Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
CF-Cache-Status
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Alt-Svc
X-Adblock-Key
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Age
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Id-2
X-Amz-Request-Id
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
EagleId
Grace
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Server-Id
X-WebKit-CSP
Server-Timing
Feature-Policy
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Host
Report-To
X-Rq
X-Ac
X-Node
Content-Location
X-OneAgent-JS-Injection
X-Request-ID
X-Cnection
X-Response-Time
X-Backend-Server
X-Cloud-Trace-Context
X-Origin-Cache
X-Application-Context
X-Readtime
Request-Id
Allow
Surrogate-Control
EagleEye-TraceId
X-ORACLE-DMS-ECID
X-Vhost
X-DynaTrace
X-Country
X-TTL
X-Cdn
X-Cache-Lookup
X-Rack-Cache
Pinterest-Generated-By
X-Origin-Upstream-Status
X-Url
X-Clacks-Overhead
NEL
X-Ua-Compatible
X-FTR-Request-ID
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Rating
X-Country-Code
X-Ruxit-JS-Agent
X-Dispatcher
X-ORACLE-DMS-RID
X-Dns-Prefetch-Control
X-CST
X-HW
X-Instart-Request-ID
X-Goog-Hash
Fusion-Component-Id
Fusion-Content-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Source
X-DataStream-Cache-Status
X-PC
X-TtlSet
X-Vname
X-DataDome
Edge-Control
X-Px
X-VARITI-CCR
Service-Worker-Allowed
Verso
X-Mod-Pagespeed
X-MS-InvokeApp
X-Recruiting
RTSS
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Id
X-Kinja
X-Exp-Variant
X-Kinja-Revision
X-Kinja-Server
X-Kinja-Build
X-Use-Magma
X-Varnish-TTL
X-D2id
SPRequestGuid
X-Vcap-Request-Id
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
TCN
X-GitHub-Request-Id
X-SharePointHealthScore
X-Navigation-Version
Response
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Middleton-Display
X-Sol
Display
X-Middleton-Response
X-Akam-SW-Version
X-ESI
X-Powered-By-Plesk
MS-Author-Via
X-RateLimit-Remaining
Charset
X-Forwarded-Proto
Realpath
DynaTrace
X-Shield-Request-Id
X-Powered-CMS
X-Amz-Rid
Accept-CH
X-Upstream
X-Server-Name
Public-Key-Pins
ServerID
X-B3-TraceId
X-Version
X-Trace
Fastly-Restarts
Nginx-Cache
X-Cached
AR-PoweredBy
Ar-Sid
AR-CACHE
AR-ATIME
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
Content-MD5
X-Goog-Metageneration
X-Shard
X-Dw-Request-Base-Id
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
MRF-Tech
Mrf-Cache-Status
AR-Request-ID
Pagespeed
X-Grace
Access-Control-Request-Method
Paypal-Debug-Id
X-MSEdge-Ref
X-Client-IP
SPRequestDuration
SPIisLatency
X-Goog-Storage-Class
S
X-Debug
X-Id
X-FTR-Backend
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-DC
X-FTR-Balancer
X-FTR-Expires
Accept-Ch-Lifetime
X-Ezoic-Cdn
X-DynaTrace-JS-Agent
X-FastCGI-Cache
X-Amz-Meta-S3cmd-Attrs
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
Front-End-Https
X-B3-Traceid
X-Fastly-Request-ID
X-T
X-N
X-Amzn-Trace-Id
X-NF-Request-ID
Arr-Disable-Session-Affinity
X-DIS-Request-ID
Pinterest-Version
X-Pinterest-Rid
MicrosoftSharePointTeamServices
X-Upstream-Proxy
X-Content-Type
Accept-Ch
X-XRDS-Location
X-Hits
X-B3-Sampled
X-FTR-Cache-Host
X-Vcache
X-VCache
X-Acc-Meta-Resource-Type
X-Frontend
PB-RID
Arc-Version
PB-PID
X-Mobile-Rewrite
X-Ser
Fastcgi-Cache
X-Varnish-Age
X-Logged-In
X-Content-Digest
Server-Name
X-Correlation-Id
Alternate-Protocol
X-Srv
X-Cache-Key
X-Node-Name
Nel
X-Microsite
X-Request-Handler-Origin-Region
X-Pad
AMP-Access-Control-Allow-Source-Origin
Accept-CH-Lifetime
FilterID
X-User-Agent
X-Forwarded-For
X-Rid
X-Type
TP-L2-Cache
TP-Cache
X-LB-Cache
Powered
Healthy
X-IPLB-Instance
Host
X-Kinsta-Cache
X-F-Cache
X-Request-Processing-Time
X-Request-Received
X-Zen-Fury
X-Cache-2
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Revision
Edge-Cache-Tag
Powered-By-ChinaCache
X-Debug-Info
X-AOL-HN
X-GUploader-UploadID
X-Via-JSL
X-Kong-Proxy-Latency
X-Cached-By
X-Analytics
X-Cache-Age
X-Kong-Upstream-Latency
Backend-Timing
X-HS-Hub-Id
X-Az
X-Activity-Id
X-AppVersion
X-HS-Content-Id
X-Hostname
X-Accel-Expires
X-XRDS-LOCATION
X-Cache-Rule
Surrogate-Key
X-Varnish-Backend
X-Content-Security-Policy-Report-Only
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Content-Options
X-Instance
X-Tumblr-Pixel-0
Server-Node
X-Tumblr-User
X-RateLimit-Limit
X-Amz-Replication-Status
X-BCube-Filmed-By
X-Tumblr-Pixel
X-Varnish-Grace
X-Page-Id
X-PHP-Backend
X-B-Cache
X-Content-Powered-By
X-Signature
X-Akamai-Edgescape
X-TT
X-Request-Guid
X-Jobs
X-App-Environment
X-Cluster
Refresh
Cleartype
X-Forwarded-Host
Source
X-Framework
X-FB-Debug
Cache-Status
Liferay-Portal
X-FW-Type
X-FW-Static
X-FW-Server
X-Esi
X-FW-Hash
X-FW-Serve
X-Fastcgi-Cache
DC
X-ATG-Version
Tracecode
X-Varnish-Hostname
Accept-Charset
Access-Control-Allow-Method
Fastcgi-Useragent
X-Time
Host-Header
X-Mobile
X-APP-VERSION
WPE-Backend
X-Cache-Action
X-Cache-Operation
X-Whom
X-Presslabs-Stats
X-Drupal-Cache-Tags
X-Erf-Bev-Bev
X-Edge-Location
X-Cache-Control
X-Erf-Bev-Bev-Is-Generated
X-B
NGB
X-App-Server
X-Accel-Buffering
X-Hp-Webp
X-Response-Served-From
X-WA-Info
X-Mobile-URL
Payment
Actual-Object-TTL
X-Storage
X-Cache-Hit
Filters
X-WebKit-CSP-Report-Only
X-TX-ID
X-Content-Age
X-Git-Hash
Cache-Tag
Cache-Tv-Group
X-Handled-By
X-TT-TIMESTAMP
Upgrade-Insecure-Requests
X-Cacheable-TTL
Viewport
X-Cache-TTL
Retry-After
X-RequestSource
X-UA-Device-Type
X-Tumblr-Pixel-2
X-GeoIP
X-Yottaa-Optimizations
Eomportal-Instance
X-Yottaa-Metrics
X-Tumblr-Pixel-1
X-NWS-LOG-UUID
X-RemovedCookies
X-Adobe-Content
X-Status
X-Adobe-Loc
X-ProcessESI
X-SS-Set-Cookie
MS-CV
X-Geo-Country
X-TA-CDN-Provider
X-FW-Dynamic
X-VG-WebCache
Webserver
X-Seen-By
X-Cache-TTL-Remaining
X-Server-ID
X-FB-TRIP-ID
X-Host-Name
X-RTag
Ms-Operation-Id
X-B3-Spanid
X-Cache-Enabled
Frame-Options
Xserver
Server-Info
From-Origin
X-Oracle-Dms-Rid
X-Ratelimit-Limit
X-Hyper-Cache
X-Contextid
Datacenter
X-Origin-Server
X-Generated-By
Cache
X-Mode
CACHE
Country
X-CF-Powered-By
SRV
S-Cnection
GEO-INFO
Meta-Geo
Load-Balancing
Machine
X-Path-Route
X-ES-SERVER
X-Cache-Var
X-Cache-Var-Map
X-Tumblr-Pixel-3
X-RN-RSRV
X-Cache-Config
X-RateLimit-Reset
X-MP-GENERATED-AT
X-Drupal-Cache-Contexts
X-Routing-Service
Vix-Hermes-Req-Id
X-Access
X-Upstream-HT
X-Zipkin-Id
X-Cache-Grace
X-Section
X-Proxied
X-Upstream-CT
Cache-Key
ServedBy
X-From
X-Varnish-Server
X-Labrador-Cache-Channel
X-Varnish-Cache-Hits
X-Human
X-Loop
Rt-Fastcgi-Cache
Decoy-Debug-Status
X-TNCMS
X-Hit
Decoy-Debug-TTL
X-Web-Node
X-R9-Blue-Green-Version
X-Backend-Name
Decoy-Debug-Key
X-EIG-Tracking-Id
Cache-Name
X-AWS-Id
X-Cluster-Node
X-Akamai-Request-ID
Now
Akamai-GRN
X-Cache-Host
X-Proxy-Build
X-VG-TLSProxy
X-Region
X-PCL
X-Dc
X-Viewer-Country
X-VWS-Id
X-Timing-Wait
Mn-Server-Ip
X-Rule
X-Trace-Id
X-Origin-Response-Time
X-Upgrade-Enabled
X-Magnolia-Registration
X-LJ-Flow-ID
X-OCL
X-Locale
X-Via-Fastly
X-Www-Served-By
X-FC-Vary-Parameters
Release
X-Site-Version
DSUID
X-NCache
X-L-Path
X-Endurance-Cache-Level
X-Proto
X-Device-Type
X-Debug-Cache
X-Generated
X-Environment-Context
X-Sorting-Hat-ShopId
X-Guploader-Uploadid
X-Sorting-Hat-PodId
X-ShopId
We-Hiring
X-Alternate-Cache-Key
X-Shopify-Stage
Mail-Subject
X-JoinUs
X-Rendered-As
X-Hosted-By
X-ShardId
DB-Nickname
X-Goog-Meta-Goog-Reserved-File-Mtime
X-NewRelic-App-Data
X-Ratelimit-Reset
OT-Force-Account-Verify
X-CCM
X-S
X-Xfnlog-Site
ProcessTime
Version
X-Load-Cache
NtCoent-Length
X-Request-Time
X-IP
X-Time-Microsecs
Uber-Trace-Id
X-RCS-CacheZone
X-Akamai-Request-ID2
Time
X-VCT
X-UA
X-Varnish-Hits
S-Rt
TWC-Locale-Group
Property-Id
Azure-SiteName
Azure-Version
TWC-Connection-Speed
TWC-GeoIP-Country
TWC-GeoIP-LatLong
Azure-SlotName
Azure-RegionName
X-Wix-Request-Id
X-FW-Version
Webcakes-App-Name
Webcakes-Region
Webcakes-App-Version
TWC-Device-Class
X-Origin-Hint
Cteonnt-Length
TWC-Privacy
Azure-InstanceId
X-Origin
X-EdgeConnect-Cache-Status
NGX
X-No-Session
X-Redis-Cache
X-ProxyCache-Status
X-ProxyCache-Key
X-Via-CDN
X-BYPASS-REASON
X-UUID
X-Proxy
X-GEO
X-CDN-Forward
X-Platform-Server
X-FireWall-Port
X-ECACHE
X-Nginx-Cache
X-Dynatrace-Js-Agent
X-Vgn-Hpd-Reason
X-MServer
X-Hl-Ver
X-ApacheServer
X-PressLabs-Stats
X-Cache-NE
X-PERF
X-Rocket-Nginx-Bypass
X-Cache-Server
Odigeo-Trace-Id
X-Daa-Tunnel
X-HTML-Minification-Powered-By
X-Format
Origin
X-IPS-LoggedIn
X-CS
X-Akamai-Transformed
Ec-Rule-Version
Accept-Language
Access-Control-Request-Headers
Cache-Tags
X-ServerID
X-UnsetCookies
LB
X-Oneagent-Js-Injection
X-Distributor
X-Cache-Remote
X-Tb
Fastly-SSL
X-Amzn-Remapped-Content-Length
X-Real-IP
L5d-Success-Class
Selected-Fe
Hostname
X-Webkit-Csp
Proxy-Connection
X-Unique-ID
X-B3-Parentspanid
X-NC
X-Microcachable
X-Pubstack
X-Compress-Hint
Served-By
GEO-REGION-INFO
Cdn-Host
Cache-Prefix
Cdn-Request-Time
Content-Script-Type
Content-Style-Type
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Arc-Country
AKAMAI
AsisCache
BehaviorPad-Version
Cache-Cookie-Set-From
Cross-Origin-Window-Policy
Fastcgi-X-Cache-Version
Mobile-Detection-Method
Meta-Geo-Continent
Node
Xc-Version
X-Worker
MD5-Digest
Rendered-Blocks
Fastly-SIE
Fastly-SWR
Fly-Cache
Fly-Request-Id
Proxy-Firewall
X-App-Name
X-Org
X-NU-AKA-ACS-Version
X-Level-Front-Cache
X-PAYTM-SRV-ID
X-Rebelmouse-Cache-Control
X-Region-Sid
X-Rebelmouse-Surrogate-Control
X-Is-Bot
X-Internal-Host
X-Vtex-Remote-Cache
X-G
X-Generated-On
X-Geo-Header
X-Instart-Info
X-IN-APIGATEWAY
X-Request-UUID
X-Rewrite-Enabled
X-VG-WebServer
X-SVT-ORM-VERSION
X-Transaction
X-Trv-Group
X-Varnish-Cacheable
X-Twitter-Response-Tags
X-SVT-ORM-RULES
X-SRCache-Key
X-S-Cookie
X-Rojux
X-S-Maxage
X-ScT
X-Vtex-Processado-Em
X-Server-Time
X-External-Request-Id
X-Edge-Server
X-A-Dgt
X-A-Dcw
X-A-Wwc
X-Accel-Expires-Debug
X-Varnish-Url
X-Aed
X-A-Dam
X-A-Ccd
Rt-Proxy-Cache
REQUESTUUID
Server-ID
Viewtype
X-A
VivaBuild
X-Application
X-ARC
X-Date
X-D
X-Destination
X-Detected-As
X-DPWN-IS-SECURE
X-Developer
X-Connection-Hash
X-Cluster-Name
A
X-B-Cookie
X-Cache-Bucket
X-Cdn-Srv
X-CF-Lambda-Version
X-CF-Lambda-Fn
Request-Time
X-AIR-PT
X-BACKEND-TTL
ServerName
X-URL
IBM-Web2-Location
X-ElasticPress-Search
Origin-Cache-Control
Origin-Edge-Control
X-Backend-State
W
X-BBXSRF
X-Cache-Info
X-Clientip
X-CGP
X-Cdn-Origin
UCS
Server-Int
On-Server
Memcached
HA-Ipaddr
Request-Country
Request-EU
Section-Io-Cache
Resin-Trace
X-Core-Mission
X-Debug-Log
X-Qloud-Router
X-Nginx-Cache-Key
X-Method
X-We-Are-Hiring
X-Server-IP
X-Sn-Servicetimems
X-Skip-Cache
X-ServiceProvider
X-Location
X-HS-Combine-CSS
Ha-Gx-Prefs
X-Developers
X-TrackingId
X-Distil-CS
X-Eu-Site
X-HS-Cache-Config
X-Fastly-Cache
X-Debug-Cookies
X-NX-Host
Backend-Name
Content-Disposition
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-C
Gh-Request-Id
Apple-News-Services-Handled
Esi-Enabled
Countrycode
X-Cache-Category-Id
X-Grey
Wxu-Next-Region
X-Auto-Login
X-Gen-Mode
X-Generation-Time
X-Hnp-Log
X-Hash
Wxu-Next-Hostname
X-GeoIP-Country-Code
X-Gannett-Site-Version
X-FPC
X-Bip
Country-Code
X-Cache-Id
X-Crawler
CDCHOST
X-Epic-Correlation-Id
X-Dispatch
X-Device-Os
X-Block-Status
X-Proxy-Cache-Status
X-Thanos
X-TH-Server
X-Swa-Ws
Adler-Geo
X-Variation
X-Cache-Backend
Kp-EeAlive
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Webstats-RespID
X-SIPLIST1
X-Servername
X-Proxy-Upstream
Wxu-Next-Commit
X-PHP-Host
X-Key
GW-Server
X-Release
X-Secret
X-Request-URI
X-Reqid
X-Irp-Debug
X-Reboot
RNT-Time
RNT-Machine
Heartbleed
Server-Host
Fastly-Soc-X-Request-Id
True-Client-Country-4JS
SS
User-Cache-Control
Pramga
N-Cache
Web-Mar-Node
Who
L
IsBot
Powered-By
Platform
Is-Eu
X-Urbn-Context-Path
X-SERVER
Locale
X-Urbn-Site-Id
X-Request-Start
X-WebServer
X-LI-UUID
X-LI-Proto
X-Matched-Rule
Thinkindot-Control
X-Pf-Uncompressing
X-Response-By
X-WADP-Cache
X-Li-Pop
SD-X-WS
Thinkindot-CacheControl
X-Fetched-On
X-VC-Cache
X-Nc
X-GeoIP-City
X-FE
PFcat
X-Cms-Context
X-Amz-Meta-Cache-Control
X-Dispatcher-Server
X-Li-Fabric
Thinkindot-CacheControl-Type
X-CUA
X-Origin-Expires
X-VServer
CF-IPCountry
X-Cache-FS-Status
X-Thinkindot-L3
V-Age
X-Origin-Date
X-CDN-Cache
X-Edge
X-Azure-Ref
X-Clara-WADP
X-Owner
X-Azure-Ref-OriginShield
X-SD-PageType
X-OVcl
X-OVcl-Cache
X-SERVER-NAME
X-Varnish-Ttl
X-CLOUD-TRACE-CONTEXT
User-Agent
X-Flog
X-ABtesting
X-Via-NSCOPI
X-Hello
X-Served-From
X-Processor
Magicmarker
X-Powered-By-Defense
X-Be
Pagetype
X-Parent-Response-Time
X-Ratelimit-Remaining
X-LAGOON
X-Via-SSL
X-Via-Edge
PageSpeed
X-Generated-In
X-Backend-Host
X-Backend-Url
Memory
X-User
X-Varnish-Beresp-Ttl
X-Newrelic-Synthetics
X-ND-Cache
X-MSEdge-Features
X-MSEdge-Flight
Mime-Version
X-Up
X-Tt-Trace-Tag
X-Protected-By
X-GoCache-CacheStatus
X-Debug-Cache-Expiry
X-Soup
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Page-Type
GeoIp-Country-Code
Geoip-Latitude
X-COUNTRY
X-Fstrz
Pragrma
X-Ttl
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
Geoip-City
X-Geo
X-Planisys-CDN-TTL
X-Backend-TTL
X-Origin-TTL
X-Ua
X-Origin-CC
XServer
X-ZONE
X-Check-Cacheable
Cache-Hits
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Storage-Class
Dynatrace
X-SayCDN-TTL
X-Akamai-SSL-Client-Sid
X-Say-TTL
X-B3-SpanId
X-Tec-Api-Origin
X-Say-Cacheable
X-Tec-Api-Root
X-Tec-Api-Version
X-Zone
X-Old-Content-Length
X-Core-Value
X-IN-WAF
X-Cache-Ttl
X-Phone
X-CSRF-TOKEN
X-Litespeed-Cache
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Cache-Time
X-Servedbyhost
X-TT-LOGID
X-Cdn-Forward
WZWS-RAY
Fastly-Backend-Name
Cdn
X-IN-APIGATEWAYSSL
Ajk
Inserted-Into-Cache-At
X-Logtrace-Id
X-VCL-Version
X-Node-Id
X-DC
X-BC
X-Aicache-OS
X-Datadome
X-HS-Status
SN
Amp-Access-Control-Allow-Source-Origin
X-Birta-Served
X-Ruxit-Js-Agent
X-Mid
X-MID
X-Birta-Cache-Post
X-Vcl-Version
FSS-Proxy
FSS-Cache
X-FORWARDED-FOR
X-UPSTREAM-Address
X-EC-Lua
X-Real-Ip
X-Tb-Optimization-Total-Bytes-Saved
X-RateLimit-Limit-Second
X-Wa
X-RateLimit-Remaining-Second
Selected-FE
X-ServedByHost
X-Info
X-Varnish-IP
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-APP
X-Varnish-Authentication
X-Proxy-Cacherz
Xkeyrz
X-Contensis-Viewer-Groups
X-Cache-ASPX
Server-Cache-Control
Server-Surrogate-Control
CF-Cached-On
X-Source
X-Refresh
HostName
HitType
RequestId
X-Agile
X-Cache-Debug
X-Agile-Age
X-Agile-Id
PICS-Label
T-Server
X-PJAX-URL
MIME-Version
X-Bc
Srv
X-CSRF-Token
X-Render-Time
DataCenter
X-GDPR
Ohc-File-Size
X-LiteSpeed-Cache-Control
X-App-Version
X-Nananana
X-ECache
X-WR-MODIFICATION
X-Via-Ucdn
Ohc-Cache-HIT
GeoIP-Country-Code
X-TIME
WebServer
X-NWS-UUID-VERIFY
X-LB-ID
SID
Cf-Ipcountry
X-Web-Server
X-Varnish-Beresp-TTL
X-Fastly-Country-Code
GeoIP-City
X-Policy
GeoIP-Latitude
X-NGINX-Cache
URI
X-Micro-Cache
X-Unique-Id
Is-Session-Tracking
X-Cache-Tag
X-PAGE-TYPE
Xkeynj
Get-Access-Time
X-SRV
X-Uri
X-CACHE-KEY
X-Lb-Id
CDN
X-Requestid
Cache-Provider
X-Service
Group
X-Fastly-Backend-Reqs
X-BE
X-Cache-Miss-From
X-Sedo-Request-Id
X-MCACHE
X-GRACE
HTTPS
X-Var-Ttl
X-Request-Url
Xet-Cookie
X-NGENIX-Cache
Ohc-Response-Time
Pics-Label
Lb
X-JWT-State
X-Has-Esi
X-Swift-Error
X-Is-Gdpr
X-SN
X-Pjax-Url
X-Apw-Access-Token
X-Apw-Access-Object
Cneonction
X-Apw-Access-Action
X-Apw-Hits
X-Vct
Www
X-Edge-IP
Backend
X-Dw-Trace-Id
X-Cdn-Request-ID
Host-ID
X-Cache-Expires
X-Instart-Isnd
X-Ecache
Warning
X-WA
FNAC-ModuleRouting
X-Cf-Powered-By
Correlation-Id
X-Newrelic-App-Data
X-Html-Edge-Cache
X-Bug-Bounty
Lfy
X-Fe
X-Fastly-Cache-Hits
X-Serial
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Page-Impression-Id
X-DSS
X-Fpc
X-DW
X-RPM
X-RSL
X-DI
X-DB
X-RPS
Requestid
X-Zalando-Child-Request-Id
X-PF-Uncompressing
X-ServerName
X-Flow-Id