Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Alt-Svc
X-Adblock-Key
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Age
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Id-2
X-Amz-Request-Id
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
EagleId
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
X-Request-ID
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Server-Id
Server-Timing
Feature-Policy
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Host
X-Rq
Report-To
X-Ac
X-Node
Content-Location
X-OneAgent-JS-Injection
X-Cnection
X-Response-Time
X-Backend-Server
X-Cloud-Trace-Context
X-Origin-Cache
X-Application-Context
X-Readtime
Request-Id
Allow
Surrogate-Control
EagleEye-TraceId
X-ORACLE-DMS-ECID
X-Country
X-Vhost
X-DynaTrace
X-TTL
X-Cache-Lookup
X-Cdn
Pinterest-Generated-By
X-Rack-Cache
X-Origin-Upstream-Status
X-Clacks-Overhead
X-Url
NEL
X-Ua-Compatible
X-FTR-Request-ID
Rating
X-Ruxit-JS-Agent
X-Country-Code
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Dispatcher
X-Dns-Prefetch-Control
X-HW
X-CST
X-Goog-Hash
X-ORACLE-DMS-RID
X-Instart-Request-ID
Fusion-Template-Id
Fusion-Content-Source
Fusion-Source
Fusion-Component-Id
Fusion-Content-Id
X-DataStream-Cache-Status
Edge-Control
X-Vname
X-PC
X-TtlSet
X-Px
X-VARITI-CCR
X-DataDome
Service-Worker-Allowed
Verso
X-Mod-Pagespeed
X-Recruiting
X-MS-InvokeApp
X-Varnish-TTL
RTSS
X-Exp-Id
X-GoogleNews-Bot
X-Exp-Variant
X-Use-Magma
X-Cdn-Fetch
X-Kinja-Build
X-Kinja-Server
X-Kinja
X-Kinja-Revision
X-D2id
SPRequestGuid
X-Vcap-Request-Id
X-Amz-Server-Side-Encryption
X-Abt-Application-Version
TCN
X-SharePointHealthScore
X-Navigation-Version
X-GitHub-Request-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Display
X-Sol
X-Middleton-Response
X-Middleton-Display
Response
X-Akam-SW-Version
X-Powered-By-Plesk
X-RateLimit-Remaining
MS-Author-Via
DynaTrace
Charset
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Forwarded-Proto
X-Shield-Request-Id
Realpath
X-Amz-Rid
ServerID
X-Powered-CMS
X-B3-TraceId
Content-MD5
AR-CACHE
AR-ATIME
Ar-Sid
AR-PoweredBy
X-Trace
X-Upstream
X-Version
Public-Key-Pins
Nginx-Cache
X-ESI
Fastly-Restarts
X-Cached
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Shard
X-Dw-Request-Base-Id
Accept-Ch-Lifetime
AR-Request-ID
X-Mrf-Item-Lastmod
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
Pagespeed
X-Server-Name
Access-Control-Request-Method
Paypal-Debug-Id
X-DynaTrace-JS-Agent
X-Grace
X-MSEdge-Ref
Accept-Ch
Accept-CH
X-Goog-Storage-Class
X-Client-IP
SPRequestDuration
SPIisLatency
S
X-Debug
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-Backend
X-FTR-Expires
X-Country-Code-Real
X-FTR-Balancer
X-FTR-DC
X-FTR-Cache-Status
X-Vcache
X-Id
X-Ezoic-Cdn
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-FastCGI-Cache
X-Amz-Meta-S3cmd-Attrs
X-Fastly-Request-ID
Front-End-Https
X-N
Pinterest-Version
X-Pinterest-Rid
X-T
X-Amzn-Trace-Id
X-Upstream-Proxy
X-NF-Request-ID
X-B3-Traceid
Arr-Disable-Session-Affinity
X-DIS-Request-ID
X-Content-Type
MicrosoftSharePointTeamServices
X-XRDS-Location
X-Hits
X-B3-Sampled
X-FTR-Cache-Host
X-Varnish-Age
X-Acc-Meta-Resource-Type
X-Ser
X-Frontend
X-Mobile-Rewrite
Fastcgi-Cache
PB-RID
PB-PID
Arc-Version
X-Logged-In
X-Content-Digest
Server-Name
X-Correlation-Id
Alternate-Protocol
X-Srv
X-Cache-Key
X-Node-Name
X-Pad
Nel
AMP-Access-Control-Allow-Source-Origin
X-Microsite
X-Request-Handler-Origin-Region
X-VCache
FilterID
TP-L2-Cache
TP-Cache
X-Forwarded-For
X-User-Agent
X-Type
X-Kinsta-Cache
X-Rid
Healthy
Host
X-LB-Cache
X-F-Cache
X-Request-Processing-Time
X-IPLB-Instance
X-Request-Received
Powered
X-Zen-Fury
X-Esi
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Cache-2
Powered-By-ChinaCache
X-Debug-Info
X-Revision
X-AOL-HN
Edge-Cache-Tag
X-GUploader-UploadID
X-Cached-By
X-Cache-Age
X-Analytics
Backend-Timing
X-Via-JSL
X-HS-Hub-Id
X-Hostname
X-Kong-Proxy-Latency
X-HS-Content-Id
X-Kong-Upstream-Latency
X-AppVersion
X-Az
X-Activity-Id
X-Cache-Rule
X-Accel-Expires
X-XRDS-LOCATION
Surrogate-Key
Accept-CH-Lifetime
X-Varnish-Backend
X-Content-Security-Policy-Report-Only
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Page-Id
X-RateLimit-Limit
X-Content-Options
X-BCube-Filmed-By
X-Instance
X-PHP-Backend
X-Content-Powered-By
X-FB-Debug
X-Varnish-Grace
X-Amz-Replication-Status
X-Cluster
X-Tumblr-User
Server-Node
X-Akamai-Edgescape
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Request-Guid
X-Jobs
X-Signature
X-B-Cache
Refresh
Cleartype
Source
Cache-Status
X-Forwarded-Host
X-TT
X-App-Environment
X-Server-ID
X-Framework
Liferay-Portal
X-FW-Hash
X-FW-Serve
X-Fastcgi-Cache
X-FW-Server
X-FW-Type
X-FW-Static
DC
X-Varnish-Hostname
X-ATG-Version
Tracecode
Accept-Charset
Fastcgi-Useragent
Host-Header
Access-Control-Allow-Method
X-APP-VERSION
X-Mobile
WPE-Backend
X-Cache-Action
X-Cache-Operation
X-Time
X-Edge-Location
X-Cache-Control
X-Drupal-Cache-Tags
X-B
X-Whom
Actual-Object-TTL
X-Cache-Hit
X-Hp-Webp
Payment
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-App-Server
X-Accel-Buffering
X-Mobile-URL
X-Response-Served-From
X-TX-ID
X-WA-Info
X-Storage
X-Content-Age
X-Oracle-Dms-Rid
X-NWS-LOG-UUID
NGB
X-WebKit-CSP-Report-Only
X-Git-Hash
Cache-Tv-Group
X-Cacheable-TTL
X-Yottaa-Optimizations
X-TT-TIMESTAMP
Upgrade-Insecure-Requests
X-TA-CDN-Provider
X-Yottaa-Metrics
X-Handled-By
X-UA-Device-Type
Filters
Cache-Tag
X-SS-Set-Cookie
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Adobe-Loc
X-Status
X-ProcessESI
Viewport
X-RemovedCookies
X-GeoIP
Eomportal-Instance
X-Adobe-Content
X-RequestSource
X-Geo-Country
Retry-After
X-Presslabs-Stats
X-VG-WebCache
Webserver
X-FW-Dynamic
X-Cache-TTL-Remaining
X-Cache-TTL
Xserver
MS-CV
X-Seen-By
Datacenter
Cache
X-FB-TRIP-ID
Server-Info
X-Host-Name
X-Cache-Enabled
Frame-Options
X-B3-Spanid
X-Contextid
X-Ratelimit-Limit
X-RTag
Ms-Operation-Id
X-Ratelimit-Reset
X-Hyper-Cache
From-Origin
X-Origin-Server
X-Generated-By
X-Mode
Country
S-Cnection
X-CF-Powered-By
X-Path-Route
X-Cache-Var-Map
X-Cache-Config
X-RN-RSRV
X-Cache-Var
X-Tumblr-Pixel-3
Meta-Geo
SRV
X-ES-SERVER
Load-Balancing
Machine
X-Proxied
X-Cache-Grace
X-MP-GENERATED-AT
X-Upstream-CT
Vix-Hermes-Req-Id
Cache-Key
GEO-INFO
X-Zipkin-Id
X-Upstream-HT
X-Routing-Service
X-Section
X-Labrador-Cache-Channel
X-Access
X-Drupal-Cache-Contexts
X-Cache-Host
X-From
X-Hit
X-Varnish-Cache-Hits
X-Human
X-Web-Node
X-Backend-Name
Decoy-Debug-Status
Decoy-Debug-TTL
Decoy-Debug-Key
Now
X-Varnish-Server
X-Upgrade-Enabled
X-Viewer-Country
X-OCL
X-PCL
X-TNCMS
X-Loop
X-Sorting-Hat-PodId
X-Rule
X-Region
X-VWS-Id
X-Alternate-Cache-Key
X-Origin-Response-Time
Mn-Server-Ip
X-Shopify-Stage
X-ShopId
Rt-Fastcgi-Cache
X-Akamai-Request-ID
X-Via-Fastly
X-AWS-Id
ServedBy
X-CCM
X-R9-Blue-Green-Version
X-Sorting-Hat-ShopId
X-EIG-Tracking-Id
X-Trace-Id
X-Magnolia-Registration
X-ShardId
X-L-Path
X-Environment-Context
X-Debug-Cache
X-VG-TLSProxy
X-LJ-Flow-ID
X-Endurance-Cache-Level
X-Rendered-As
X-Proto
DB-Nickname
X-Cluster-Node
DSUID
X-Proxy-Build
Cache-Name
X-NCache
X-FC-Vary-Parameters
X-Generated
X-Goog-Meta-Goog-Reserved-File-Mtime
X-JoinUs
X-Hosted-By
X-Site-Version
X-Xfnlog-Site
Mail-Subject
X-S
OT-Force-Account-Verify
We-Hiring
Akamai-GRN
X-Locale
X-Timing-Wait
Release
Version
X-RCS-CacheZone
X-Device-Type
X-Guploader-Uploadid
X-Www-Served-By
X-PressLabs-Stats
X-Varnish-Hits
Uber-Trace-Id
CACHE
X-Request-Time
ProcessTime
X-Load-Cache
X-Dc
X-VCT
X-IP
X-Time-Microsecs
X-NewRelic-App-Data
X-ProxyCache-Key
X-Nginx-Cache
X-ProxyCache-Status
X-BYPASS-REASON
NtCoent-Length
Time
X-Redis-Cache
X-Wix-Request-Id
X-Origin
X-FW-Version
Cteonnt-Length
Azure-Version
Azure-RegionName
Azure-InstanceId
NGX
Azure-SiteName
Azure-SlotName
S-Rt
X-RateLimit-Reset
X-Platform-Server
X-UUID
X-Akamai-Request-ID2
X-CDN-Forward
X-Origin-Hint
X-No-Session
X-EdgeConnect-Cache-Status
TWC-Locale-Group
TWC-Device-Class
TWC-Connection-Speed
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Privacy
Property-Id
Webcakes-Region
X-Via-CDN
Webcakes-App-Version
Webcakes-App-Name
X-GEO
X-FireWall-Port
X-ECACHE
X-Proxy
X-Cache-NE
X-MServer
X-Daa-Tunnel
X-SERVER-NAME
X-Hl-Ver
X-Rocket-Nginx-Bypass
X-UA
X-HTML-Minification-Powered-By
X-Vgn-Hpd-Reason
X-IPS-LoggedIn
Origin
Odigeo-Trace-Id
X-Akamai-Transformed
X-ServerID
X-Cache-Remote
X-ApacheServer
X-PERF
X-CS
X-Format
X-Cache-Server
X-Distributor
Ec-Rule-Version
X-Oneagent-Js-Injection
Cache-Tags
Access-Control-Request-Headers
Fastly-SSL
LB
X-UnsetCookies
Accept-Language
X-Tb
Hostname
L5d-Success-Class
X-Pubstack
X-NC
X-Unique-ID
X-Microcachable
X-Webkit-Csp
Origin-Cache-Control
X-Real-IP
Origin-Edge-Control
Served-By
Fastcgi-X-Cache-Version
X-Varnish-Cacheable
X-Amzn-Remapped-Content-Length
Cdn-Host
Fastly-SWR
Fly-Cache
Fly-Request-Id
Cache-Cookie-Set-Lfrom
Cache-Prefix
Cdn-Request-Time
Cache-Cookie-Set-Idcheck
X-Edge-Server
Fastly-SIE
Content-Style-Type
X-DPWN-IS-SECURE
Content-Script-Type
Cross-Origin-Window-Policy
X-External-Request-Id
X-Rewrite-Enabled
X-IN-APIGATEWAY
X-Request-UUID
X-Instart-Info
X-Internal-Host
X-Rojux
X-Is-Bot
X-Geo-Header
X-G
GEO-REGION-INFO
BehaviorPad-Version
AsisCache
Arc-Country
A
AKAMAI
Cache-Cookie-Set-From
X-Destination
X-A-Ccd
X-A-Dam
X-A-Dcw
X-A
VivaBuild
X-CF-Lambda-Fn
X-Cdn-Srv
Viewtype
X-A-Dgt
X-A-Wwc
X-App-Name
X-Application
X-ARC
X-AIR-PT
X-Cache-Bucket
X-Accel-Expires-Debug
X-Aed
X-CF-Lambda-Version
Server-ID
Mobile-Detection-Method
X-D
Node
Meta-Geo-Continent
X-Date
X-Detected-As
X-Level-Front-Cache
MD5-Digest
X-Connection-Hash
Proxy-Firewall
REQUESTUUID
Rt-Proxy-Cache
X-Cluster-Name
Request-Time
Request-EU
Rendered-Blocks
Request-Country
X-Developer
X-Generated-On
X-Vtex-Remote-Cache
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Vtex-Processado-Em
X-Trv-Group
X-VG-WebServer
X-BACKEND-TTL
X-B3-Parentspanid
X-NU-AKA-ACS-Version
X-B-Cookie
Xc-Version
X-Transaction
X-Worker
X-Org
X-S-Cookie
X-Region-Sid
X-ScT
X-PAYTM-SRV-ID
IBM-Web2-Location
X-Grey
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Server-Time
X-S-Maxage
Proxy-Connection
X-Cache-Category-Id
X-SRCache-Key
X-Twitter-Response-Tags
X-Varnish-Url
Selected-Fe
X-Cache-Backend
Backend-Name
X-URL
X-ElasticPress-Search
ServerName
X-Compress-Hint
Ha-Gx-Prefs
X-Nginx-Cache-Key
X-Debug-Cookies
X-Debug-Log
Is-Eu
Memcached
HA-Ipaddr
X-NX-Host
RNT-Machine
X-Cache-Id
X-Cache-Info
W
X-Cdn-Origin
X-Sn-Servicetimems
X-Dynatrace-Js-Agent
X-ServiceProvider
X-Backend-State
X-Skip-Cache
True-Client-Country-4JS
X-CGP
Resin-Trace
X-PHP-Host
Platform
X-Core-Mission
Gh-Request-Id
RNT-Time
X-Clientip
Server-Int
Section-Io-Cache
On-Server
X-Developers
Apple-News-Services-Host
Apple-News-Services-Handled
X-GeoIP-Country-Code
Apple-News-Services-Request-Url
X-Method
X-Request-URI
Adler-Geo
X-HS-Cache-Config
X-Location
X-HS-Combine-CSS
X-Fastly-Cache
X-Eu-Site
Apple-News-Services-Parsed-Url
Content-Disposition
X-C
Esi-Enabled
X-Variation
X-We-Are-Hiring
Countrycode
X-Epic-Correlation-Id
X-Servername
X-Request-Start
X-Qloud-Router
X-Key
X-Response-By
X-Proxy-Upstream
X-Hash
X-Hnp-Log
X-CDN-Cache
X-Server-IP
X-Block-Status
X-LI-Proto
X-Irp-Debug
X-Cache-FS-Status
X-SIPLIST1
X-SD-PageType
X-LI-UUID
X-Li-Pop
X-Bip
X-Reboot
X-Distil-CS
UCS
X-Wikidot-Static-Cache
X-BBXSRF
X-Thanos
X-TH-Server
X-Owner
X-Wikidot-Backend
X-Dispatcher-Server
X-Dispatch
X-Reqid
X-WADP-Cache
X-WebServer
X-Cms-Context
X-Swa-Ws
X-Secret
X-Gen-Mode
X-Clara-WADP
X-Generation-Time
X-GeoIP-City
X-Gannett-Site-Version
X-Li-Fabric
X-Device-Os
X-Fetched-On
X-TrackingId
X-FPC
X-Proxy-Cache-Status
SD-X-WS
L
IsBot
User-Cache-Control
SS
CDCHOST
PFcat
N-Cache
Server-Host
Web-Mar-Node
V-Age
X-Edge
Fastly-Soc-X-Request-Id
X-Auto-Login
Country-Code
X-Amz-Meta-Cache-Control
X-SERVER
X-Matched-Rule
X-Thinkindot-L3
CF-IPCountry
X-VC-Cache
X-Pf-Uncompressing
X-Origin-Expires
X-Origin-Date
GW-Server
X-Crawler
Wxu-Next-Region
X-Release
X-Webstats-RespID
Kp-EeAlive
Wxu-Next-Hostname
Wxu-Next-Commit
Heartbleed
X-Azure-Ref
Powered-By
Pramga
Who
X-VServer
X-Nc
Thinkindot-CacheControl-Type
Thinkindot-Control
Thinkindot-CacheControl
X-Azure-Ref-OriginShield
X-Urbn-Site-Id
Locale
X-Urbn-Context-Path
X-Parent-Response-Time
X-Via-NSCOPI
X-OVcl-Cache
X-Powered-By-Defense
X-Processor
X-Served-From
X-OVcl
X-CUA
X-FE
X-Varnish-Ttl
X-Via-Edge
User-Agent
X-Via-SSL
X-CLOUD-TRACE-CONTEXT
Magicmarker
Mime-Version
X-Flog
PageSpeed
X-LAGOON
X-Hello
X-Ratelimit-Remaining
X-ABtesting
X-Ua
Memory
X-Protected-By
Pagetype
X-ND-Cache
X-Varnish-Beresp-Ttl
X-Be
X-Backend-Url
X-Backend-Host
X-Datadome
X-Page-Type
X-Generated-In
X-Cache-Ttl
X-User
X-Newrelic-Synthetics
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Up
Pragrma
X-Planisys-CDN-Cache
X-GoCache-CacheStatus
X-Tt-Trace-Tag
X-Fstrz
X-MSEdge-Features
X-MSEdge-Flight
X-Origin-CC
X-Origin-TTL
X-Soup
X-Ttl
X-Geo
X-COUNTRY
X-Debug-Cache-Store
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Backend-TTL
X-Check-Cacheable
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Storage-Class
X-Zone
X-Core-Value
Cache-Hits
X-B3-SpanId
Geoip-City
X-ZONE
X-Phone
X-IN-WAF
Geoip-Latitude
GeoIp-Country-Code
X-DC
X-TT-LOGID
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Old-Content-Length
X-Say-TTL
X-Servedbyhost
X-Say-Cacheable
X-SayCDN-TTL
X-Akamai-SSL-Client-Sid
X-Litespeed-Cache
X-CSRF-TOKEN
X-Cdn-Forward
X-Cache-Time
X-VCL-Version
XServer
X-Aicache-OS
Cdn
X-Real-Ip
X-Birta-Cache-Post
X-Birta-Served
X-Mid
Fastly-Backend-Name
SN
X-HS-Status
Inserted-Into-Cache-At
Dynatrace
X-Node-Id
WZWS-RAY
Amp-Access-Control-Allow-Source-Origin
X-Ruxit-Js-Agent
X-Varnish-IP
X-BC
X-MID
X-Info
Selected-FE
HitType
X-Logtrace-Id
X-IN-APIGATEWAYSSL
Ajk
X-Vcl-Version
FSS-Cache
X-FORWARDED-FOR
FSS-Proxy
X-EC-Lua
X-Tb-Optimization-Total-Bytes-Saved
X-ServedByHost
X-Amzn-Remapped-Connection
X-UPSTREAM-Address
X-Refresh
X-Amzn-Remapped-Date
X-Source
X-Varnish-Authentication
HostName
Server-Cache-Control
CF-Cached-On
X-RateLimit-Limit-Second
X-Wa
X-RateLimit-Remaining-Second
Server-Surrogate-Control
X-Contensis-Viewer-Groups
X-Cache-Debug
X-APP
X-Cache-ASPX
X-Agile
X-Agile-Age
X-Agile-Id
X-Bc
X-Proxy-Cacherz
GeoIP-Country-Code
RequestId
Xkeyrz
Srv
X-Nananana
X-CSRF-Token
GeoIP-Latitude
GeoIP-City
T-Server
PICS-Label
X-GRACE
X-Via-Ucdn
X-App-Version
X-NWS-UUID-VERIFY
X-LiteSpeed-Cache-Control
Ohc-File-Size
X-Web-Server
X-WR-MODIFICATION
X-PJAX-URL
X-GDPR
X-Render-Time
X-TIME
X-Varnish-Beresp-TTL
X-ECache
Ohc-Cache-HIT
WebServer
MIME-Version
Cf-Ipcountry
X-Fastly-Country-Code
X-LB-ID
X-Tec-Api-Root
X-Tec-Api-Version
X-Policy
X-SRV
X-Uri
X-Tec-Api-Origin
Xkeynj
Is-Session-Tracking
X-BE
SID
X-CACHE-KEY
X-Unique-Id
X-Micro-Cache
Get-Access-Time
Group
URI
CDN
X-PAGE-TYPE
X-Cache-Tag
DataCenter
HTTPS
X-Sedo-Request-Id
X-Cache-Miss-From
X-Requestid
X-MCACHE
X-Edge-IP
X-NGINX-Cache
X-Fastly-Backend-Reqs
X-Lb-Id
Cache-Provider
X-Service
Backend
X-Request-Url
X-Pjax-Url
Lb
X-SN
Www
Xet-Cookie
X-Apw-Access-Token
X-Apw-Hits
X-Apw-Access-Object
Pics-Label
X-Apw-Access-Action
X-Var-Ttl
Cneonction
X-Vct
X-Instart-Isnd
Warning
X-Swift-Error
X-Dw-Trace-Id
Correlation-Id
X-Ecache
X-WA
X-Cdn-Request-ID
FNAC-ModuleRouting
X-JWT-State
X-Is-Gdpr
X-Has-Esi
Ohc-Response-Time
Requestid
X-Cache-Expires
X-Cf-Powered-By
Host-ID
X-Newrelic-App-Data
X-RSL
X-DW
X-Zalando-Child-Request-Id
X-DSS
X-RPM
X-Fe
X-Fpc
X-Flow-Id
X-Akamai-ERRuleID
X-RPS
X-Akamai-ERPolicy
X-Varnish-Action
X-Bug-Bounty
Lfy
X-Html-Edge-Cache
X-PF-Uncompressing
X-DI
X-Serial
X-Page-Impression-Id
X-ServerName
X-Fastly-Cache-Hits
X-DB