Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
Link
X-Powered-By
ETag
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Xss-Protection
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
X-Drupal-Cache
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
P3p
X-Template
Status
X-Language
Timing-Allow-Origin
Content-Encoding
X-Content-Security-Policy
X-Iinfo
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-Turbo-Charged-By
X-CDN
X-POWERED-BY
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Amz-Id-2
X-Amz-Request-Id
X-Pingback
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
X-Server-Powered-By
EagleId
X-UA-Device
X-Varnish-Cache
X-Nginx-Cache-Status
Request-Context
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
X-WebKit-CSP
Ali-Swift-Global-Savetime
Feature-Policy
X-Device
Server-Timing
X-Server-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Host
Report-To
X-Ac
X-Rq
Content-Location
X-Node
X-OneAgent-JS-Injection
X-Backend-Server
X-Response-Time
X-Cnection
X-Origin-Cache
X-Cloud-Trace-Context
X-Application-Context
EagleEye-TraceId
Allow
Request-Id
X-Readtime
Surrogate-Control
X-Cache-Lookup
X-Country
X-ORACLE-DMS-ECID
X-Cdn
X-TTL
X-DynaTrace
X-Url
X-Vhost
Pinterest-Generated-By
X-Rack-Cache
X-Clacks-Overhead
X-Ua-Compatible
X-Ruxit-JS-Agent
X-Origin-Upstream-Status
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-CST
Rating
X-FTR-Request-ID
X-Country-Code
X-ORACLE-DMS-RID
NEL
X-HW
X-Goog-Hash
X-Dispatcher
X-Instart-Request-ID
Fusion-Source
Fusion-Content-Source
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Id
X-DataStream-Cache-Status
Edge-Control
X-PC
X-Vname
X-TtlSet
X-Px
X-VARITI-CCR
Service-Worker-Allowed
X-DataDome
X-MS-InvokeApp
X-Mod-Pagespeed
X-Request-ID
X-Dns-Prefetch-Control
Verso
SPRequestGuid
X-Recruiting
X-Cdn-Fetch
X-Exp-Id
X-Kinja
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Use-Magma
X-Exp-Variant
X-GoogleNews-Bot
X-D2id
X-Varnish-TTL
X-Vcap-Request-Id
X-SharePointHealthScore
RTSS
X-B3-TraceId
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
TCN
X-ESI
DynaTrace
X-Navigation-Version
X-GitHub-Request-Id
X-SRCache-Store-Status
X-Powered-By-Plesk
X-SRCache-Fetch-Status
X-RateLimit-Remaining
Response
X-Middleton-Display
X-Middleton-Response
X-Sol
Display
X-Akam-SW-Version
Accept-Ch-Lifetime
Content-MD5
Charset
X-Server-Name
MS-Author-Via
AR-CACHE
Ar-Sid
AR-PoweredBy
AR-ATIME
ServerID
X-Trace
X-Shield-Request-Id
X-Amz-Rid
Realpath
X-Dw-Request-Base-Id
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
Accept-Ch
X-Powered-CMS
AR-Request-ID
X-DynaTrace-JS-Agent
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
Nginx-Cache
X-Forwarded-Proto
X-Cached
X-Version
X-Upstream
Fastly-Restarts
X-Shard
X-B3-TraceId-Primal
Public-Key-Pins
MRF-Tech
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Mrf-Cache-Status
SPIisLatency
SPRequestDuration
X-Goog-Storage-Class
Access-Control-Request-Method
Paypal-Debug-Id
X-MSEdge-Ref
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Proxy
X-Client-IP
Pagespeed
S
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Debug
X-Amz-Meta-S3cmd-Attrs
X-Grace
X-Id
X-FTR-DC
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Backend
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Realm
X-Ezoic-Cdn
X-FTR-Expires
X-N
X-T
X-DIS-Request-ID
X-Fastly-Request-ID
MicrosoftSharePointTeamServices
Arr-Disable-Session-Affinity
X-Amzn-Trace-Id
Accept-CH
X-NF-Request-ID
Front-End-Https
X-Content-Type
X-Ser
X-Hits
X-Varnish-Age
X-B3-Sampled
Arc-Version
PB-PID
PB-RID
X-Mobile-Rewrite
Nel
Alternate-Protocol
X-Server-ID
X-VCache
Fastcgi-Cache
X-Acc-Meta-Resource-Type
X-FTR-Cache-Host
X-Frontend
X-Logged-In
X-FastCGI-Cache
X-Content-Digest
Server-Name
X-XRDS-Location
X-Vcache
X-Srv
X-Pad
X-Correlation-Id
X-Forwarded-For
Host
Powered-By-ChinaCache
AMP-Access-Control-Allow-Source-Origin
X-Node-Name
X-Request-Handler-Origin-Region
X-Microsite
FilterID
Healthy
TP-L2-Cache
TP-Cache
X-Rid
X-Kinsta-Cache
Edge-Cache-Tag
X-LB-Cache
X-XRDS-LOCATION
X-Type
X-Cache-Key
X-IPLB-Instance
X-Request-Processing-Time
X-Debug-Info
X-Request-Received
X-User-Agent
X-AOL-HN
X-Cached-By
X-B3-Traceid
X-GUploader-UploadID
X-Fastcgi-Cache
X-Cache-2
X-Revision
X-F-Cache
X-Hostname
X-Amzn-RequestId
Powered
X-Amz-Apigw-Id
X-Zen-Fury
X-Cache-Rule
X-HS-Content-Id
X-HS-Hub-Id
Surrogate-Key
X-Cache-Age
X-Analytics
Backend-Timing
X-Accel-Expires
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Page-Id
X-AppVersion
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Az
X-Activity-Id
X-Varnish-Backend
X-Content-Security-Policy-Report-Only
X-BCube-Filmed-By
X-Instance
X-Content-Options
X-Varnish-Grace
X-Cluster
Source
X-Via-JSL
X-Jobs
X-Tumblr-User
X-FB-Debug
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Content-Powered-By
X-Request-Guid
Cache-Status
X-App-Environment
X-Akamai-Edgescape
X-Amz-Replication-Status
X-PHP-Backend
X-TT
Cleartype
X-Framework
Server-Node
X-RateLimit-Limit
X-Varnish-Hostname
Tracecode
Refresh
X-Forwarded-Host
WPE-Backend
X-B-Cache
X-Signature
X-FW-Server
X-FW-Type
Host-Header
X-FW-Static
X-FW-Serve
X-FW-Hash
X-ATG-Version
Liferay-Portal
X-Mobile
X-Cache-Operation
X-Time
DC
X-Cache-Control
Accept-Charset
X-Edge-Location
X-NWS-LOG-UUID
X-Drupal-Cache-Tags
Actual-Object-TTL
X-Cache-Action
Access-Control-Allow-Method
X-Cache-TTL
Fastcgi-Useragent
X-Esi
X-Cache-Hit
X-Mobile-URL
X-Response-Served-From
Upgrade-Insecure-Requests
X-Hp-Webp
X-Accel-Buffering
X-App-Server
Payment
X-Whom
X-Storage
X-TX-ID
X-B
X-SS-Set-Cookie
X-Content-Age
X-UA-Device-Type
X-WebKit-CSP-Report-Only
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Handled-By
X-TT-TIMESTAMP
X-Erf-Bev-Bev
X-GeoIP
X-Erf-Bev-Bev-Is-Generated
Xserver
Filters
X-Git-Hash
X-Cacheable-TTL
X-Tumblr-Pixel-1
X-RequestSource
X-Tumblr-Pixel-2
X-VG-WebCache
X-WA-Info
X-Adobe-Loc
Cache-Tv-Group
Eomportal-Instance
X-Adobe-Content
Viewport
Cache
X-RemovedCookies
X-ProcessESI
X-Geo-Country
X-Status
X-APP-VERSION
NGB
Server-Info
Accept-CH-Lifetime
Cache-Tag
X-Ratelimit-Limit
Webserver
X-FB-TRIP-ID
Datacenter
X-Presslabs-Stats
X-Cache-TTL-Remaining
X-Cache-Enabled
Retry-After
X-Ratelimit-Reset
X-TA-CDN-Provider
X-FW-Dynamic
X-Contextid
X-Seen-By
S-Cnection
X-Host-Name
X-Origin-Server
MS-CV
Country
From-Origin
X-Mode
Frame-Options
X-Hyper-Cache
Meta-Geo
X-Tumblr-Pixel-3
X-LJ-Flow-ID
Machine
Load-Balancing
X-AWS-Id
X-CF-Powered-By
X-VWS-Id
X-ES-SERVER
X-Cache-Config
X-Cache-Var
X-Generated-By
X-RN-RSRV
X-Cache-Var-Map
X-Path-Route
X-Labrador-Cache-Channel
We-Hiring
X-Varnish-Hits
Release
Mail-Subject
Vix-Hermes-Req-Id
Cache-Key
X-RTag
Ms-Operation-Id
X-Zipkin-Id
X-Hit
X-Varnish-Cache-Hits
X-Upstream-CT
X-Upstream-HT
DSUID
X-Backend-Name
X-Human
X-Cache-Grace
X-Cache-Host
X-Routing-Service
X-Magnolia-Registration
X-Proxied
X-Loop
X-Guploader-Uploadid
Decoy-Debug-Key
Decoy-Debug-Status
X-Varnish-Server
X-Device-Type
X-EIG-Tracking-Id
X-PCL
X-Web-Node
Decoy-Debug-TTL
X-Upgrade-Enabled
X-TNCMS
ServedBy
Uber-Trace-Id
X-Rendered-As
X-OCL
Now
X-Debug-Cache
X-RCS-CacheZone
Mn-Server-Ip
X-Access
X-Viewer-Country
X-Section
GEO-INFO
X-MP-GENERATED-AT
X-From
X-BYPASS-REASON
X-Akamai-Request-ID
X-CCM
X-Alternate-Cache-Key
X-Shopify-Stage
X-Sorting-Hat-PodId
X-ProxyCache-Key
X-ShardId
Rt-Fastcgi-Cache
X-Daa-Tunnel
OT-Force-Account-Verify
X-Rule
X-VG-TLSProxy
X-ProxyCache-Status
X-ShopId
X-Cluster-Node
Akamai-GRN
X-Sorting-Hat-ShopId
X-R9-Blue-Green-Version
X-Proto
X-Origin-Response-Time
X-Endurance-Cache-Level
X-L-Path
X-Environment-Context
X-Region
X-Generated
X-Via-Fastly
DB-Nickname
X-Xfnlog-Site
X-JoinUs
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Timing-Wait
X-Hosted-By
X-Proxy-Build
X-FC-Vary-Parameters
X-S
X-NCache
Cache-Name
X-VCT
NGX
X-Trace-Id
X-B3-Spanid
X-Drupal-Cache-Contexts
X-PressLabs-Stats
X-Redis-Cache
X-Cache-NE
X-Platform-Server
X-Load-Cache
X-UUID
X-Www-Served-By
X-Site-Version
X-Nginx-Cache
X-Locale
Cteonnt-Length
X-NewRelic-App-Data
X-MServer
ProcessTime
X-EdgeConnect-Cache-Status
X-Hl-Ver
X-Oracle-Dms-Rid
X-Vgn-Hpd-Reason
X-ECACHE
X-ServerID
X-Rocket-Nginx-Bypass
X-Real-IP
SRV
X-Cache-Remote
X-Request-Time
Time
X-Time-Microsecs
X-IP
CACHE
X-Dc
Azure-SiteName
Azure-RegionName
Azure-InstanceId
X-Via-CDN
X-RateLimit-Reset
Azure-SlotName
X-Wix-Request-Id
X-Origin
X-FW-Version
S-Rt
X-GEO
Azure-Version
Version
X-IPS-LoggedIn
TWC-Privacy
TWC-GeoIP-Country
TWC-Device-Class
TWC-Locale-Group
Webcakes-App-Name
X-Origin-Hint
Webcakes-Region
Webcakes-App-Version
TWC-Connection-Speed
TWC-GeoIP-LatLong
Property-Id
X-Proxy
X-UA
Origin
NtCoent-Length
L5d-Success-Class
X-No-Session
X-Oneagent-Js-Injection
X-FireWall-Port
X-Cache-Backend
X-Distributor
Served-By
Fastly-SSL
X-Pubstack
X-Akamai-Transformed
Odigeo-Trace-Id
X-Unique-ID
X-Cache-Server
X-Microcachable
X-PERF
X-ApacheServer
Origin-Cache-Control
X-Akamai-Request-ID2
Origin-Edge-Control
X-Webkit-Csp
X-CS
Fastcgi-X-Cache-Version
X-Format
X-CDN-Forward
IBM-Web2-Location
X-Powered-By-Defense
X-Edge
X-Grey
X-Cache-Category-Id
Ec-Rule-Version
X-Compress-Hint
X-HTML-Minification-Powered-By
Proxy-Connection
X-UnsetCookies
Access-Control-Request-Headers
X-Is-Bot
X-Via-NSCOPI
X-Detected-As
Cache-Tags
X-BACKEND-TTL
Backend-Name
X-Varnish-Cacheable
Fastly-SWR
Fastly-SIE
Fly-Cache
HA-Ipaddr
Ha-Gx-Prefs
X-IN-APIGATEWAY
X-NU-AKA-ACS-Version
X-NX-Host
GEO-REGION-INFO
X-Org
Fly-Request-Id
Cache-Cookie-Set-Idcheck
X-PAYTM-SRV-ID
A
Arc-Country
X-Processor
X-Tb
X-Region-Sid
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
AsisCache
X-Debug-Log
Cdn-Request-Time
Content-Script-Type
Content-Style-Type
Cdn-Host
Cache-Prefix
Cache-Cookie-Set-From
MD5-Digest
Cache-Cookie-Set-Lfrom
Cross-Origin-Window-Policy
Request-Country
X-ARC
X-B-Cookie
X-Cache-Bucket
X-Internal-Host
X-Application
X-App-Name
X-Aed
X-Destination
X-AIR-PT
X-Cdn-Srv
X-CF-Lambda-Fn
X-D
X-Date
X-Debug-Cookies
X-Instart-Info
X-Connection-Hash
X-CF-Lambda-Version
X-CGP
X-Cluster-Name
X-Accel-Expires-Debug
X-A-Wwc
X-Request-UUID
Request-EU
Request-Time
Rendered-Blocks
Proxy-Firewall
Mobile-Detection-Method
Node
X-Developer
Rt-Proxy-Cache
Server-ID
X-A-Dam
X-A-Dcw
X-A-Dgt
X-A-Ccd
X-A
ServerName
Viewtype
VivaBuild
Meta-Geo-Continent
BehaviorPad-Version
X-G
X-SRCache-Key
X-Nc
Xc-Version
X-ScT
Hostname
X-Worker
X-External-Request-Id
X-Transaction
X-Server-Time
X-Trv-Group
PageSpeed
X-Twitter-Response-Tags
LB
X-Eu-Site
X-VG-WebServer
X-Edge-Server
X-Vtex-Processado-Em
X-Rewrite-Enabled
X-HS-Combine-CSS
X-HS-Cache-Config
X-Vtex-Remote-Cache
X-Rojux
X-S-Maxage
X-S-Cookie
X-DPWN-IS-SECURE
X-B3-Parentspanid
Mime-Version
X-ElasticPress-Search
X-Level-Front-Cache
Esi-Enabled
Server-Int
SS
True-Client-Country-4JS
X-TH-Server
RNT-Machine
X-Variation
X-Location
Memcached
X-Fastly-Cache
On-Server
Resin-Trace
Is-Eu
X-Nginx-Cache-Key
Gh-Request-Id
Server-Host
Section-Io-Cache
RNT-Time
X-We-Are-Hiring
Platform
X-Dispatcher-Server
X-PHP-Host
X-Cdn-Origin
X-Cache-Info
X-Cache-Id
Adler-Geo
X-Geo-Header
X-Clientip
X-Hash
X-Request-URI
X-Reqid
X-Core-Mission
X-Qloud-Router
X-GeoIP-Country-Code
Apple-News-Services-Handled
Apple-News-Services-Host
X-Dispatch
X-C
X-Skip-Cache
X-Key
Country-Code
X-Sn-Servicetimems
X-ServiceProvider
X-Backend-State
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Irp-Debug
X-Epic-Correlation-Id
X-Server-IP
X-Generated-On
Countrycode
Accept-Language
X-NC
Content-Disposition
X-Amz-Meta-Cache-Control
X-Developers
X-SIPLIST1
X-Gannett-Site-Version
X-Auto-Login
CDCHOST
W
X-SVT-ORM-RULES
X-Wikidot-Static-Cache
X-Li-Pop
Wxu-Next-Region
X-Swa-Ws
X-SVT-ORM-VERSION
X-Li-Fabric
Powered-By
X-Gen-Mode
X-Servername
X-Distil-CS
X-Reboot
X-SD-PageType
X-Crawler
X-Hnp-Log
X-Response-By
X-Request-Start
X-Protected-By
X-Secret
X-Generation-Time
X-Block-Status
X-BBXSRF
X-Cache-FS-Status
AKAMAI
X-Served-From
X-CDN-Cache
Wxu-Next-Hostname
X-FPC
X-Fetched-On
X-ND-Cache
IsBot
X-Method
REQUESTUUID
X-LI-UUID
X-Device-Os
Wxu-Next-Commit
X-WebServer
UCS
User-Cache-Control
Web-Mar-Node
PFcat
Who
X-LI-Proto
Pramga
X-Wikidot-Backend
V-Age
X-Webstats-RespID
SD-X-WS
X-Datadome
X-Varnish-Url
X-Matched-Rule
X-Release
X-CUA
X-Via-SSL
X-VServer
X-Via-Edge
X-GeoIP-City
X-Cms-Context
X-Clara-WADP
X-Bip
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Origin-Date
Thinkindot-Control
X-Thanos
Fastly-Soc-X-Request-Id
X-Origin-Expires
X-WADP-Cache
X-Azure-Ref
Heartbleed
X-Owner
X-Azure-Ref-OriginShield
GW-Server
X-Thinkindot-L3
X-Ua
X-Varnish-Ttl
CF-IPCountry
X-Parent-Response-Time
X-Fstrz
X-OVcl
X-CLOUD-TRACE-CONTEXT
X-VC-Cache
X-OVcl-Cache
L
Pragrma
X-Proxy-Cache-Status
X-Proxy-Upstream
N-Cache
X-Ratelimit-Remaining
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-LAGOON
X-Planisys-CDN-TTL
Kp-EeAlive
X-Amzn-Remapped-Content-Length
X-TrackingId
X-Cdn-Forward
Memory
X-FE
X-Origin-CC
X-Be
X-Origin-TTL
Selected-Fe
X-GRACE
X-IN-WAF
User-Agent
X-Pf-Uncompressing
X-Phone
X-Core-Value
X-B3-SpanId
Locale
X-SERVER-NAME
X-Urbn-Context-Path
X-Varnish-Beresp-Ttl
X-Urbn-Site-Id
Magicmarker
X-Birta-Cache-Post
X-Birta-Served
X-URL
X-Ttl
X-Geo
X-Page-Type
X-Zone
X-Varnish-IP
X-Info
X-Dynatrace-Js-Agent
X-DC
Pagetype
X-ABtesting
X-Hello
HitType
X-Flog
Selected-FE
X-User
X-Generated-In
Cdn
X-Backend-TTL
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Newrelic-Synthetics
X-Backend-Url
Geoip-City
X-Backend-Host
X-TT-LOGID
Geoip-Latitude
GeoIp-Country-Code
X-Litespeed-Cache
X-GoCache-CacheStatus
X-Debug-Cache-Store
X-Soup
X-Up
X-Debug-Cache-Expiry
SN
X-MSEdge-Flight
X-Tt-Trace-Tag
X-Debug-Cache-Fetch
X-MSEdge-Features
X-App-Version
X-Check-Cacheable
X-Source
X-MID
X-Mid
X-Real-Ip
X-Agile-Age
X-Agile
X-Servedbyhost
CF-Cached-On
X-Agile-Id
X-Cache-Debug
X-Refresh
X-Web-Server
X-HS-Status
X-Vcl-Version
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Oss-Request-Id
X-Aicache-OS
X-Oss-Object-Type
X-Oss-Server-Time
Amp-Access-Control-Allow-Source-Origin
X-Ruxit-Js-Agent
X-VCL-Version
X-ZONE
X-Tb-Optimization-Total-Bytes-Saved
X-ServedByHost
FSS-Cache
FSS-Proxy
HostName
X-Cache-Ttl
X-Say-Cacheable
X-Old-Content-Length
X-Amzn-Remapped-Connection
X-UPSTREAM-Address
X-Amzn-Remapped-Date
X-Say-TTL
X-SayCDN-TTL
X-Bc
X-CACHE-KEY
GeoIP-Country-Code
X-Contensis-Viewer-Groups
X-APP
Server-Surrogate-Control
Server-Cache-Control
X-Cache-ASPX
X-Varnish-Authentication
X-NWS-UUID-VERIFY
X-CSRF-Token
Ohc-File-Size
Cache-Hits
Ohc-Cache-HIT
X-EC-Lua
GeoIP-City
X-COUNTRY
RequestId
X-Via-Ucdn
Group
GeoIP-Latitude
WZWS-RAY
Srv
X-Akamai-SSL-Client-Sid
Inserted-Into-Cache-At
Fastly-Backend-Name
X-Varnish-Beresp-TTL
HTTPS
X-Node-Id
X-BC
X-Nananana
Backend
X-WR-MODIFICATION
X-IN-APIGATEWAYSSL
Www
X-Proxy-Cacherz
X-Logtrace-Id
URI
X-ECache
X-SN
Xkeyrz
Ajk
X-Cache-Time
XServer
WebServer
X-Dynatrace
X-PAGE-TYPE
X-Cache-Tag
Cf-Ipcountry
X-Instart-Isnd
X-CSRF-TOKEN
Get-Access-Time
X-TIME
Requestid
X-Cache-Expires
Is-Session-Tracking
Lb
Host-ID
X-RateLimit-Limit-Second
X-FORWARDED-FOR
X-Unique-Id
X-Tec-Api-Version
X-Tec-Api-Origin
Xkeynj
X-RateLimit-Remaining-Second
X-Fastly-Country-Code
X-Request-Url
X-Tec-Api-Root
X-MCACHE
X-LiteSpeed-Cache-Control
X-Wa
X-Requestid
X-Edge-IP
X-Cache-Miss-From
X-Sedo-Request-Id
X-BE
Dynatrace
X-NGENIX-Cache
Cneonction
X-Apw-Hits
X-Apw-Access-Action
X-Apw-Access-Object
X-Apw-Access-Token
X-Varnish-Action
X-PF-Uncompressing
T-Server
X-Fastly-Backend-Reqs
PICS-Label
X-Pjax-Url
Epwk-Cache
DataCenter
X-SRV
Xet-Cookie
Fastcgi-X-Cache
X-LB-ID
X-GDPR
X-Lb-Id
X-WA
X-Vct
Pics-Label
X-Swift-Error
X-PJAX-URL
CDN
X-Render-Time
X-Micro-Cache
X-Dw-Trace-Id
X-NGINX-Cache
X-Cf-Powered-By
Correlation-Id
X-Ecache
X-Svr
X-AssetVersion
X-Akamai-ERPolicy
X-Uri
X-Bug-Bounty
X-ServerName
SID
X-Flow-Id
Warning
X-Akamai-ERRuleID
FNAC-ModuleRouting
X-Serial
X-RSL
X-Var-Ttl
X-Fastly-Cache-Hits
X-Page-Impression-Id
X-Html-Edge-Cache
Ohc-Response-Time
X-WPE-Loopback-Upstream-Addr
X-Zalando-Child-Request-Id
X-LiteSpeed-Tag
Lfy
X-DB
X-RPS
RequestUuid
X-Sf
X-RPM
X-DW
X-DI
X-DSS
X-Fpc