server-Timing
Feature-Policy
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Host
X-Rq
Report-To
X-Ac
X-Node
Content-Location
X-OneAgent-JS-Injection
X-Cnection
X-Response-Time
X-Backend-Server
X-Cloud-Trace-Context
X-Origin-Cache
X-Application-Context
X-Readtime
Request-Id
Allow
Surrogate-Control
EagleEye-TraceId
X-ORACLE-DMS-ECID
X-Country
X-Vhost
X-DynaTrace
X-TTL
X-Cache-Lookup
X-Origin-Upstream-Status
X-Rack-Cache
X-Url
X-Clacks-Overhead
NEL
X-FTR-Request-ID
Rating
Pinterest-Generated-By
X-Country-Code
X-EdgeConnect-Origin-MEX-Latency
X-Dispatcher
X-EdgeConnect-MidMile-RTT
X-Ruxit-JS-Agent
X-CST
X-ORACLE-DMS-RID
X-HW
X-Instart-Request-ID
X-Goog-Hash
Fusion-Source
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Template-Id
X-Cdn
X-DataStream-Cache-Status
X-PC
X-TtlSet
X-Vname
Edge-Control
X-VARITI-CCR
X-Px
X-DataDome
Service-Worker-Allowed
Verso
X-MS-InvokeApp
X-Mod-Pagespeed
RTSS
X-Recruiting
X-Use-Magma
X-GoogleNews-Bot
X-Kinja
X-Exp-Id
X-Kinja-Server
X-Exp-Variant
X-Cdn-Fetch
X-Kinja-Build
X-Kinja-Revision
X-Varnish-TTL
X-D2id
X-Dns-Prefetch-Control
SPRequestGuid
X-Vcap-Request-Id
X-Abt-Application-Version
X-ESI
TCN
X-Amz-Server-Side-Encryption
X-GitHub-Request-Id
X-SharePointHealthScore
X-Navigation-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Akam-SW-Version
X-Powered-By-Plesk
Response
Display
X-Middleton-Display
X-Sol
X-Middleton-Response
X-B3-TraceId
MS-Author-Via
X-RateLimit-Remaining
DynaTrace
X-Forwarded-Proto
Realpath
Charset
X-Version
X-Upstream
X-Powered-CMS
Public-Key-Pins
X-Amz-Rid
X-Server-Name
X-Shield-Request-Id
Fastly-Restarts
Nginx-Cache
X-Cached
X-Trace
ServerID
AR-ATIME
AR-PoweredBy
Ar-Sid
AR-CACHE
X-Shard
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-Dw-Request-Base-Id
X-Grace
Content-MD5
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
Accept-CH
AR-Request-ID
Paypal-Debug-Id
Access-Control-Request-Method
X-MSEdge-Ref
Pagespeed
SPRequestDuration
SPIisLatency
X-Client-IP
X-Goog-Storage-Class
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Cache-Status
X-Country-Code-Real
S
X-FTR-DC
X-Debug
X-FTR-Balancer
X-FTR-Expires
X-FTR-Realm
X-DynaTrace-JS-Agent
X-Id
Accept-Ch-Lifetime
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Ezoic-Cdn
Accept-Ch
Front-End-Https
X-Amz-Meta-S3cmd-Attrs
X-Fastly-Request-ID
X-T
X-Amzn-Trace-Id
X-N
X-NF-Request-ID
Arr-Disable-Session-Affinity
MicrosoftSharePointTeamServices
X-VCache
X-DIS-Request-ID
X-Content-Type
X-FastCGI-Cache
X-Hits
Pinterest-Version
X-Pinterest-Rid
X-B3-Sampled
X-Upstream-Proxy
X-FTR-Cache-Host
X-B3-Traceid
X-XRDS-Location
X-Acc-Meta-Resource-Type
X-Frontend
Fastcgi-Cache
PB-RID
Arc-Version
PB-PID
X-Mobile-Rewrite
X-Content-Digest
X-Varnish-Age
X-Logged-In
Server-Name
X-Ser
X-Correlation-Id
X-Vcache
X-Srv
Alternate-Protocol
X-Node-Name
X-Cache-Key
Nel
X-Forwarded-For
X-Microsite
Accept-CH-Lifetime
X-Request-Handler-Origin-Region
AMP-Access-Control-Allow-Source-Origin
X-Pad
FilterID
Powered
X-User-Agent
X-Rid
X-Type
TP-L2-Cache
TP-Cache
Healthy
X-LB-Cache
X-IPLB-Instance
X-Cache-2
X-Request-Received
X-Request-Processing-Time
X-F-Cache
X-Zen-Fury
X-Kinsta-Cache
Host
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Revision
X-XRDS-LOCATION
Edge-Cache-Tag
X-Via-JSL
X-AOL-HN
X-Debug-Info
Powered-By-ChinaCache
Backend-Timing
X-Analytics
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Activity-Id
X-GUploader-UploadID
X-Cache-Age
X-AppVersion
X-Az
X-HS-Content-Id
X-HS-Hub-Id
X-Cached-By
X-Hostname
X-Accel-Expires
X-Cache-Rule
Surrogate-Key
X-Fastcgi-Cache
Cache-Status
X-Content-Options
X-Varnish-Backend
VIX-Pulpo-Upstream-Status
X-Instance
Server-Node
VIX-Pulpo-Node
X-Content-Security-Policy-Report-Only
X-Page-Id
X-Tumblr-Pixel-0
X-Tumblr-User
X-Varnish-Grace
X-PHP-Backend
X-Tumblr-Pixel
X-BCube-Filmed-By
X-App-Environment
X-Amz-Replication-Status
X-Akamai-Edgescape
X-Content-Powered-By
X-Jobs
X-Request-Guid
X-Cluster
Cleartype
X-Signature
X-Forwarded-Host
X-B-Cache
X-TT
Source
X-FB-Debug
Refresh
X-Framework
X-FW-Type
X-FW-Static
X-FW-Serve
X-FW-Hash
X-FW-Server
Liferay-Portal
DC
X-RateLimit-Limit
X-Time
Accept-Charset
Tracecode
Fastcgi-Useragent
X-ATG-Version
X-Varnish-Hostname
Access-Control-Allow-Method
Host-Header
X-Mobile
X-Cache-Action
X-Whom
X-Cache-Operation
X-Presslabs-Stats
X-Drupal-Cache-Tags
X-Esi
WPE-Backend
X-Cache-Control
X-B
X-Edge-Location
X-APP-VERSION
X-App-Server
X-Mobile-URL
X-Hp-Webp
X-Cache-TTL
X-Erf-Bev-Bev
NGB
X-WA-Info
Payment
X-Response-Served-From
X-Erf-Bev-Bev-Is-Generated
X-Accel-Buffering
Retry-After
X-Git-Hash
Actual-Object-TTL
Filters
X-Content-Age
X-WebKit-CSP-Report-Only
X-Handled-By
Cache-Tag
X-Storage
Cache-Tv-Group
X-Cache-Hit
X-NWS-LOG-UUID
X-TT-TIMESTAMP
X-RequestSource
X-Cacheable-TTL
X-TX-ID
Viewport
Upgrade-Insecure-Requests
X-GeoIP
X-Tumblr-Pixel-1
Eomportal-Instance
X-Tumblr-Pixel-2
X-ProcessESI
X-Adobe-Loc
X-Adobe-Content
X-RemovedCookies
X-UA-Device-Type
X-Status
X-Yottaa-Metrics
MS-CV
X-Yottaa-Optimizations
X-FW-Dynamic
X-SS-Set-Cookie
X-Geo-Country
X-VG-WebCache
Webserver
Xserver
X-Ratelimit-Limit
X-Seen-By
X-Server-ID
X-Cache-TTL-Remaining
Ms-Operation-Id
X-Host-Name
X-RTag
X-TA-CDN-Provider
X-FB-TRIP-ID
Datacenter
Frame-Options
X-Cache-Enabled
From-Origin
X-Oracle-Dms-Rid
X-Hyper-Cache
X-Origin-Server
X-B3-Spanid
X-Contextid
X-Mode
X-Generated-By
Server-Info
CACHE
Country
GEO-INFO
Cache
SRV
X-CF-Powered-By
X-Cache-Var
X-RateLimit-Reset
X-Path-Route
X-RN-RSRV
X-Drupal-Cache-Contexts
Load-Balancing
X-Cache-Var-Map
Meta-Geo
X-Tumblr-Pixel-3
X-ES-SERVER
S-Cnection
Machine
X-Upstream-HT
X-MP-GENERATED-AT
X-Cache-Config
X-Access
X-Proxied
X-Zipkin-Id
X-Upstream-CT
X-Routing-Service
X-Section
X-TNCMS
X-From
Vix-Hermes-Req-Id
X-R9-Blue-Green-Version
X-Varnish-Server
X-Human
X-Backend-Name
X-Hit
X-Varnish-Cache-Hits
Mn-Server-Ip
Rt-Fastcgi-Cache
X-Loop
Decoy-Debug-Key
Decoy-Debug-TTL
Cache-Name
Decoy-Debug-Status
X-Labrador-Cache-Channel
X-LJ-Flow-ID
X-Origin-Response-Time
X-EIG-Tracking-Id
X-Proxy-Build
X-Rule
X-Akamai-Request-ID
X-VWS-Id
X-Web-Node
X-Cluster-Node
X-Timing-Wait
X-Upgrade-Enabled
X-VG-TLSProxy
X-AWS-Id
Now
X-Viewer-Country
X-Via-Fastly
Akamai-GRN
DSUID
X-Cache-Grace
X-Www-Served-By
X-Generated
X-Debug-Cache
Cache-Key
X-Device-Type
X-FC-Vary-Parameters
Release
X-NCache
X-OCL
X-Region
X-Proto
X-PCL
X-Trace-Id
X-Site-Version
X-Locale
X-Cache-Host
Mail-Subject
X-Guploader-Uploadid
ServedBy
X-L-Path
OT-Force-Account-Verify
DB-Nickname
X-Hosted-By
We-Hiring
X-JoinUs
X-Environment-Context
X-Magnolia-Registration
X-Rendered-As
X-Goog-Meta-Goog-Reserved-File-Mtime
X-ShopId
X-Ratelimit-Reset
ProcessTime
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShardId
X-Alternate-Cache-Key
X-Endurance-Cache-Level
X-Xfnlog-Site
X-IP
X-Request-Time
X-CCM
X-S
X-Akamai-Request-ID2
X-NewRelic-App-Data
X-Time-Microsecs
Time
X-Dc
Version
X-Load-Cache
Azure-SlotName
Property-Id
Azure-Version
Azure-SiteName
Azure-InstanceId
X-VCT
Uber-Trace-Id
X-RCS-CacheZone
S-Rt
Azure-RegionName
TWC-Device-Class
Webcakes-Region
X-FW-Version
X-Origin-Hint
X-Wix-Request-Id
Webcakes-App-Name
TWC-Privacy
NtCoent-Length
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Connection-Speed
Webcakes-App-Version
X-Origin
X-Varnish-Hits
Cteonnt-Length
X-No-Session
X-EdgeConnect-Cache-Status
X-Nginx-Cache
X-Via-CDN
X-Proxy
X-ProxyCache-Status
X-Redis-Cache
X-BYPASS-REASON
X-ProxyCache-Key
X-FireWall-Port
X-UUID
X-GEO
NGX
X-Platform-Server
X-UA
X-Daa-Tunnel
X-Vgn-Hpd-Reason
X-PressLabs-Stats
X-Akamai-Transformed
X-HTML-Minification-Powered-By
X-Format
X-CS
X-CDN-Forward
X-MServer
X-ApacheServer
X-ECACHE
X-PERF
Odigeo-Trace-Id
X-Hl-Ver
X-Cache-Server
Accept-Language
X-Rocket-Nginx-Bypass
X-Cache-Remote
X-Cache-NE
Ec-Rule-Version
X-IPS-LoggedIn
X-UnsetCookies
Access-Control-Request-Headers
Origin
X-Oneagent-Js-Injection
Cache-Tags
X-Tb
X-ServerID
X-Distributor
Selected-Fe
LB
X-Real-IP
X-Amzn-Remapped-Content-Length
X-Dynatrace-Js-Agent
Fastly-SSL
X-Webkit-Csp
Proxy-Connection
L5d-Success-Class
X-Microcachable
X-Compress-Hint
X-B3-Parentspanid
X-Unique-ID
X-Date
X-G
A
X-Destination
X-Instart-Info
X-A
Viewtype
AKAMAI
X-Internal-Host
Arc-Country
X-Detected-As
X-External-Request-Id
X-Generated-On
X-A-Ccd
Server-ID
X-Edge-Server
Rt-Proxy-Cache
X-Developer
X-DPWN-IS-SECURE
VivaBuild
X-Geo-Header
X-A-Dam
X-Application
MD5-Digest
X-App-Name
X-ARC
X-B-Cookie
X-Cdn-Srv
X-Cache-Bucket
REQUESTUUID
Meta-Geo-Continent
Mobile-Detection-Method
Request-Time
X-A-Wwc
X-A-Dgt
X-Accel-Expires-Debug
X-Aed
X-AIR-PT
X-A-Dcw
Node
X-CF-Lambda-Fn
X-CF-Lambda-Version
Cache-Prefix
X-D
X-Connection-Hash
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
BehaviorPad-Version
Rendered-Blocks
Cache-Cookie-Set-From
Cdn-Host
Cdn-Request-Time
Fly-Cache
Fly-Request-Id
GEO-REGION-INFO
X-Cluster-Name
Fastcgi-X-Cache-Version
Content-Script-Type
Content-Style-Type
Cross-Origin-Window-Policy
AsisCache
X-IN-APIGATEWAY
Hostname
X-S-Cookie
X-S-Maxage
X-SRCache-Key
X-SVT-ORM-RULES
X-NU-AKA-ACS-Version
X-SVT-ORM-VERSION
X-Region-Sid
Xc-Version
X-Level-Front-Cache
X-Server-Time
X-BACKEND-TTL
X-Worker
PageSpeed
X-ScT
X-Rojux
X-Transaction
X-Rewrite-Enabled
X-Vtex-Remote-Cache
X-Varnish-Url
X-Request-UUID
X-VG-WebServer
X-PAYTM-SRV-ID
X-Is-Bot
X-Vtex-Processado-Em
X-Trv-Group
X-Org
X-Twitter-Response-Tags
ServerName
X-URL
X-Pubstack
Served-By
Gh-Request-Id
Fastly-SWR
X-CGP
Fastly-SIE
X-Server-IP
Esi-Enabled
X-Backend-State
X-NC
X-Nc
Request-EU
X-Varnish-Cacheable
Section-Io-Cache
W
X-Clientip
Request-Country
Proxy-Firewall
IBM-Web2-Location
HA-Ipaddr
X-BBXSRF
Memcached
X-TrackingId
X-Skip-Cache
Ha-Gx-Prefs
Content-Disposition
X-Fastly-Cache
X-HS-Combine-CSS
X-Location
X-Method
X-Nginx-Cache-Key
Origin-Cache-Control
X-Developers
X-Distil-CS
UCS
X-Eu-Site
Countrycode
X-HS-Cache-Config
Origin-Edge-Control
Apple-News-Services-Handled
Apple-News-Services-Host
X-Rebelmouse-Surrogate-Control
X-Core-Mission
X-We-Are-Hiring
X-Qloud-Router
X-Rebelmouse-Cache-Control
Backend-Name
Apple-News-Services-Parsed-Url
X-C
Apple-News-Services-Request-Url
X-ElasticPress-Search
X-Auto-Login
X-FPC
X-Wikidot-Backend
Wxu-Next-Region
X-TH-Server
Wxu-Next-Hostname
Wxu-Next-Commit
X-Irp-Debug
X-Grey
X-Variation
X-Bip
X-Generation-Time
X-GeoIP-Country-Code
X-Key
X-Wikidot-Static-Cache
X-Debug-Cookies
X-Debug-Log
X-Cdn-Origin
X-Device-Os
X-NX-Host
X-Reqid
X-Reboot
X-Webstats-RespID
X-Release
X-Cache-Info
X-Cache-Category-Id
X-Thanos
X-Epic-Correlation-Id
X-Sn-Servicetimems
X-Hash
X-SIPLIST1
X-ServiceProvider
X-Servername
X-Dispatch
Country-Code
Powered-By
Is-Eu
On-Server
L
Platform
Pramga
RNT-Machine
Kp-EeAlive
IsBot
Fastly-Soc-X-Request-Id
Adler-Geo
GW-Server
Heartbleed
RNT-Time
N-Cache
SS
Server-Int
Server-Host
X-Urbn-Context-Path
X-Urbn-Site-Id
X-SERVER
Locale
X-WebServer
X-Origin-Date
X-Hnp-Log
PFcat
X-GeoIP-City
CDCHOST
X-Crawler
X-Dispatcher-Server
X-Fetched-On
True-Client-Country-4JS
X-Gannett-Site-Version
X-Gen-Mode
X-Li-Pop
X-VC-Cache
X-Request-URI
X-Proxy-Upstream
X-Request-Start
X-Response-By
X-Secret
X-SD-PageType
X-Proxy-Cache-Status
X-CUA
X-LI-Proto
X-Swa-Ws
X-Origin-Expires
X-LI-UUID
X-PHP-Host
X-Owner
X-WADP-Cache
X-Li-Fabric
Resin-Trace
X-Azure-Ref
X-Azure-Ref-OriginShield
User-Cache-Control
X-Amz-Meta-Cache-Control
X-CDN-Cache
X-Cache-FS-Status
Web-Mar-Node
X-Cms-Context
X-Cache-Id
X-Clara-WADP
SD-X-WS
Who
X-Block-Status
X-Cache-Backend
X-Thinkindot-L3
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-VServer
X-Parent-Response-Time
X-SERVER-NAME
X-Pf-Uncompressing
X-OVcl
X-OVcl-Cache
CF-IPCountry
X-Matched-Rule
Thinkindot-Control
V-Age
X-Edge
X-Varnish-Ttl
Magicmarker
Pagetype
X-FE
X-ABtesting
X-Hello
X-Flog
X-CLOUD-TRACE-CONTEXT
X-Processor
X-User
X-Ratelimit-Remaining
X-Served-From
X-Via-NSCOPI
Mime-Version
X-Backend-Host
X-Backend-Url
User-Agent
X-Be
X-LAGOON
Memory
X-Powered-By-Defense
X-Generated-In
X-MSEdge-Flight
X-GoCache-CacheStatus
X-Up
X-Via-Edge
X-MSEdge-Features
X-Via-SSL
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Datadome
X-Tt-Trace-Tag
X-Soup
X-Debug-Cache-Store
X-Ua
X-Protected-By
X-Varnish-Beresp-Ttl
X-ND-Cache
X-Newrelic-Synthetics
Cache-Hits
X-Oss-Server-Time
X-Geo
X-Oss-Storage-Class
X-Ttl
X-Oss-Request-Id
X-Page-Type
X-Oss-Hash-Crc64ecma
Geoip-Latitude
Geoip-City
X-B3-SpanId
X-Oss-Object-Type
GeoIp-Country-Code
X-Backend-TTL
X-Origin-TTL
X-Zone
X-Fstrz
X-Planisys-CDN-TTL
X-Check-Cacheable
X-Planisys-CDN-Cache
X-Origin-CC
X-Planisys-CDN-Rules
Pragrma
X-SayCDN-TTL
X-Say-Cacheable
X-Akamai-SSL-Client-Sid
X-ZONE
X-Old-Content-Length
X-Say-TTL
X-Tec-Api-Root
X-Tec-Api-Version
X-Cache-Time
X-Tec-Api-Origin
X-Cdn-Forward
WZWS-RAY
X-Litespeed-Cache
X-CSRF-TOKEN
X-DC
X-Varnish-Beresp-Status
X-IN-WAF
X-Varnish-Beresp-Grace
X-Phone
X-Core-Value
Cdn
X-Logtrace-Id
X-Servedbyhost
X-IN-APIGATEWAYSSL
Ajk
XServer
X-Node-Id
X-TT-LOGID
Inserted-Into-Cache-At
Fastly-Backend-Name
X-Cache-Ttl
X-Tb-Optimization-Total-Bytes-Saved
X-Vcl-Version
X-HS-Status
X-Aicache-OS
X-MID
X-Ruxit-Js-Agent
Amp-Access-Control-Allow-Source-Origin
Dynatrace
FSS-Proxy
X-UPSTREAM-Address
FSS-Cache
X-BC
SN
X-VCL-Version
X-NODE
HostName
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-Wa
X-ServedByHost
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-APP
X-Birta-Cache-Post
X-Birta-Served
X-Mid
X-EC-Lua
X-Contensis-Viewer-Groups
X-CSRF-Token
X-Cache-ASPX
X-Bc
CF-Cached-On
Server-Cache-Control
Server-Surrogate-Control
X-Proxy-Cacherz
X-Refresh
X-App-Version
Xkeyrz
X-Varnish-Authentication
T-Server
X-Info
X-Varnish-IP
X-NWS-UUID-VERIFY
Selected-FE
X-GDPR
X-COUNTRY
X-LiteSpeed-Cache-Control
PICS-Label
X-WR-MODIFICATION
RequestId
X-FORWARDED-FOR
Srv
X-Source
X-CACHE-KEY
Ohc-File-Size
X-Agile-Age
X-Agile
X-Real-Ip
X-Varnish-Beresp-TTL
HitType
X-PJAX-URL
X-Agile-Id
X-Cache-Debug
MIME-Version
Ohc-Cache-HIT
X-Render-Time
GeoIP-Latitude
SID
GeoIP-Country-Code
GeoIP-City
X-ECache
X-Nananana
WebServer
X-Policy
X-Via-Ucdn
DataCenter
URI
Cf-Ipcountry
X-Fastly-Country-Code
X-LB-ID
X-Uri
X-BE
Cache-Provider
Xkeynj
Is-Session-Tracking
X-Micro-Cache
X-Service
X-TIME
X-Lb-Id
Get-Access-Time
X-Fastly-Backend-Reqs
X-Web-Server
X-Unique-Id
X-PAGE-TYPE
X-Cache-Miss-From
X-Requestid
X-NGINX-Cache
X-Sedo-Request-Id
X-Cache-Tag
X-Var-Ttl
X-NGENIX-Cache
Group
Ohc-Response-Time
X-JWT-State
Pics-Label
X-Pjax-Url
X-Is-Gdpr
Lb
X-Has-Esi
X-Request-Url
CDN
Xet-Cookie
X-MCACHE
X-Vct
X-Apw-Access-Object
X-Apw-Access-Action
Cneonction
X-Apw-Hits
HTTPS
X-Apw-Access-Token
X-Dw-Trace-Id
X-SRV
X-Ecache
X-Cf-Powered-By
X-PF-Uncompressing
Warning
Backend
X-SN
Www
Correlation-Id
FNAC-ModuleRouting
X-Swift-Error
X-WA
X-Edge-IP
X-Cdn-Request-ID
X-Newrelic-App-Data
Xkeypdq
X-Serial
X-Request-URL
X-Litespeed-Cache-Control
X-Akamai-ERRuleID
X-Fe
X-Akamai-ERPolicy
X-Bug-Bounty
X-RPS
X-RSL
X-Page-Impression-Id
X-RPM
X-DW
X-DI
X-DSS
X-Fpc
Lfy
X-Zalando-Child-Request-Id
X-DB
Host-ID
X-Instart-Isnd
X-Flow-Id
X-ServerName
X-Cache-Expires
X-Fastly-Cache-Hits