Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
CF-Cache-Status
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Alt-Svc
X-Adblock-Key
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Age
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Id-2
X-Amz-Request-Id
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
EagleId
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Server-Id
X-WebKit-CSP
Server-Timing
Feature-Policy
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Rq
X-Host
Report-To
X-Ac
X-Node
X-Request-ID
Content-Location
X-OneAgent-JS-Injection
X-Cnection
X-Response-Time
X-Backend-Server
X-Cloud-Trace-Context
X-Origin-Cache
X-Application-Context
X-Readtime
Request-Id
Allow
Surrogate-Control
EagleEye-TraceId
X-ORACLE-DMS-ECID
X-Country
X-DynaTrace
X-Vhost
X-Cdn
X-TTL
X-Cache-Lookup
X-Ua-Compatible
X-Rack-Cache
Pinterest-Generated-By
X-Origin-Upstream-Status
X-Clacks-Overhead
X-Url
X-FTR-Request-ID
X-Dns-Prefetch-Control
Rating
X-Country-Code
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
NEL
X-Ruxit-JS-Agent
X-Dispatcher
X-ORACLE-DMS-RID
X-HW
X-CST
X-Goog-Hash
X-Instart-Request-ID
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
X-DataStream-Cache-Status
X-PC
X-Vname
X-TtlSet
X-DataDome
Edge-Control
X-Px
X-VARITI-CCR
Service-Worker-Allowed
Verso
X-Mod-Pagespeed
X-Recruiting
X-MS-InvokeApp
RTSS
X-Cdn-Fetch
X-Kinja-Server
X-Use-Magma
X-Exp-Id
X-Kinja-Build
X-Exp-Variant
X-Kinja
X-GoogleNews-Bot
X-Kinja-Revision
X-Varnish-TTL
X-D2id
SPRequestGuid
X-Vcap-Request-Id
X-Amz-Server-Side-Encryption
TCN
X-GitHub-Request-Id
X-Navigation-Version
X-Abt-Application-Version
X-SharePointHealthScore
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Akam-SW-Version
X-Middleton-Display
Response
Display
DynaTrace
X-Sol
X-Middleton-Response
X-Powered-By-Plesk
MS-Author-Via
X-ESI
X-RateLimit-Remaining
Charset
X-B3-TraceId
X-TEC-API-ORIGIN
X-Shield-Request-Id
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Forwarded-Proto
Realpath
X-Amz-Rid
X-Powered-CMS
ServerID
AR-CACHE
X-Trace
AR-PoweredBy
Ar-Sid
AR-ATIME
X-Server-Name
Content-MD5
Public-Key-Pins
X-Upstream
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Version
Fastly-Restarts
X-Goog-Generation
X-Cached
Nginx-Cache
X-Dw-Request-Base-Id
X-Shard
AR-Request-ID
MRF-Tech
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Grace
Access-Control-Request-Method
Accept-Ch-Lifetime
Accept-CH
Paypal-Debug-Id
X-MSEdge-Ref
X-DynaTrace-JS-Agent
Pagespeed
X-Goog-Storage-Class
SPIisLatency
SPRequestDuration
Accept-Ch
X-Client-IP
S
X-Debug
X-FTR-Backend-Server
X-Country-Code-Real
X-Id
X-FTR-Realm
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-Expires
X-FTR-Balancer
X-FTR-DC
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Ezoic-Cdn
X-Amz-Meta-S3cmd-Attrs
X-Fastly-Request-ID
X-N
Front-End-Https
X-Amzn-Trace-Id
X-T
X-NF-Request-ID
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Proxy
X-DIS-Request-ID
X-Content-Type
Arr-Disable-Session-Affinity
MicrosoftSharePointTeamServices
X-FastCGI-Cache
X-Vcache
X-Hits
X-B3-Traceid
X-B3-Sampled
X-FTR-Cache-Host
X-Ser
X-Frontend
PB-RID
X-Logged-In
X-Acc-Meta-Resource-Type
PB-PID
Arc-Version
X-Mobile-Rewrite
X-XRDS-Location
Fastcgi-Cache
Server-Name
X-Varnish-Age
X-Content-Digest
Nel
X-Correlation-Id
Alternate-Protocol
X-VCache
X-Srv
X-Cache-Key
X-Node-Name
X-Pad
X-Request-Handler-Origin-Region
X-Microsite
FilterID
AMP-Access-Control-Allow-Source-Origin
X-Forwarded-For
X-LB-Cache
X-Rid
X-Kinsta-Cache
X-User-Agent
Healthy
TP-Cache
TP-L2-Cache
X-Type
Host
X-Zen-Fury
X-XRDS-LOCATION
X-F-Cache
Powered
X-Request-Received
X-Request-Processing-Time
X-IPLB-Instance
X-Amzn-RequestId
X-Amz-Apigw-Id
Powered-By-ChinaCache
X-Revision
X-Cache-2
Edge-Cache-Tag
X-AOL-HN
X-Debug-Info
X-Cached-By
X-Via-JSL
X-Cache-Age
X-Activity-Id
X-Az
X-AppVersion
X-HS-Content-Id
X-Kong-Upstream-Latency
X-HS-Hub-Id
X-Kong-Proxy-Latency
Accept-CH-Lifetime
X-Hostname
X-Fastcgi-Cache
Backend-Timing
X-Analytics
X-GUploader-UploadID
X-Accel-Expires
X-Cache-Rule
Surrogate-Key
X-Varnish-Backend
X-Content-Security-Policy-Report-Only
X-Page-Id
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Tumblr-User
X-Amz-Replication-Status
X-Instance
X-Tumblr-Pixel
X-Content-Powered-By
X-Tumblr-Pixel-0
X-Akamai-Edgescape
X-Cluster
X-Varnish-Grace
X-App-Environment
X-Content-Options
X-FB-Debug
Cleartype
X-Jobs
X-PHP-Backend
X-Signature
X-B-Cache
Source
X-TT
X-BCube-Filmed-By
X-Esi
X-Request-Guid
Server-Node
X-Framework
Refresh
Cache-Status
X-Forwarded-Host
DC
Liferay-Portal
X-FW-Hash
X-FW-Type
X-FW-Server
X-FW-Serve
X-FW-Static
X-Varnish-Hostname
X-RateLimit-Limit
X-ATG-Version
Tracecode
Accept-Charset
Access-Control-Allow-Method
X-Mobile
Host-Header
X-Time
X-APP-VERSION
X-Cache-Action
WPE-Backend
Fastcgi-Useragent
X-B
X-Cache-Control
X-Drupal-Cache-Tags
X-Edge-Location
X-Whom
X-Cache-Operation
X-Hp-Webp
NGB
X-Accel-Buffering
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Mobile-URL
X-Response-Served-From
Actual-Object-TTL
X-Cache-Hit
X-WA-Info
X-Presslabs-Stats
X-App-Server
X-WebKit-CSP-Report-Only
Filters
X-TX-ID
X-Storage
X-Git-Hash
Viewport
X-Yottaa-Metrics
X-Yottaa-Optimizations
Cache-Tv-Group
X-GeoIP
X-Cacheable-TTL
X-UA-Device-Type
Payment
Eomportal-Instance
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-TT-TIMESTAMP
X-RemovedCookies
X-Handled-By
Cache-Tag
X-ProcessESI
Upgrade-Insecure-Requests
X-Cache-TTL
X-NWS-LOG-UUID
X-RequestSource
X-Content-Age
X-TA-CDN-Provider
X-Adobe-Content
X-Adobe-Loc
X-SS-Set-Cookie
X-Status
Retry-After
X-Geo-Country
X-VG-WebCache
MS-CV
X-Ratelimit-Limit
X-FW-Dynamic
X-Server-ID
Webserver
Xserver
X-Cache-TTL-Remaining
X-Seen-By
X-FB-TRIP-ID
Datacenter
X-Host-Name
X-RTag
X-Oracle-Dms-Rid
Ms-Operation-Id
Frame-Options
X-Cache-Enabled
Cache
Server-Info
X-Generated-By
X-Hyper-Cache
X-B3-Spanid
X-Guploader-Uploadid
X-Contextid
From-Origin
X-Origin-Server
Country
X-Mode
X-Cache-Var
X-Cache-Var-Map
Load-Balancing
X-Path-Route
X-RN-RSRV
X-ES-SERVER
Machine
X-Tumblr-Pixel-3
Meta-Geo
X-Cache-Config
S-Cnection
X-Cache-Grace
SRV
X-From
Decoy-Debug-Key
X-ShopId
X-Cache-Host
X-ShardId
X-Shopify-Stage
X-Backend-Name
X-MP-GENERATED-AT
ServedBy
Decoy-Debug-Status
Decoy-Debug-TTL
Now
Cache-Key
Vix-Hermes-Req-Id
X-Sorting-Hat-ShopId
X-Dc
X-Viewer-Country
X-Varnish-Server
X-Labrador-Cache-Channel
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
GEO-INFO
X-Environment-Context
X-CCM
X-Region
X-Cluster-Node
Rt-Fastcgi-Cache
X-Debug-Cache
X-EIG-Tracking-Id
X-Rule
X-Upgrade-Enabled
X-Timing-Wait
X-PCL
X-L-Path
X-Via-Fastly
X-Loop
X-TNCMS
X-Magnolia-Registration
X-OCL
X-CF-Powered-By
X-R9-Blue-Green-Version
X-Trace-Id
X-Web-Node
X-Varnish-Cache-Hits
X-Hit
X-Human
X-Proxy-Build
X-Ratelimit-Reset
X-Section
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Locale
Release
Mail-Subject
X-S
X-Routing-Service
X-Endurance-Cache-Level
X-NCache
DSUID
X-Zipkin-Id
X-Proxied
X-Generated
X-JoinUs
X-Site-Version
X-VWS-Id
X-Upstream-HT
X-AWS-Id
X-Upstream-CT
X-Www-Served-By
We-Hiring
X-Access
X-LJ-Flow-ID
X-Rendered-As
Version
DB-Nickname
Akamai-GRN
X-Drupal-Cache-Contexts
CACHE
X-RateLimit-Reset
Cache-Name
OT-Force-Account-Verify
X-Hosted-By
X-Device-Type
X-FC-Vary-Parameters
X-Proto
X-Xfnlog-Site
X-Akamai-Request-ID
X-Origin-Response-Time
X-VG-TLSProxy
X-Varnish-Hits
Mn-Server-Ip
X-RCS-CacheZone
NtCoent-Length
X-Load-Cache
ProcessTime
X-IP
Uber-Trace-Id
X-Time-Microsecs
X-Akamai-Request-ID2
X-NewRelic-App-Data
X-ProxyCache-Status
X-Request-Time
X-ProxyCache-Key
X-BYPASS-REASON
Time
X-VCT
X-Nginx-Cache
Webcakes-App-Version
X-Origin
X-FW-Version
X-Origin-Hint
Cteonnt-Length
Webcakes-Region
X-Redis-Cache
X-UA
Webcakes-App-Name
Azure-Version
Azure-SlotName
Property-Id
S-Rt
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-Country
Azure-SiteName
Azure-RegionName
TWC-Locale-Group
TWC-GeoIP-LatLong
Azure-InstanceId
TWC-Privacy
X-Via-CDN
X-No-Session
X-EdgeConnect-Cache-Status
NGX
X-Wix-Request-Id
X-FireWall-Port
X-Proxy
X-Platform-Server
X-UUID
X-PressLabs-Stats
X-Vgn-Hpd-Reason
X-Cache-NE
X-ECACHE
X-Hl-Ver
X-Rocket-Nginx-Bypass
X-CDN-Forward
X-MServer
X-IPS-LoggedIn
X-Daa-Tunnel
Odigeo-Trace-Id
X-Oneagent-Js-Injection
X-Cache-Server
X-ServerID
X-GEO
X-PERF
X-ApacheServer
X-Akamai-Transformed
X-HTML-Minification-Powered-By
X-Cache-Remote
Origin
X-CS
Accept-Language
X-UnsetCookies
Ec-Rule-Version
X-Distributor
X-Format
Cache-Tags
LB
Access-Control-Request-Headers
X-Webkit-Csp
X-Tb
X-Real-IP
Hostname
Fastly-SSL
Proxy-Connection
X-BACKEND-TTL
X-Pubstack
Selected-Fe
X-Amzn-Remapped-Content-Length
L5d-Success-Class
Origin-Cache-Control
Served-By
Origin-Edge-Control
X-URL
Node
Meta-Geo-Continent
Mobile-Detection-Method
MD5-Digest
Fly-Cache
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
BehaviorPad-Version
AsisCache
AKAMAI
Arc-Country
Cache-Prefix
Cdn-Host
Fastcgi-X-Cache-Version
Rendered-Blocks
Fly-Request-Id
Cross-Origin-Window-Policy
Content-Style-Type
Cdn-Request-Time
Content-Script-Type
GEO-REGION-INFO
X-Cdn-Srv
X-PAYTM-SRV-ID
X-Org
X-Region-Sid
X-Request-UUID
X-Rojux
X-Rewrite-Enabled
X-NU-AKA-ACS-Version
X-Level-Front-Cache
X-Generated-On
X-G
X-Geo-Header
X-IN-APIGATEWAY
X-Is-Bot
X-Instart-Info
X-S-Cookie
X-S-Maxage
X-VG-WebServer
X-Varnish-Url
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-Worker
X-Twitter-Response-Tags
X-Trv-Group
X-Server-Time
X-ScT
X-SRCache-Key
X-SVT-ORM-RULES
X-Transaction
X-SVT-ORM-VERSION
X-External-Request-Id
X-Edge-Server
X-A-Dam
X-A-Ccd
X-A-Dgt
X-A-Wwc
X-Aed
X-Accel-Expires-Debug
X-A
VivaBuild
Request-Time
Request-EU
REQUESTUUID
Rt-Proxy-Cache
Viewtype
Server-ID
X-AIR-PT
X-Application
X-Date
X-D
X-Destination
X-Detected-As
X-DPWN-IS-SECURE
X-Developer
X-Connection-Hash
X-Cluster-Name
X-B-Cookie
X-ARC
X-Cache-Bucket
A
X-CF-Lambda-Version
X-CF-Lambda-Fn
Request-Country
X-A-Dcw
X-Dynatrace-Js-Agent
X-Microcachable
X-B3-Parentspanid
X-Unique-ID
ServerName
X-ElasticPress-Search
PageSpeed
X-Compress-Hint
Memcached
X-Device-Os
X-Request-URI
X-Internal-Host
X-Nc
W
X-NX-Host
Fastly-SWR
Fastly-SIE
X-PHP-Host
Gh-Request-Id
X-Rebelmouse-Cache-Control
X-Debug-Log
X-Rebelmouse-Surrogate-Control
X-Debug-Cookies
X-Varnish-Cacheable
X-Cache-Id
X-TrackingId
X-BBXSRF
True-Client-Country-4JS
X-App-Name
UCS
X-Cache-Backend
X-Cache-Info
X-ServiceProvider
X-Location
Proxy-Firewall
Resin-Trace
X-Sn-Servicetimems
X-Cdn-Origin
X-Grey
X-SERVER
X-NC
IBM-Web2-Location
X-Cache-Category-Id
X-CGP
X-SIPLIST1
X-Skip-Cache
X-Swa-Ws
X-TH-Server
X-Clara-WADP
X-Cms-Context
X-Server-IP
X-SD-PageType
X-Crawler
X-Core-Mission
X-CDN-Cache
X-Clientip
X-Variation
X-Webstats-RespID
X-WebServer
X-Auto-Login
X-Amz-Meta-Cache-Control
Web-Mar-Node
Kp-EeAlive
X-We-Are-Hiring
X-Backend-State
X-Cache-FS-Status
X-Developers
X-Block-Status
X-Bip
X-WADP-Cache
X-Thanos
X-Response-By
X-Irp-Debug
X-Qloud-Router
X-Reboot
X-HS-Combine-CSS
X-Hnp-Log
X-HS-Cache-Config
X-Key
X-Proxy-Upstream
X-Owner
X-LI-UUID
X-LI-Proto
X-Li-Pop
X-Li-Fabric
X-Proxy-Cache-Status
X-Hash
X-GeoIP-Country-Code
X-Eu-Site
X-Fastly-Cache
X-Epic-Correlation-Id
X-Distil-CS
X-Dispatch
X-Dispatcher-Server
X-Fetched-On
X-Gen-Mode
X-Edge
X-GeoIP-City
X-Generation-Time
X-Reqid
X-Request-Start
X-Nginx-Cache-Key
X-Method
User-Cache-Control
Backend-Name
RNT-Machine
IsBot
V-Age
Adler-Geo
Is-Eu
RNT-Time
SD-X-WS
SS
Platform
Server-Int
N-Cache
Section-Io-Cache
Server-Host
Apple-News-Services-Handled
Content-Disposition
Apple-News-Services-Host
Ha-Gx-Prefs
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Powered-By
PFcat
HA-Ipaddr
Esi-Enabled
Country-Code
X-C
On-Server
GW-Server
Heartbleed
Pramga
Countrycode
X-Urbn-Site-Id
X-Urbn-Context-Path
Locale
X-Servername
X-Matched-Rule
X-Release
Fastly-Soc-X-Request-Id
X-Thinkindot-L3
X-Origin-Expires
X-Origin-Date
Who
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
X-Secret
L
X-SERVER-NAME
X-Gannett-Site-Version
X-Wikidot-Static-Cache
Thinkindot-Control
X-Wikidot-Backend
X-FE
X-FPC
X-VServer
Thinkindot-CacheControl
CDCHOST
Thinkindot-CacheControl-Type
X-Varnish-Ttl
X-Processor
X-Served-From
X-Via-NSCOPI
X-VC-Cache
X-Azure-Ref
X-CLOUD-TRACE-CONTEXT
X-Azure-Ref-OriginShield
X-OVcl-Cache
X-Pf-Uncompressing
X-CUA
X-OVcl
X-Powered-By-Defense
X-ABtesting
X-Flog
User-Agent
X-Ratelimit-Remaining
X-Via-Edge
X-Parent-Response-Time
CF-IPCountry
X-Via-SSL
X-Hello
X-Be
Magicmarker
Pagetype
Mime-Version
X-ND-Cache
X-Protected-By
X-Varnish-Beresp-Ttl
Memory
X-Geo
X-LAGOON
X-Backend-Url
X-Generated-In
X-Backend-Host
X-User
X-Tt-Trace-Tag
X-Page-Type
X-Newrelic-Synthetics
X-Planisys-CDN-Cache
X-COUNTRY
X-GoCache-CacheStatus
X-Debug-Cache-Store
X-MSEdge-Features
X-MSEdge-Flight
X-Up
X-Ttl
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
Pragrma
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Fstrz
X-Origin-TTL
X-Ua
X-Origin-CC
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Zone
Geoip-Latitude
Geoip-City
X-Oss-Server-Time
X-Oss-Storage-Class
GeoIp-Country-Code
X-Check-Cacheable
X-Soup
X-B3-SpanId
Cache-Hits
X-Backend-TTL
X-Cache-Ttl
X-Core-Value
X-IN-WAF
X-Say-Cacheable
X-Say-TTL
X-SayCDN-TTL
X-Old-Content-Length
X-Phone
X-ZONE
X-Litespeed-Cache
X-Akamai-SSL-Client-Sid
X-Varnish-Beresp-Grace
X-TT-LOGID
X-Varnish-Beresp-Status
X-Cdn-Forward
X-Cache-Time
Cdn
XServer
X-Servedbyhost
X-Vcl-Version
SN
X-HS-Status
X-DC
X-CSRF-TOKEN
WZWS-RAY
X-Aicache-OS
Fastly-Backend-Name
Inserted-Into-Cache-At
X-Datadome
X-Birta-Cache-Post
Amp-Access-Control-Allow-Source-Origin
X-MID
X-Mid
X-Birta-Served
X-Ruxit-Js-Agent
X-Logtrace-Id
X-VCL-Version
X-FORWARDED-FOR
X-Node-Id
FSS-Proxy
Ajk
X-IN-APIGATEWAYSSL
FSS-Cache
X-EC-Lua
X-Info
X-Varnish-IP
X-BC
X-UPSTREAM-Address
X-ServedByHost
X-Tb-Optimization-Total-Bytes-Saved
Selected-FE
X-Amzn-Remapped-Date
X-Real-Ip
X-Amzn-Remapped-Connection
X-Contensis-Viewer-Groups
X-Varnish-Authentication
HitType
X-Cache-ASPX
X-RateLimit-Limit-Second
Server-Cache-Control
CF-Cached-On
X-APP
X-RateLimit-Remaining-Second
X-Refresh
X-Bc
HostName
Server-Surrogate-Control
X-CSRF-Token
X-Cache-Debug
X-Agile-Age
X-Agile-Id
X-Agile
X-Proxy-Cacherz
RequestId
Xkeyrz
X-Wa
Srv
Dynatrace
X-Source
T-Server
X-Nananana
X-App-Version
Cf-Ipcountry
X-LiteSpeed-Cache-Control
X-ECache
X-GDPR
X-WR-MODIFICATION
X-Render-Time
GeoIP-Country-Code
X-TIME
X-PJAX-URL
PICS-Label
X-Via-Ucdn
X-Varnish-Beresp-TTL
MIME-Version
X-NWS-UUID-VERIFY
WebServer
GeoIP-Latitude
X-Fastly-Country-Code
Ohc-File-Size
X-LB-ID
GeoIP-City
X-Web-Server
X-Cache-Tag
X-CACHE-KEY
Is-Session-Tracking
X-Tec-Api-Version
Ohc-Cache-HIT
X-Micro-Cache
X-PAGE-TYPE
X-Unique-Id
Get-Access-Time
URI
X-SRV
X-Tec-Api-Root
X-Uri
Xkeynj
SID
X-Tec-Api-Origin
X-Policy
DataCenter
X-Requestid
X-BE
X-Sedo-Request-Id
X-Cache-Miss-From
CDN
Group
X-MCACHE
X-GRACE
X-Pjax-Url
Cache-Provider
X-Request-Url
X-Lb-Id
X-Fastly-Backend-Reqs
X-Service
X-NGINX-Cache
HTTPS
Xet-Cookie
Pics-Label
X-Apw-Hits
X-Var-Ttl
Lb
X-Vct
X-Swift-Error
X-SN
Warning
Backend
Cneonction
X-Edge-IP
Www
X-Apw-Access-Object
X-Apw-Access-Token
X-Apw-Access-Action
X-Dw-Trace-Id
X-Cf-Powered-By
X-Ecache
X-Cdn-Request-ID
X-Instart-Isnd
FNAC-ModuleRouting
X-WA
Host-ID
Correlation-Id
X-Cache-Expires
X-Newrelic-App-Data
X-Fe
X-Serial
X-Is-Gdpr
X-Has-Esi
X-JWT-State
Ohc-Response-Time
X-Akamai-ERPolicy
X-Fastly-Cache-Hits
X-Flow-Id
X-Page-Impression-Id
X-Akamai-ERRuleID
X-Bug-Bounty
X-Html-Edge-Cache
Requestid
Lfy
X-Zalando-Child-Request-Id
X-DB
X-RSL
X-Fpc
X-ServerName
X-RPS
X-RPM
X-DI
X-DSS
X-DW
X-PF-Uncompressing