Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Alt-Svc
X-Adblock-Key
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Age
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Id-2
X-Amz-Request-Id
X-Envoy-Upstream-Service-Time
X-Request-ID
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
EagleId
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Server-Id
X-WebKit-CSP
Server-Timing
Feature-Policy
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Rq
X-Host
Report-To
X-Ac
X-Node
Content-Location
X-OneAgent-JS-Injection
X-Cnection
X-Response-Time
X-Backend-Server
X-Cloud-Trace-Context
X-Origin-Cache
X-Application-Context
X-Readtime
Request-Id
Allow
Surrogate-Control
EagleEye-TraceId
X-ORACLE-DMS-ECID
X-Vhost
X-DynaTrace
X-Cache-Lookup
X-TTL
X-Country
X-Cdn
Pinterest-Generated-By
X-Rack-Cache
X-Origin-Upstream-Status
X-Clacks-Overhead
NEL
X-Ua-Compatible
X-FTR-Request-ID
Rating
X-Url
X-Ruxit-JS-Agent
X-Country-Code
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Dispatcher
X-ORACLE-DMS-RID
X-Dns-Prefetch-Control
X-HW
X-CST
X-Goog-Hash
X-Instart-Request-ID
Fusion-Component-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
X-DataStream-Cache-Status
X-DataDome
X-PC
X-TtlSet
X-Vname
Edge-Control
X-Px
X-VARITI-CCR
Service-Worker-Allowed
Verso
X-Mod-Pagespeed
X-MS-InvokeApp
X-Recruiting
X-Varnish-TTL
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Build
X-Use-Magma
X-Kinja-Server
X-Kinja
RTSS
X-Kinja-Revision
X-Cdn-Fetch
X-Exp-Id
X-D2id
SPRequestGuid
X-Vcap-Request-Id
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
TCN
X-SharePointHealthScore
X-Navigation-Version
X-GitHub-Request-Id
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Middleton-Display
X-Sol
Response
X-Middleton-Response
Display
X-Akam-SW-Version
X-Powered-By-Plesk
X-RateLimit-Remaining
MS-Author-Via
DynaTrace
Charset
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Shield-Request-Id
X-Forwarded-Proto
Realpath
ServerID
X-Amz-Rid
X-Powered-CMS
X-B3-TraceId
X-Upstream
Content-MD5
AR-CACHE
AR-ATIME
Ar-Sid
AR-PoweredBy
X-Trace
X-Version
Public-Key-Pins
Nginx-Cache
X-ESI
Fastly-Restarts
X-Cached
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Shard
X-Server-Name
X-Dw-Request-Base-Id
Accept-CH
AR-Request-ID
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-Mrf-Item-Lastmod
MRF-Tech
X-B3-TraceId-Primal
Pagespeed
Access-Control-Request-Method
Paypal-Debug-Id
X-Grace
X-MSEdge-Ref
Accept-Ch-Lifetime
X-Goog-Storage-Class
X-Client-IP
SPIisLatency
X-DynaTrace-JS-Agent
SPRequestDuration
S
X-Debug
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Expires
X-Country-Code-Real
X-FTR-Balancer
X-FTR-DC
X-Vcache
X-Id
Accept-Ch
X-DataStream-MidMile-RTT
X-Ezoic-Cdn
X-DataStream-Origin-MEX-Latency
X-FastCGI-Cache
X-Amz-Meta-S3cmd-Attrs
Front-End-Https
X-Fastly-Request-ID
X-N
Pinterest-Version
X-Amzn-Trace-Id
X-T
X-Pinterest-Rid
X-Upstream-Proxy
X-NF-Request-ID
X-B3-Traceid
X-DIS-Request-ID
Arr-Disable-Session-Affinity
X-Content-Type
MicrosoftSharePointTeamServices
X-XRDS-Location
X-Hits
X-B3-Sampled
X-FTR-Cache-Host
X-Varnish-Age
X-Acc-Meta-Resource-Type
X-Frontend
X-Ser
PB-RID
X-Mobile-Rewrite
PB-PID
Arc-Version
Fastcgi-Cache
X-Logged-In
X-Content-Digest
Server-Name
X-Correlation-Id
Alternate-Protocol
X-Cache-Key
X-Srv
X-Node-Name
X-Pad
Nel
AMP-Access-Control-Allow-Source-Origin
X-Request-Handler-Origin-Region
X-Microsite
X-VCache
FilterID
TP-L2-Cache
TP-Cache
X-User-Agent
X-Type
Healthy
X-Rid
X-Kinsta-Cache
Host
X-LB-Cache
X-Request-Received
X-IPLB-Instance
X-Request-Processing-Time
X-F-Cache
X-Zen-Fury
Powered
X-Forwarded-For
X-Esi
Powered-By-ChinaCache
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Cache-2
X-Revision
X-AOL-HN
Edge-Cache-Tag
X-Debug-Info
Accept-CH-Lifetime
X-GUploader-UploadID
X-Cached-By
Backend-Timing
X-Analytics
X-Cache-Age
X-Via-JSL
X-Kong-Upstream-Latency
X-HS-Hub-Id
X-Kong-Proxy-Latency
X-HS-Content-Id
X-Hostname
X-Cache-Rule
X-Activity-Id
X-Az
X-AppVersion
X-Accel-Expires
X-XRDS-LOCATION
Surrogate-Key
X-Varnish-Backend
X-Content-Security-Policy-Report-Only
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Page-Id
X-RateLimit-Limit
X-Content-Options
X-BCube-Filmed-By
X-Instance
X-Content-Powered-By
X-Amz-Replication-Status
X-FB-Debug
X-Cluster
X-Varnish-Grace
X-PHP-Backend
X-Tumblr-User
Server-Node
X-Jobs
X-Akamai-Edgescape
X-Request-Guid
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Signature
X-B-Cache
Source
Cleartype
Refresh
Cache-Status
X-App-Environment
X-Forwarded-Host
X-TT
X-Framework
Liferay-Portal
X-Fastcgi-Cache
X-FW-Serve
X-FW-Hash
X-FW-Server
X-FW-Static
X-FW-Type
DC
X-Varnish-Hostname
X-ATG-Version
Tracecode
Accept-Charset
Fastcgi-Useragent
Access-Control-Allow-Method
Host-Header
X-APP-VERSION
X-Mobile
WPE-Backend
X-Cache-Action
X-Cache-Operation
X-Cache-Control
X-Edge-Location
X-Drupal-Cache-Tags
X-Time
X-B
X-Whom
Actual-Object-TTL
X-Cache-Hit
Payment
X-App-Server
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Response-Served-From
X-Hp-Webp
X-Accel-Buffering
X-Mobile-URL
X-WA-Info
X-TX-ID
X-Storage
X-Presslabs-Stats
X-Git-Hash
X-Content-Age
X-WebKit-CSP-Report-Only
NGB
X-NWS-LOG-UUID
X-Cacheable-TTL
X-Yottaa-Optimizations
X-TA-CDN-Provider
Cache-Tv-Group
X-TT-TIMESTAMP
X-Yottaa-Metrics
Upgrade-Insecure-Requests
X-SS-Set-Cookie
Filters
X-UA-Device-Type
X-Handled-By
Cache-Tag
X-ProcessESI
X-Tumblr-Pixel-2
X-GeoIP
Eomportal-Instance
Viewport
X-Tumblr-Pixel-1
X-Adobe-Loc
X-RemovedCookies
X-Status
X-Adobe-Content
X-RequestSource
X-Geo-Country
Retry-After
X-Cache-TTL
X-VG-WebCache
Webserver
X-FW-Dynamic
X-Cache-TTL-Remaining
MS-CV
X-Seen-By
Datacenter
X-Server-ID
X-FB-TRIP-ID
Server-Info
Xserver
X-Host-Name
X-Cache-Enabled
Cache
Frame-Options
X-B3-Spanid
Ms-Operation-Id
X-Oracle-Dms-Rid
X-Ratelimit-Limit
X-Contextid
X-RTag
X-Hyper-Cache
From-Origin
X-Generated-By
X-Origin-Server
X-Mode
S-Cnection
Country
X-CF-Powered-By
X-Cache-Config
X-Ratelimit-Reset
X-ES-SERVER
X-Cache-Var
X-RN-RSRV
X-Cache-Var-Map
X-Path-Route
X-Tumblr-Pixel-3
Load-Balancing
Meta-Geo
Machine
SRV
Cache-Key
GEO-INFO
X-Proxied
X-Cache-Grace
X-MP-GENERATED-AT
X-Labrador-Cache-Channel
X-Zipkin-Id
X-Upstream-CT
Vix-Hermes-Req-Id
X-Section
X-Routing-Service
X-Upstream-HT
X-Access
X-Human
X-Hit
Now
X-Loop
CACHE
X-Viewer-Country
X-Backend-Name
X-Web-Node
X-Cache-Host
X-From
X-Drupal-Cache-Contexts
X-Varnish-Cache-Hits
X-Varnish-Server
Decoy-Debug-TTL
X-PCL
Decoy-Debug-Key
Decoy-Debug-Status
X-TNCMS
X-Upgrade-Enabled
X-OCL
X-CCM
ServedBy
X-Shopify-Stage
X-ShardId
X-Sorting-Hat-PodId
Rt-Fastcgi-Cache
X-AWS-Id
X-Debug-Cache
X-R9-Blue-Green-Version
X-EIG-Tracking-Id
Mn-Server-Ip
X-Akamai-Request-ID
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-Environment-Context
X-Magnolia-Registration
X-Via-Fastly
X-Endurance-Cache-Level
X-L-Path
X-LJ-Flow-ID
X-VG-TLSProxy
X-Origin-Response-Time
X-Trace-Id
X-Rule
X-ShopId
X-VWS-Id
X-Region
X-Site-Version
X-Proto
X-NCache
X-Rendered-As
X-S
X-Locale
X-Cluster-Node
X-FC-Vary-Parameters
Cache-Name
Akamai-GRN
X-Xfnlog-Site
X-Generated
X-Goog-Meta-Goog-Reserved-File-Mtime
OT-Force-Account-Verify
X-JoinUs
We-Hiring
X-Hosted-By
Mail-Subject
X-Proxy-Build
DSUID
X-Timing-Wait
DB-Nickname
Version
X-RCS-CacheZone
X-Dc
X-Device-Type
Release
X-Guploader-Uploadid
X-Www-Served-By
X-RateLimit-Reset
X-Varnish-Hits
Uber-Trace-Id
X-Request-Time
ProcessTime
X-Load-Cache
X-VCT
X-Time-Microsecs
X-IP
X-ProxyCache-Status
NtCoent-Length
X-Nginx-Cache
X-ProxyCache-Key
X-NewRelic-App-Data
Time
X-BYPASS-REASON
X-Redis-Cache
Azure-RegionName
Azure-InstanceId
NGX
X-Wix-Request-Id
X-FW-Version
Azure-SiteName
Cteonnt-Length
Azure-Version
Azure-SlotName
S-Rt
X-Origin
X-UUID
X-PressLabs-Stats
X-Akamai-Request-ID2
X-Platform-Server
X-URL
X-CDN-Forward
X-No-Session
Webcakes-Region
Webcakes-App-Name
Webcakes-App-Version
TWC-Privacy
TWC-GeoIP-LatLong
TWC-Locale-Group
X-Origin-Hint
TWC-Device-Class
TWC-Connection-Speed
X-Via-CDN
X-UA
Property-Id
TWC-GeoIP-Country
X-EdgeConnect-Cache-Status
X-GEO
X-ECACHE
X-Daa-Tunnel
X-FireWall-Port
X-Proxy
X-Cache-NE
X-MServer
X-Rocket-Nginx-Bypass
X-Hl-Ver
X-IPS-LoggedIn
X-HTML-Minification-Powered-By
X-PERF
Origin
X-ApacheServer
X-ServerID
X-Vgn-Hpd-Reason
Odigeo-Trace-Id
X-Cache-Remote
X-Akamai-Transformed
X-CS
X-Format
X-Cache-Server
X-Distributor
LB
X-Dynatrace-Js-Agent
X-Oneagent-Js-Injection
Ec-Rule-Version
Cache-Tags
Access-Control-Request-Headers
Accept-Language
X-UnsetCookies
Fastly-SSL
X-Tb
Hostname
L5d-Success-Class
X-Webkit-Csp
X-Microcachable
X-NC
X-Unique-ID
X-Pubstack
Origin-Edge-Control
Origin-Cache-Control
X-SERVER-NAME
X-Real-IP
Served-By
Fastcgi-X-Cache-Version
X-Varnish-Cacheable
X-Amzn-Remapped-Content-Length
A
X-Developer
Meta-Geo-Continent
BehaviorPad-Version
X-Detected-As
MD5-Digest
Selected-Fe
Mobile-Detection-Method
AsisCache
X-Worker
X-Date
X-BACKEND-TTL
X-D
Xc-Version
Node
X-B3-Parentspanid
X-G
X-DPWN-IS-SECURE
AKAMAI
X-Destination
Fastly-SWR
X-IN-APIGATEWAY
X-Geo-Header
X-Instart-Info
Cache-Cookie-Set-Lfrom
X-Internal-Host
Cache-Prefix
Cdn-Host
Content-Script-Type
Content-Style-Type
X-Request-UUID
Cross-Origin-Window-Policy
Fastly-SIE
Proxy-Firewall
Fly-Cache
Cache-Cookie-Set-From
Fly-Request-Id
GEO-REGION-INFO
Cdn-Request-Time
X-Level-Front-Cache
X-Is-Bot
X-Generated-On
X-External-Request-Id
Cache-Cookie-Set-Idcheck
X-Edge-Server
X-Twitter-Response-Tags
X-A-Dgt
X-Cache-Category-Id
X-A-Wwc
X-Accel-Expires-Debug
X-Server-Time
X-A-Dcw
X-A-Dam
X-A
VivaBuild
X-Rebelmouse-Cache-Control
X-A-Ccd
X-Rebelmouse-Surrogate-Control
X-Region-Sid
X-Aed
X-Rewrite-Enabled
X-Rojux
X-Application
X-ARC
X-COUNTRY
X-App-Name
X-S-Cookie
X-Grey
X-Cache-Bucket
X-ScT
X-S-Maxage
X-AIR-PT
X-SRCache-Key
IBM-Web2-Location
X-Trv-Group
Arc-Country
X-Transaction
Proxy-Connection
X-NU-AKA-ACS-Version
Request-Time
X-Varnish-Url
Request-EU
Request-Country
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-VG-WebServer
X-Connection-Hash
REQUESTUUID
X-B-Cookie
X-Cdn-Srv
X-SVT-ORM-VERSION
Viewtype
X-SVT-ORM-RULES
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Org
Rt-Proxy-Cache
Server-ID
X-PAYTM-SRV-ID
X-Cluster-Name
Rendered-Blocks
X-ElasticPress-Search
X-Cache-Backend
X-Compress-Hint
Backend-Name
ServerName
X-ServiceProvider
X-Developers
X-Location
X-Sn-Servicetimems
X-Skip-Cache
Is-Eu
Ha-Gx-Prefs
HA-Ipaddr
Memcached
X-Clientip
Gh-Request-Id
W
Platform
Apple-News-Services-Parsed-Url
X-Core-Mission
X-Cdn-Origin
X-We-Are-Hiring
On-Server
X-Nginx-Cache-Key
X-Method
X-Epic-Correlation-Id
X-Debug-Log
X-Debug-Cookies
X-Cache-Info
X-Eu-Site
X-PHP-Host
X-CGP
X-GeoIP-Country-Code
Section-Io-Cache
Content-Disposition
Server-Int
Apple-News-Services-Request-Url
Apple-News-Services-Handled
Adler-Geo
X-Backend-State
X-Request-URI
X-Variation
True-Client-Country-4JS
RNT-Time
X-Cache-Id
RNT-Machine
X-C
Resin-Trace
X-NX-Host
Esi-Enabled
X-HS-Cache-Config
X-Fastly-Cache
Countrycode
X-HS-Combine-CSS
Apple-News-Services-Host
X-Proxy-Cache-Status
X-Clara-WADP
X-SIPLIST1
X-Reqid
X-Block-Status
X-Bip
X-Request-Start
X-Response-By
X-SD-PageType
X-Cache-FS-Status
X-CDN-Cache
X-Proxy-Upstream
X-Servername
X-Reboot
X-Secret
X-Swa-Ws
X-Wikidot-Static-Cache
X-Key
X-Irp-Debug
X-Li-Fabric
X-Li-Pop
X-LI-UUID
X-LI-Proto
X-Hnp-Log
X-Hash
X-Gen-Mode
X-Gannett-Site-Version
X-Generation-Time
X-GeoIP-City
X-Fetched-On
X-FPC
X-Server-IP
X-Dispatcher-Server
X-WADP-Cache
X-WebServer
X-Thanos
X-TrackingId
X-Owner
X-Cms-Context
X-Wikidot-Backend
UCS
X-Qloud-Router
X-Dispatch
X-Distil-CS
X-Device-Os
X-BBXSRF
X-TH-Server
SD-X-WS
User-Cache-Control
V-Age
PFcat
X-Edge
N-Cache
Server-Host
Fastly-Soc-X-Request-Id
SS
L
Web-Mar-Node
CDCHOST
X-Amz-Meta-Cache-Control
X-Auto-Login
Country-Code
IsBot
X-SERVER
CF-IPCountry
X-Thinkindot-L3
X-Origin-Expires
X-Origin-Date
X-Pf-Uncompressing
X-Matched-Rule
GW-Server
Wxu-Next-Region
Wxu-Next-Hostname
X-Crawler
X-Release
Kp-EeAlive
X-Webstats-RespID
Wxu-Next-Commit
Who
X-Azure-Ref-OriginShield
X-VServer
Heartbleed
Powered-By
Pramga
X-VC-Cache
X-Nc
Thinkindot-CacheControl-Type
Thinkindot-Control
Thinkindot-CacheControl
X-Azure-Ref
X-Urbn-Site-Id
Locale
X-Urbn-Context-Path
X-Parent-Response-Time
X-Processor
X-OVcl-Cache
X-OVcl
X-Via-NSCOPI
X-Served-From
X-Powered-By-Defense
X-CUA
X-Varnish-Ttl
Magicmarker
X-Via-Edge
X-Via-SSL
X-CLOUD-TRACE-CONTEXT
X-FE
User-Agent
PageSpeed
X-Ratelimit-Remaining
X-Varnish-Beresp-Ttl
X-LAGOON
X-ABtesting
X-Hello
X-Flog
X-Be
X-ND-Cache
Memory
X-Protected-By
Mime-Version
Pagetype
X-Generated-In
X-Backend-Host
X-Newrelic-Synthetics
X-Page-Type
X-Backend-Url
X-User
X-Ua
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Tt-Trace-Tag
X-MSEdge-Flight
X-Planisys-CDN-TTL
X-Fstrz
X-MSEdge-Features
X-Up
Pragrma
X-GoCache-CacheStatus
X-Origin-CC
X-Origin-TTL
X-Ttl
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-Debug-Cache-Store
X-Geo
X-Soup
X-Backend-TTL
X-Cache-Ttl
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Storage-Class
Geoip-City
GeoIp-Country-Code
Geoip-Latitude
X-Oss-Object-Type
X-Check-Cacheable
X-Zone
X-IN-WAF
X-ZONE
X-B3-SpanId
X-Phone
X-Core-Value
Cache-Hits
XServer
X-TT-LOGID
X-Varnish-Beresp-Status
X-Old-Content-Length
X-Servedbyhost
X-SayCDN-TTL
X-Varnish-Beresp-Grace
X-Say-TTL
X-Say-Cacheable
X-Akamai-SSL-Client-Sid
X-FORWARDED-FOR
X-Litespeed-Cache
X-Cdn-Forward
X-CSRF-TOKEN
X-DC
X-Real-Ip
X-VCL-Version
Cdn
X-Birta-Served
X-Cache-Time
X-Birta-Cache-Post
X-Aicache-OS
X-Mid
WZWS-RAY
SN
X-HS-Status
X-Node-Id
X-Datadome
Inserted-Into-Cache-At
Fastly-Backend-Name
Dynatrace
X-BC
X-Ruxit-Js-Agent
X-Info
X-Varnish-IP
X-MID
Amp-Access-Control-Allow-Source-Origin
X-IN-APIGATEWAYSSL
FSS-Cache
HitType
X-Vcl-Version
X-Logtrace-Id
Ajk
Selected-FE
FSS-Proxy
X-EC-Lua
X-Tb-Optimization-Total-Bytes-Saved
X-UPSTREAM-Address
X-ServedByHost
X-Amzn-Remapped-Date
X-Refresh
X-Amzn-Remapped-Connection
X-Source
X-RateLimit-Remaining-Second
X-Wa
HostName
X-RateLimit-Limit-Second
X-Cache-ASPX
X-Cache-Debug
X-Contensis-Viewer-Groups
Server-Surrogate-Control
X-APP
X-Agile
X-Varnish-Authentication
CF-Cached-On
X-Agile-Id
X-Agile-Age
Server-Cache-Control
X-Bc
X-Proxy-Cacherz
Xkeyrz
RequestId
X-CSRF-Token
X-Nananana
Srv
X-Via-Ucdn
X-NWS-UUID-VERIFY
X-PJAX-URL
X-GRACE
GeoIP-Country-Code
PICS-Label
MIME-Version
T-Server
X-Web-Server
X-App-Version
X-LiteSpeed-Cache-Control
X-Render-Time
X-LB-ID
X-WR-MODIFICATION
X-GDPR
X-TIME
GeoIP-Latitude
Ohc-File-Size
GeoIP-City
X-ECache
WebServer
Cf-Ipcountry
CDN
URI
X-Varnish-Beresp-TTL
Xkeynj
Ohc-Cache-HIT
X-CACHE-KEY
Group
X-Tec-Api-Root
Is-Session-Tracking
X-Unique-Id
Get-Access-Time
X-Tec-Api-Origin
X-Micro-Cache
X-Tec-Api-Version
X-SRV
X-Uri
X-Policy
X-Fastly-Country-Code
SID
X-Cache-Tag
X-PAGE-TYPE
DataCenter
X-Cache-Miss-From
X-Requestid
X-Sedo-Request-Id
HTTPS
X-BE
X-MCACHE
X-SN
X-NGINX-Cache
X-Edge-IP
X-Request-Url
Www
X-Fastly-Backend-Reqs
Backend
Cache-Provider
X-Service
Xet-Cookie
X-Vct
X-Lb-Id
X-Pjax-Url
Pics-Label
Lb
Cneonction
X-Apw-Access-Object
Warning
X-Apw-Access-Token
X-Apw-Access-Action
X-Var-Ttl
X-Swift-Error
X-Instart-Isnd
X-Apw-Hits
X-Dw-Trace-Id
X-Cdn-Request-ID
X-Cache-Expires
Host-ID
X-Ecache
X-WA
X-Cf-Powered-By
Requestid
FNAC-ModuleRouting
X-Is-Gdpr
X-JWT-State
X-Fe
X-Has-Esi
Ohc-Response-Time
Correlation-Id
X-Newrelic-App-Data
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Serial
X-Bug-Bounty
Lfy
X-Flow-Id
X-Page-Impression-Id
X-DW
X-DSS
X-RPM
X-RPS
X-RSL
X-Fpc
X-ServerName
X-DI
X-Varnish-Action
X-Zalando-Child-Request-Id
X-Fastly-Cache-Hits
X-DB
X-PF-Uncompressing
X-Html-Edge-Cache