Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Request-Id
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
X-Drupal-Cache
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
P3p
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
Status
X-Template
X-Language
Timing-Allow-Origin
Content-Encoding
X-FRAME-OPTIONS
X-Content-Security-Policy
X-Iinfo
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Amz-Id-2
X-Amz-Request-Id
X-Pingback
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
X-Server-Powered-By
EagleId
X-Varnish-Cache
X-UA-Device
X-Nginx-Cache-Status
Request-Context
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
X-WebKit-CSP
X-Ua-Compatible
Ali-Swift-Global-Savetime
Feature-Policy
X-Device
Server-Timing
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Host
X-Ac
Report-To
X-Rq
Content-Location
X-OneAgent-JS-Injection
X-Node
X-Server-Id
X-Backend-Server
X-Cnection
X-Response-Time
X-Origin-Cache
EagleEye-TraceId
X-Cloud-Trace-Context
X-Application-Context
Allow
Request-Id
X-Readtime
Surrogate-Control
X-Cache-Lookup
X-Country
X-ORACLE-DMS-ECID
X-Url
X-DynaTrace
X-Ruxit-JS-Agent
X-Cdn
X-Vhost
X-Rack-Cache
X-Clacks-Overhead
X-ORACLE-DMS-RID
Pinterest-Generated-By
X-Origin-Upstream-Status
NEL
X-TTL
X-CST
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Rating
X-HW
X-FTR-Request-ID
X-Country-Code
X-Dns-Prefetch-Control
X-Goog-Hash
X-Instart-Request-ID
X-Dispatcher
X-DataStream-Cache-Status
Edge-Control
X-Px
X-Vname
X-PC
X-TtlSet
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Id
Fusion-Source
Fusion-Content-Source
X-VARITI-CCR
Service-Worker-Allowed
X-Mod-Pagespeed
X-MS-InvokeApp
SPRequestGuid
Verso
X-ESI
X-B3-TraceId
X-DataDome
X-Recruiting
X-Request-ID
X-Use-Magma
X-Exp-Id
X-Exp-Variant
X-Cdn-Fetch
X-Kinja
X-Kinja-Revision
X-Kinja-Server
X-Kinja-Build
X-GoogleNews-Bot
X-D2id
X-Varnish-TTL
X-Vcap-Request-Id
X-SharePointHealthScore
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
X-Server-Name
X-RateLimit-Remaining
X-Powered-By-Plesk
TCN
DynaTrace
X-Navigation-Version
X-Middleton-Response
X-Sol
Display
X-Middleton-Display
X-GitHub-Request-Id
Response
X-SRCache-Store-Status
X-SRCache-Fetch-Status
RTSS
Accept-Ch-Lifetime
X-Server-ID
Content-MD5
Charset
X-Akam-SW-Version
AR-ATIME
MS-Author-Via
AR-CACHE
AR-PoweredBy
Ar-Sid
X-Amz-Rid
X-Shield-Request-Id
Realpath
X-Trace
ServerID
AR-Request-ID
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Dw-Request-Base-Id
X-Powered-CMS
X-Cached
X-DynaTrace-JS-Agent
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Version
Nginx-Cache
X-Forwarded-Proto
X-Shard
SPRequestDuration
SPIisLatency
X-Upstream
X-Goog-Storage-Class
Pagespeed
Accept-CH
X-Pinterest-Rid
X-Upstream-Proxy
Pinterest-Version
Public-Key-Pins
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
MRF-Tech
X-Mrf-Item-Lastmod
X-Client-IP
X-MSEdge-Ref
Paypal-Debug-Id
Fastly-Restarts
Access-Control-Request-Method
S
X-VCache
X-Amz-Meta-S3cmd-Attrs
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
Accept-Ch
X-Ezoic-Cdn
X-Debug
X-Id
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Backend
X-FTR-Expires
X-DIS-Request-ID
X-T
X-Fastly-Request-ID
MicrosoftSharePointTeamServices
X-N
X-XRDS-Location
X-Ser
Alternate-Protocol
Arr-Disable-Session-Affinity
X-Mobile-Rewrite
Arc-Version
PB-PID
PB-RID
X-Varnish-Age
X-NF-Request-ID
X-Hits
Front-End-Https
Fastcgi-Cache
X-B3-Sampled
X-Acc-Meta-Resource-Type
X-Amzn-Trace-Id
X-Content-Type
X-Frontend
X-FTR-Cache-Host
X-Logged-In
X-Grace
Server-Name
X-Content-Digest
X-Pad
X-Srv
Host
X-Forwarded-For
X-Fastcgi-Cache
AMP-Access-Control-Allow-Source-Origin
X-Correlation-Id
Nel
X-Node-Name
X-FastCGI-Cache
X-Request-Handler-Origin-Region
X-Microsite
FilterID
Powered-By-ChinaCache
TP-Cache
Healthy
TP-L2-Cache
X-LB-Cache
X-Debug-Info
X-Kinsta-Cache
Edge-Cache-Tag
X-Type
X-Rid
X-IPLB-Instance
X-GUploader-UploadID
X-AOL-HN
X-Request-Processing-Time
X-Request-Received
X-User-Agent
X-Vcache
X-Cached-By
X-Cache-2
X-HS-Hub-Id
X-HS-Content-Id
X-Hostname
X-Cache-Rule
X-Revision
Powered
X-F-Cache
Surrogate-Key
X-XRDS-LOCATION
X-RateLimit-Limit
X-Accel-Expires
X-Zen-Fury
Backend-Timing
X-Cache-Age
X-Analytics
X-Amz-Apigw-Id
X-Page-Id
X-Amzn-RequestId
VIX-Pulpo-Node
X-Content-Security-Policy-Report-Only
VIX-Pulpo-Upstream-Status
X-Content-Options
X-Varnish-Grace
X-Cache-Key
X-BCube-Filmed-By
X-Varnish-Backend
X-Cluster
X-FB-Debug
X-Jobs
Source
X-Request-Guid
X-Content-Powered-By
X-PHP-Backend
Cache-Status
X-Amz-Replication-Status
X-Kong-Proxy-Latency
X-Instance
X-Kong-Upstream-Latency
X-App-Environment
X-TT
X-Tumblr-Pixel-0
X-Tumblr-User
X-Akamai-Edgescape
Cleartype
X-Tumblr-Pixel
X-Framework
X-AppVersion
X-Activity-Id
Tracecode
X-Az
WPE-Backend
X-Varnish-Hostname
Server-Node
X-Via-JSL
Refresh
X-Forwarded-Host
Host-Header
X-Cache-TTL
X-Mobile
X-NWS-LOG-UUID
X-Cache-Operation
X-ATG-Version
X-Cache-Control
Accept-Charset
Actual-Object-TTL
X-Time
X-FW-Serve
X-B-Cache
X-FW-Hash
X-Signature
X-FW-Server
X-FW-Static
X-FW-Type
X-Drupal-Cache-Tags
X-Cache-Action
X-B3-Traceid
DC
Liferay-Portal
X-Edge-Location
Access-Control-Allow-Method
Upgrade-Insecure-Requests
X-App-Server
X-Accel-Buffering
X-Whom
X-Cache-Hit
X-TA-CDN-Provider
X-Response-Served-From
X-Hp-Webp
X-Storage
X-TX-ID
X-Mobile-URL
Payment
X-WebKit-CSP-Report-Only
X-UA-Device-Type
Fastcgi-Useragent
X-Content-Age
X-VG-WebCache
X-Handled-By
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-TT-TIMESTAMP
X-RequestSource
X-SS-Set-Cookie
X-Cacheable-TTL
Filters
X-GeoIP
X-Adobe-Loc
X-Git-Hash
Cache
Eomportal-Instance
X-Adobe-Content
X-B
Server-Info
X-RemovedCookies
Xserver
X-ProcessESI
Viewport
X-Ratelimit-Reset
X-Geo-Country
Cache-Tv-Group
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-WA-Info
X-FB-TRIP-ID
Cache-Tag
X-Cache-TTL-Remaining
Webserver
Datacenter
X-Cache-Enabled
X-Status
Retry-After
X-Erf-Bev-Bev-Is-Generated
NGB
X-Erf-Bev-Bev
X-Contextid
X-Seen-By
S-Cnection
X-FW-Dynamic
X-Ratelimit-Limit
X-Presslabs-Stats
X-CF-Powered-By
X-APP-VERSION
X-Host-Name
X-Mode
X-Origin-Server
X-Magnolia-Registration
X-Varnish-Hits
Country
Accept-CH-Lifetime
X-Rendered-As
X-Cache-Var
X-Cache-Config
X-AWS-Id
Load-Balancing
Machine
Meta-Geo
X-LJ-Flow-ID
X-VWS-Id
X-VCT
X-Path-Route
X-Daa-Tunnel
X-PressLabs-Stats
X-RN-RSRV
X-ES-SERVER
X-Cache-Var-Map
Vix-Hermes-Req-Id
DSUID
Release
From-Origin
X-Zipkin-Id
X-Upstream-CT
Mail-Subject
X-Upstream-HT
GEO-INFO
X-Routing-Service
We-Hiring
X-Proxied
X-Human
X-Real-IP
MS-CV
X-Cache-Host
X-Labrador-Cache-Channel
X-Cache-Grace
Cache-Key
X-PCL
X-Debug-Cache
X-Device-Type
Mn-Server-Ip
X-OCL
X-TNCMS
ServedBy
Uber-Trace-Id
X-Hit
X-Access
X-EIG-Tracking-Id
X-Web-Node
Frame-Options
X-Viewer-Country
X-Cache-NE
X-Varnish-Server
X-Loop
X-From
X-RCS-CacheZone
X-Section
X-R9-Blue-Green-Version
X-Rule
Now
X-BYPASS-REASON
X-Origin-Response-Time
X-Proto
X-MP-GENERATED-AT
X-Cluster-Node
X-CCM
X-VG-TLSProxy
X-ProxyCache-Key
X-Akamai-Request-ID
X-Upgrade-Enabled
X-ProxyCache-Status
X-Backend-Name
X-Varnish-Cache-Hits
OT-Force-Account-Verify
Rt-Fastcgi-Cache
X-Hyper-Cache
X-Esi
X-Environment-Context
X-L-Path
X-Alternate-Cache-Key
X-FC-Vary-Parameters
X-Sorting-Hat-PodId
X-Generated
X-S
NGX
X-Tumblr-Pixel-3
X-Redis-Cache
X-Proxy-Build
X-Timing-Wait
X-Shopify-Stage
X-JoinUs
X-Sorting-Hat-ShopId
X-Xfnlog-Site
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Region
X-ShopId
Akamai-GRN
X-Hosted-By
X-ShardId
Decoy-Debug-Key
Decoy-Debug-Status
Cache-Name
X-UUID
X-Guploader-Uploadid
X-Cache-Remote
Decoy-Debug-TTL
X-Platform-Server
X-NCache
X-Endurance-Cache-Level
X-Generated-By
X-Trace-Id
X-Via-Fastly
X-RTag
Ms-Operation-Id
X-Site-Version
DB-Nickname
X-Locale
X-Nginx-Cache
X-Www-Served-By
X-Hl-Ver
X-ECACHE
X-MServer
X-Drupal-Cache-Contexts
Cteonnt-Length
X-NewRelic-App-Data
X-Vgn-Hpd-Reason
X-Rocket-Nginx-Bypass
X-GRACE
X-ServerID
X-EdgeConnect-Cache-Status
X-Load-Cache
ProcessTime
X-Ttl
X-Request-Time
X-IPS-LoggedIn
Time
X-Wix-Request-Id
X-Time-Microsecs
X-Litespeed-Cache
L5d-Success-Class
X-IP
X-Via-CDN
X-Cache-Backend
X-Dc
Version
S-Rt
X-Origin
Served-By
X-Microcachable
TWC-Locale-Group
Webcakes-Region
Webcakes-App-Version
NtCoent-Length
Origin
X-Origin-Hint
Webcakes-App-Name
TWC-Privacy
TWC-Connection-Speed
X-Unique-ID
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-LatLong
Property-Id
Azure-SiteName
Azure-SlotName
X-Distributor
Origin-Cache-Control
Origin-Edge-Control
Azure-Version
Azure-InstanceId
Azure-RegionName
X-Proxy
X-GEO
Fastly-SSL
X-B3-Spanid
X-Oneagent-Js-Injection
X-FireWall-Port
X-No-Session
Fastcgi-X-Cache-Version
X-FW-Version
X-Cache-Category-Id
X-Datadome
X-Cache-Server
X-Grey
X-Pubstack
CACHE
X-Via-NSCOPI
Access-Control-Request-Headers
X-RateLimit-Reset
X-Nc
X-Detected-As
X-UA
X-BACKEND-TTL
X-Is-Bot
X-PERF
Hostname
X-ApacheServer
IBM-Web2-Location
SRV
Odigeo-Trace-Id
X-Format
X-HTML-Minification-Powered-By
Cache-Tags
X-Webkit-Csp
X-Ua
X-Powered-By-Defense
X-CS
Proxy-Connection
X-Edge
X-Akamai-Transformed
Backend-Name
X-Varnish-Cacheable
X-Cdn-Forward
HA-Ipaddr
X-Edge-Server
X-DPWN-IS-SECURE
X-CF-Lambda-Version
X-External-Request-Id
X-Eu-Site
Xc-Version
X-Worker
X-CF-Lambda-Fn
Ha-Gx-Prefs
X-CGP
MD5-Digest
X-Twitter-Response-Tags
X-VG-WebServer
X-Debug-Log
X-Transaction
X-Cache-Bucket
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Cluster-Name
Meta-Geo-Continent
Mobile-Detection-Method
Node
X-G
X-NU-AKA-ACS-Version
Cdn-Request-Time
X-Developer
Cdn-Host
X-Date
Fastly-SWR
Content-Script-Type
Content-Style-Type
Ec-Rule-Version
X-Destination
Cross-Origin-Window-Policy
X-Debug-Cookies
Fastly-SIE
Cache-Prefix
Cache-Cookie-Set-Lfrom
X-D
Fly-Request-Id
GEO-REGION-INFO
X-Connection-Hash
Proxy-Firewall
Arc-Country
AsisCache
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
BehaviorPad-Version
Fly-Cache
A
X-Trv-Group
X-App-Name
X-Application
X-AIR-PT
X-Aed
X-A-Wwc
X-Accel-Expires-Debug
X-A
X-ARC
X-Request-UUID
X-IN-APIGATEWAY
X-Instart-Info
ServerName
X-B-Cookie
Viewtype
VivaBuild
X-A-Ccd
X-Processor
X-PAYTM-SRV-ID
X-Org
X-NX-Host
X-A-Dam
X-A-Dcw
X-A-Dgt
X-Region-Sid
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-ND-Cache
Rendered-Blocks
X-HS-Combine-CSS
Request-EU
Rt-Proxy-Cache
Request-Time
X-Server-Time
X-ScT
X-S-Maxage
X-SRCache-Key
Request-Country
X-Rewrite-Enabled
X-HS-Cache-Config
X-Rojux
X-S-Cookie
Server-ID
On-Server
RNT-Time
Platform
Mime-Version
X-Cache-Id
Resin-Trace
RNT-Machine
Memcached
X-Cdn-Srv
Is-Eu
X-Core-Mission
Server-Host
X-Clientip
X-Cdn-Origin
True-Client-Country-4JS
X-Cache-Info
X-Backend-State
Server-Int
Section-Io-Cache
X-Internal-Host
Adler-Geo
X-Key
X-Level-Front-Cache
X-We-Are-Hiring
X-Irp-Debug
X-C
X-ServiceProvider
PageSpeed
X-Generated-On
X-Geo-Header
X-TH-Server
Countrycode
X-Sn-Servicetimems
X-Hash
X-Variation
X-GeoIP-Country-Code
X-B3-Parentspanid
X-Request-URI
X-Fastly-Cache
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Request-Url
X-Dispatcher-Server
Country-Code
X-PHP-Host
X-Qloud-Router
Apple-News-Services-Handled
X-Epic-Correlation-Id
X-UnsetCookies
X-Tb
X-Server-IP
X-Reqid
X-B3-SpanId
X-Compress-Hint
X-Response-By
X-Hnp-Log
X-LI-Proto
X-Method
X-Reboot
X-Protected-By
X-Location
X-LI-UUID
X-Amz-Meta-Cache-Control
X-Li-Pop
X-Request-Start
X-Li-Fabric
X-Swa-Ws
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Fetched-On
X-Fstrz
X-ElasticPress-Search
X-Distil-CS
X-Developers
X-Device-Os
X-Crawler
X-CDN-Cache
X-Gen-Mode
X-Block-Status
X-BBXSRF
X-Servername
X-Served-From
X-SIPLIST1
X-SVT-ORM-RULES
X-Webstats-RespID
X-WebServer
X-SVT-ORM-VERSION
X-SD-PageType
Web-Mar-Node
SS
PFcat
X-Akamai-Request-ID2
CDCHOST
Content-Disposition
SD-X-WS
Pramga
AKAMAI
REQUESTUUID
IsBot
UCS
Who
Wxu-Next-Commit
Wxu-Next-Hostname
V-Age
User-Cache-Control
Wxu-Next-Region
Fastly-Soc-X-Request-Id
Gh-Request-Id
X-Parent-Response-Time
Esi-Enabled
X-Thanos
X-Thinkindot-L3
X-Secret
X-Origin-Expires
X-GeoIP-City
X-Origin-Date
X-Nginx-Cache-Key
X-Matched-Rule
X-Generation-Time
X-Owner
X-Skip-Cache
X-Via-Edge
X-Release
X-Gannett-Site-Version
X-Dispatch
X-Cms-Context
Thinkindot-CacheControl
X-Via-SSL
Powered-By
Pragrma
X-Bip
X-VServer
Thinkindot-Control
GW-Server
Thinkindot-CacheControl-Type
Heartbleed
X-CDN-Forward
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Auto-Login
X-Cache-FS-Status
X-VC-Cache
LB
X-NC
X-Varnish-Ttl
X-App-Version
X-Be
X-CLOUD-TRACE-CONTEXT
W
X-CUA
X-OVcl
X-IN-WAF
X-FPC
X-OVcl-Cache
X-Core-Value
X-Azure-Ref-OriginShield
X-Azure-Ref
X-Birta-Cache-Post
X-Phone
X-Birta-Served
X-Origin-CC
X-Origin-TTL
X-Varnish-IP
X-Varnish-Url
X-WADP-Cache
X-Ratelimit-Remaining
X-Clara-WADP
X-CACHE-KEY
Memory
HitType
Selected-FE
Accept-Language
CF-IPCountry
X-Geo
X-LAGOON
L
X-Info
X-Proxy-Upstream
N-Cache
X-Page-Type
X-Varnish-Beresp-Ttl
X-Proxy-Cache-Status
X-DC
X-TrackingId
Kp-EeAlive
X-FE
X-URL
X-Source
Cdn
User-Agent
Selected-Fe
X-Amzn-Remapped-Content-Length
X-Dynatrace-Js-Agent
X-Oracle-Dms-Rid
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Pf-Uncompressing
Magicmarker
X-Web-Server
X-Urbn-Context-Path
X-Zone
Locale
X-Urbn-Site-Id
X-Agile-Id
X-Cache-Debug
X-Agile
X-Agile-Age
X-Flog
X-Hello
X-Servedbyhost
Pagetype
X-TT-LOGID
X-HS-Status
X-Refresh
X-ABtesting
X-Newrelic-Synthetics
Geoip-Latitude
X-Generated-In
X-Backend-TTL
X-User
GeoIp-Country-Code
Geoip-City
X-MID
X-Mid
X-Check-Cacheable
X-Real-Ip
X-Aicache-OS
CF-Cached-On
X-ZONE
X-VCL-Version
X-Backend-Url
X-Vcl-Version
X-Soup
X-GoCache-CacheStatus
X-Up
X-Backend-Host
SN
X-Ruxit-Js-Agent
Ohc-Cache-HIT
Amp-Access-Control-Allow-Source-Origin
Ohc-File-Size
X-NWS-UUID-VERIFY
FSS-Cache
Group
FSS-Proxy
X-Tb-Optimization-Total-Bytes-Saved
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-MSEdge-Features
X-MSEdge-Flight
GeoIP-Country-Code
X-Debug-Cache-Expiry
X-APP
X-Tt-Trace-Tag
X-ServedByHost
X-Oss-Storage-Class
X-Oss-Request-Id
HTTPS
X-UPSTREAM-Address
X-Oss-Hash-Crc64ecma
Srv
X-Oss-Object-Type
GeoIP-City
X-Oss-Server-Time
GeoIP-Latitude
WZWS-RAY
X-EC-Lua
HostName
X-SN
Server-Cache-Control
Backend
Www
X-BC
Server-Surrogate-Control
RequestId
X-Varnish-Authentication
X-Cache-ASPX
X-Contensis-Viewer-Groups
Cf-Ipcountry
X-SERVER-NAME
X-Say-Cacheable
X-COUNTRY
X-Via-Ucdn
X-Old-Content-Length
X-Say-TTL
X-SayCDN-TTL
X-Instart-Isnd
Lb
X-CSRF-Token
X-Akamai-SSL-Client-Sid
X-Cache-Expires
Host-ID
X-NGENIX-Cache
X-Varnish-Beresp-TTL
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Bc
X-Nananana
X-ECache
Xkeyrz
X-Proxy-Cacherz
X-PF-Uncompressing
WebServer
X-Dynatrace
X-Cache-Ttl
Cache-Hits
XServer
X-Node-Id
X-Varnish-Action
URI
X-Request-Url
Inserted-Into-Cache-At
X-Cache-Tag
Fastly-Backend-Name
Requestid
Epwk-Cache
X-PAGE-TYPE
Fastcgi-X-Cache
X-TIME
X-FORWARDED-FOR
Is-Session-Tracking
X-IN-APIGATEWAYSSL
X-WR-MODIFICATION
Xkeynj
X-Logtrace-Id
X-Fastly-Backend-Reqs
X-Unique-Id
Ajk
X-CSRF-TOKEN
Get-Access-Time
X-Fastly-Country-Code
X-AssetVersion
X-MCACHE
X-Edge-IP
X-Requestid
X-Cache-Time
X-Cache-Miss-From
X-Sedo-Request-Id
Dynatrace
X-LiteSpeed-Cache-Control
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
Pics-Label
X-Wa
X-Pjax-Url
X-Var-Ttl
X-Svr
X-Sf
Cneonction
FNAC-ModuleRouting
DataCenter
Xet-Cookie
X-SRV
CDN
X-Lb-Id
X-Swift-Error
X-Fastly-Cache-Hits
Correlation-Id
X-BE
Cache-Provider
X-Dw-Trace-Id
X-NGINX-Cache
X-Correlation-ID
X-Fpc
X-Apw-Access-Action
T-Server
X-Apw-Access-Token
X-Apw-Access-Object
X-WA
X-Apw-Hits
X-ServerName
X-Akamai-ERPolicy
Warning
X-Page-Impression-Id
X-Bug-Bounty
PICS-Label
X-PJAX-URL
X-GDPR
X-LB-ID
X-Zalando-Child-Request-Id
Sid
X-App
X-Akamai-ERRuleID
X-RSL
X-Flow-Id
X-Html-Edge-Cache
X-WPE-Loopback-Upstream-Addr
X-Alicdn-Da-Ups-Status
X-LiteSpeed-Tag
Ohc-Response-Time
X-DB
X-DI
RequestUuid
X-Policy
X-RPS
X-RPM
X-DSS
X-DW
Lfy