Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
CF-Cache-Status
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Alt-Svc
X-Adblock-Key
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-CDN
X-Via
X-Turbo-Charged-By
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Age
X-Server
X-Backend
X-Pingback
X-Amz-Id-2
X-Amz-Request-Id
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
EagleId
Grace
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
X-Request-ID
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
X-Server-Id
Ali-Swift-Global-Savetime
X-Ua-Compatible
X-WebKit-CSP
Server-Timing
Feature-Policy
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Rq
X-Host
Report-To
X-Ac
X-Node
Content-Location
X-OneAgent-JS-Injection
X-Cnection
X-Response-Time
X-Backend-Server
X-Cloud-Trace-Context
X-Origin-Cache
X-Application-Context
X-Readtime
Request-Id
Allow
Surrogate-Control
EagleEye-TraceId
X-ORACLE-DMS-ECID
X-Country
X-Vhost
X-DynaTrace
X-TTL
X-Cache-Lookup
X-Origin-Upstream-Status
X-Rack-Cache
X-Url
X-Clacks-Overhead
X-FTR-Request-ID
NEL
Rating
Pinterest-Generated-By
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country-Code
X-Dispatcher
X-Ruxit-JS-Agent
X-CST
X-HW
X-ORACLE-DMS-RID
X-Instart-Request-ID
X-Goog-Hash
Fusion-Component-Id
Fusion-Content-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
X-Cdn
X-DataStream-Cache-Status
X-DataDome
X-TtlSet
X-PC
X-Vname
Edge-Control
X-VARITI-CCR
X-Px
Service-Worker-Allowed
Verso
X-Mod-Pagespeed
X-MS-InvokeApp
RTSS
X-Recruiting
X-Kinja
X-Use-Magma
X-Exp-Variant
X-Varnish-TTL
X-Exp-Id
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Cdn-Fetch
X-GoogleNews-Bot
X-D2id
X-Dns-Prefetch-Control
SPRequestGuid
X-Vcap-Request-Id
X-Abt-Application-Version
TCN
X-Amz-Server-Side-Encryption
X-GitHub-Request-Id
X-SharePointHealthScore
X-Navigation-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Akam-SW-Version
X-Middleton-Response
X-Powered-By-Plesk
X-Sol
Display
Response
X-Middleton-Display
X-ESI
X-B3-TraceId
MS-Author-Via
X-RateLimit-Remaining
X-Forwarded-Proto
Realpath
Charset
DynaTrace
X-Powered-CMS
X-Version
X-Shield-Request-Id
X-Upstream
Public-Key-Pins
X-Server-Name
Fastly-Restarts
X-Amz-Rid
Nginx-Cache
ServerID
X-Cached
X-Trace
Ar-Sid
AR-PoweredBy
AR-ATIME
AR-CACHE
X-Shard
X-TEC-API-VERSION
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Grace
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
Mrf-Cache-Status
Content-MD5
X-Mrf-Item-Lastmod
MRF-Tech
X-Dw-Request-Base-Id
Pagespeed
AR-Request-ID
Paypal-Debug-Id
Access-Control-Request-Method
Accept-Ch
X-MSEdge-Ref
Accept-Ch-Lifetime
Accept-CH
X-Client-IP
SPRequestDuration
SPIisLatency
X-Goog-Storage-Class
X-FTR-Expires
X-FTR-DC
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Balancer
X-Debug
X-Country-Code-Real
X-DynaTrace-JS-Agent
S
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Ezoic-Cdn
X-FastCGI-Cache
X-Id
Front-End-Https
X-Fastly-Request-ID
X-Amz-Meta-S3cmd-Attrs
X-T
X-N
X-Amzn-Trace-Id
Arr-Disable-Session-Affinity
X-NF-Request-ID
X-DIS-Request-ID
X-Content-Type
MicrosoftSharePointTeamServices
X-Hits
X-Pinterest-Rid
Pinterest-Version
X-B3-Sampled
X-Upstream-Proxy
X-FTR-Cache-Host
X-Vcache
X-B3-Traceid
X-VCache
X-XRDS-Location
X-Acc-Meta-Resource-Type
X-Frontend
Fastcgi-Cache
X-Varnish-Age
X-Content-Digest
PB-RID
X-Logged-In
PB-PID
X-Mobile-Rewrite
Arc-Version
X-Correlation-Id
Server-Name
X-Ser
Alternate-Protocol
X-Srv
X-Cache-Key
X-Node-Name
Nel
X-Request-Handler-Origin-Region
X-Microsite
AMP-Access-Control-Allow-Source-Origin
X-Pad
FilterID
Powered
X-Forwarded-For
X-Type
X-User-Agent
TP-Cache
TP-L2-Cache
X-Rid
X-LB-Cache
X-IPLB-Instance
X-Cache-2
X-Kinsta-Cache
Healthy
X-Request-Received
X-Request-Processing-Time
X-F-Cache
X-Zen-Fury
Host
X-Amzn-RequestId
X-Amz-Apigw-Id
X-XRDS-LOCATION
X-Revision
Edge-Cache-Tag
X-Via-JSL
Accept-CH-Lifetime
X-Debug-Info
X-AOL-HN
Powered-By-ChinaCache
X-Analytics
Backend-Timing
X-GUploader-UploadID
X-Kong-Upstream-Latency
X-Cache-Age
X-Kong-Proxy-Latency
X-AppVersion
X-Az
X-Activity-Id
X-Cached-By
X-Accel-Expires
X-HS-Content-Id
X-HS-Hub-Id
X-Hostname
X-Cache-Rule
Surrogate-Key
Cache-Status
X-Page-Id
X-Content-Security-Policy-Report-Only
X-PHP-Backend
VIX-Pulpo-Upstream-Status
X-Varnish-Backend
X-Content-Options
X-BCube-Filmed-By
VIX-Pulpo-Node
Server-Node
X-Instance
X-Amz-Replication-Status
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Content-Powered-By
X-Request-Guid
X-Tumblr-User
X-Varnish-Grace
X-Jobs
X-Forwarded-Host
X-Cluster
X-B-Cache
X-Signature
X-Akamai-Edgescape
Refresh
X-App-Environment
X-FB-Debug
Cleartype
X-TT
Source
X-FW-Hash
X-FW-Static
X-Esi
X-Framework
X-FW-Serve
X-FW-Type
Liferay-Portal
X-FW-Server
DC
X-Fastcgi-Cache
Accept-Charset
X-RateLimit-Limit
Tracecode
X-ATG-Version
Fastcgi-Useragent
Access-Control-Allow-Method
X-Varnish-Hostname
X-Time
Host-Header
X-APP-VERSION
X-Whom
X-Cache-Action
X-Mobile
X-Cache-Operation
X-Presslabs-Stats
X-Drupal-Cache-Tags
WPE-Backend
X-Cache-Control
X-B
X-App-Server
X-Edge-Location
Payment
X-WA-Info
X-Mobile-URL
X-Hp-Webp
NGB
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Response-Served-From
X-Accel-Buffering
Retry-After
X-Content-Age
X-Git-Hash
Actual-Object-TTL
X-Cache-Hit
Cache-Tv-Group
X-Storage
X-Handled-By
Cache-Tag
X-WebKit-CSP-Report-Only
X-TX-ID
Filters
X-TT-TIMESTAMP
X-Cacheable-TTL
X-Cache-TTL
X-NWS-LOG-UUID
Upgrade-Insecure-Requests
X-Oracle-Dms-Rid
Viewport
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-RequestSource
Eomportal-Instance
X-ProcessESI
X-Adobe-Content
X-RemovedCookies
X-Adobe-Loc
X-Status
MS-CV
X-GeoIP
X-Yottaa-Optimizations
X-UA-Device-Type
X-Yottaa-Metrics
X-FW-Dynamic
X-SS-Set-Cookie
X-Geo-Country
X-VG-WebCache
Webserver
Xserver
X-Seen-By
X-Ratelimit-Limit
X-Server-ID
X-Cache-TTL-Remaining
X-RTag
Ms-Operation-Id
X-Host-Name
X-TA-CDN-Provider
Datacenter
X-B3-Spanid
Frame-Options
X-FB-TRIP-ID
X-Cache-Enabled
From-Origin
X-Origin-Server
X-Hyper-Cache
X-Contextid
Server-Info
X-Mode
CACHE
Country
SRV
X-CF-Powered-By
Cache
GEO-INFO
X-Generated-By
Meta-Geo
X-Path-Route
X-Cache-Var-Map
X-Drupal-Cache-Contexts
Machine
X-ES-SERVER
Load-Balancing
X-Cache-Var
X-RN-RSRV
S-Cnection
X-RateLimit-Reset
X-Tumblr-Pixel-3
X-MP-GENERATED-AT
X-Upstream-CT
X-Section
X-Upstream-HT
X-Access
X-Zipkin-Id
X-Cache-Config
X-Proxied
X-Routing-Service
X-Hit
Vix-Hermes-Req-Id
X-From
X-Backend-Name
X-TNCMS
X-Human
X-Loop
X-R9-Blue-Green-Version
X-Labrador-Cache-Channel
X-Origin-Response-Time
X-Upgrade-Enabled
X-Varnish-Server
X-VG-TLSProxy
Akamai-GRN
Now
X-Varnish-Cache-Hits
X-Cluster-Node
X-Rule
X-Web-Node
Decoy-Debug-TTL
X-Akamai-Request-ID
Mn-Server-Ip
Rt-Fastcgi-Cache
Decoy-Debug-Status
Decoy-Debug-Key
X-EIG-Tracking-Id
X-Proxy-Build
X-Region
X-Cache-Grace
X-Timing-Wait
Cache-Name
X-PCL
X-FC-Vary-Parameters
X-Via-Fastly
X-Viewer-Country
X-Www-Served-By
X-Site-Version
X-Trace-Id
X-Generated
Cache-Key
X-Locale
X-NCache
X-OCL
X-Cache-Host
X-Debug-Cache
DB-Nickname
X-Guploader-Uploadid
X-JoinUs
X-L-Path
X-Proto
X-Rendered-As
X-Hosted-By
X-Magnolia-Registration
X-Environment-Context
ServedBy
X-VWS-Id
X-AWS-Id
OT-Force-Account-Verify
X-Goog-Meta-Goog-Reserved-File-Mtime
X-LJ-Flow-ID
X-Endurance-Cache-Level
X-Request-Time
X-S
ProcessTime
X-IP
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
DSUID
X-Xfnlog-Site
X-ShardId
X-Shopify-Stage
X-CCM
X-Device-Type
X-Sorting-Hat-ShopId
Release
X-ShopId
X-Load-Cache
X-Dc
Time
X-Akamai-Request-ID2
X-NewRelic-App-Data
Mail-Subject
X-Time-Microsecs
Version
We-Hiring
X-RCS-CacheZone
Uber-Trace-Id
NtCoent-Length
Azure-SiteName
S-Rt
X-FW-Version
Azure-Version
Azure-SlotName
Azure-RegionName
Azure-InstanceId
X-Wix-Request-Id
TWC-Privacy
X-Origin
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
Property-Id
X-Origin-Hint
TWC-GeoIP-Country
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-LatLong
TWC-Locale-Group
X-Varnish-Hits
X-EdgeConnect-Cache-Status
X-VCT
X-Ratelimit-Reset
X-No-Session
X-Nginx-Cache
X-ProxyCache-Status
X-UUID
X-Proxy
X-BYPASS-REASON
X-FireWall-Port
X-ProxyCache-Key
Cteonnt-Length
X-Redis-Cache
X-Via-CDN
NGX
X-GEO
X-CDN-Forward
X-Daa-Tunnel
X-UA
X-Platform-Server
X-Akamai-Transformed
X-Vgn-Hpd-Reason
X-HTML-Minification-Powered-By
X-Format
X-PERF
X-ApacheServer
X-CS
X-PressLabs-Stats
X-ECACHE
Odigeo-Trace-Id
X-Hl-Ver
X-Rocket-Nginx-Bypass
X-MServer
Ec-Rule-Version
Accept-Language
X-Cache-Server
X-Cache-Remote
X-Cache-NE
Origin
LB
X-UnsetCookies
X-Oneagent-Js-Injection
Cache-Tags
X-IPS-LoggedIn
X-Tb
X-ServerID
X-Distributor
Access-Control-Request-Headers
X-Real-IP
X-Amzn-Remapped-Content-Length
X-Dynatrace-Js-Agent
Selected-Fe
Fastly-SSL
X-Webkit-Csp
Proxy-Connection
X-Microcachable
X-Compress-Hint
X-Unique-ID
X-B3-Parentspanid
X-AIR-PT
X-Developer
X-Server-Time
REQUESTUUID
Rendered-Blocks
Cross-Origin-Window-Policy
Fastcgi-X-Cache-Version
Fly-Cache
Content-Style-Type
Content-Script-Type
X-Connection-Hash
Cdn-Host
Cdn-Request-Time
Fly-Request-Id
GEO-REGION-INFO
MD5-Digest
X-CF-Lambda-Version
X-CF-Lambda-Fn
Meta-Geo-Continent
Mobile-Detection-Method
X-Cluster-Name
Node
X-PAYTM-SRV-ID
Cache-Prefix
Cache-Cookie-Set-Lfrom
X-Rewrite-Enabled
X-Request-UUID
X-Date
X-Rojux
X-S-Cookie
X-Destination
X-ScT
X-S-Maxage
X-D
X-Region-Sid
BehaviorPad-Version
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
AsisCache
Arc-Country
A
X-Org
AKAMAI
X-Detected-As
Rt-Proxy-Cache
Hostname
X-Trv-Group
X-Geo-Header
X-NU-AKA-ACS-Version
X-Application
L5d-Success-Class
X-BACKEND-TTL
X-Generated-On
X-G
X-B-Cookie
Viewtype
VivaBuild
X-Transaction
X-Is-Bot
X-App-Name
X-Accel-Expires-Debug
X-A-Wwc
X-Aed
X-Vtex-Processado-Em
Xc-Version
X-Worker
X-A-Dgt
X-Twitter-Response-Tags
X-A
X-A-Ccd
X-A-Dam
X-A-Dcw
X-IN-APIGATEWAY
X-ARC
X-Level-Front-Cache
X-Cache-Bucket
X-Vtex-Remote-Cache
X-SRCache-Key
X-SVT-ORM-RULES
X-Edge-Server
Server-ID
X-DPWN-IS-SECURE
X-SVT-ORM-VERSION
X-Instart-Info
X-Internal-Host
X-External-Request-Id
X-Varnish-Url
X-Cdn-Srv
X-VG-WebServer
X-Pubstack
X-URL
X-Location
Countrycode
Origin-Cache-Control
Fastly-SWR
Apple-News-Services-Request-Url
X-Varnish-Cacheable
Backend-Name
X-Nc
Apple-News-Services-Parsed-Url
Content-Disposition
IBM-Web2-Location
X-NC
X-Developers
Esi-Enabled
Section-Io-Cache
Fastly-SIE
X-Nginx-Cache-Key
X-Fastly-Cache
Request-Country
X-C
W
X-Core-Mission
X-Server-IP
Memcached
Request-EU
X-TrackingId
X-Backend-State
X-We-Are-Hiring
X-Method
Gh-Request-Id
Request-Time
X-Skip-Cache
X-Distil-CS
Apple-News-Services-Handled
X-Qloud-Router
X-Rebelmouse-Cache-Control
Origin-Edge-Control
X-Clientip
Proxy-Firewall
X-Rebelmouse-Surrogate-Control
Apple-News-Services-Host
ServerName
Served-By
X-ElasticPress-Search
X-Cache-Category-Id
Server-Int
RNT-Time
L
X-Cdn-Origin
RNT-Machine
X-BBXSRF
Pramga
Platform
N-Cache
UCS
On-Server
X-Cache-Info
X-ServiceProvider
X-Grey
IsBot
X-Irp-Debug
X-Sn-Servicetimems
X-HS-Cache-Config
X-SIPLIST1
Powered-By
X-Epic-Correlation-Id
X-Bip
X-GeoIP-Country-Code
X-Thanos
X-FPC
X-Eu-Site
X-Auto-Login
X-Generation-Time
X-Servername
GW-Server
X-CGP
X-Wikidot-Static-Cache
Ha-Gx-Prefs
X-Wikidot-Backend
Is-Eu
Heartbleed
HA-Ipaddr
X-Variation
Fastly-Soc-X-Request-Id
Adler-Geo
X-HS-Combine-CSS
Country-Code
X-Reboot
Locale
X-Urbn-Context-Path
X-SERVER
X-Urbn-Site-Id
X-Azure-Ref
X-Key
X-Amz-Meta-Cache-Control
X-Hnp-Log
X-Li-Fabric
X-Dispatch
X-Debug-Cookies
X-Debug-Log
X-Cache-Id
X-LI-UUID
X-Cms-Context
X-CDN-Cache
X-Clara-WADP
X-Cache-FS-Status
X-Device-Os
X-Azure-Ref-OriginShield
X-Gannett-Site-Version
X-Li-Pop
X-Fetched-On
X-LI-Proto
X-Block-Status
X-Gen-Mode
X-Response-By
X-Request-URI
X-SD-PageType
X-Secret
X-Crawler
X-Release
CDCHOST
X-Pf-Uncompressing
X-PHP-Host
X-VC-Cache
X-Swa-Ws
X-GeoIP-City
X-WebServer
X-WADP-Cache
X-Webstats-RespID
PFcat
X-Request-Start
X-Origin-Expires
X-TH-Server
X-Hash
X-Origin-Date
X-Owner
X-Reqid
Server-Host
SD-X-WS
SS
Web-Mar-Node
True-Client-Country-4JS
User-Cache-Control
X-NX-Host
Resin-Trace
Wxu-Next-Region
Kp-EeAlive
Wxu-Next-Commit
Wxu-Next-Hostname
Who
X-Cache-Backend
X-Parent-Response-Time
Thinkindot-Control
V-Age
X-VServer
X-SERVER-NAME
X-Thinkindot-L3
Thinkindot-CacheControl-Type
X-CUA
X-OVcl-Cache
X-OVcl
X-Proxy-Cache-Status
X-Matched-Rule
X-Proxy-Upstream
X-Dispatcher-Server
CF-IPCountry
Thinkindot-CacheControl
X-Varnish-Ttl
X-Edge
X-CLOUD-TRACE-CONTEXT
Magicmarker
X-ABtesting
X-FE
X-Flog
X-Hello
X-Backend-Url
X-Served-From
X-Via-NSCOPI
X-Processor
PageSpeed
Pagetype
User-Agent
X-Ratelimit-Remaining
X-Backend-Host
X-Be
X-User
X-Generated-In
X-MSEdge-Features
X-GoCache-CacheStatus
Memory
X-Up
X-MSEdge-Flight
X-Via-Edge
X-LAGOON
X-Via-SSL
X-Powered-By-Defense
Mime-Version
X-Tt-Trace-Tag
X-Varnish-Beresp-Ttl
X-Protected-By
X-Ua
X-ND-Cache
X-Soup
X-Debug-Cache-Expiry
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Newrelic-Synthetics
Cache-Hits
X-Ttl
X-Geo
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
GeoIp-Country-Code
Geoip-Latitude
Geoip-City
X-Page-Type
X-Backend-TTL
Pragrma
X-Zone
X-Fstrz
X-Check-Cacheable
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-B3-SpanId
X-Akamai-SSL-Client-Sid
X-Say-TTL
X-SayCDN-TTL
X-ZONE
X-Old-Content-Length
X-Origin-CC
X-Origin-TTL
X-Say-Cacheable
X-Tec-Api-Origin
X-Tec-Api-Root
Dynatrace
X-Tec-Api-Version
X-Cache-Time
WZWS-RAY
X-Litespeed-Cache
X-Cache-Ttl
X-Core-Value
X-IN-WAF
X-Varnish-Beresp-Grace
X-Phone
X-Varnish-Beresp-Status
X-CSRF-TOKEN
X-DC
X-Cdn-Forward
X-Logtrace-Id
Inserted-Into-Cache-At
Fastly-Backend-Name
X-Node-Id
Ajk
XServer
X-IN-APIGATEWAYSSL
Cdn
X-TT-LOGID
X-Servedbyhost
X-Aicache-OS
X-HS-Status
X-Vcl-Version
X-Datadome
X-Tb-Optimization-Total-Bytes-Saved
X-MID
Amp-Access-Control-Allow-Source-Origin
X-Ruxit-Js-Agent
FSS-Cache
X-VCL-Version
X-FORWARDED-FOR
X-BC
FSS-Proxy
HostName
X-NODE
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Birta-Cache-Post
X-Mid
X-APP
SN
X-Wa
X-Birta-Served
X-ServedByHost
X-UPSTREAM-Address
X-EC-Lua
X-RateLimit-Limit-Second
X-Cache-ASPX
PICS-Label
X-RateLimit-Remaining-Second
X-Varnish-Authentication
Server-Cache-Control
Server-Surrogate-Control
X-CSRF-Token
X-Refresh
X-Proxy-Cacherz
Xkeyrz
X-Bc
CF-Cached-On
T-Server
X-Contensis-Viewer-Groups
X-Info
Selected-FE
X-Varnish-IP
X-NWS-UUID-VERIFY
X-COUNTRY
RequestId
X-PJAX-URL
X-GDPR
MIME-Version
Ohc-File-Size
X-LiteSpeed-Cache-Control
Srv
X-Source
X-WR-MODIFICATION
X-Agile-Id
HitType
X-Agile
X-Real-Ip
X-Cache-Debug
X-Agile-Age
X-TIME
Ohc-Cache-HIT
X-App-Version
URI
X-Fastly-Country-Code
X-LB-ID
X-ECache
SID
X-Varnish-Beresp-TTL
X-Render-Time
X-Nananana
WebServer
Cf-Ipcountry
GeoIP-Latitude
GeoIP-Country-Code
X-Policy
DataCenter
X-Via-Ucdn
GeoIP-City
X-Uri
Is-Session-Tracking
X-Micro-Cache
Xkeynj
Get-Access-Time
X-Fastly-Backend-Reqs
X-Web-Server
X-CACHE-KEY
X-Unique-Id
X-PAGE-TYPE
X-Service
Cache-Provider
X-Sedo-Request-Id
X-Cache-Tag
X-Requestid
X-BE
X-NGINX-Cache
X-Cache-Miss-From
X-SRV
X-Lb-Id
X-NGENIX-Cache
X-Var-Ttl
X-Request-Url
Ohc-Response-Time
X-Is-Gdpr
X-Has-Esi
X-JWT-State
Group
CDN
X-MCACHE
Xet-Cookie
X-ID
X-Vct
Pics-Label
X-Apw-Access-Token
X-Pjax-Url
X-Apw-Access-Action
X-Apw-Access-Object
X-Apw-Hits
Lb
HTTPS
Cneonction
X-Dw-Trace-Id
X-WA
X-Cf-Powered-By
Www
Warning
FNAC-ModuleRouting
X-Swift-Error
X-Ecache
X-Cdn-Request-ID
X-SN
Backend
Correlation-Id
X-Edge-IP
X-Newrelic-App-Data
X-Fe
X-Akamai-ERRuleID
X-Fastly-Cache-Hits
X-Flow-Id
X-Page-Impression-Id
X-Akamai-ERPolicy
X-Instart-Isnd
X-Request-URL
Xkeypdq
X-Litespeed-Cache-Control
Lfy
X-Bug-Bounty
X-Zalando-Child-Request-Id
Host-ID
X-RSL
X-RPS
X-Cache-Expires
X-Fpc
X-ServerName
X-RPM
X-DW
X-DB
X-DI
X-Serial
X-DSS
X-PF-Uncompressing