Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
CF-Cache-Status
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Alt-Svc
X-Adblock-Key
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-CDN
X-Via
X-Turbo-Charged-By
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Age
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Id-2
X-Amz-Request-Id
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
EagleId
Grace
X-Server-Powered-By
X-UA-Device
Request-Context
X-Varnish-Cache
X-Nginx-Cache-Status
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-SaveTime
X-Swift-CacheTime
X-Server-Id
Ali-Swift-Global-Savetime
X-WebKit-CSP
Server-Timing
Feature-Policy
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Rq
X-Host
Report-To
X-Ac
X-Request-ID
X-OneAgent-JS-Injection
X-Node
Content-Location
X-Cnection
X-Response-Time
X-Backend-Server
X-Cloud-Trace-Context
X-Origin-Cache
X-Application-Context
X-Readtime
Request-Id
Allow
Surrogate-Control
EagleEye-TraceId
X-ORACLE-DMS-ECID
X-Country
X-Vhost
X-DynaTrace
X-TTL
X-Cache-Lookup
X-Origin-Upstream-Status
X-Ua-Compatible
X-Rack-Cache
X-Url
X-FTR-Request-ID
X-Clacks-Overhead
Pinterest-Generated-By
NEL
Rating
X-ORACLE-DMS-RID
X-Country-Code
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Dispatcher
X-Ruxit-JS-Agent
X-CST
X-HW
X-Cdn
X-Instart-Request-ID
X-Goog-Hash
Fusion-Component-Id
Fusion-Content-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Source
X-DataStream-Cache-Status
X-TtlSet
X-Vname
X-PC
Edge-Control
X-VARITI-CCR
X-Px
X-DataDome
Service-Worker-Allowed
Verso
X-MS-InvokeApp
X-Mod-Pagespeed
RTSS
X-Dns-Prefetch-Control
X-Recruiting
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Kinja
X-GoogleNews-Bot
X-Kinja-Build
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Varnish-TTL
X-D2id
SPRequestGuid
X-Vcap-Request-Id
X-ESI
X-Abt-Application-Version
TCN
X-GitHub-Request-Id
X-Amz-Server-Side-Encryption
X-SharePointHealthScore
X-Akam-SW-Version
X-Navigation-Version
X-B3-TraceId
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Powered-By-Plesk
X-Middleton-Display
X-Sol
Response
X-Middleton-Response
Display
MS-Author-Via
X-RateLimit-Remaining
X-Forwarded-Proto
DynaTrace
Realpath
Charset
X-Upstream
X-Version
X-Powered-CMS
Public-Key-Pins
Fastly-Restarts
X-Amz-Rid
X-Shield-Request-Id
ServerID
X-Cached
X-Server-Name
Nginx-Cache
X-Trace
AR-PoweredBy
AR-CACHE
Ar-Sid
AR-ATIME
X-Shard
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Goog-Generation
X-Goog-Stored-Content-Length
X-TEC-API-VERSION
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Grace
X-Dw-Request-Base-Id
X-B3-TraceId-Primal
MRF-Tech
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Mrf-Cache-Status
Content-MD5
AR-Request-ID
Accept-CH
Paypal-Debug-Id
Access-Control-Request-Method
X-MSEdge-Ref
X-DynaTrace-JS-Agent
SPIisLatency
SPRequestDuration
X-Client-IP
Pagespeed
Accept-Ch-Lifetime
Accept-Ch
X-Goog-Storage-Class
X-Debug
X-FTR-Backend
X-FTR-Realm
X-FTR-Expires
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Balancer
X-Country-Code-Real
S
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Id
X-Ezoic-Cdn
Front-End-Https
X-Fastly-Request-ID
X-VCache
X-Amz-Meta-S3cmd-Attrs
X-T
X-Amzn-Trace-Id
X-NF-Request-ID
Arr-Disable-Session-Affinity
X-N
MicrosoftSharePointTeamServices
X-Content-Type
X-DIS-Request-ID
X-Hits
X-FastCGI-Cache
X-B3-Sampled
X-FTR-Cache-Host
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Proxy
X-Frontend
X-Acc-Meta-Resource-Type
Fastcgi-Cache
X-B3-Traceid
X-XRDS-Location
Arc-Version
PB-PID
X-Varnish-Age
X-Content-Digest
X-Logged-In
X-Mobile-Rewrite
PB-RID
Server-Name
X-Ser
X-Correlation-Id
X-Srv
X-Vcache
Alternate-Protocol
X-Forwarded-For
X-Node-Name
Nel
X-Cache-Key
FilterID
X-Request-Handler-Origin-Region
X-Microsite
X-Pad
Powered
AMP-Access-Control-Allow-Source-Origin
X-User-Agent
X-LB-Cache
X-Rid
X-Type
X-Kinsta-Cache
TP-Cache
TP-L2-Cache
Healthy
X-XRDS-LOCATION
X-IPLB-Instance
X-F-Cache
X-Request-Received
X-Request-Processing-Time
X-Zen-Fury
X-Cache-2
X-Amzn-RequestId
X-Amz-Apigw-Id
Accept-CH-Lifetime
Host
X-Revision
Edge-Cache-Tag
X-Via-JSL
X-AOL-HN
X-Debug-Info
X-Kong-Proxy-Latency
X-Analytics
Backend-Timing
X-Kong-Upstream-Latency
X-Cache-Age
X-Activity-Id
X-Az
X-AppVersion
Powered-By-ChinaCache
X-GUploader-UploadID
X-Cached-By
X-HS-Hub-Id
X-HS-Content-Id
X-Fastcgi-Cache
X-Accel-Expires
X-Hostname
X-Cache-Rule
Surrogate-Key
Cache-Status
X-Varnish-Backend
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Jobs
X-Content-Options
X-Signature
X-PHP-Backend
X-Content-Security-Policy-Report-Only
X-Tumblr-Pixel-0
X-Varnish-Grace
X-Tumblr-User
X-Page-Id
X-Instance
X-BCube-Filmed-By
X-Cluster
X-B-Cache
X-FB-Debug
Cleartype
Server-Node
X-Forwarded-Host
X-Tumblr-Pixel
X-Amz-Replication-Status
X-Content-Powered-By
X-Request-Guid
X-Akamai-Edgescape
X-App-Environment
Refresh
Source
X-TT
Liferay-Portal
X-FW-Server
X-FW-Hash
X-FW-Serve
X-FW-Static
X-Framework
X-FW-Type
DC
X-Time
Accept-Charset
X-RateLimit-Limit
X-ATG-Version
Tracecode
Access-Control-Allow-Method
Fastcgi-Useragent
X-Varnish-Hostname
X-Whom
Host-Header
X-Cache-Action
X-Drupal-Cache-Tags
X-Mobile
X-Cache-Operation
WPE-Backend
X-Presslabs-Stats
X-Cache-Control
X-B
X-WA-Info
X-App-Server
X-Edge-Location
X-APP-VERSION
Retry-After
X-Mobile-URL
X-Hp-Webp
X-Cache-TTL
Payment
NGB
X-Accel-Buffering
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Response-Served-From
X-Content-Age
Filters
X-Git-Hash
Cache-Tag
Cache-Tv-Group
X-Storage
Viewport
X-NWS-LOG-UUID
X-WebKit-CSP-Report-Only
X-Handled-By
Actual-Object-TTL
X-GeoIP
X-Esi
X-TT-TIMESTAMP
X-RequestSource
X-TX-ID
Eomportal-Instance
X-Cacheable-TTL
X-Cache-Hit
MS-CV
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
Upgrade-Insecure-Requests
X-Adobe-Content
X-Adobe-Loc
X-ProcessESI
X-RemovedCookies
X-UA-Device-Type
X-Status
X-Yottaa-Optimizations
X-Yottaa-Metrics
Xserver
X-FW-Dynamic
X-Ratelimit-Limit
Webserver
X-Geo-Country
X-SS-Set-Cookie
X-VG-WebCache
X-Seen-By
X-Server-ID
X-TA-CDN-Provider
X-RTag
Ms-Operation-Id
X-Host-Name
X-Cache-TTL-Remaining
X-FB-TRIP-ID
Datacenter
Frame-Options
X-Cache-Enabled
From-Origin
X-Hyper-Cache
Cache
X-Origin-Server
X-B3-Spanid
X-Generated-By
X-Contextid
X-CF-Powered-By
GEO-INFO
X-Mode
Country
SRV
Load-Balancing
Meta-Geo
X-Tumblr-Pixel-3
X-Path-Route
Machine
Server-Info
X-Cache-Var
X-ES-SERVER
X-Drupal-Cache-Contexts
X-Cache-Var-Map
X-Proxy-Build
X-RN-RSRV
X-Timing-Wait
Vix-Hermes-Req-Id
X-Access
X-Generated
X-Cache-Config
X-Loop
X-Hit
X-MP-GENERATED-AT
X-Upstream-HT
S-Cnection
X-Routing-Service
CACHE
X-Proxied
X-Upstream-CT
X-Zipkin-Id
X-Varnish-Server
X-TNCMS
X-Section
X-JoinUs
X-Cluster-Node
X-From
X-Human
X-R9-Blue-Green-Version
X-Varnish-Cache-Hits
Mn-Server-Ip
Rt-Fastcgi-Cache
X-Backend-Name
X-Guploader-Uploadid
X-Goog-Meta-Goog-Reserved-File-Mtime
X-VWS-Id
X-EIG-Tracking-Id
X-Ratelimit-Reset
Decoy-Debug-Status
X-AWS-Id
Now
X-Akamai-Request-ID
X-Upgrade-Enabled
DSUID
Decoy-Debug-TTL
Cache-Name
Decoy-Debug-Key
X-Web-Node
X-VG-TLSProxy
X-FC-Vary-Parameters
X-Region
X-Labrador-Cache-Channel
X-Rule
X-LJ-Flow-ID
X-Origin-Response-Time
X-RateLimit-Reset
X-Www-Served-By
X-Cache-Host
X-Cache-Grace
Akamai-GRN
X-Site-Version
Release
X-NCache
X-Trace-Id
X-PCL
X-Proto
X-Locale
Cache-Key
X-Debug-Cache
X-Device-Type
X-Hosted-By
X-OCL
X-Akamai-Request-ID2
X-Viewer-Country
X-Via-Fastly
X-Alternate-Cache-Key
X-Magnolia-Registration
Mail-Subject
We-Hiring
X-ShopId
ServedBy
OT-Force-Account-Verify
X-Environment-Context
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Rendered-As
X-ShardId
DB-Nickname
ProcessTime
X-Sorting-Hat-ShopId
X-L-Path
X-Request-Time
X-IP
X-NewRelic-App-Data
X-Endurance-Cache-Level
X-Time-Microsecs
X-Xfnlog-Site
X-S
X-CCM
Time
TWC-Locale-Group
X-RCS-CacheZone
TWC-Privacy
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-Connection-Speed
X-Load-Cache
Webcakes-App-Name
X-Dc
X-Wix-Request-Id
X-Origin-Hint
NtCoent-Length
X-FW-Version
Webcakes-App-Version
Webcakes-Region
S-Rt
TWC-GeoIP-Country
Version
Azure-RegionName
Azure-InstanceId
Uber-Trace-Id
Azure-SiteName
Property-Id
Azure-SlotName
Azure-Version
X-VCT
X-Origin
X-Oracle-Dms-Rid
X-No-Session
X-Varnish-Hits
X-EdgeConnect-Cache-Status
X-Via-CDN
X-Nginx-Cache
Cteonnt-Length
X-Proxy
X-FireWall-Port
X-Redis-Cache
X-UUID
X-BYPASS-REASON
X-ProxyCache-Key
X-ProxyCache-Status
X-Akamai-Transformed
X-PressLabs-Stats
NGX
X-CS
X-HTML-Minification-Powered-By
X-GEO
X-Daa-Tunnel
X-Vgn-Hpd-Reason
Accept-Language
X-Platform-Server
X-Format
X-ApacheServer
X-PERF
Odigeo-Trace-Id
X-Hl-Ver
X-UA
X-MServer
X-Rocket-Nginx-Bypass
X-Cache-NE
X-ECACHE
X-Cache-Server
Ec-Rule-Version
X-CDN-Forward
X-UnsetCookies
Access-Control-Request-Headers
X-IPS-LoggedIn
Origin
Selected-Fe
X-Cache-Remote
Cache-Tags
X-Real-IP
X-Tb
X-Amzn-Remapped-Content-Length
X-Distributor
LB
X-ServerID
X-Webkit-Csp
Fastly-SSL
PageSpeed
Proxy-Connection
L5d-Success-Class
X-URL
X-B3-Parentspanid
X-Compress-Hint
X-Microcachable
BehaviorPad-Version
Arc-Country
Rendered-Blocks
AKAMAI
Node
Mobile-Detection-Method
AsisCache
Cdn-Host
Meta-Geo-Continent
Fastcgi-X-Cache-Version
Fly-Cache
Fly-Request-Id
GEO-REGION-INFO
MD5-Digest
Cross-Origin-Window-Policy
Countrycode
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Cache-Prefix
Cdn-Request-Time
Content-Style-Type
Content-Script-Type
Cache-Cookie-Set-From
X-B-Cookie
X-PAYTM-SRV-ID
X-Org
X-NU-AKA-ACS-Version
X-Region-Sid
X-Request-UUID
X-Rojux
X-Rewrite-Enabled
X-Level-Front-Cache
X-Is-Bot
X-Generated-On
X-G
X-Geo-Header
X-IN-APIGATEWAY
X-Internal-Host
X-Instart-Info
X-S-Cookie
X-S-Maxage
X-VG-WebServer
X-Varnish-Url
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-Worker
X-Twitter-Response-Tags
X-Trv-Group
X-Server-Time
X-ScT
X-SRCache-Key
X-SVT-ORM-RULES
X-Transaction
X-SVT-ORM-VERSION
X-External-Request-Id
X-Edge-Server
X-A-Wwc
X-A-Dgt
X-A-Dcw
X-Accel-Expires-Debug
X-Aed
X-Application
X-AIR-PT
X-A-Dam
X-A-Ccd
Rt-Proxy-Cache
REQUESTUUID
Server-ID
Viewtype
X-A
VivaBuild
X-ARC
A
X-Date
X-D
X-Destination
X-Detected-As
X-DPWN-IS-SECURE
X-Developer
X-Core-Mission
X-Connection-Hash
X-Cdn-Srv
X-Cache-Bucket
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Cluster-Name
X-Clientip
Request-Time
X-App-Name
X-Nc
Hostname
X-Unique-ID
ServerName
Backend-Name
X-BACKEND-TTL
Served-By
W
X-Backend-State
X-CGP
X-Bip
X-BBXSRF
UCS
X-Auto-Login
Section-Io-Cache
IBM-Web2-Location
HA-Ipaddr
Ha-Gx-Prefs
Memcached
Powered-By
Request-EU
Request-Country
Proxy-Firewall
X-Developers
X-Pubstack
X-Server-IP
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Skip-Cache
X-Thanos
X-We-Are-Hiring
X-Varnish-Cacheable
X-TrackingId
X-Qloud-Router
X-Method
X-Fastly-Cache
Gh-Request-Id
X-Eu-Site
X-Hash
X-HS-Cache-Config
X-Location
X-HS-Combine-CSS
X-Distil-CS
X-Nginx-Cache-Key
X-C
Fastly-SWR
Apple-News-Services-Handled
Content-Disposition
Fastly-SIE
Apple-News-Services-Request-Url
Esi-Enabled
Apple-News-Services-Host
Country-Code
Apple-News-Services-Parsed-Url
X-Urbn-Context-Path
X-ElasticPress-Search
Origin-Edge-Control
X-Urbn-Site-Id
X-Dynatrace-Js-Agent
Origin-Cache-Control
Locale
X-SERVER
Wxu-Next-Commit
Wxu-Next-Hostname
X-Key
X-Origin-Expires
Server-Int
X-Origin-Date
X-NX-Host
Wxu-Next-Region
Adler-Geo
X-Irp-Debug
X-Generation-Time
X-Debug-Cookies
X-Debug-Log
X-Crawler
X-Cache-Category-Id
X-Cache-Info
X-Cdn-Origin
X-Device-Os
X-Dispatch
X-GeoIP-Country-Code
X-Grey
X-GeoIP-City
Server-Host
X-Epic-Correlation-Id
X-FPC
X-NC
SS
X-TH-Server
X-Variation
L
X-Sn-Servicetimems
N-Cache
Platform
PFcat
On-Server
Kp-EeAlive
IsBot
X-Webstats-RespID
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-WebServer
GW-Server
Is-Eu
Fastly-Soc-X-Request-Id
Heartbleed
X-ServiceProvider
X-SIPLIST1
X-Request-Start
RNT-Time
X-Release
RNT-Machine
X-Servername
Pramga
X-Reboot
X-Reqid
X-WADP-Cache
X-Owner
X-Proxy-Cache-Status
X-CDN-Cache
X-Clara-WADP
X-PHP-Host
X-Dispatcher-Server
X-Cms-Context
X-CUA
X-LI-Proto
X-Proxy-Upstream
X-Response-By
X-SD-PageType
X-Hnp-Log
X-Secret
X-Request-URI
X-Swa-Ws
X-Fetched-On
X-VC-Cache
X-Li-Pop
X-Gannett-Site-Version
X-Gen-Mode
X-LI-UUID
X-Li-Fabric
X-Azure-Ref-OriginShield
X-Azure-Ref
X-Block-Status
CDCHOST
User-Cache-Control
True-Client-Country-4JS
SD-X-WS
X-SERVER-NAME
X-Amz-Meta-Cache-Control
X-Cache-FS-Status
X-Cache-Id
Web-Mar-Node
Who
Resin-Trace
X-Varnish-Ttl
V-Age
X-Matched-Rule
X-ABtesting
X-CLOUD-TRACE-CONTEXT
X-Flog
X-OVcl-Cache
CF-IPCountry
X-VServer
X-Cache-Backend
X-Thinkindot-L3
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-OVcl
X-FE
Thinkindot-Control
X-Pf-Uncompressing
Pagetype
X-Hello
X-Backend-Url
X-User
X-Edge
X-Ratelimit-Remaining
User-Agent
X-Parent-Response-Time
Magicmarker
X-Backend-Host
Mime-Version
X-Processor
X-Via-NSCOPI
X-Up
X-Generated-In
X-Served-From
X-MSEdge-Flight
X-MSEdge-Features
X-GoCache-CacheStatus
Memory
X-Tt-Trace-Tag
X-Oneagent-Js-Injection
X-Be
X-Via-Edge
X-Via-SSL
X-LAGOON
X-Soup
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Datadome
X-Debug-Cache-Expiry
X-Ua
X-Powered-By-Defense
Cache-Hits
X-Geo
X-Ttl
X-B3-SpanId
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Varnish-Beresp-Ttl
X-Oss-Object-Type
X-Oss-Storage-Class
X-Protected-By
X-ND-Cache
X-Oss-Server-Time
X-Backend-TTL
Geoip-City
Geoip-Latitude
X-Check-Cacheable
X-Page-Type
GeoIp-Country-Code
X-Newrelic-Synthetics
X-Say-Cacheable
X-Fstrz
X-Old-Content-Length
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Zone
X-SayCDN-TTL
X-ZONE
X-Akamai-SSL-Client-Sid
X-Say-TTL
Pragrma
X-Planisys-CDN-Rules
X-Cache-Time
X-Tec-Api-Version
X-Tec-Api-Root
X-Origin-TTL
X-Origin-CC
X-Tec-Api-Origin
X-Cdn-Forward
WZWS-RAY
X-Litespeed-Cache
X-CSRF-TOKEN
X-DC
X-Varnish-Beresp-Grace
Cdn
X-Varnish-Beresp-Status
Ajk
X-Node-Id
X-IN-WAF
X-IN-APIGATEWAYSSL
X-Logtrace-Id
X-Core-Value
Fastly-Backend-Name
Inserted-Into-Cache-At
X-Phone
X-Cache-Ttl
X-Aicache-OS
X-Vcl-Version
X-Tb-Optimization-Total-Bytes-Saved
X-TT-LOGID
X-Servedbyhost
X-Ruxit-Js-Agent
Dynatrace
Amp-Access-Control-Allow-Source-Origin
SN
X-HS-Status
XServer
X-BC
FSS-Cache
FSS-Proxy
X-NODE
HostName
X-RateLimit-Remaining-Second
X-APP
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-Mid
X-UPSTREAM-Address
X-Wa
X-MID
X-VCL-Version
X-ServedByHost
X-RateLimit-Limit-Second
CF-Cached-On
Server-Surrogate-Control
Xkeyrz
T-Server
Server-Cache-Control
X-Cache-ASPX
X-Proxy-Cacherz
X-Varnish-Authentication
X-Contensis-Viewer-Groups
X-Bc
X-App-Version
X-CSRF-Token
X-EC-Lua
X-Birta-Cache-Post
X-NWS-UUID-VERIFY
X-Birta-Served
Selected-FE
X-GDPR
X-COUNTRY
X-Refresh
PICS-Label
X-WR-MODIFICATION
X-LiteSpeed-Cache-Control
X-CACHE-KEY
X-Info
Srv
X-Cache-Debug
X-PJAX-URL
RequestId
X-Varnish-IP
X-Varnish-Beresp-TTL
Ohc-File-Size
X-Source
MIME-Version
X-Agile-Age
X-Agile
GeoIP-City
GeoIP-Country-Code
SID
X-Render-Time
X-Agile-Id
GeoIP-Latitude
X-ECache
WebServer
Ohc-Cache-HIT
URI
X-Uri
X-Policy
DataCenter
HitType
X-FORWARDED-FOR
Cf-Ipcountry
X-Fastly-Country-Code
X-LB-ID
X-Real-Ip
X-Nananana
Is-Session-Tracking
X-Micro-Cache
Xkeynj
X-BE
Get-Access-Time
X-Fastly-Backend-Reqs
X-Via-Ucdn
X-Unique-Id
X-PAGE-TYPE
X-Lb-Id
Cache-Provider
X-Service
X-Cache-Miss-From
X-Sedo-Request-Id
X-Requestid
X-NGINX-Cache
X-Cache-Tag
X-Web-Server
X-Var-Ttl
X-NGENIX-Cache
Pics-Label
Ohc-Response-Time
X-Pjax-Url
X-Request-Url
X-TIME
X-Has-Esi
Lb
X-JWT-State
X-Is-Gdpr
X-MCACHE
Group
Cneonction
X-Apw-Access-Token
X-Apw-Hits
X-Apw-Access-Action
X-Apw-Access-Object
X-Vct
CDN
X-Dw-Trace-Id
Xet-Cookie
X-SRV
X-PF-Uncompressing
HTTPS
X-SN
X-Cdn-Request-ID
X-Cf-Powered-By
X-Ecache
Warning
FNAC-ModuleRouting
X-WA
Correlation-Id
Backend
X-Newrelic-App-Data
X-DW
X-DSS
X-Fe
X-RPM
X-RPS
X-DI
X-DB
Xkeypdq
X-Request-URL
X-Litespeed-Cache-Control
X-Swift-Error
X-RSL
X-Zalando-Child-Request-Id
X-ServerName
X-Bug-Bounty
X-Fastly-Cache-Hits
X-Edge-IP
X-Akamai-ERRuleID
X-Flow-Id
X-Serial
Lfy
X-Fpc
X-Page-Impression-Id
Www
X-Akamai-ERPolicy