Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
CF-Cache-Status
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Alt-Svc
X-Adblock-Key
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Age
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Request-Id
X-Amz-Id-2
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
EagleId
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Server-Id
X-WebKit-CSP
Server-Timing
Feature-Policy
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Host
Report-To
X-Rq
X-Ac
X-Node
X-Request-ID
Content-Location
X-OneAgent-JS-Injection
X-Cnection
X-Response-Time
X-Backend-Server
X-Cloud-Trace-Context
X-Origin-Cache
X-Application-Context
X-Readtime
Request-Id
Allow
Surrogate-Control
EagleEye-TraceId
X-ORACLE-DMS-ECID
X-Vhost
X-DynaTrace
X-Country
X-Cdn
X-TTL
X-Cache-Lookup
X-Ua-Compatible
X-Rack-Cache
Pinterest-Generated-By
X-Origin-Upstream-Status
X-Clacks-Overhead
X-Url
NEL
X-FTR-Request-ID
Rating
X-Dns-Prefetch-Control
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country-Code
X-Ruxit-JS-Agent
X-Dispatcher
X-ORACLE-DMS-RID
X-CST
X-HW
X-Instart-Request-ID
X-Goog-Hash
Fusion-Content-Source
Fusion-Component-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Id
X-DataStream-Cache-Status
X-TtlSet
X-Vname
X-PC
Edge-Control
X-DataDome
X-Px
X-VARITI-CCR
Service-Worker-Allowed
Verso
X-Mod-Pagespeed
X-MS-InvokeApp
X-Recruiting
RTSS
X-Exp-Id
X-Kinja-Build
X-Kinja-Revision
X-Cdn-Fetch
X-Use-Magma
X-Exp-Variant
X-Kinja
X-GoogleNews-Bot
X-Kinja-Server
X-D2id
SPRequestGuid
X-Varnish-TTL
X-Vcap-Request-Id
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
TCN
X-SharePointHealthScore
X-GitHub-Request-Id
X-Navigation-Version
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Middleton-Response
X-Sol
X-Middleton-Display
X-Akam-SW-Version
Display
Response
X-Powered-By-Plesk
X-ESI
MS-Author-Via
X-RateLimit-Remaining
DynaTrace
X-B3-TraceId
Charset
Realpath
X-Forwarded-Proto
X-Shield-Request-Id
X-Amz-Rid
X-Powered-CMS
ServerID
X-Upstream
X-Trace
X-Server-Name
Fastly-Restarts
AR-PoweredBy
AR-CACHE
Ar-Sid
AR-ATIME
Nginx-Cache
X-Version
Public-Key-Pins
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Cached
Content-MD5
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
Accept-CH
X-Goog-Generation
X-Goog-Metageneration
X-Dw-Request-Base-Id
X-Shard
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Mrf-Section-Lastmod
AR-Request-ID
X-Grace
Pagespeed
Access-Control-Request-Method
Paypal-Debug-Id
X-MSEdge-Ref
X-Client-IP
SPRequestDuration
SPIisLatency
Accept-Ch-Lifetime
X-Goog-Storage-Class
X-DynaTrace-JS-Agent
S
X-Id
X-Debug
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Backend
X-FTR-Realm
X-Country-Code-Real
X-FTR-Expires
X-Ezoic-Cdn
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Amz-Meta-S3cmd-Attrs
X-Fastly-Request-ID
X-FastCGI-Cache
X-N
Front-End-Https
Accept-Ch
X-T
X-Amzn-Trace-Id
X-Pinterest-Rid
X-NF-Request-ID
Pinterest-Version
X-DIS-Request-ID
X-Upstream-Proxy
Arr-Disable-Session-Affinity
MicrosoftSharePointTeamServices
X-Content-Type
X-Hits
X-B3-Traceid
X-Vcache
X-B3-Sampled
X-XRDS-Location
X-FTR-Cache-Host
X-Frontend
X-Mobile-Rewrite
X-Ser
PB-RID
Arc-Version
X-Acc-Meta-Resource-Type
PB-PID
X-Logged-In
X-Varnish-Age
Fastcgi-Cache
X-Content-Digest
Server-Name
X-VCache
X-Correlation-Id
Alternate-Protocol
X-Srv
X-Cache-Key
Nel
X-Node-Name
X-Pad
X-Microsite
X-Request-Handler-Origin-Region
AMP-Access-Control-Allow-Source-Origin
FilterID
X-User-Agent
X-Rid
X-Type
TP-Cache
X-Forwarded-For
TP-L2-Cache
X-LB-Cache
Healthy
Host
X-IPLB-Instance
X-Kinsta-Cache
X-Request-Processing-Time
X-Request-Received
Powered
X-F-Cache
X-Zen-Fury
X-Amz-Apigw-Id
X-Cache-2
X-Amzn-RequestId
Accept-CH-Lifetime
Powered-By-ChinaCache
X-Revision
Edge-Cache-Tag
X-Debug-Info
X-AOL-HN
X-Cached-By
X-XRDS-LOCATION
X-GUploader-UploadID
X-Cache-Age
X-Analytics
X-Via-JSL
Backend-Timing
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-HS-Content-Id
X-Hostname
X-HS-Hub-Id
X-AppVersion
X-Activity-Id
X-Az
X-Cache-Rule
X-Accel-Expires
Surrogate-Key
X-Varnish-Backend
X-Content-Security-Policy-Report-Only
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Content-Options
X-Instance
X-Tumblr-Pixel-0
X-Tumblr-User
X-Varnish-Grace
X-PHP-Backend
X-Page-Id
X-Amz-Replication-Status
X-BCube-Filmed-By
Server-Node
X-Tumblr-Pixel
X-App-Environment
X-Jobs
X-Content-Powered-By
X-TT
X-Request-Guid
X-B-Cache
X-Akamai-Edgescape
X-Signature
Refresh
Cleartype
Source
X-Esi
X-Cluster
X-Forwarded-Host
X-Framework
X-FB-Debug
Cache-Status
X-Fastcgi-Cache
X-RateLimit-Limit
Liferay-Portal
X-FW-Server
X-FW-Type
X-FW-Serve
X-FW-Hash
X-FW-Static
DC
Tracecode
X-ATG-Version
X-Varnish-Hostname
Access-Control-Allow-Method
Fastcgi-Useragent
Accept-Charset
Host-Header
X-Mobile
X-Time
X-APP-VERSION
X-Cache-Operation
WPE-Backend
X-Cache-Action
X-Drupal-Cache-Tags
X-Cache-Control
X-Edge-Location
X-Whom
X-Erf-Bev-Bev
X-Presslabs-Stats
X-Erf-Bev-Bev-Is-Generated
X-WA-Info
X-B
Payment
NGB
X-Accel-Buffering
X-Response-Served-From
X-Hp-Webp
X-Mobile-URL
X-Storage
Actual-Object-TTL
X-Cache-Hit
X-App-Server
X-TX-ID
Filters
X-Git-Hash
X-Content-Age
X-WebKit-CSP-Report-Only
X-TT-TIMESTAMP
X-Handled-By
Cache-Tv-Group
Upgrade-Insecure-Requests
Viewport
X-RequestSource
Cache-Tag
X-Yottaa-Optimizations
X-Cacheable-TTL
X-Yottaa-Metrics
Eomportal-Instance
X-GeoIP
X-NWS-LOG-UUID
X-Tumblr-Pixel-2
X-UA-Device-Type
X-Cache-TTL
X-SS-Set-Cookie
X-Tumblr-Pixel-1
X-RemovedCookies
X-ProcessESI
Retry-After
X-Status
X-Adobe-Loc
X-Adobe-Content
X-TA-CDN-Provider
X-Geo-Country
MS-CV
X-VG-WebCache
X-FW-Dynamic
Webserver
X-Server-ID
X-Cache-TTL-Remaining
X-Seen-By
X-FB-TRIP-ID
Xserver
X-Host-Name
X-RTag
X-Cache-Enabled
X-Oracle-Dms-Rid
X-Ratelimit-Limit
Ms-Operation-Id
Datacenter
Frame-Options
X-B3-Spanid
Server-Info
X-Hyper-Cache
X-Contextid
Cache
From-Origin
X-Generated-By
X-Origin-Server
X-Mode
S-Cnection
Country
CACHE
X-CF-Powered-By
X-ES-SERVER
X-Path-Route
X-Cache-Var
X-Tumblr-Pixel-3
Load-Balancing
X-RN-RSRV
GEO-INFO
Machine
SRV
X-Cache-Var-Map
X-Cache-Config
Meta-Geo
X-Upstream-HT
X-Upstream-CT
X-Proxied
X-Section
X-Cache-Grace
X-Drupal-Cache-Contexts
Vix-Hermes-Req-Id
X-Zipkin-Id
X-Access
X-MP-GENERATED-AT
X-Routing-Service
Cache-Key
X-R9-Blue-Green-Version
Decoy-Debug-Key
X-From
X-Guploader-Uploadid
X-Loop
Decoy-Debug-TTL
Rt-Fastcgi-Cache
Decoy-Debug-Status
X-Labrador-Cache-Channel
X-TNCMS
X-Varnish-Cache-Hits
X-Web-Node
X-Human
X-Backend-Name
ServedBy
X-Varnish-Server
X-Hit
X-Cluster-Node
X-EIG-Tracking-Id
X-Cache-Host
Akamai-GRN
X-AWS-Id
Cache-Name
X-Akamai-Request-ID
Now
X-Timing-Wait
X-Ratelimit-Reset
X-RateLimit-Reset
X-Region
X-Proxy-Build
X-Trace-Id
X-Upgrade-Enabled
Mn-Server-Ip
X-VWS-Id
X-Viewer-Country
X-VG-TLSProxy
X-PCL
X-Rule
X-Magnolia-Registration
X-LJ-Flow-ID
X-OCL
X-Origin-Response-Time
X-Generated
X-Www-Served-By
X-NCache
X-Site-Version
X-Dc
X-Via-Fastly
Release
DSUID
X-Proto
X-Endurance-Cache-Level
X-Environment-Context
X-Device-Type
X-Debug-Cache
X-Locale
X-FC-Vary-Parameters
X-L-Path
We-Hiring
OT-Force-Account-Verify
X-JoinUs
X-Alternate-Cache-Key
Mail-Subject
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Shopify-Stage
X-Hosted-By
X-Rendered-As
X-Sorting-Hat-ShopId
X-ShardId
X-Sorting-Hat-PodId
X-ShopId
DB-Nickname
X-CCM
Uber-Trace-Id
ProcessTime
X-S
X-RCS-CacheZone
X-Xfnlog-Site
Version
X-NewRelic-App-Data
X-Request-Time
X-IP
X-Load-Cache
NtCoent-Length
X-Time-Microsecs
X-VCT
X-Varnish-Hits
X-Akamai-Request-ID2
Time
TWC-GeoIP-Country
Property-Id
S-Rt
TWC-Connection-Speed
TWC-Device-Class
X-UA
X-FW-Version
Webcakes-App-Name
Webcakes-Region
Webcakes-App-Version
X-Origin-Hint
X-Wix-Request-Id
TWC-Locale-Group
Azure-Version
TWC-Privacy
TWC-GeoIP-LatLong
Cteonnt-Length
Azure-InstanceId
Azure-RegionName
Azure-SlotName
Azure-SiteName
X-Redis-Cache
NGX
X-Origin
X-ProxyCache-Key
X-ProxyCache-Status
X-UUID
X-No-Session
X-BYPASS-REASON
X-Via-CDN
X-Nginx-Cache
X-EdgeConnect-Cache-Status
X-CDN-Forward
X-Proxy
X-Platform-Server
X-PressLabs-Stats
X-FireWall-Port
X-ECACHE
X-GEO
X-MServer
X-Vgn-Hpd-Reason
X-Rocket-Nginx-Bypass
X-Cache-NE
X-Hl-Ver
X-Daa-Tunnel
X-ApacheServer
X-PERF
Origin
X-IPS-LoggedIn
X-HTML-Minification-Powered-By
Odigeo-Trace-Id
X-Oneagent-Js-Injection
X-Format
X-Akamai-Transformed
X-CS
X-Cache-Server
Accept-Language
Ec-Rule-Version
X-ServerID
LB
X-Cache-Remote
X-Dynatrace-Js-Agent
Cache-Tags
Access-Control-Request-Headers
X-UnsetCookies
X-Distributor
X-Webkit-Csp
X-Tb
Fastly-SSL
X-Real-IP
L5d-Success-Class
X-Amzn-Remapped-Content-Length
X-BACKEND-TTL
X-Pubstack
Hostname
X-Unique-ID
Proxy-Connection
Selected-Fe
X-Microcachable
X-URL
X-Compress-Hint
Served-By
X-B3-Parentspanid
Cdn-Host
Cache-Prefix
Cdn-Request-Time
Content-Script-Type
Content-Style-Type
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
Arc-Country
AKAMAI
AsisCache
BehaviorPad-Version
Cross-Origin-Window-Policy
Cache-Cookie-Set-Idcheck
Fastcgi-X-Cache-Version
Request-Time
Meta-Geo-Continent
Mobile-Detection-Method
Node
Proxy-Firewall
MD5-Digest
GEO-REGION-INFO
Fastly-SIE
Fastly-SWR
Fly-Cache
Fly-Request-Id
Rendered-Blocks
X-B-Cookie
X-Region-Sid
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Request-UUID
X-Rewrite-Enabled
X-S-Cookie
X-Rojux
X-PAYTM-SRV-ID
X-Org
X-Instart-Info
X-IN-APIGATEWAY
X-Internal-Host
X-Is-Bot
X-NU-AKA-ACS-Version
X-Level-Front-Cache
X-S-Maxage
X-ScT
X-VG-WebServer
X-Varnish-Url
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-Worker
X-Varnish-Cacheable
X-Twitter-Response-Tags
X-SRCache-Key
X-Server-Time
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Trv-Group
X-Transaction
X-Geo-Header
X-Generated-On
X-Accel-Expires-Debug
X-A-Wwc
X-A-Dgt
X-Aed
X-App-Name
X-ARC
X-Application
X-A-Dcw
X-A-Dam
Server-ID
Rt-Proxy-Cache
Viewtype
VivaBuild
X-A-Ccd
X-A
A
X-Cache-Bucket
X-Developer
X-Detected-As
X-DPWN-IS-SECURE
X-Edge-Server
X-G
X-External-Request-Id
X-Destination
X-Date
X-CF-Lambda-Fn
X-Cdn-Srv
X-CF-Lambda-Version
X-Cluster-Name
X-D
X-Connection-Hash
REQUESTUUID
X-AIR-PT
X-NC
ServerName
X-ElasticPress-Search
IBM-Web2-Location
Origin-Edge-Control
Origin-Cache-Control
X-BBXSRF
X-Backend-State
X-Cache-Info
X-Core-Mission
W
X-Clientip
X-CGP
X-Cdn-Origin
Section-Io-Cache
On-Server
Memcached
X-C
Request-Country
Request-EU
Server-Int
X-Debug-Cookies
Resin-Trace
UCS
X-Distil-CS
X-ServiceProvider
X-Server-IP
X-Qloud-Router
X-Skip-Cache
X-Sn-Servicetimems
X-We-Are-Hiring
X-Cache-Backend
X-TrackingId
X-Nginx-Cache-Key
X-Method
X-Eu-Site
HA-Ipaddr
X-Developers
X-Fastly-Cache
X-HS-Cache-Config
X-Location
X-HS-Combine-CSS
X-Debug-Log
X-NX-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
Countrycode
Gh-Request-Id
Apple-News-Services-Host
Apple-News-Services-Request-Url
Content-Disposition
Backend-Name
Esi-Enabled
Ha-Gx-Prefs
X-Grey
X-Cache-Category-Id
X-SERVER
X-Gannett-Site-Version
X-Generation-Time
X-Hnp-Log
X-Hash
X-GeoIP-Country-Code
X-FPC
X-Gen-Mode
X-Device-Os
X-Block-Status
X-Bip
X-Auto-Login
Wxu-Next-Region
X-Cache-Id
Country-Code
CDCHOST
X-Dispatch
X-Irp-Debug
X-Crawler
X-Epic-Correlation-Id
X-Proxy-Upstream
X-Variation
X-Thanos
X-TH-Server
X-Swa-Ws
Adler-Geo
X-Webstats-RespID
Kp-EeAlive
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-SIPLIST1
X-Servername
X-Nc
Wxu-Next-Hostname
X-Proxy-Cache-Status
X-PHP-Host
X-Release
X-Reqid
X-Edge
X-Secret
X-Request-URI
X-Key
X-Reboot
Wxu-Next-Commit
Fastly-Soc-X-Request-Id
SS
IsBot
GW-Server
Who
Web-Mar-Node
L
True-Client-Country-4JS
Pramga
Is-Eu
RNT-Machine
Heartbleed
Powered-By
Platform
RNT-Time
User-Cache-Control
Server-Host
N-Cache
X-Urbn-Context-Path
Locale
X-Urbn-Site-Id
X-Response-By
X-Pf-Uncompressing
X-SD-PageType
X-CUA
X-Request-Start
Thinkindot-CacheControl
X-LI-Proto
X-LI-UUID
X-Matched-Rule
X-GeoIP-City
SD-X-WS
X-Li-Fabric
X-Li-Pop
X-Fetched-On
X-FE
Thinkindot-CacheControl-Type
X-Dispatcher-Server
X-Owner
X-Cms-Context
X-Origin-Date
X-Origin-Expires
Thinkindot-Control
X-SERVER-NAME
X-Azure-Ref-OriginShield
X-VC-Cache
X-Cache-FS-Status
X-VServer
X-Amz-Meta-Cache-Control
X-WebServer
X-WADP-Cache
X-Thinkindot-L3
X-Azure-Ref
X-Clara-WADP
V-Age
X-CDN-Cache
PFcat
X-Varnish-Ttl
CF-IPCountry
X-OVcl
X-Served-From
X-OVcl-Cache
X-Processor
X-CLOUD-TRACE-CONTEXT
X-Via-NSCOPI
X-Powered-By-Defense
X-Hello
X-Via-Edge
X-ABtesting
X-Flog
User-Agent
PageSpeed
X-Via-SSL
X-Ratelimit-Remaining
X-Parent-Response-Time
Magicmarker
X-Be
Pagetype
X-LAGOON
X-Backend-Host
X-Backend-Url
X-User
X-Protected-By
Mime-Version
X-ND-Cache
X-Generated-In
Memory
X-Varnish-Beresp-Ttl
X-Newrelic-Synthetics
X-Tt-Trace-Tag
X-MSEdge-Flight
X-MSEdge-Features
X-Up
X-GoCache-CacheStatus
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Debug-Cache-Fetch
X-Fstrz
X-Debug-Cache-Store
X-COUNTRY
X-Geo
X-Planisys-CDN-Rules
Pragrma
X-Page-Type
X-Soup
X-Debug-Cache-Expiry
X-Ttl
X-Origin-CC
X-Origin-TTL
X-Ua
GeoIp-Country-Code
Geoip-Latitude
Geoip-City
X-ZONE
Cache-Hits
X-Backend-TTL
X-Check-Cacheable
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
X-B3-SpanId
X-Oss-Hash-Crc64ecma
X-Zone
X-Say-Cacheable
XServer
X-Say-TTL
X-Phone
X-Core-Value
X-IN-WAF
X-SayCDN-TTL
X-Cache-Ttl
X-Litespeed-Cache
X-Akamai-SSL-Client-Sid
X-Old-Content-Length
X-TT-LOGID
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Cdn-Forward
X-Servedbyhost
X-CSRF-TOKEN
Cdn
X-Cache-Time
X-HS-Status
X-Aicache-OS
WZWS-RAY
Fastly-Backend-Name
X-Datadome
X-DC
X-Mid
Dynatrace
X-MID
Amp-Access-Control-Allow-Source-Origin
X-Birta-Served
X-Birta-Cache-Post
X-Ruxit-Js-Agent
SN
X-VCL-Version
X-FORWARDED-FOR
X-BC
X-Logtrace-Id
Inserted-Into-Cache-At
X-Node-Id
X-Vcl-Version
Ajk
FSS-Cache
FSS-Proxy
X-IN-APIGATEWAYSSL
X-EC-Lua
Selected-FE
X-ServedByHost
X-Real-Ip
X-Tb-Optimization-Total-Bytes-Saved
X-Info
X-Amzn-Remapped-Date
X-Tec-Api-Root
X-Tec-Api-Version
X-Varnish-IP
X-Amzn-Remapped-Connection
X-UPSTREAM-Address
X-Tec-Api-Origin
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Wa
X-Contensis-Viewer-Groups
HostName
X-Varnish-Authentication
CF-Cached-On
Server-Surrogate-Control
Server-Cache-Control
HitType
X-Cache-ASPX
X-Refresh
X-APP
RequestId
X-Agile
X-Agile-Age
X-Agile-Id
X-Cache-Debug
Xkeyrz
X-Source
X-Proxy-Cacherz
X-CSRF-Token
X-Bc
Srv
T-Server
X-PJAX-URL
PICS-Label
MIME-Version
X-LiteSpeed-Cache-Control
X-Nananana
X-App-Version
X-Via-Ucdn
X-TIME
X-ECache
X-GDPR
X-WR-MODIFICATION
X-Render-Time
GeoIP-Country-Code
WebServer
X-NWS-UUID-VERIFY
Ohc-File-Size
X-Varnish-Beresp-TTL
GeoIP-Latitude
X-Web-Server
Cf-Ipcountry
GeoIP-City
X-LB-ID
DataCenter
Ohc-Cache-HIT
X-Micro-Cache
SID
X-Fastly-Country-Code
X-Policy
Xkeynj
X-CACHE-KEY
X-Unique-Id
X-Cache-Tag
X-SRV
Is-Session-Tracking
URI
Get-Access-Time
X-PAGE-TYPE
Group
X-Requestid
X-Cache-Miss-From
X-Sedo-Request-Id
X-NGINX-Cache
X-BE
CDN
X-Uri
X-MCACHE
X-GRACE
X-Service
Cache-Provider
HTTPS
X-Request-Url
X-Lb-Id
X-Fastly-Backend-Reqs
Xet-Cookie
X-Var-Ttl
Pics-Label
Lb
X-Pjax-Url
X-SN
X-Apw-Access-Object
X-Apw-Access-Action
X-Apw-Access-Token
Backend
Cneonction
X-Edge-IP
X-Vct
Www
X-Swift-Error
X-Apw-Hits
X-Dw-Trace-Id
X-Has-Esi
X-Is-Gdpr
X-JWT-State
X-Instart-Isnd
Ohc-Response-Time
X-Ecache
X-Cdn-Request-ID
Warning
Host-ID
FNAC-ModuleRouting
Correlation-Id
X-Cache-Expires
X-WA
X-Cf-Powered-By
X-Newrelic-App-Data
X-NGENIX-Cache
X-RPM
X-RSL
X-Bug-Bounty
X-Fe
X-RPS
X-DW
X-DB
X-DI
X-DSS
Requestid
Lfy
X-Serial
X-Zalando-Child-Request-Id
X-ServerName
X-Page-Impression-Id
X-Flow-Id
X-Html-Edge-Cache
X-Fastly-Cache-Hits
X-Akamai-ERRuleID
X-PF-Uncompressing
X-Fpc
X-Akamai-ERPolicy