Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
X-XSS-Protection
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Cacheable
X-Generator
X-Xss-Protection
X-Permitted-Cross-Domain-Policies
X-Cache-Status
Timing-Allow-Origin
X-Template
X-DNS-Prefetch-Control
X-Language
X-Request-ID
X-Iinfo
Status
X-AspNetMvc-Version
Content-Encoding
X-Content-Security-Policy
X-Buckets
X-Kinja-Server-Push
Xkey
Upgrade
X-Via
X-Turbo-Charged-By
Access-Control-Expose-Headers
Keep-Alive
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-Drupal-Dynamic-Cache
P3p
X-Age
EagleId
X-CDN
X-Backend
X-Robots-Tag
X-Ua-Compatible
X-Amz-Request-Id
X-Amz-Id-2
X-Page-Speed
X-Envoy-Upstream-Service-Time
X-Pingback
X-Server-Powered-By
X-Proxy-Cache
X-AH-Environment
X-Hacker
X-Server
X-UA-Device
Request-Context
X-Nginx-Cache-Status
Grace
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Server-Id
Cf-Railgun
X-Amz-Version-Id
X-Cdn
Server-Timing
Feature-Policy
X-WebKit-CSP
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Rq
X-Cnection
X-Ac
Report-To
X-Cloud-Trace-Context
X-Host
X-Node
X-Response-Time
Content-Location
X-Backend-Server
EagleEye-TraceId
Request-Id
X-Origin-Cache
X-Readtime
X-Vhost
X-Application-Context
X-Dns-Prefetch-Control
X-Cache-Lookup
X-ORACLE-DMS-ECID
NEL
X-Dispatcher
Surrogate-Control
Allow
X-Rack-Cache
X-Origin-Upstream-Status
X-Ruxit-JS-Agent
X-Country
X-HW
X-Url
Rating
X-Country-Code
X-FTR-Request-ID
X-TTL
X-DataDome
X-Clacks-Overhead
X-ORACLE-DMS-RID
X-EdgeConnect-MidMile-RTT
X-DynaTrace
X-EdgeConnect-Origin-MEX-Latency
Fusion-Template-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
Fusion-Component-Id
X-Instart-Request-ID
X-Goog-Hash
X-Varnish-TTL
X-PC
X-Vname
X-TtlSet
X-MS-InvokeApp
X-CST
X-Px
Verso
RTSS
Edge-Control
X-Powered-By-Plesk
Public-Key-Pins
X-VARITI-CCR
X-Recruiting
X-Mod-Pagespeed
Service-Worker-Allowed
X-Ah-Environment
X-Exp-Id
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Kinja-Build
X-Kinja
X-D2id
X-Exp-Variant
X-GoogleNews-Bot
X-Cdn-Fetch
X-Middleton-Display
X-Sol
X-Middleton-Response
Response
Display
Pinterest-Generated-By
X-Vcap-Request-Id
X-Version
SPRequestGuid
X-SharePointHealthScore
Accept-Ch-Lifetime
MS-Author-Via
Accept-CH
X-Akam-SW-Version
X-RateLimit-Remaining
TCN
X-GitHub-Request-Id
X-Abt-Application-Version
X-Navigation-Version
X-Powered-CMS
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Upstream
X-Forwarded-Proto
X-B3-TraceId
X-Shard
X-Amz-Server-Side-Encryption
Charset
SPIisLatency
SPRequestDuration
X-SRCache-Store-Status
X-SRCache-Fetch-Status
AR-ATIME
Ar-Sid
X-XRDS-Location
AR-PoweredBy
AR-CACHE
Fastly-Restarts
X-Amz-Rid
X-Aspnetmvc-Version
Nginx-Cache
Realpath
X-Trace
X-Debug
X-ESI
Front-End-Https
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
MRF-Tech
X-Shield-Request-Id
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Cached
AR-Request-ID
X-Ezoic-Cdn
X-Server-Name
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-MSEdge-Ref
Access-Control-Request-Method
Paypal-Debug-Id
X-NF-Request-ID
X-FTR-Expires
X-Country-Code-Real
X-FTR-Cache-Status
Arr-Disable-Session-Affinity
DynaTrace
ServerID
Pagespeed
X-Id
Content-MD5
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Realm
X-FTR-Balancer
X-FTR-Backend
X-Vcache
X-Goog-Storage-Class
MicrosoftSharePointTeamServices
S
X-T
X-DynaTrace-JS-Agent
X-Client-IP
X-Fastly-Request-ID
X-Amz-Meta-S3cmd-Attrs
X-Content-Type
X-Via-JSL
X-Dw-Request-Base-Id
X-Varnish-Age
X-Hits
X-Amzn-Trace-Id
X-B3-Traceid
X-VCache
X-N
X-SERVER
X-RateLimit-Limit
X-Grace
X-FTR-Cache-Host
X-Frontend
X-Correlation-Id
Fastcgi-Cache
X-Forwarded-For
X-Content-Digest
X-FastCGI-Cache
Arc-Version
Powered
X-Mobile-Rewrite
PB-PID
PB-RID
Server-Name
X-Logged-In
X-DIS-Request-ID
X-Ser
X-Accel-Expires
X-B3-Sampled
AMP-Access-Control-Allow-Source-Origin
X-Esi
Accept-Ch
X-GUploader-UploadID
X-HS-Content-Id
X-Microsite
X-Request-Handler-Origin-Region
X-HS-Hub-Id
X-Zen-Fury
TP-L2-Cache
TP-Cache
X-Fastcgi-Cache
X-Cache-Age
X-Request-Received
X-Request-Processing-Time
X-Kinsta-Cache
X-LB-Cache
FilterID
X-Type
X-User-Agent
X-Rid
Backend-Timing
X-Revision
X-AppVersion
X-Az
X-Activity-Id
X-Analytics
X-IPLB-Instance
Healthy
X-Acc-Meta-Resource-Type
X-Node-Name
Edge-Cache-Tag
X-F-Cache
X-Srv
X-Whom
X-Cache-2
Retry-After
X-Time
X-Amz-Apigw-Id
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Amzn-RequestId
X-NWS-LOG-UUID
Accept-Charset
Alternate-Protocol
X-Cache-Hit
X-AOL-HN
X-Cache-Rule
Pinterest-Version
X-Pinterest-Rid
Cache-Status
Server-Node
X-Content-Options
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Surrogate-Key
Refresh
X-Forwarded-Host
X-Jobs
X-Content-Powered-By
X-Content-Security-Policy-Report-Only
DC
X-Cluster
Access-Control-Allow-Method
X-Akamai-Edgescape
X-Instance
X-FW-Type
X-Tumblr-User
X-Page-Id
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Debug-Info
X-FW-Static
X-FB-Debug
X-FW-Hash
X-FW-Server
X-FW-Serve
X-Framework
X-Varnish-Grace
X-PHP-Backend
Source
X-Request-Guid
X-App-Environment
X-B
X-Hostname
Fastcgi-Useragent
MS-CV
X-Hp-Webp
X-App-Server
Cleartype
X-DataStream-Cache-Status
Host
X-B-Cache
X-Signature
Frame-Options
X-Cache-Key
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-BCube-Filmed-By
Tracecode
Actual-Object-TTL
X-Cache-Operation
X-Ratelimit-Reset
Cache-Tag
X-Cached-By
X-Mobile-URL
X-TA-CDN-Provider
X-PressLabs-Stats
X-Varnish-Backend
X-Geo-Country
Liferay-Portal
X-TT
X-Amz-Replication-Status
Xserver
X-Cache-Control
X-Pad
X-Seen-By
NGB
X-Host-Name
X-Mobile
X-Response-Served-From
X-ATG-Version
X-Adobe-Loc
X-Git-Hash
X-Adobe-Content
Payment
X-TT-TIMESTAMP
Upgrade-Insecure-Requests
Eomportal-Instance
X-Status
X-WA-Info
X-WebKit-CSP-Report-Only
X-Tumblr-Pixel-1
X-ProcessESI
X-FW-Dynamic
X-Tumblr-Pixel-2
Filters
Cache-Tv-Group
X-RemovedCookies
WPE-Backend
X-Drupal-Cache-Tags
Ms-Operation-Id
X-TX-ID
X-RTag
X-Handled-By
X-GeoIP
X-Cacheable-TTL
X-RequestSource
X-UA-Device-Type
X-Oracle-Dms-Rid
From-Origin
X-Upstream-Proxy
Webserver
X-Content-Age
X-Cache-TTL-Remaining
Datacenter
GEO-INFO
X-Cache-Remote
X-Edge-Location
X-Webkit-CSP
Viewport
X-Storage
X-Daa-Tunnel
Cache
Accept-CH-Lifetime
X-Accel-Buffering
X-Cache-Action
X-Varnish-Hostname
X-Origin-Server
X-Cache-TTL
X-Ua
X-EdgeConnect-Cache-Status
Version
X-Hyper-Cache
X-CF-Powered-By
Host-Header
X-Contextid
X-Region
PageSpeed
X-Yottaa-Optimizations
X-Yottaa-Metrics
SRV
X-Wix-Request-Id
X-Varnish-Server
Load-Balancing
X-RN-RSRV
Meta-Geo
X-Akamai-Transformed
X-ES-SERVER
X-Cache-Var-Map
X-Akamai-Request-ID2
X-Path-Route
X-Cache-Var
Selected-Fe
S-Cnection
X-Timing-Wait
X-IP
X-Proxy-Build
X-JoinUs
X-From
X-Loop
X-CS
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Cache-Config
Cache-Name
Now
X-Proto
Cache-Tags
X-Proxy
X-TNCMS
X-Backend-Name
Vix-Hermes-Req-Id
X-Generated
X-Labrador-Cache-Channel
X-Rule
Rt-Fastcgi-Cache
X-Hit
X-NCache
X-Origin
X-ApacheServer
X-DataStream-Origin-MEX-Latency
X-Time-Microsecs
DB-Nickname
X-Origin-Response-Time
X-DataStream-MidMile-RTT
X-Upgrade-Enabled
X-Section
X-Cluster-Node
X-Tumblr-Pixel-3
X-Cache-Enabled
Decoy-Debug-Key
X-PERF
X-FC-Vary-Parameters
X-Access
X-Akamai-Request-ID
Decoy-Debug-TTL
Decoy-Debug-Status
Cache-Hits
X-Viewer-Country
X-Via-Fastly
TWC-Connection-Speed
Property-Id
Mn-Server-Ip
Country
Cache-Key
Webcakes-Region
X-Cache-Grace
Azure-Version
X-Varnish-Cache-Hits
X-EIG-Tracking-Id
X-Web-Node
X-Backend-TTL
X-Cache-Host
X-Upstream-HT
X-Trace-Id
X-R9-Blue-Green-Version
X-UnsetCookies
X-CCM
X-Upstream-CT
X-Xfnlog-Site
Ec-Rule-Version
X-FW-Version
X-Hosted-By
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-Format
X-OCL
Webcakes-App-Version
X-PCL
Webcakes-App-Name
X-Origin-Hint
X-FireWall-Port
TWC-Device-Class
S-Rt
Azure-SlotName
Azure-RegionName
Azure-InstanceId
Azure-SiteName
NR-ENABLED
X-S
X-Www-Served-By
X-Device-Type
X-Drupal-Cache-Contexts
X-Locale
X-Debug-Cache
X-Site-Version
OT-Force-Account-Verify
X-Human
X-Varnish-Hits
Server-Info
DSUID
X-Cache-Time
Time
X-Rendered-As
Release
X-NewRelic-App-Data
X-Cache-NE
X-Cache-Server
Ohc-File-Size
X-VG-WebCache
X-VG-TLSProxy
ServedBy
X-Shopify-Stage
Hostname
X-ShardId
X-Alternate-Cache-Key
X-ShopId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Vgn-Hpd-Reason
X-APP-VERSION
X-FB-TRIP-ID
X-Nginx-Cache
X-VCT
X-Mode
Accept-Language
X-Tb
X-Redis-Cache
Machine
Fastcgi-X-Cache-Version
X-Real-IP
X-OVcl
X-OVcl-Cache
X-Presslabs-Stats
Origin
X-B3-Spanid
Cteonnt-Length
NtCoent-Length
Ohc-Cache-HIT
X-No-Session
Origin-Edge-Control
X-Pubstack
X-L-Path
X-Request-Time
Origin-Cache-Control
X-Environment-Context
X-GEO
X-CSRF-TOKEN
X-NC
L5d-Success-Class
X-Generated-By
Odigeo-Trace-Id
Access-Control-Request-Headers
X-Tt-Trace-Tag
X-HS-Cache-Config
X-Load-Cache
X-Magnolia-Registration
X-Cluster-Name
X-AWS-Id
X-VWS-Id
X-LJ-Flow-ID
X-Endurance-Cache-Level
X-DC
Mime-Version
Fastly-SSL
X-App-Version
X-Amzn-Remapped-Content-Length
IBM-Web2-Location
We-Hiring
X-Parent-Response-Time
Mail-Subject
Nel
Akamai-GRN
X-UUID
X-B3-Parentspanid
X-CACHE-KEY
X-XRDS-LOCATION
X-Routing-Service
X-Zipkin-Id
X-ServerID
X-GoCache-CacheStatus
Request-Time
X-Rocket-Nginx-Bypass
X-NGENIX-Cache
X-ECACHE
X-Proxied
X-Urbn-Context-Path
Locale
X-Oneagent-Js-Injection
X-Urbn-Site-Id
Meta-Geo-Continent
X-Node-Id
Memcached
MD5-Digest
GEO-REGION-INFO
BehaviorPad-Version
Apple-News-Services-Handled
A
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
AsisCache
Apple-News-Services-Request-Url
Cache-Prefix
Cdn-Host
Fly-Cache
Fly-Request-Id
Cross-Origin-Window-Policy
Content-Style-Type
Cdn-Request-Time
Content-Script-Type
Arc-Country
X-Connection-Hash
X-Region-Sid
X-PAYTM-SRV-ID
X-Request-UUID
X-Rewrite-Enabled
X-Rojux
X-Origin-Expires
X-Origin-Date
X-G
X-External-Request-Id
X-Instart-Info
X-Is-Bot
X-Org
X-S-Cookie
X-S-Maxage
X-Vtex-Processado-Em
X-VG-WebServer
X-Vtex-Remote-Cache
X-Worker
Xc-Version
X-Twitter-Response-Tags
X-Trv-Group
X-Server-Time
X-ScT
X-SRCache-Key
X-SS-Set-Cookie
X-Transaction
X-Edge-Server
X-DPWN-IS-SECURE
X-A-Ccd
X-A
X-A-Dam
X-A-Dcw
X-A-Dgt
VivaBuild
Viewtype
Rendered-Blocks
Node
Rt-Proxy-Cache
Server-ID
T-Server
X-A-Wwc
X-Accel-Expires-Debug
X-Date
X-D
X-Destination
X-Detected-As
X-Developer
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Aed
X-Application
X-ARC
X-B-Cookie
Mobile-Detection-Method
X-AIR-PT
X-BYPASS-REASON
Uber-Trace-Id
Proxy-Connection
X-ProxyCache-Status
X-MServer
X-ProxyCache-Key
X-Via-CDN
ServerName
X-Soup
Backend-Name
CF-IPCountry
X-Hl-Ver
IsBot
X-Bip
X-Azure-Ref-OriginShield
X-Cache-Bucket
X-Azure-Ref
Fastly-Soc-X-Request-Id
X-Auto-Login
X-IN-APIGATEWAYSSL
N-Cache
X-IN-APIGATEWAY
NGX
Request-EU
Request-Country
X-Core-Mission
Section-Io-Cache
X-Cms-Context
X-Developers
Countrycode
X-Fastly-Cache
X-Distributor
X-Distil-CS
X-Cdn-Srv
X-Clientip
Gh-Request-Id
X-Origin-CC
X-Up
X-Request-Start
X-SVT-ORM-RULES
X-Origin-TTL
X-TrackingId
X-SVT-ORM-VERSION
X-Thanos
X-SIPLIST1
X-VC-Cache
X-Release
X-WebServer
User-Cache-Control
X-ElasticPress-Search
X-Guploader-Uploadid
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Device-Os
X-Wikidot-Backend
X-ABtesting
X-CUA
X-App-Name
X-Thinkindot-L3
X-MP-GENERATED-AT
X-Amz-Meta-Cache-Control
X-Debug-Log
X-Debug-Cookies
X-Unique-ID
X-Debug-Cache-Store
X-Wikidot-Static-Cache
X-Compress-Hint
X-Cache-FS-Status
X-Cache-Id
X-VServer
X-C
X-WADP-Cache
X-Block-Status
X-Cache-Info
X-Cdn-Origin
X-Backend-Host
X-We-Are-Hiring
X-Variation
X-Clara-WADP
X-CGP
X-Backend-Url
X-BBXSRF
X-Skip-Cache
X-Method
X-MSEdge-Features
X-MSEdge-Flight
X-Rebelmouse-Surrogate-Control
X-Matched-Rule
X-Reboot
X-LI-Proto
X-LI-UUID
X-Location
X-Nginx-Cache-Key
X-NX-Host
X-Proxy-Upstream
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Proxy-Cache-Status
X-Platform-Server
X-Old-Content-Length
X-Owner
X-PHP-Host
X-Li-Pop
X-Level-Front-Cache
X-Flog
X-Gen-Mode
X-Generated-In
X-ServiceProvider
X-Fetched-On
X-Eu-Site
X-Sn-Servicetimems
X-Rebelmouse-Cache-Control
X-Generated-On
X-Generation-Time
X-B3-SpanId
X-Request-URI
X-Irp-Debug
X-Hnp-Log
X-Hello
X-Geo-Header
X-GeoIP-City
X-Hash
X-Epic-Correlation-Id
X-Li-Fabric
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
RNT-Time
RNT-Machine
Magicmarker
AKAMAI
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Adler-Geo
CDCHOST
Content-Disposition
Ha-Gx-Prefs
HA-Ipaddr
Is-Eu
L
Fastly-SWR
PFcat
Country-Code
Esi-Enabled
Fastly-SIE
Platform
True-Client-Country-4JS
Server-Int
W
V-Age
X-Microcachable
Wxu-Next-Region
X-Dispatch
X-Dispatcher-Server
X-User
Pramga
X-Qloud-Router
X-Page-Type
X-Say-Cacheable
X-Webstats-RespID
X-Key
Heartbleed
Kp-EeAlive
Memory
X-GDPR
X-HS-Combine-CSS
X-Internal-Host
Pagetype
X-Swa-Ws
Wxu-Next-Hostname
X-Say-TTL
Wxu-Next-Commit
X-SayCDN-TTL
X-Response-By
X-Backend-State
X-SD-PageType
X-Server-IP
SS
Server-Host
X-Reqid
X-Servername
SD-X-WS
Web-Mar-Node
Served-By
X-Element-Page-Cache
X-Cdn-Forward
X-Uri
X-IPS-LoggedIn
Resin-Trace
X-Policy
UCS
X-SERVER-NAME
ProcessTime
X-FPC
X-Wa
X-Logtrace-Id
Ajk
Powered-By-ChinaCache
X-Servedbyhost
REQUESTUUID
X-HTML-Minification-Powered-By
Proxy-Firewall
X-Var-Ttl
X-Service
X-Nc
X-Geo
X-Is-Gdpr
X-Has-Esi
Cache-Provider
X-JWT-State
X-Ratelimit-Limit
X-Lb-Id
X-Dc
X-Datadome
X-Cache-Backend
X-Cache-Category-Id
X-Grey
Powered-By
X-VCL-Version
Srv
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-NWS-UUID-VERIFY
X-Oss-Request-Id
X-Oss-Storage-Class
X-Tb-Optimization-Total-Bytes-Saved
X-Processor
X-Cache-Ttl
X-SRV
X-ZONE
X-TH-Server
Fastly-Backend-Name
X-Pjax-Url
X-Server-ID
X-Be
X-Varnish-Beresp-Ttl
X-Ruxit-Js-Agent
X-Info
X-CDN-Forward
GeoIP-Latitude
X-Cache-URL
X-RCS-CacheZone
GeoIP-Country-Code
X-Svr
X-RateLimit-Reset
PICS-Label
GeoIP-City
SN
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-Webkit-Csp
X-Instart-Isnd
X-HS-Status
X-Ftr-Request-Id
X-Ttl
X-Dynatrace
X-Zone
X-SN
GW-Server
X-Scheme
X-Varnish-Beresp-Status
X-Source
X-UA
X-Varnish-Beresp-Grace
X-GRACE
X-Newrelic-Synthetics
Cdn
X-NodeID
CACHE
X-Varnish-Url
X-LAGOON
X-Pf-Uncompressing
Group
X-EC-Lua
X-Gannett-Site-Version
WZWS-RAY
X-Bc
X-Secret
Dynatrace
X-Varnish-Beresp-TTL
On-Server
X-CDN-Cache
CF-Cached-On
X-Dynatrace-Js-Agent
X-PF-Uncompressing
LB
X-Varnish-Cacheable
X-Check-Cacheable
X-NODE
X-LiteSpeed-Cache-Control
X-Ftr-Cache-Host
Ttl
X-Server-W
X-Sucuri-Id
Cache-Host
User-Agent
X-GeoIP-Country-Code
X-Tt-Trace-Host
X-BC
Inserted-Into-Cache-At
X-APP
X-Ratelimit-Remaining
X-Ms-Request-Id
X-Ms-Version
X-Via-Ucdn
Environment
X-NU-AKA-ACS-Version
Pics-Label
X-BE
X-COUNTRY
X-Edge
XServer
X-Fastly-Country-Code
WWW
Geoip-Latitude
X-Akamai-SSL-Client-Sid
Geoip-City
GeoIp-Country-Code
X-Aicache-OS
X-Crawler
X-PJAX-URL
Who
X-URL
X-Ftr-Realm
X-Ftr-Balancer
X-Ftr-Dc
MIME-Version
X-Ftr-Backend
X-Ftr-Backend-Server
X-Mid
Ohc-Response-Time
X-Render-Time
Lfy
X-Cache-Debug
X-Session-Fingerprint
Cf-Ipcountry
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
X-Vcl-Version
X-CSRF-Token
X-MCACHE
X-LB-ID
Requestid
X-FE
M-TraceId
X-Varnish-Ttl
X-Agile-Age
X-Agile-Id
X-Agile
X-Fastly-Backend-Reqs
X-FORWARDED-FOR
SID
Amp-Access-Control-Allow-Source-Origin
URI
X-Served-From
X-Litespeed-Cache-Control
X-UPSTREAM-Address
X-Micro-Cache
X-Via-Edge
X-Via-SSL
Lb
X-WR-MODIFICATION
X-Logging-Id
X-7Graus-Varnish-XKeys
X-7Graus-Varnish-Cache-Control
Xkeyrz
X-Proxy-Cacherz
HostName
X-Sedo-Request-Id
RequestUuid
Host-ID
X-Amzn-Remapped-Date
X-Cache-Miss-From
X-Cache-Tag
X-Amzn-Remapped-Connection
X-Correlation-ID
X-Cf-Powered-By
DataCenter
X-Fpc
X-Vct
X-Page-Impression-Id
X-Protected-By
X-Flow-Id
X-Zalando-Child-Request-Id
X-Action
X-DSS
X-ServedByHost
X-WA
X-Nananana
CDN
X-RSL
X-RPS
X-RPM
Xkeypdq
X-DW
X-DI
X-DB
X-Fastly-Cache-Hits
WebServer
X-NGINX-Cache
X-Newrelic-App-Data
X-VC
X-ND-Cache
X-Via-NSCOPI
X-Cdn-Request-ID
X-TIME
FNAC-ModuleRouting
X-SB
X-MID
X-Dw-Trace-Id
Warning
X-Ecache
X-Vdms-Version
X-Core-Value
X-Request-Url
X-Refresh
Cneonction
Correlation-Id
X-Swift-Error
Cdncip
Xet-Cookie
Cdnsip
X-AK-Request-ID
X-Unique-Id
X-Apw-Hits
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Apw-Access-Token
X-Apw-Access-Object
Pragrma
X-Serial
X-Apw-Access-Action
X-Fe
X-Planisys-CDN-TTL
X-ServerName
X-MiniProfiler-Ids
X-Gdpr
X-Bug-Bounty
HitType
X-Request-URL
Processtime
X-ECache
V-Cache