Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
CF-Cache-Status
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Alt-Svc
X-Adblock-Key
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Age
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Id-2
X-Amz-Request-Id
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
EagleId
Grace
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Server-Id
Server-Timing
Feature-Policy
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Host
Report-To
X-Rq
X-Ac
X-Node
Content-Location
X-OneAgent-JS-Injection
X-Request-ID
X-Cnection
X-Response-Time
X-Backend-Server
X-Cloud-Trace-Context
X-Origin-Cache
X-Application-Context
X-Readtime
Request-Id
Allow
Surrogate-Control
EagleEye-TraceId
X-Dns-Prefetch-Control
X-ORACLE-DMS-ECID
X-Vhost
X-Country
X-DynaTrace
X-TTL
X-Cdn
X-Cache-Lookup
X-Rack-Cache
Pinterest-Generated-By
X-Origin-Upstream-Status
X-Url
X-Clacks-Overhead
NEL
X-Ua-Compatible
X-FTR-Request-ID
Rating
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country-Code
X-Ruxit-JS-Agent
X-Dispatcher
X-CST
X-HW
X-ORACLE-DMS-RID
X-Goog-Hash
X-Instart-Request-ID
Fusion-Content-Source
Fusion-Content-Id
Fusion-Template-Id
Fusion-Source
Fusion-Component-Id
X-DataStream-Cache-Status
X-TtlSet
X-Vname
X-PC
Edge-Control
X-Px
X-VARITI-CCR
X-DataDome
Service-Worker-Allowed
Verso
X-Mod-Pagespeed
X-MS-InvokeApp
X-Recruiting
RTSS
X-Cdn-Fetch
X-Exp-Id
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-Use-Magma
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Server
X-Varnish-TTL
X-D2id
SPRequestGuid
X-Vcap-Request-Id
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
TCN
X-SharePointHealthScore
X-GitHub-Request-Id
X-Navigation-Version
X-Sol
Display
Response
X-SRCache-Store-Status
X-Middleton-Display
X-Middleton-Response
X-SRCache-Fetch-Status
X-Akam-SW-Version
X-Powered-By-Plesk
MS-Author-Via
X-RateLimit-Remaining
X-ESI
Charset
X-Forwarded-Proto
DynaTrace
X-Shield-Request-Id
X-Powered-CMS
X-Amz-Rid
X-Upstream
Realpath
X-B3-TraceId
ServerID
Public-Key-Pins
X-Version
X-Trace
Fastly-Restarts
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
Nginx-Cache
X-Cached
AR-ATIME
AR-CACHE
Ar-Sid
AR-PoweredBy
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
Content-MD5
X-Shard
X-Server-Name
X-Dw-Request-Base-Id
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
MRF-Tech
Mrf-Cache-Status
Accept-CH
Pagespeed
AR-Request-ID
X-Grace
Access-Control-Request-Method
Paypal-Debug-Id
X-MSEdge-Ref
Accept-Ch-Lifetime
SPIisLatency
X-Client-IP
SPRequestDuration
X-Goog-Storage-Class
X-DynaTrace-JS-Agent
S
X-Debug
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Expires
X-FTR-Realm
X-Id
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Backend
Accept-Ch
X-Ezoic-Cdn
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-FastCGI-Cache
X-Amz-Meta-S3cmd-Attrs
X-Fastly-Request-ID
Front-End-Https
X-B3-Traceid
X-N
X-T
X-Amzn-Trace-Id
X-Vcache
X-NF-Request-ID
Arr-Disable-Session-Affinity
X-DIS-Request-ID
X-Pinterest-Rid
MicrosoftSharePointTeamServices
Pinterest-Version
X-Upstream-Proxy
X-Content-Type
X-XRDS-Location
X-Hits
X-B3-Sampled
X-FTR-Cache-Host
X-Acc-Meta-Resource-Type
X-Frontend
PB-PID
PB-RID
X-Mobile-Rewrite
Arc-Version
X-Varnish-Age
Fastcgi-Cache
X-Ser
X-Logged-In
X-Content-Digest
Server-Name
X-Correlation-Id
Alternate-Protocol
X-VCache
X-Srv
X-Cache-Key
X-Node-Name
Nel
X-Microsite
AMP-Access-Control-Allow-Source-Origin
X-Request-Handler-Origin-Region
X-Pad
FilterID
X-User-Agent
X-Rid
X-Forwarded-For
TP-Cache
TP-L2-Cache
X-Type
Healthy
X-LB-Cache
X-Kinsta-Cache
Powered
Host
X-F-Cache
X-IPLB-Instance
X-Request-Processing-Time
X-Request-Received
X-Zen-Fury
X-Cache-2
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Revision
Edge-Cache-Tag
Powered-By-ChinaCache
X-Debug-Info
X-AOL-HN
Accept-CH-Lifetime
X-GUploader-UploadID
X-Via-JSL
X-Cached-By
X-Cache-Age
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Analytics
Backend-Timing
X-HS-Content-Id
X-AppVersion
X-Activity-Id
X-HS-Hub-Id
X-Az
X-Hostname
X-XRDS-LOCATION
X-Accel-Expires
X-Cache-Rule
X-Esi
Surrogate-Key
X-Varnish-Backend
X-Content-Security-Policy-Report-Only
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Instance
X-Content-Options
X-RateLimit-Limit
X-Page-Id
X-BCube-Filmed-By
X-Tumblr-Pixel
X-Varnish-Grace
Server-Node
X-Amz-Replication-Status
X-Tumblr-User
X-Tumblr-Pixel-0
X-Akamai-Edgescape
X-App-Environment
X-Jobs
X-Request-Guid
X-Signature
X-B-Cache
X-PHP-Backend
X-Forwarded-Host
Refresh
Cleartype
Source
X-Content-Powered-By
X-Cluster
X-TT
X-FB-Debug
Cache-Status
X-Framework
Liferay-Portal
X-FW-Static
X-FW-Type
X-FW-Hash
X-FW-Serve
X-FW-Server
DC
X-Fastcgi-Cache
X-Server-ID
Tracecode
X-ATG-Version
X-Varnish-Hostname
Accept-Charset
Access-Control-Allow-Method
Fastcgi-Useragent
X-Time
Host-Header
X-APP-VERSION
X-Cache-Action
X-Cache-Operation
WPE-Backend
X-Drupal-Cache-Tags
X-Mobile
X-Edge-Location
X-Cache-Control
X-Whom
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-B
X-Response-Served-From
X-Hp-Webp
NGB
X-App-Server
X-Accel-Buffering
X-Mobile-URL
Payment
X-WA-Info
X-Cache-Hit
X-Storage
Actual-Object-TTL
X-Presslabs-Stats
X-Oracle-Dms-Rid
Filters
X-WebKit-CSP-Report-Only
X-Content-Age
X-TX-ID
Cache-Tv-Group
X-Handled-By
X-Git-Hash
Cache-Tag
X-TT-TIMESTAMP
Retry-After
X-RequestSource
Upgrade-Insecure-Requests
Viewport
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Cacheable-TTL
X-UA-Device-Type
Eomportal-Instance
X-GeoIP
X-Status
X-NWS-LOG-UUID
X-ProcessESI
X-Adobe-Loc
X-RemovedCookies
X-Adobe-Content
X-SS-Set-Cookie
X-Cache-TTL
MS-CV
X-Geo-Country
X-FW-Dynamic
X-TA-CDN-Provider
X-VG-WebCache
Webserver
X-Cache-TTL-Remaining
X-Seen-By
Xserver
X-Host-Name
X-FB-TRIP-ID
Ms-Operation-Id
X-RTag
Datacenter
X-B3-Spanid
X-Cache-Enabled
Frame-Options
Cache
Server-Info
X-Ratelimit-Limit
X-Hyper-Cache
From-Origin
X-Contextid
X-Origin-Server
X-Generated-By
X-Mode
Country
X-CF-Powered-By
S-Cnection
SRV
GEO-INFO
X-Path-Route
X-ES-SERVER
X-RN-RSRV
X-Cache-Var-Map
X-Cache-Var
X-Ratelimit-Reset
Load-Balancing
Meta-Geo
X-Cache-Config
X-Tumblr-Pixel-3
Machine
X-Cache-Grace
X-MP-GENERATED-AT
X-Upstream-HT
X-Zipkin-Id
Cache-Key
X-Proxied
X-Upstream-CT
X-Drupal-Cache-Contexts
X-Routing-Service
X-Section
X-Access
Vix-Hermes-Req-Id
ServedBy
X-Backend-Name
X-From
Rt-Fastcgi-Cache
Decoy-Debug-TTL
Decoy-Debug-Key
Decoy-Debug-Status
X-Hit
X-Human
X-Varnish-Cache-Hits
X-Varnish-Server
X-TNCMS
X-R9-Blue-Green-Version
X-Labrador-Cache-Channel
X-Loop
CACHE
X-Web-Node
X-Upgrade-Enabled
Cache-Name
Mn-Server-Ip
X-AWS-Id
X-Magnolia-Registration
X-EIG-Tracking-Id
X-VG-TLSProxy
X-VWS-Id
Akamai-GRN
X-Viewer-Country
X-Cache-Host
X-Cluster-Node
X-Timing-Wait
X-LJ-Flow-ID
X-Region
X-PCL
X-Akamai-Request-ID
X-Rule
X-Proxy-Build
X-OCL
Now
X-Origin-Response-Time
X-Debug-Cache
X-Device-Type
DSUID
Release
X-Site-Version
X-Via-Fastly
X-FC-Vary-Parameters
X-L-Path
X-Www-Served-By
X-Locale
X-Endurance-Cache-Level
X-Proto
X-Environment-Context
X-NCache
X-Generated
X-Alternate-Cache-Key
X-Goog-Meta-Goog-Reserved-File-Mtime
X-ShopId
X-Rendered-As
X-ShardId
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Hosted-By
X-JoinUs
X-Sorting-Hat-ShopId
Mail-Subject
We-Hiring
DB-Nickname
X-NewRelic-App-Data
X-Guploader-Uploadid
X-CCM
X-Trace-Id
X-RateLimit-Reset
OT-Force-Account-Verify
X-Xfnlog-Site
ProcessTime
X-Dc
Version
X-S
Uber-Trace-Id
X-IP
X-RCS-CacheZone
X-Time-Microsecs
X-Request-Time
X-Load-Cache
X-Varnish-Hits
NtCoent-Length
X-Akamai-Request-ID2
X-VCT
Time
X-FW-Version
Azure-SlotName
Webcakes-Region
S-Rt
Azure-RegionName
Azure-Version
TWC-Device-Class
X-Wix-Request-Id
X-Origin-Hint
Property-Id
Webcakes-App-Name
Webcakes-App-Version
TWC-Connection-Speed
Azure-SiteName
Cteonnt-Length
TWC-GeoIP-Country
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Privacy
Azure-InstanceId
X-Origin
X-PressLabs-Stats
X-EdgeConnect-Cache-Status
X-Redis-Cache
NGX
X-Nginx-Cache
X-UUID
X-ProxyCache-Status
X-No-Session
X-ProxyCache-Key
X-Via-CDN
X-UA
X-BYPASS-REASON
X-GEO
X-Proxy
X-CDN-Forward
X-FireWall-Port
X-Platform-Server
X-ECACHE
X-Vgn-Hpd-Reason
X-MServer
X-PERF
X-Cache-NE
X-Hl-Ver
X-ApacheServer
X-Rocket-Nginx-Bypass
X-IPS-LoggedIn
Origin
X-Format
X-Daa-Tunnel
X-HTML-Minification-Powered-By
X-CS
Odigeo-Trace-Id
X-Akamai-Transformed
X-Cache-Server
Ec-Rule-Version
Accept-Language
X-UnsetCookies
Cache-Tags
X-Oneagent-Js-Injection
Access-Control-Request-Headers
X-ServerID
X-Cache-Remote
X-Distributor
LB
X-Tb
X-Dynatrace-Js-Agent
Fastly-SSL
X-Amzn-Remapped-Content-Length
X-Real-IP
Hostname
Selected-Fe
X-SERVER-NAME
L5d-Success-Class
Proxy-Connection
X-Webkit-Csp
X-B3-Parentspanid
X-NC
X-Microcachable
X-Unique-ID
X-Pubstack
X-Compress-Hint
Served-By
X-G
X-Trv-Group
X-BACKEND-TTL
X-Vtex-Remote-Cache
X-Twitter-Response-Tags
X-Vtex-Processado-Em
X-CF-Lambda-Version
X-Transaction
X-VG-WebServer
X-Cdn-Srv
MD5-Digest
X-Geo-Header
X-Varnish-Url
X-Varnish-Cacheable
Viewtype
X-Cache-Bucket
X-CF-Lambda-Fn
X-DPWN-IS-SECURE
X-Connection-Hash
BehaviorPad-Version
X-D
AsisCache
Cross-Origin-Window-Policy
Arc-Country
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Cdn-Host
Cdn-Request-Time
Content-Script-Type
Content-Style-Type
Cache-Cookie-Set-Lfrom
Cache-Prefix
Fastcgi-X-Cache-Version
AKAMAI
Fly-Request-Id
Fly-Cache
GEO-REGION-INFO
X-A
X-External-Request-Id
X-Edge-Server
Fastly-SWR
X-Developer
A
X-Date
Fastly-SIE
X-Cluster-Name
X-Detected-As
X-Destination
VivaBuild
X-A-Ccd
Meta-Geo-Continent
X-Region-Sid
X-Is-Bot
X-Aed
X-Accel-Expires-Debug
X-Internal-Host
X-NU-AKA-ACS-Version
X-Instart-Info
Rt-Proxy-Cache
Mobile-Detection-Method
X-B-Cookie
X-Worker
X-S-Maxage
X-ARC
X-S-Cookie
Node
X-ScT
REQUESTUUID
X-Request-UUID
X-Rewrite-Enabled
Xc-Version
Request-Time
X-SRCache-Key
X-A-Dam
X-A-Dcw
X-AIR-PT
X-SVT-ORM-RULES
X-App-Name
X-PAYTM-SRV-ID
X-SVT-ORM-VERSION
X-IN-APIGATEWAY
Proxy-Firewall
Server-ID
X-Server-Time
X-A-Wwc
X-Application
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-A-Dgt
Rendered-Blocks
X-Org
X-Rojux
X-ElasticPress-Search
Origin-Cache-Control
IBM-Web2-Location
X-URL
ServerName
Origin-Edge-Control
Section-Io-Cache
Request-Country
X-Cache-Info
X-Cdn-Origin
Memcached
Server-Int
On-Server
Content-Disposition
X-BBXSRF
X-Clientip
Request-EU
Ha-Gx-Prefs
X-CGP
X-Backend-State
Esi-Enabled
HA-Ipaddr
Gh-Request-Id
Resin-Trace
Countrycode
UCS
X-Location
X-Core-Mission
X-Nginx-Cache-Key
W
X-Level-Front-Cache
X-HS-Combine-CSS
X-C
X-HS-Cache-Config
X-NX-Host
X-Qloud-Router
X-TrackingId
X-We-Are-Hiring
X-Sn-Servicetimems
X-Skip-Cache
X-Server-IP
X-ServiceProvider
X-Generated-On
X-Method
X-Debug-Log
X-Developers
X-Distil-CS
Apple-News-Services-Handled
Apple-News-Services-Host
Backend-Name
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Eu-Site
X-Debug-Cookies
X-Fastly-Cache
X-Cache-Category-Id
X-Grey
X-SIPLIST1
X-Generation-Time
X-GeoIP-Country-Code
X-Wikidot-Backend
X-Secret
X-Wikidot-Static-Cache
X-FPC
X-Servername
X-Swa-Ws
Web-Mar-Node
X-Variation
X-Crawler
Who
Wxu-Next-Commit
Wxu-Next-Region
Wxu-Next-Hostname
X-Gen-Mode
X-TH-Server
X-Request-URI
X-Dispatch
X-Device-Os
X-Auto-Login
X-Webstats-RespID
X-Block-Status
X-Epic-Correlation-Id
X-Irp-Debug
X-Key
X-Hash
X-Cache-Id
X-Reboot
X-Release
X-Reqid
X-Gannett-Site-Version
X-Proxy-Upstream
X-PHP-Host
Kp-EeAlive
X-Proxy-Cache-Status
X-Hnp-Log
RNT-Machine
L
IsBot
N-Cache
Platform
Powered-By
Is-Eu
Heartbleed
Adler-Geo
X-Cache-Backend
CDCHOST
Fastly-Soc-X-Request-Id
GW-Server
Pramga
Country-Code
User-Cache-Control
Server-Host
SS
True-Client-Country-4JS
RNT-Time
X-SERVER
X-Urbn-Context-Path
Locale
X-Urbn-Site-Id
X-Fetched-On
X-VServer
X-CUA
X-Nc
X-Li-Fabric
X-WADP-Cache
X-Pf-Uncompressing
X-Cms-Context
X-WebServer
X-Thinkindot-L3
X-GeoIP-City
X-Dispatcher-Server
X-SD-PageType
X-Response-By
X-Edge
Thinkindot-Control
X-Request-Start
X-Thanos
V-Age
X-VC-Cache
X-Clara-WADP
X-Azure-Ref
PFcat
X-Azure-Ref-OriginShield
Thinkindot-CacheControl-Type
X-Bip
SD-X-WS
X-Matched-Rule
X-Li-Pop
X-LI-Proto
X-Amz-Meta-Cache-Control
X-LI-UUID
X-Origin-Expires
X-Origin-Date
X-CDN-Cache
Thinkindot-CacheControl
X-Cache-FS-Status
CF-IPCountry
X-Owner
X-FE
X-OVcl-Cache
X-OVcl
X-Varnish-Ttl
X-ABtesting
X-Via-NSCOPI
X-Processor
X-CLOUD-TRACE-CONTEXT
Magicmarker
X-Hello
X-Flog
X-Served-From
User-Agent
X-Powered-By-Defense
X-LAGOON
X-Via-Edge
X-Via-SSL
X-Parent-Response-Time
PageSpeed
Pagetype
X-Ratelimit-Remaining
X-Be
X-Generated-In
X-User
X-Backend-Url
X-Backend-Host
Mime-Version
Memory
X-Up
X-MSEdge-Flight
X-MSEdge-Features
X-Varnish-Beresp-Ttl
X-Protected-By
X-Tt-Trace-Tag
X-ND-Cache
X-GoCache-CacheStatus
X-Datadome
X-Newrelic-Synthetics
X-Ua
X-Debug-Cache-Store
X-Page-Type
X-Debug-Cache-Fetch
X-Soup
X-Debug-Cache-Expiry
X-Fstrz
Pragrma
X-COUNTRY
X-Planisys-CDN-Rules
X-Ttl
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Geo
X-Origin-TTL
X-Backend-TTL
X-Cache-Ttl
X-Origin-CC
X-ZONE
X-Oss-Object-Type
Cache-Hits
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Server-Time
X-Check-Cacheable
GeoIp-Country-Code
X-Oss-Storage-Class
Geoip-City
Geoip-Latitude
Dynatrace
X-B3-SpanId
X-Say-Cacheable
X-Say-TTL
X-SayCDN-TTL
X-Akamai-SSL-Client-Sid
X-Zone
X-Old-Content-Length
X-Phone
XServer
X-Core-Value
X-IN-WAF
X-CSRF-TOKEN
X-Litespeed-Cache
X-Cache-Time
X-Servedbyhost
X-DC
X-TT-LOGID
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Cdn-Forward
Fastly-Backend-Name
X-HS-Status
Cdn
WZWS-RAY
X-Aicache-OS
X-Logtrace-Id
X-IN-APIGATEWAYSSL
SN
Ajk
X-VCL-Version
Inserted-Into-Cache-At
X-Node-Id
X-BC
X-Ruxit-Js-Agent
X-Mid
X-Birta-Served
X-MID
X-Birta-Cache-Post
Amp-Access-Control-Allow-Source-Origin
FSS-Proxy
FSS-Cache
X-Vcl-Version
X-FORWARDED-FOR
X-EC-Lua
X-Amzn-Remapped-Date
X-Tb-Optimization-Total-Bytes-Saved
X-ServedByHost
X-Tec-Api-Version
X-UPSTREAM-Address
X-Wa
X-Tec-Api-Root
Selected-FE
X-Real-Ip
X-Amzn-Remapped-Connection
X-Info
X-APP
X-RateLimit-Remaining-Second
X-Varnish-IP
X-Tec-Api-Origin
X-RateLimit-Limit-Second
X-Refresh
X-Contensis-Viewer-Groups
HostName
X-Cache-ASPX
X-Varnish-Authentication
Xkeyrz
Server-Surrogate-Control
X-Source
CF-Cached-On
HitType
X-Proxy-Cacherz
Server-Cache-Control
X-Cache-Debug
X-Agile-Id
PICS-Label
T-Server
RequestId
X-Agile
X-Agile-Age
X-Bc
Srv
X-CSRF-Token
Ohc-File-Size
X-PJAX-URL
GeoIP-Country-Code
X-GDPR
X-Render-Time
X-Nananana
MIME-Version
X-LiteSpeed-Cache-Control
X-App-Version
GeoIP-City
X-WR-MODIFICATION
GeoIP-Latitude
X-TIME
X-Varnish-Beresp-TTL
Ohc-Cache-HIT
X-ECache
X-Via-Ucdn
WebServer
X-NWS-UUID-VERIFY
Cf-Ipcountry
DataCenter
X-Web-Server
X-LB-ID
SID
X-Fastly-Country-Code
URI
X-Policy
X-PAGE-TYPE
X-Cache-Tag
X-BE
X-Uri
Is-Session-Tracking
X-Unique-Id
X-Micro-Cache
Get-Access-Time
X-SRV
X-CACHE-KEY
Xkeynj
X-Requestid
CDN
X-Sedo-Request-Id
X-Fastly-Backend-Reqs
X-NGINX-Cache
Cache-Provider
X-Cache-Miss-From
X-Request-Url
Group
X-GRACE
X-MCACHE
X-Service
X-Var-Ttl
X-Lb-Id
HTTPS
Xet-Cookie
X-Edge-IP
Pics-Label
X-Vct
X-JWT-State
X-Is-Gdpr
X-Pjax-Url
Lb
X-Apw-Access-Action
X-Has-Esi
Www
Backend
Cneonction
X-Apw-Access-Object
X-NGENIX-Cache
X-Apw-Access-Token
X-SN
Ohc-Response-Time
X-Swift-Error
X-Apw-Hits
X-Dw-Trace-Id
X-Cdn-Request-ID
X-Ecache
FNAC-ModuleRouting
X-Cache-Expires
Warning
Correlation-Id
X-Cf-Powered-By
Host-ID
X-Instart-Isnd
X-WA
X-Newrelic-App-Data
X-Akamai-ERPolicy
X-Litespeed-Cache-Control
X-Bug-Bounty
X-Akamai-ERRuleID
Lfy
X-Fastly-Cache-Hits
X-Fe
X-Html-Edge-Cache
X-Flow-Id
X-RPM
X-DW
X-RPS
X-RSL
X-Fpc
X-PF-Uncompressing
X-DSS
X-DI
Requestid
X-ServerName
X-Page-Impression-Id
X-Zalando-Child-Request-Id
X-DB
X-Serial