Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
CF-Cache-Status
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Alt-Svc
X-Adblock-Key
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Age
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Id-2
X-Amz-Request-Id
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
EagleId
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-SaveTime
X-Swift-CacheTime
X-Server-Id
Ali-Swift-Global-Savetime
X-Ua-Compatible
X-WebKit-CSP
Server-Timing
Feature-Policy
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Report-To
X-Rq
X-Host
X-Ac
X-Node
X-Request-ID
Content-Location
X-OneAgent-JS-Injection
X-Response-Time
X-Cnection
X-Backend-Server
X-Cloud-Trace-Context
X-Origin-Cache
X-Application-Context
X-Readtime
Request-Id
Surrogate-Control
Allow
EagleEye-TraceId
X-ORACLE-DMS-ECID
X-Country
X-Vhost
X-DynaTrace
X-Cdn
X-TTL
X-Cache-Lookup
X-Rack-Cache
X-Origin-Upstream-Status
Pinterest-Generated-By
X-Url
X-Clacks-Overhead
X-FTR-Request-ID
Rating
X-Dns-Prefetch-Control
X-Country-Code
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Ruxit-JS-Agent
X-Dispatcher
NEL
X-ORACLE-DMS-RID
X-CST
X-HW
X-Instart-Request-ID
X-Goog-Hash
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Source
Fusion-Content-Id
X-DataStream-Cache-Status
X-TtlSet
X-PC
X-Vname
Edge-Control
X-DataDome
X-Px
X-VARITI-CCR
Service-Worker-Allowed
Verso
X-Mod-Pagespeed
X-MS-InvokeApp
X-Recruiting
X-Exp-Id
X-GoogleNews-Bot
X-Cdn-Fetch
X-Use-Magma
X-Kinja
X-Kinja-Revision
X-Kinja-Build
X-Kinja-Server
X-Exp-Variant
RTSS
X-D2id
X-Varnish-TTL
SPRequestGuid
X-Vcap-Request-Id
X-Abt-Application-Version
TCN
X-Amz-Server-Side-Encryption
X-Navigation-Version
X-GitHub-Request-Id
X-SharePointHealthScore
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-B3-TraceId
X-Akam-SW-Version
Response
Display
X-Middleton-Response
X-Sol
X-Middleton-Display
DynaTrace
MS-Author-Via
X-ESI
X-Powered-By-Plesk
X-RateLimit-Remaining
Charset
X-Forwarded-Proto
Realpath
X-Shield-Request-Id
ServerID
X-Powered-CMS
X-Trace
Ar-Sid
AR-PoweredBy
X-Server-Name
AR-CACHE
X-Amz-Rid
AR-ATIME
X-TEC-API-ORIGIN
X-TEC-API-VERSION
Content-MD5
X-TEC-API-ROOT
X-Upstream
Fastly-Restarts
Public-Key-Pins
X-Version
Nginx-Cache
X-Cached
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Dw-Request-Base-Id
X-Shard
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
AR-Request-ID
X-Grace
Access-Control-Request-Method
Accept-Ch-Lifetime
Paypal-Debug-Id
Accept-CH
Pagespeed
X-MSEdge-Ref
X-DynaTrace-JS-Agent
X-Goog-Storage-Class
Accept-Ch
SPIisLatency
SPRequestDuration
S
X-Client-IP
X-Debug
X-FTR-Backend
X-FTR-Expires
X-FTR-Realm
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-Country-Code-Real
X-Id
X-Ezoic-Cdn
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Vcache
X-N
X-Amz-Meta-S3cmd-Attrs
X-Fastly-Request-ID
Front-End-Https
X-Amzn-Trace-Id
X-FastCGI-Cache
X-T
Pinterest-Version
X-Pinterest-Rid
X-NF-Request-ID
X-Content-Type
Arr-Disable-Session-Affinity
X-Upstream-Proxy
X-DIS-Request-ID
MicrosoftSharePointTeamServices
X-Hits
X-FTR-Cache-Host
X-B3-Sampled
Nel
X-Acc-Meta-Resource-Type
X-Mobile-Rewrite
X-Varnish-Age
X-Frontend
PB-PID
Arc-Version
X-Ser
PB-RID
X-Logged-In
Fastcgi-Cache
X-XRDS-Location
X-Content-Digest
Server-Name
X-B3-Traceid
X-Correlation-Id
Alternate-Protocol
X-Srv
X-Cache-Key
X-Node-Name
X-VCache
X-Pad
X-Request-Handler-Origin-Region
X-Microsite
FilterID
AMP-Access-Control-Allow-Source-Origin
TP-L2-Cache
X-Rid
X-Forwarded-For
TP-Cache
X-LB-Cache
X-Kinsta-Cache
X-XRDS-LOCATION
X-Type
Healthy
X-User-Agent
X-F-Cache
Host
X-IPLB-Instance
Powered
X-Request-Received
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Zen-Fury
X-Request-Processing-Time
Powered-By-ChinaCache
X-Cache-2
X-Revision
X-Debug-Info
Edge-Cache-Tag
X-AOL-HN
X-Cached-By
X-Via-JSL
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-GUploader-UploadID
X-HS-Content-Id
X-HS-Hub-Id
X-Az
X-AppVersion
X-Activity-Id
X-Cache-Age
X-Hostname
Accept-CH-Lifetime
Backend-Timing
X-Accel-Expires
X-Analytics
X-Cache-Rule
Surrogate-Key
X-Varnish-Backend
X-BCube-Filmed-By
X-Page-Id
X-Content-Options
X-Content-Security-Policy-Report-Only
X-PHP-Backend
X-Cluster
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Instance
X-Content-Powered-By
X-Varnish-Grace
X-Tumblr-User
X-FB-Debug
X-Amz-Replication-Status
X-Jobs
X-B-Cache
X-Signature
X-App-Environment
Cleartype
X-Esi
X-Akamai-Edgescape
Server-Node
X-Request-Guid
Cache-Status
X-TT
X-Fastcgi-Cache
X-Forwarded-Host
Refresh
Source
X-Framework
Liferay-Portal
DC
X-FW-Serve
X-FW-Server
X-FW-Hash
X-FW-Static
X-FW-Type
X-RateLimit-Limit
X-Varnish-Hostname
X-ATG-Version
Accept-Charset
Tracecode
Fastcgi-Useragent
Access-Control-Allow-Method
Host-Header
X-Mobile
X-Time
X-APP-VERSION
X-Cache-Action
X-Drupal-Cache-Tags
WPE-Backend
X-Cache-Operation
X-Edge-Location
X-Cache-Control
X-B
X-Whom
X-Erf-Bev-Bev-Is-Generated
X-Mobile-URL
X-Response-Served-From
X-Presslabs-Stats
Actual-Object-TTL
X-Hp-Webp
X-Erf-Bev-Bev
X-Accel-Buffering
X-App-Server
X-Cache-Hit
NGB
X-Storage
Payment
X-WA-Info
X-TX-ID
X-Git-Hash
Filters
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-WebKit-CSP-Report-Only
X-Handled-By
X-Cacheable-TTL
Cache-Tag
Cache-Tv-Group
X-GeoIP
Viewport
X-UA-Device-Type
X-ProcessESI
Upgrade-Insecure-Requests
X-RemovedCookies
X-TT-TIMESTAMP
X-NWS-LOG-UUID
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
Eomportal-Instance
X-Cache-TTL
X-RequestSource
X-Content-Age
X-SS-Set-Cookie
Retry-After
X-TA-CDN-Provider
X-Geo-Country
X-Adobe-Loc
X-Status
X-Adobe-Content
MS-CV
X-VG-WebCache
X-Ratelimit-Limit
X-FW-Dynamic
Webserver
X-Server-ID
X-Seen-By
Xserver
X-Cache-TTL-Remaining
Datacenter
X-FB-TRIP-ID
X-Oracle-Dms-Rid
X-Host-Name
Ms-Operation-Id
X-RTag
Frame-Options
X-Cache-Enabled
Server-Info
Cache
From-Origin
X-Hyper-Cache
X-Generated-By
X-B3-Spanid
X-Origin-Server
Country
X-Contextid
S-Cnection
Meta-Geo
CACHE
X-CF-Powered-By
X-Cache-Var
X-Tumblr-Pixel-3
X-Cache-Var-Map
X-RN-RSRV
X-ES-SERVER
X-Mode
Machine
Load-Balancing
X-Path-Route
X-MP-GENERATED-AT
X-Drupal-Cache-Contexts
X-Varnish-Server
X-Cache-Config
X-Alternate-Cache-Key
X-Varnish-Cache-Hits
GEO-INFO
X-Section
X-Human
X-Hit
X-From
X-Labrador-Cache-Channel
X-Backend-Name
X-ShardId
Cache-Key
X-Guploader-Uploadid
Decoy-Debug-Status
Decoy-Debug-Key
X-OCL
Now
X-Sorting-Hat-PodId
X-PCL
Vix-Hermes-Req-Id
X-Dc
Rt-Fastcgi-Cache
X-Shopify-Stage
X-ShopId
X-Loop
Decoy-Debug-TTL
X-Sorting-Hat-ShopId
X-Access
X-Upgrade-Enabled
X-TNCMS
X-Proxy-Build
X-R9-Blue-Green-Version
X-EIG-Tracking-Id
X-Cluster-Node
X-Debug-Cache
X-Timing-Wait
X-Endurance-Cache-Level
X-Web-Node
X-Via-Fastly
X-CCM
X-Ratelimit-Reset
X-Viewer-Country
X-Cache-Host
X-Rule
Cache-Name
DB-Nickname
X-Cache-Grace
Akamai-GRN
Release
Mail-Subject
OT-Force-Account-Verify
DSUID
We-Hiring
X-AWS-Id
X-Locale
X-Www-Served-By
X-Routing-Service
X-Zipkin-Id
X-Proxied
X-Device-Type
X-VWS-Id
X-VG-TLSProxy
X-Upstream-CT
X-Rendered-As
X-Trace-Id
X-Region
X-RateLimit-Reset
X-NCache
X-JoinUs
X-L-Path
X-Hosted-By
X-Generated
X-Environment-Context
X-FC-Vary-Parameters
X-Magnolia-Registration
X-LJ-Flow-ID
X-Site-Version
X-Upstream-HT
X-S
ServedBy
X-Proto
X-Xfnlog-Site
X-Goog-Meta-Goog-Reserved-File-Mtime
X-RCS-CacheZone
Version
SRV
X-Varnish-Hits
X-Origin-Response-Time
X-Akamai-Request-ID
Mn-Server-Ip
X-Load-Cache
Uber-Trace-Id
ProcessTime
X-Time-Microsecs
X-IP
X-Request-Time
X-Akamai-Request-ID2
X-VCT
Time
NtCoent-Length
S-Rt
Cteonnt-Length
X-BYPASS-REASON
X-ProxyCache-Status
X-Origin
X-Wix-Request-Id
X-FW-Version
X-Nginx-Cache
X-NewRelic-App-Data
X-ProxyCache-Key
X-UA
X-Redis-Cache
Azure-Version
TWC-Privacy
TWC-Locale-Group
Webcakes-App-Name
Webcakes-App-Version
X-Origin-Hint
Webcakes-Region
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Azure-RegionName
Azure-InstanceId
Azure-SiteName
Azure-SlotName
TWC-Device-Class
TWC-Connection-Speed
Property-Id
X-Platform-Server
X-Via-CDN
X-No-Session
X-EdgeConnect-Cache-Status
NGX
X-UUID
X-FireWall-Port
X-Proxy
X-PressLabs-Stats
X-GEO
X-MServer
X-Vgn-Hpd-Reason
X-Cache-NE
X-Rocket-Nginx-Bypass
X-CDN-Forward
X-Hl-Ver
X-ECACHE
X-Daa-Tunnel
Odigeo-Trace-Id
X-IPS-LoggedIn
X-HTML-Minification-Powered-By
X-Oneagent-Js-Injection
X-PERF
X-ServerID
X-Akamai-Transformed
X-ApacheServer
X-Cache-Server
X-CS
Origin
X-Format
X-UnsetCookies
Accept-Language
LB
X-Distributor
Ec-Rule-Version
Access-Control-Request-Headers
X-Cache-Remote
X-Webkit-Csp
Cache-Tags
X-Real-IP
X-Tb
L5d-Success-Class
X-Amzn-Remapped-Content-Length
Fastly-SSL
Selected-Fe
Proxy-Connection
X-BACKEND-TTL
Served-By
X-URL
Origin-Edge-Control
Origin-Cache-Control
Meta-Geo-Continent
Mobile-Detection-Method
X-Region-Sid
X-Geo-Header
X-Cdn-Srv
X-CF-Lambda-Version
Node
X-Microcachable
X-CF-Lambda-Fn
X-B-Cookie
X-Generated-On
Rendered-Blocks
Request-Country
X-Rojux
Hostname
X-G
X-SVT-ORM-VERSION
MD5-Digest
X-Vtex-Processado-Em
X-ARC
X-Rewrite-Enabled
X-Request-UUID
X-Transaction
AsisCache
X-DPWN-IS-SECURE
Arc-Country
Content-Style-Type
Cross-Origin-Window-Policy
Content-Script-Type
BehaviorPad-Version
Cache-Prefix
Cdn-Request-Time
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Fastcgi-X-Cache-Version
AKAMAI
X-Org
GEO-REGION-INFO
X-NU-AKA-ACS-Version
X-Twitter-Response-Tags
X-Trv-Group
Fly-Request-Id
Fly-Cache
A
X-Instart-Info
X-Edge-Server
X-PAYTM-SRV-ID
X-Date
X-VG-WebServer
X-A-Ccd
X-Pubstack
X-Server-Time
X-A-Dam
X-Nc
X-A
X-AIR-PT
Request-EU
Viewtype
VivaBuild
X-Is-Bot
X-Cache-Bucket
X-A-Dcw
X-A-Dgt
X-SVT-ORM-RULES
X-Unique-ID
X-IN-APIGATEWAY
X-Cluster-Name
X-Dynatrace-Js-Agent
X-SRCache-Key
X-Level-Front-Cache
X-Accel-Expires-Debug
X-A-Wwc
X-Vtex-Remote-Cache
X-Aed
X-Varnish-Cacheable
X-ScT
X-Varnish-Url
Xc-Version
X-Developer
X-Detected-As
X-Application
X-S-Cookie
X-Connection-Hash
X-Worker
X-Destination
Cdn-Host
Rt-Proxy-Cache
X-External-Request-Id
Server-ID
Request-Time
REQUESTUUID
X-D
X-S-Maxage
ServerName
X-Grey
X-Compress-Hint
X-Cache-Category-Id
Countrycode
Proxy-Firewall
Content-Disposition
X-Location
Resin-Trace
Fastly-SWR
X-App-Name
W
Is-Eu
UCS
Memcached
X-BBXSRF
True-Client-Country-4JS
HA-Ipaddr
On-Server
Fastly-SIE
X-Backend-State
X-Device-Os
Ha-Gx-Prefs
Gh-Request-Id
Platform
X-Rebelmouse-Cache-Control
X-Server-IP
X-We-Are-Hiring
X-Skip-Cache
X-Rebelmouse-Surrogate-Control
X-Eu-Site
X-Clientip
X-CGP
X-B3-Parentspanid
X-Cache-Backend
X-Internal-Host
X-GeoIP-Country-Code
X-HS-Cache-Config
X-HS-Combine-CSS
X-Epic-Correlation-Id
X-ServiceProvider
Backend-Name
X-TrackingId
X-Variation
Adler-Geo
X-ElasticPress-Search
X-NC
X-SERVER
IBM-Web2-Location
X-GeoIP-City
X-Gen-Mode
V-Age
User-Cache-Control
X-Debug-Log
X-Generation-Time
SS
X-LI-UUID
X-Bip
X-Core-Mission
X-Webstats-RespID
X-Fastly-Cache
X-Edge
X-WebServer
X-SD-PageType
X-Cache-FS-Status
X-Li-Pop
X-TH-Server
X-Thanos
X-Li-Fabric
X-FPC
X-Debug-Cookies
X-Cms-Context
X-Sn-Servicetimems
X-SIPLIST1
X-WADP-Cache
X-LI-Proto
X-Amz-Meta-Cache-Control
Web-Mar-Node
X-Key
X-Auto-Login
Server-Int
X-Servername
X-Fetched-On
X-Clara-WADP
RNT-Machine
X-Proxy-Upstream
GW-Server
X-Proxy-Cache-Status
X-Dispatcher-Server
X-Qloud-Router
Heartbleed
X-Dispatch
X-Cache-Id
IsBot
X-NX-Host
X-PHP-Host
X-CDN-Cache
Apple-News-Services-Parsed-Url
Country-Code
Apple-News-Services-Request-Url
X-Irp-Debug
Apple-News-Services-Host
Esi-Enabled
X-Owner
X-Cache-Info
Apple-News-Services-Handled
X-Reboot
X-Cdn-Origin
X-Hash
X-Hnp-Log
Pramga
X-Developers
X-Crawler
X-Distil-CS
Section-Io-Cache
SD-X-WS
RNT-Time
Powered-By
X-Block-Status
N-Cache
X-Request-Start
X-Reqid
X-Nginx-Cache-Key
X-C
X-Request-URI
PFcat
X-Response-By
X-Method
Server-Host
X-Urbn-Context-Path
Locale
X-Urbn-Site-Id
X-SERVER-NAME
X-FE
X-Secret
X-Swa-Ws
X-Gannett-Site-Version
X-Wikidot-Static-Cache
X-Wikidot-Backend
Wxu-Next-Hostname
Wxu-Next-Region
Fastly-Soc-X-Request-Id
L
Who
CDCHOST
X-Pf-Uncompressing
X-Release
Wxu-Next-Commit
Kp-EeAlive
X-Varnish-Ttl
X-CUA
X-Processor
X-Served-From
X-Azure-Ref-OriginShield
X-OVcl-Cache
X-OVcl
X-CLOUD-TRACE-CONTEXT
X-Thinkindot-L3
CF-IPCountry
X-VServer
X-VC-Cache
X-Origin-Expires
X-Via-NSCOPI
X-Origin-Date
X-Matched-Rule
Thinkindot-CacheControl
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Azure-Ref
X-Powered-By-Defense
X-Via-Edge
X-Parent-Response-Time
X-Via-SSL
PageSpeed
X-Ratelimit-Remaining
Mime-Version
X-Be
X-Flog
X-ABtesting
Magicmarker
Pagetype
X-Hello
X-LAGOON
User-Agent
X-Protected-By
X-ND-Cache
X-Generated-In
Memory
X-Backend-Host
X-Backend-Url
X-User
X-Varnish-Beresp-Ttl
X-Newrelic-Synthetics
X-Tt-Trace-Tag
X-MSEdge-Flight
X-GoCache-CacheStatus
X-Debug-Cache-Store
X-MSEdge-Features
X-Up
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Soup
X-Page-Type
X-Debug-Cache-Fetch
X-COUNTRY
X-Ttl
X-Debug-Cache-Expiry
X-Geo
X-Fstrz
Pragrma
X-Origin-TTL
X-Ua
X-Origin-CC
Geoip-City
Geoip-Latitude
X-Check-Cacheable
X-Oss-Storage-Class
X-Zone
GeoIp-Country-Code
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Request-Id
X-Backend-TTL
X-B3-SpanId
Cache-Hits
X-Cache-Ttl
X-Old-Content-Length
X-Core-Value
X-IN-WAF
X-Phone
X-Akamai-SSL-Client-Sid
X-Litespeed-Cache
X-ZONE
X-Say-Cacheable
X-SayCDN-TTL
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Say-TTL
X-TT-LOGID
X-Cdn-Forward
X-Servedbyhost
XServer
X-Cache-Time
Cdn
X-Aicache-OS
X-DC
Inserted-Into-Cache-At
SN
X-Vcl-Version
X-Datadome
X-Node-Id
X-HS-Status
WZWS-RAY
X-CSRF-TOKEN
Amp-Access-Control-Allow-Source-Origin
X-Birta-Served
X-Mid
X-MID
X-Ruxit-Js-Agent
X-Birta-Cache-Post
X-IN-APIGATEWAYSSL
X-VCL-Version
FSS-Cache
X-Logtrace-Id
Ajk
FSS-Proxy
X-FORWARDED-FOR
X-ServedByHost
Fastly-Backend-Name
X-EC-Lua
X-Info
X-BC
Selected-FE
X-UPSTREAM-Address
X-Varnish-IP
X-Amzn-Remapped-Connection
X-Tb-Optimization-Total-Bytes-Saved
X-Real-Ip
X-Amzn-Remapped-Date
HostName
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
X-Contensis-Viewer-Groups
X-Varnish-Authentication
X-Bc
X-Refresh
CF-Cached-On
X-RateLimit-Remaining-Second
X-CSRF-Token
X-Cache-ASPX
X-RateLimit-Limit-Second
X-APP
Srv
Server-Cache-Control
HitType
Server-Surrogate-Control
Xkeyrz
X-Wa
X-Proxy-Cacherz
X-Agile-Id
X-Source
X-Cache-Debug
X-Agile-Age
RequestId
X-Agile
Dynatrace
PICS-Label
T-Server
X-Nananana
X-App-Version
X-LiteSpeed-Cache-Control
X-WR-MODIFICATION
GeoIP-Country-Code
X-TIME
X-ECache
X-Render-Time
X-PJAX-URL
X-GDPR
X-Varnish-Beresp-TTL
X-Via-Ucdn
X-NWS-UUID-VERIFY
WebServer
MIME-Version
Cf-Ipcountry
GeoIP-City
GeoIP-Latitude
X-LB-ID
X-Web-Server
X-Fastly-Country-Code
Ohc-File-Size
X-Uri
X-Cache-Tag
X-CACHE-KEY
X-Unique-Id
X-Micro-Cache
Xkeynj
Get-Access-Time
URI
Ohc-Cache-HIT
X-SRV
Is-Session-Tracking
X-Policy
X-PAGE-TYPE
SID
DataCenter
Group
X-Cache-Miss-From
X-Sedo-Request-Id
X-BE
CDN
X-Requestid
X-GRACE
X-MCACHE
X-Lb-Id
HTTPS
X-Fastly-Backend-Reqs
X-NGINX-Cache
X-Request-Url
X-Pjax-Url
X-Service
Cache-Provider
Xet-Cookie
X-WA
X-SN
Lb
Pics-Label
X-Apw-Access-Token
X-Vct
Www
Backend
Warning
X-Edge-IP
Cneonction
X-Apw-Hits
X-Swift-Error
X-Apw-Access-Object
X-Apw-Access-Action
X-Dw-Trace-Id
X-Cf-Powered-By
X-Ecache
X-Instart-Isnd
Correlation-Id
X-Cache-Expires
X-Has-Esi
X-Var-Ttl
Host-ID
X-Cdn-Request-ID
X-Is-Gdpr
X-JWT-State
FNAC-ModuleRouting
X-Newrelic-App-Data
Ohc-Response-Time
X-Serial
X-Fe
X-DW
X-Fastly-Cache-Hits
X-DB
X-DI
X-Html-Edge-Cache
X-Zalando-Child-Request-Id
X-Flow-Id
Requestid
X-Page-Impression-Id
X-DSS
X-RPM
X-Akamai-ERPolicy
X-PF-Uncompressing
Lfy
X-Akamai-ERRuleID
X-ServerName
X-RPS
X-RSL
X-Fpc
X-Bug-Bounty