Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
CF-Cache-Status
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Alt-Svc
X-Adblock-Key
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-CDN
X-Via
X-Turbo-Charged-By
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Age
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Id-2
X-Amz-Request-Id
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
EagleId
Grace
X-Server-Powered-By
X-UA-Device
Request-Context
X-Varnish-Cache
X-Nginx-Cache-Status
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
X-Ua-Compatible
Ali-Swift-Global-Savetime
X-Server-Id
X-WebKit-CSP
Server-Timing
Feature-Policy
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Rq
X-Host
Report-To
X-Ac
X-Request-ID
X-OneAgent-JS-Injection
X-Node
Content-Location
X-Cnection
X-Response-Time
X-Backend-Server
X-Cloud-Trace-Context
X-Origin-Cache
X-Application-Context
X-Readtime
Request-Id
Allow
Surrogate-Control
EagleEye-TraceId
X-ORACLE-DMS-ECID
X-Country
X-Vhost
X-DynaTrace
X-TTL
X-Cache-Lookup
X-Origin-Upstream-Status
X-Rack-Cache
X-Url
X-FTR-Request-ID
X-Clacks-Overhead
NEL
Rating
Pinterest-Generated-By
X-ORACLE-DMS-RID
X-Country-Code
X-Dispatcher
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Ruxit-JS-Agent
X-CST
X-HW
X-Cdn
X-Goog-Hash
X-Instart-Request-ID
Fusion-Template-Id
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Source
X-DataStream-Cache-Status
X-TtlSet
X-Vname
X-PC
Edge-Control
X-DataDome
X-VARITI-CCR
X-Px
Service-Worker-Allowed
Verso
X-MS-InvokeApp
X-Mod-Pagespeed
X-Dns-Prefetch-Control
RTSS
X-Exp-Variant
X-Kinja
X-Cdn-Fetch
X-Kinja-Build
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Revision
X-Use-Magma
X-Kinja-Server
X-Recruiting
X-Varnish-TTL
X-D2id
SPRequestGuid
X-ESI
X-Vcap-Request-Id
X-Abt-Application-Version
TCN
X-GitHub-Request-Id
X-Amz-Server-Side-Encryption
X-SharePointHealthScore
X-Navigation-Version
X-Akam-SW-Version
X-B3-TraceId
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Powered-By-Plesk
X-Middleton-Response
X-Middleton-Display
Response
X-Sol
Display
MS-Author-Via
X-RateLimit-Remaining
X-Forwarded-Proto
DynaTrace
Charset
Realpath
X-Upstream
Public-Key-Pins
X-Version
X-Powered-CMS
Fastly-Restarts
X-Amz-Rid
X-Shield-Request-Id
X-Cached
Nginx-Cache
X-Trace
X-Server-Name
ServerID
AR-ATIME
Ar-Sid
AR-CACHE
AR-PoweredBy
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Shard
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-Dw-Request-Base-Id
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
Content-MD5
X-Grace
Accept-Ch-Lifetime
Accept-CH
AR-Request-ID
Pagespeed
Access-Control-Request-Method
X-MSEdge-Ref
Paypal-Debug-Id
X-DynaTrace-JS-Agent
SPIisLatency
SPRequestDuration
X-Client-IP
Accept-Ch
X-Goog-Storage-Class
X-FTR-Backend
X-FTR-DC
X-FTR-Realm
X-FTR-Expires
X-FTR-Cache-Status
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Backend-Server
X-Debug
S
X-Id
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Ezoic-Cdn
X-Fastly-Request-ID
Front-End-Https
X-Amz-Meta-S3cmd-Attrs
X-FastCGI-Cache
X-T
X-Amzn-Trace-Id
X-NF-Request-ID
MicrosoftSharePointTeamServices
X-N
Arr-Disable-Session-Affinity
X-Content-Type
X-DIS-Request-ID
X-Hits
X-B3-Sampled
X-VCache
X-FTR-Cache-Host
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Proxy
X-Frontend
X-Vcache
X-B3-Traceid
Fastcgi-Cache
X-XRDS-Location
X-Acc-Meta-Resource-Type
X-Logged-In
X-Varnish-Age
X-Mobile-Rewrite
X-Content-Digest
Server-Name
Arc-Version
PB-RID
PB-PID
X-Correlation-Id
X-Ser
X-Srv
Alternate-Protocol
X-Forwarded-For
Nel
X-Node-Name
X-Cache-Key
FilterID
X-Microsite
X-Request-Handler-Origin-Region
X-Pad
X-User-Agent
AMP-Access-Control-Allow-Source-Origin
X-LB-Cache
Powered
Healthy
X-Kinsta-Cache
TP-L2-Cache
X-XRDS-LOCATION
TP-Cache
X-Rid
X-Type
X-F-Cache
X-Cache-2
X-IPLB-Instance
X-Amz-Apigw-Id
X-Zen-Fury
X-Amzn-RequestId
Host
X-Request-Processing-Time
X-Request-Received
X-Revision
Edge-Cache-Tag
X-Via-JSL
X-AOL-HN
X-Debug-Info
X-Kong-Proxy-Latency
X-Analytics
X-Kong-Upstream-Latency
Backend-Timing
Powered-By-ChinaCache
X-Cache-Age
X-Activity-Id
X-Az
X-AppVersion
X-GUploader-UploadID
Accept-CH-Lifetime
X-Accel-Expires
X-HS-Hub-Id
X-Cached-By
X-HS-Content-Id
X-Hostname
X-Cache-Rule
Surrogate-Key
Cache-Status
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Content-Options
X-Jobs
X-FB-Debug
X-Forwarded-Host
X-Server-ID
Server-Node
Cleartype
X-Varnish-Backend
X-Content-Security-Policy-Report-Only
X-PHP-Backend
X-BCube-Filmed-By
X-Varnish-Grace
X-Page-Id
X-Cluster
X-B-Cache
X-Amz-Replication-Status
X-Signature
X-Request-Guid
X-Content-Powered-By
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-App-Environment
X-Instance
X-Fastcgi-Cache
Refresh
Source
X-TT
X-Akamai-Edgescape
Liferay-Portal
X-Framework
X-Time
X-FW-Type
X-FW-Static
X-FW-Serve
X-FW-Hash
X-FW-Server
DC
Tracecode
X-RateLimit-Limit
Accept-Charset
Access-Control-Allow-Method
Fastcgi-Useragent
X-ATG-Version
X-Varnish-Hostname
X-Whom
Host-Header
X-Cache-Action
X-Drupal-Cache-Tags
X-Mobile
X-Cache-Operation
X-Presslabs-Stats
X-B
WPE-Backend
X-App-Server
X-WA-Info
X-APP-VERSION
X-Cache-Control
X-Mobile-URL
X-Hp-Webp
X-Cache-TTL
Payment
X-Edge-Location
NGB
X-Erf-Bev-Bev-Is-Generated
Retry-After
X-Accel-Buffering
X-Response-Served-From
X-Erf-Bev-Bev
X-Content-Age
Cache-Tag
Filters
X-Storage
X-WebKit-CSP-Report-Only
X-Git-Hash
Viewport
X-Handled-By
X-TT-TIMESTAMP
X-TX-ID
Actual-Object-TTL
X-Esi
X-GeoIP
X-RequestSource
Eomportal-Instance
Cache-Tv-Group
X-Cacheable-TTL
X-NWS-LOG-UUID
X-Cache-Hit
Upgrade-Insecure-Requests
X-Adobe-Loc
MS-CV
X-ProcessESI
X-Adobe-Content
X-Status
X-UA-Device-Type
X-RemovedCookies
X-Tumblr-Pixel-2
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Tumblr-Pixel-1
X-Ratelimit-Limit
Xserver
X-FW-Dynamic
X-Geo-Country
X-SS-Set-Cookie
X-VG-WebCache
Webserver
X-Seen-By
X-TA-CDN-Provider
X-Cache-TTL-Remaining
X-RTag
Ms-Operation-Id
X-Host-Name
Datacenter
X-FB-TRIP-ID
Frame-Options
X-Cache-Enabled
From-Origin
X-Hyper-Cache
Cache
X-B3-Spanid
X-Contextid
X-CF-Powered-By
X-Mode
X-Origin-Server
GEO-INFO
Country
X-Generated-By
Machine
Meta-Geo
X-ES-SERVER
X-RN-RSRV
Server-Info
X-Timing-Wait
Load-Balancing
X-Path-Route
X-Cache-Var-Map
X-Cache-Var
X-Proxy-Build
X-Varnish-Server
X-TNCMS
CACHE
X-Loop
Vix-Hermes-Req-Id
X-Generated
X-Zipkin-Id
X-Routing-Service
X-Proxied
X-Cache-Config
X-Hit
X-Drupal-Cache-Contexts
X-Upstream-HT
S-Cnection
X-Upstream-CT
Rt-Fastcgi-Cache
X-From
Mn-Server-Ip
X-Access
X-JoinUs
X-Human
X-Cluster-Node
X-Section
X-Guploader-Uploadid
X-R9-Blue-Green-Version
X-AWS-Id
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Region
Decoy-Debug-Key
X-Varnish-Cache-Hits
X-Backend-Name
X-FC-Vary-Parameters
X-VWS-Id
X-Rule
X-Upgrade-Enabled
Decoy-Debug-Status
Decoy-Debug-TTL
X-RateLimit-Reset
X-Web-Node
X-Labrador-Cache-Channel
X-Ratelimit-Reset
X-LJ-Flow-ID
X-EIG-Tracking-Id
X-Tumblr-Pixel-3
X-Origin-Response-Time
DSUID
X-Akamai-Request-ID
X-VG-TLSProxy
X-Cache-Host
X-Cache-Grace
Cache-Name
X-Viewer-Country
Now
Release
SRV
Cache-Key
X-Debug-Cache
X-Hosted-By
X-Site-Version
X-Trace-Id
X-OCL
X-Locale
X-MP-GENERATED-AT
X-Proto
X-PCL
X-Device-Type
X-Akamai-Request-ID2
X-Www-Served-By
ProcessTime
X-Via-Fastly
Mail-Subject
We-Hiring
X-ShardId
X-Sorting-Hat-ShopId
X-NCache
X-Magnolia-Registration
ServedBy
X-Sorting-Hat-PodId
OT-Force-Account-Verify
X-Shopify-Stage
X-ShopId
X-Rendered-As
X-Alternate-Cache-Key
X-NewRelic-App-Data
X-L-Path
X-Environment-Context
X-Request-Time
Akamai-GRN
X-Xfnlog-Site
X-IP
X-CCM
X-S
Time
X-Load-Cache
X-Endurance-Cache-Level
DB-Nickname
X-Dc
X-RCS-CacheZone
Version
X-Time-Microsecs
NtCoent-Length
Uber-Trace-Id
TWC-Connection-Speed
TWC-Device-Class
TWC-Locale-Group
TWC-GeoIP-Country
Webcakes-App-Version
X-Wix-Request-Id
X-Origin-Hint
Webcakes-Region
Webcakes-App-Name
TWC-Privacy
TWC-GeoIP-LatLong
X-VCT
Property-Id
X-Oracle-Dms-Rid
S-Rt
X-No-Session
X-Origin
Azure-InstanceId
X-Varnish-Hits
Azure-RegionName
X-EdgeConnect-Cache-Status
X-FW-Version
Azure-Version
Azure-SiteName
Azure-SlotName
X-Nginx-Cache
X-Via-CDN
Cteonnt-Length
X-Proxy
X-ProxyCache-Status
X-Redis-Cache
X-ProxyCache-Key
X-UUID
X-FireWall-Port
X-BYPASS-REASON
NGX
X-Akamai-Transformed
X-Platform-Server
X-Vgn-Hpd-Reason
X-HTML-Minification-Powered-By
X-CS
Accept-Language
X-PressLabs-Stats
X-Daa-Tunnel
X-MServer
X-ApacheServer
Odigeo-Trace-Id
X-Hl-Ver
X-Format
X-UA
X-PERF
Ec-Rule-Version
X-Cache-NE
X-ECACHE
X-CDN-Forward
X-Rocket-Nginx-Bypass
Access-Control-Request-Headers
Origin
X-IPS-LoggedIn
X-GEO
X-Cache-Server
X-UnsetCookies
X-Real-IP
X-Cache-Remote
Selected-Fe
Cache-Tags
X-Tb
X-Distributor
LB
X-ServerID
X-Amzn-Remapped-Content-Length
X-Webkit-Csp
Fastly-SSL
X-Nc
Proxy-Connection
X-B3-Parentspanid
X-URL
L5d-Success-Class
X-Microcachable
X-Compress-Hint
MD5-Digest
GEO-REGION-INFO
Mobile-Detection-Method
Meta-Geo-Continent
Fly-Request-Id
Cache-Cookie-Set-Lfrom
Fly-Cache
Content-Script-Type
Content-Style-Type
Countrycode
Cross-Origin-Window-Policy
Fastcgi-X-Cache-Version
Cdn-Request-Time
Cdn-Host
AsisCache
Arc-Country
BehaviorPad-Version
Cache-Cookie-Set-From
Cache-Prefix
Cache-Cookie-Set-Idcheck
AKAMAI
X-ARC
X-NU-AKA-ACS-Version
X-Level-Front-Cache
X-Is-Bot
X-Org
X-PAYTM-SRV-ID
X-Request-UUID
X-Region-Sid
X-Internal-Host
X-Instart-Info
X-External-Request-Id
X-Edge-Server
X-G
X-Generated-On
X-IN-APIGATEWAY
X-Geo-Header
X-Rewrite-Enabled
X-Rojux
X-VG-WebServer
X-Varnish-Url
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-Worker
X-Twitter-Response-Tags
X-Trv-Group
X-S-Maxage
X-S-Cookie
X-ScT
X-Server-Time
X-Transaction
X-SRCache-Key
X-DPWN-IS-SECURE
X-Developer
X-A-Dam
X-A-Ccd
X-A-Dcw
X-A-Dgt
X-Accel-Expires-Debug
X-A-Wwc
X-A
VivaBuild
Request-Time
Rendered-Blocks
REQUESTUUID
Rt-Proxy-Cache
Viewtype
Server-ID
X-Aed
X-App-Name
X-Core-Mission
X-Connection-Hash
X-D
X-Date
X-Detected-As
X-Destination
X-Cluster-Name
X-Clientip
A
X-Application
X-B-Cookie
X-Cache-Bucket
X-CF-Lambda-Version
X-CF-Lambda-Fn
Node
X-AIR-PT
X-Unique-ID
Hostname
ServerName
X-BACKEND-TTL
Backend-Name
Served-By
UCS
X-Backend-State
X-Bip
X-BBXSRF
Section-Io-Cache
W
Proxy-Firewall
HA-Ipaddr
Ha-Gx-Prefs
Fastly-SWR
IBM-Web2-Location
Memcached
Request-Country
X-Cdn-Srv
Powered-By
Request-EU
X-Fastly-Cache
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Server-IP
X-Thanos
X-TrackingId
X-We-Are-Hiring
X-Varnish-Cacheable
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
Fastly-SIE
X-Eu-Site
X-Distil-CS
X-Hash
X-HS-Cache-Config
X-Qloud-Router
X-HS-Combine-CSS
X-CGP
X-Method
Apple-News-Services-Parsed-Url
Content-Disposition
X-C
Country-Code
Apple-News-Services-Request-Url
Apple-News-Services-Handled
Apple-News-Services-Host
Origin-Cache-Control
X-SERVER
Origin-Edge-Control
X-Urbn-Site-Id
Locale
X-Urbn-Context-Path
X-Dynatrace-Js-Agent
X-Debug-Log
X-WebServer
X-Reboot
X-Debug-Cookies
X-Device-Os
X-Cache-Category-Id
RNT-Time
Server-Host
X-Webstats-RespID
X-Developers
Server-Int
X-Pubstack
Wxu-Next-Commit
X-Cache-Info
X-Auto-Login
X-Location
X-Sn-Servicetimems
X-Skip-Cache
X-Servername
X-ServiceProvider
X-SIPLIST1
X-Cdn-Origin
X-TH-Server
Wxu-Next-Hostname
RNT-Machine
X-Crawler
Wxu-Next-Region
X-Reqid
X-Variation
X-Request-Start
X-Release
X-Wikidot-Backend
Is-Eu
X-GeoIP-Country-Code
X-Grey
Kp-EeAlive
L
X-Origin-Date
X-GeoIP-City
Heartbleed
Adler-Geo
X-Key
Fastly-Soc-X-Request-Id
X-Irp-Debug
X-Nginx-Cache-Key
X-NX-Host
Gh-Request-Id
X-Origin-Expires
IsBot
On-Server
Platform
PFcat
X-Epic-Correlation-Id
X-Wikidot-Static-Cache
Esi-Enabled
Pramga
N-Cache
X-ElasticPress-Search
X-CDN-Cache
X-PHP-Host
X-SD-PageType
X-Cache-Id
X-Secret
X-LI-UUID
X-LI-Proto
X-Li-Pop
X-Li-Fabric
X-Dispatch
X-Fetched-On
X-Proxy-Upstream
X-Dispatcher-Server
X-FPC
X-CUA
X-Gannett-Site-Version
X-Generation-Time
X-Proxy-Cache-Status
X-Request-URI
X-Gen-Mode
X-Hnp-Log
X-Clara-WADP
X-Response-By
X-Cms-Context
X-Owner
X-Amz-Meta-Cache-Control
Who
SD-X-WS
Resin-Trace
Web-Mar-Node
X-WADP-Cache
True-Client-Country-4JS
User-Cache-Control
SS
CDCHOST
X-VC-Cache
X-SERVER-NAME
X-Azure-Ref
X-Azure-Ref-OriginShield
X-Block-Status
X-Swa-Ws
GW-Server
X-Varnish-Ttl
X-ABtesting
X-Matched-Rule
X-FE
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Pf-Uncompressing
X-CLOUD-TRACE-CONTEXT
X-Flog
X-Hello
X-NC
Pagetype
X-Thinkindot-L3
Thinkindot-Control
X-Cache-FS-Status
X-Cache-Backend
V-Age
X-VServer
X-Parent-Response-Time
CF-IPCountry
Magicmarker
X-Backend-Url
PageSpeed
X-OVcl
X-Backend-Host
X-User
User-Agent
X-Edge
X-Ratelimit-Remaining
X-OVcl-Cache
X-Served-From
X-GoCache-CacheStatus
X-Via-NSCOPI
Mime-Version
X-Up
X-Processor
X-Generated-In
X-Soup
X-MSEdge-Features
X-MSEdge-Flight
X-Be
Memory
X-Oneagent-Js-Injection
X-LAGOON
X-Via-Edge
X-Via-SSL
X-Powered-By-Defense
X-Ua
X-Geo
X-Tt-Trace-Tag
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Varnish-Beresp-Ttl
X-ND-Cache
X-Protected-By
X-Ttl
X-B3-SpanId
Cache-Hits
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Object-Type
GeoIp-Country-Code
Geoip-Latitude
X-Page-Type
X-Newrelic-Synthetics
Geoip-City
X-Oss-Hash-Crc64ecma
X-Check-Cacheable
X-Zone
X-Fstrz
X-Backend-TTL
Pragrma
X-Akamai-SSL-Client-Sid
X-Say-Cacheable
X-ZONE
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Say-TTL
X-SayCDN-TTL
X-Planisys-CDN-TTL
X-Origin-CC
X-Tec-Api-Root
X-Origin-TTL
X-Tec-Api-Origin
X-Tec-Api-Version
WZWS-RAY
X-Cache-Time
X-Cdn-Forward
X-Old-Content-Length
X-Litespeed-Cache
X-CSRF-TOKEN
Cdn
X-DC
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-IN-APIGATEWAYSSL
Fastly-Backend-Name
X-Phone
X-Logtrace-Id
X-IN-WAF
X-Node-Id
Ajk
X-Core-Value
Inserted-Into-Cache-At
X-Cache-Ttl
X-Vcl-Version
X-Datadome
X-TT-LOGID
X-Aicache-OS
X-Tb-Optimization-Total-Bytes-Saved
X-Servedbyhost
Amp-Access-Control-Allow-Source-Origin
Dynatrace
X-Ruxit-Js-Agent
X-HS-Status
SN
FSS-Proxy
X-BC
FSS-Cache
XServer
X-NODE
HostName
X-UPSTREAM-Address
X-Mid
X-MID
X-APP
X-ServedByHost
X-RateLimit-Limit-Second
X-Amzn-Remapped-Connection
X-RateLimit-Remaining-Second
X-VCL-Version
X-Amzn-Remapped-Date
X-Wa
Srv
X-Proxy-Cacherz
T-Server
X-Varnish-Authentication
X-CSRF-Token
CF-Cached-On
Xkeyrz
X-Cache-ASPX
X-Bc
Server-Surrogate-Control
Server-Cache-Control
X-Contensis-Viewer-Groups
X-App-Version
X-EC-Lua
X-Birta-Cache-Post
Selected-FE
X-Birta-Served
X-LiteSpeed-Cache-Control
X-COUNTRY
X-WR-MODIFICATION
X-NWS-UUID-VERIFY
X-Refresh
PICS-Label
X-GDPR
X-CACHE-KEY
X-Info
X-Varnish-Beresp-TTL
X-PJAX-URL
X-Cache-Debug
RequestId
X-Varnish-IP
MIME-Version
Ohc-File-Size
X-Source
X-Agile-Id
X-ECache
GeoIP-Latitude
X-Agile-Age
GeoIP-Country-Code
X-Agile
GeoIP-City
X-Render-Time
WebServer
Ohc-Cache-HIT
SID
X-FORWARDED-FOR
URI
Cf-Ipcountry
X-Policy
X-Fastly-Country-Code
DataCenter
X-LB-ID
HitType
X-Real-Ip
X-Nananana
X-Lb-Id
Cache-Provider
Get-Access-Time
Is-Session-Tracking
X-Service
Xkeynj
X-Uri
X-Fastly-Backend-Reqs
X-PAGE-TYPE
X-Unique-Id
X-Via-Ucdn
X-Micro-Cache
X-Cache-Tag
X-BE
X-Web-Server
X-Var-Ttl
X-NGINX-Cache
X-Sedo-Request-Id
X-Cache-Miss-From
X-Requestid
X-NGENIX-Cache
Lb
X-TIME
X-Request-Url
X-Pjax-Url
X-Is-Gdpr
Pics-Label
X-JWT-State
Ohc-Response-Time
X-Has-Esi
X-MCACHE
X-GRACE
X-Apw-Hits
Group
X-Apw-Access-Token
X-Vct
CDN
X-Apw-Access-Object
X-Apw-Access-Action
Cneonction
X-SRV
Xet-Cookie
X-Dw-Trace-Id
HTTPS
X-Cf-Powered-By
X-SN
X-PF-Uncompressing
Correlation-Id
Backend
Warning
FNAC-ModuleRouting
X-Cdn-Request-ID
X-WA
X-Ecache
X-Newrelic-App-Data
X-Request-URL
X-Serial
X-Litespeed-Cache-Control
X-Fe
Xkeypdq
X-Page-Impression-Id
Lfy
X-Flow-Id
X-Zalando-Child-Request-Id
X-Fastly-Cache-Hits
X-Akamai-ERRuleID
X-Bug-Bounty
Www
X-Akamai-ERPolicy
X-Edge-IP
X-Swift-Error
X-RPS
X-RSL
X-Fpc
X-RPM
X-DW
X-DB
X-DI
X-DSS
X-ServerName