Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Xss-Protection
X-Served-By
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
X-Drupal-Cache
Alt-Svc
P3p
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
X-Template
Status
X-Language
Timing-Allow-Origin
X-FRAME-OPTIONS
Content-Encoding
X-Content-Security-Policy
X-Iinfo
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-Turbo-Charged-By
X-CDN
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Amz-Request-Id
X-Amz-Id-2
X-Pingback
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
X-Server-Powered-By
EagleId
X-Varnish-Cache
X-UA-Device
X-Nginx-Cache-Status
Request-Context
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
X-WebKit-CSP
X-Ua-Compatible
Ali-Swift-Global-Savetime
Feature-Policy
X-Device
Server-Timing
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Host
X-Ac
Report-To
X-Rq
Content-Location
X-OneAgent-JS-Injection
X-Node
X-Server-Id
X-Backend-Server
X-Response-Time
X-Cnection
X-Origin-Cache
X-Cloud-Trace-Context
EagleEye-TraceId
X-Application-Context
Allow
Request-Id
Surrogate-Control
X-Readtime
X-Cdn
X-Cache-Lookup
X-Country
X-ORACLE-DMS-ECID
X-Url
X-Ruxit-JS-Agent
X-Rack-Cache
X-DynaTrace
X-Vhost
Pinterest-Generated-By
X-Clacks-Overhead
X-ORACLE-DMS-RID
X-Origin-Upstream-Status
NEL
X-CST
X-TTL
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Rating
X-FTR-Request-ID
X-Country-Code
X-Dns-Prefetch-Control
X-HW
X-Goog-Hash
X-Instart-Request-ID
X-Dispatcher
X-DataStream-Cache-Status
Edge-Control
X-Px
Fusion-Template-Id
Fusion-Content-Source
Fusion-Source
Fusion-Component-Id
Fusion-Content-Id
X-Vname
X-TtlSet
X-PC
X-VARITI-CCR
Service-Worker-Allowed
X-Mod-Pagespeed
X-MS-InvokeApp
SPRequestGuid
Verso
X-B3-TraceId
X-ESI
X-Request-ID
X-Recruiting
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Kinja
X-Use-Magma
X-Kinja-Revision
X-Kinja-Server
X-Kinja-Build
X-DataDome
X-Varnish-TTL
X-D2id
X-Vcap-Request-Id
X-SharePointHealthScore
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
X-Server-Name
X-RateLimit-Remaining
TCN
X-Powered-By-Plesk
X-GitHub-Request-Id
X-Middleton-Display
Display
X-SRCache-Fetch-Status
X-Sol
DynaTrace
X-SRCache-Store-Status
X-Middleton-Response
Response
RTSS
Content-MD5
X-Navigation-Version
Charset
X-Server-ID
X-Akam-SW-Version
Accept-Ch-Lifetime
AR-CACHE
AR-ATIME
Ar-Sid
AR-PoweredBy
MS-Author-Via
X-Amz-Rid
ServerID
X-Trace
X-Shield-Request-Id
AR-Request-ID
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Cached
X-Dw-Request-Base-Id
X-Powered-CMS
Realpath
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-DynaTrace-JS-Agent
X-Version
Nginx-Cache
X-Forwarded-Proto
X-Shard
SPIisLatency
SPRequestDuration
X-Upstream
Pinterest-Version
X-Upstream-Proxy
X-Goog-Storage-Class
X-Pinterest-Rid
Pagespeed
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Mrf-Item-Lastmod
Public-Key-Pins
X-Client-IP
Fastly-Restarts
X-MSEdge-Ref
S
Access-Control-Request-Method
Paypal-Debug-Id
Accept-CH
X-Amz-Meta-S3cmd-Attrs
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
Accept-Ch
X-Debug
X-Ezoic-Cdn
X-VCache
X-Id
X-Country-Code-Real
X-FTR-Realm
X-FTR-DC
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Expires
X-DIS-Request-ID
X-T
X-Fastly-Request-ID
MicrosoftSharePointTeamServices
X-N
X-Ser
Arr-Disable-Session-Affinity
X-XRDS-Location
X-Mobile-Rewrite
Arc-Version
PB-PID
PB-RID
Alternate-Protocol
X-Varnish-Age
X-NF-Request-ID
X-Hits
X-Grace
Fastcgi-Cache
X-Content-Type
Front-End-Https
X-Amzn-Trace-Id
X-B3-Sampled
X-Acc-Meta-Resource-Type
X-Frontend
X-FTR-Cache-Host
Server-Name
X-Logged-In
X-Content-Digest
X-Srv
X-Pad
Host
X-Forwarded-For
X-Fastcgi-Cache
X-Correlation-Id
AMP-Access-Control-Allow-Source-Origin
Nel
X-Microsite
X-Request-Handler-Origin-Region
X-FastCGI-Cache
FilterID
X-Node-Name
X-Vcache
Powered-By-ChinaCache
Healthy
TP-L2-Cache
TP-Cache
X-LB-Cache
X-Debug-Info
X-Kinsta-Cache
X-Rid
Edge-Cache-Tag
X-Type
X-GUploader-UploadID
X-IPLB-Instance
X-User-Agent
X-AOL-HN
X-Request-Received
X-Request-Processing-Time
X-Cached-By
X-Cache-2
X-HS-Hub-Id
X-HS-Content-Id
X-Hostname
X-Revision
X-Cache-Rule
X-F-Cache
Surrogate-Key
Powered
X-XRDS-LOCATION
X-RateLimit-Limit
X-Accel-Expires
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Zen-Fury
X-Cache-Age
Backend-Timing
X-Analytics
X-Page-Id
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Content-Security-Policy-Report-Only
X-Varnish-Grace
X-Cache-Key
X-Jobs
X-Content-Options
X-Cluster
X-Varnish-Backend
Source
X-BCube-Filmed-By
Cache-Status
X-Request-Guid
X-Instance
X-FB-Debug
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-App-Environment
X-Tumblr-User
X-TT
X-Content-Powered-By
X-Kong-Upstream-Latency
X-PHP-Backend
X-Kong-Proxy-Latency
X-Akamai-Edgescape
X-Amz-Replication-Status
X-Framework
Tracecode
Cleartype
WPE-Backend
X-AppVersion
X-Az
X-Activity-Id
X-Via-JSL
X-Varnish-Hostname
Server-Node
Host-Header
X-Forwarded-Host
Refresh
X-Cache-TTL
X-Cache-Control
X-NWS-LOG-UUID
X-ATG-Version
X-Cache-Operation
X-Mobile
X-FW-Type
X-FW-Serve
X-FW-Static
X-FW-Hash
X-FW-Server
X-B-Cache
X-Signature
Accept-Charset
Actual-Object-TTL
X-Time
X-Drupal-Cache-Tags
X-Edge-Location
X-B3-Traceid
X-Cache-Action
Liferay-Portal
Access-Control-Allow-Method
DC
Upgrade-Insecure-Requests
X-App-Server
X-Whom
X-Accel-Buffering
X-TA-CDN-Provider
X-Cache-Hit
X-Response-Served-From
X-Storage
X-TX-ID
Payment
X-Mobile-URL
X-Hp-Webp
Fastcgi-Useragent
X-Content-Age
X-UA-Device-Type
X-WebKit-CSP-Report-Only
X-TT-TIMESTAMP
X-VG-WebCache
X-Handled-By
X-SS-Set-Cookie
X-Yottaa-Metrics
Cache
X-RequestSource
X-Yottaa-Optimizations
Server-Info
X-Cacheable-TTL
X-Adobe-Content
X-GeoIP
X-Adobe-Loc
X-Tumblr-Pixel-1
X-B
X-Tumblr-Pixel-2
Eomportal-Instance
Filters
X-Ratelimit-Reset
Xserver
X-Git-Hash
X-Geo-Country
X-WA-Info
Viewport
Cache-Tv-Group
X-FB-TRIP-ID
Cache-Tag
X-ProcessESI
X-RemovedCookies
X-Cache-TTL-Remaining
Datacenter
X-Cache-Enabled
X-Status
Retry-After
Webserver
X-Erf-Bev-Bev
NGB
X-Erf-Bev-Bev-Is-Generated
X-Contextid
X-Seen-By
X-FW-Dynamic
S-Cnection
Accept-CH-Lifetime
X-Ratelimit-Limit
X-Presslabs-Stats
X-CF-Powered-By
X-Origin-Server
X-Host-Name
X-Mode
X-APP-VERSION
X-Magnolia-Registration
X-Varnish-Hits
X-Rendered-As
Country
X-LJ-Flow-ID
X-RN-RSRV
X-VWS-Id
X-ES-SERVER
X-Cache-Var-Map
X-AWS-Id
X-Cache-Var
Machine
X-VCT
X-PressLabs-Stats
X-Daa-Tunnel
X-Cache-Config
Load-Balancing
X-Human
Cache-Key
X-Cache-Host
X-Labrador-Cache-Channel
We-Hiring
DSUID
GEO-INFO
X-Zipkin-Id
X-Routing-Service
Vix-Hermes-Req-Id
X-Proxied
From-Origin
Mail-Subject
Release
X-Real-IP
MS-CV
X-EIG-Tracking-Id
X-Device-Type
X-From
X-Hit
Frame-Options
X-Loop
X-Debug-Cache
X-Cache-Grace
Uber-Trace-Id
ServedBy
X-Backend-Name
X-Hyper-Cache
X-PCL
Mn-Server-Ip
X-OCL
X-Varnish-Server
X-Upstream-CT
X-Cache-NE
X-TNCMS
X-RCS-CacheZone
X-Varnish-Cache-Hits
X-Web-Node
X-Upstream-HT
X-Viewer-Country
X-Akamai-Request-ID
X-VG-TLSProxy
Meta-Geo
Now
OT-Force-Account-Verify
X-BYPASS-REASON
X-Cluster-Node
X-ProxyCache-Status
X-Origin-Response-Time
X-Path-Route
X-ProxyCache-Key
X-Rule
X-Section
X-Proto
X-Tumblr-Pixel-3
X-Esi
X-CCM
X-Access
X-MP-GENERATED-AT
X-S
X-Sorting-Hat-PodId
X-Timing-Wait
X-Shopify-Stage
X-Upgrade-Enabled
X-Sorting-Hat-ShopId
NGX
X-R9-Blue-Green-Version
X-Proxy-Build
Rt-Fastcgi-Cache
X-JoinUs
X-Environment-Context
Akamai-GRN
X-FC-Vary-Parameters
X-L-Path
X-Hosted-By
X-ShardId
X-Alternate-Cache-Key
X-ShopId
X-Xfnlog-Site
X-Generated
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated-By
X-UUID
X-Platform-Server
Cache-Name
X-Region
X-Cache-Remote
X-Guploader-Uploadid
X-Redis-Cache
X-Endurance-Cache-Level
Decoy-Debug-Key
Decoy-Debug-TTL
Decoy-Debug-Status
X-NCache
X-Via-Fastly
Ms-Operation-Id
DB-Nickname
X-RTag
X-Nginx-Cache
X-MServer
X-Hl-Ver
X-ECACHE
X-Drupal-Cache-Contexts
X-Datadome
Cteonnt-Length
X-Trace-Id
X-Vgn-Hpd-Reason
X-EdgeConnect-Cache-Status
X-Site-Version
X-Www-Served-By
X-NewRelic-App-Data
X-ServerID
X-Locale
ProcessTime
X-Rocket-Nginx-Bypass
X-Ttl
X-Load-Cache
X-Request-Time
X-Wix-Request-Id
X-Time-Microsecs
Time
X-IPS-LoggedIn
X-IP
L5d-Success-Class
X-GRACE
X-Litespeed-Cache
S-Rt
X-GEO
X-Origin
Version
X-Dc
X-Cache-Backend
Served-By
X-Origin-Hint
TWC-Privacy
Webcakes-Region
X-Via-CDN
Webcakes-App-Name
TWC-Locale-Group
Property-Id
Webcakes-App-Version
TWC-Device-Class
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Connection-Speed
Azure-InstanceId
X-Unique-ID
Azure-Version
Origin
Azure-SlotName
Azure-RegionName
Azure-SiteName
X-FW-Version
X-Pubstack
X-Distributor
Origin-Cache-Control
SRV
Origin-Edge-Control
X-Oneagent-Js-Injection
X-B3-Spanid
Fastcgi-X-Cache-Version
X-Proxy
X-Microcachable
Fastly-SSL
NtCoent-Length
X-FireWall-Port
X-Grey
CACHE
X-Cache-Category-Id
X-RateLimit-Reset
X-Via-NSCOPI
Access-Control-Request-Headers
X-Cache-Server
X-Detected-As
X-Is-Bot
X-BACKEND-TTL
X-No-Session
X-UA
X-PERF
IBM-Web2-Location
X-ApacheServer
Hostname
X-Webkit-Csp
X-Ua
X-Format
X-CS
Cache-Tags
X-HTML-Minification-Powered-By
Proxy-Connection
X-Edge
X-Akamai-Transformed
X-Powered-By-Defense
X-Varnish-Cacheable
Backend-Name
X-Nc
Odigeo-Trace-Id
AsisCache
Arc-Country
A
BehaviorPad-Version
X-Date
Cache-Cookie-Set-From
X-Rebelmouse-Cache-Control
Cdn-Host
X-G
Cache-Prefix
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-D
X-HS-Cache-Config
VivaBuild
Viewtype
X-Cluster-Name
X-A
X-A-Ccd
X-Worker
Xc-Version
Cdn-Request-Time
X-HS-Combine-CSS
X-IN-APIGATEWAY
X-Instart-Info
X-Cdn-Forward
X-Debug-Cookies
Mobile-Detection-Method
Node
X-Developer
MD5-Digest
HA-Ipaddr
Rt-Proxy-Cache
X-Destination
Proxy-Firewall
Request-Time
X-Debug-Log
Request-EU
Request-Country
Rendered-Blocks
Ha-Gx-Prefs
X-DPWN-IS-SECURE
Fastly-SIE
X-External-Request-Id
ServerName
Ec-Rule-Version
Cross-Origin-Window-Policy
Fastly-SWR
Fly-Cache
Server-ID
X-Edge-Server
GEO-REGION-INFO
X-Eu-Site
Fly-Request-Id
X-Vtex-Remote-Cache
X-Connection-Hash
X-Application
X-App-Name
X-Vtex-Processado-Em
X-ARC
X-NU-AKA-ACS-Version
X-CF-Lambda-Fn
X-Server-Time
X-Aed
X-CGP
X-CF-Lambda-Version
X-AIR-PT
X-NX-Host
X-Org
X-Rewrite-Enabled
X-Rojux
X-Request-UUID
X-Cache-Bucket
X-Rebelmouse-Surrogate-Control
X-Processor
X-S-Cookie
X-B-Cookie
X-ScT
X-PAYTM-SRV-ID
X-S-Maxage
X-SRCache-Key
X-ND-Cache
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-Transaction
X-Twitter-Response-Tags
X-A-Dam
X-VG-WebServer
X-Accel-Expires-Debug
X-Trv-Group
Is-Eu
X-Dispatcher-Server
RNT-Time
RNT-Machine
Memcached
X-UnsetCookies
Section-Io-Cache
X-Backend-State
X-GeoIP-Country-Code
Apple-News-Services-Handled
X-Epic-Correlation-Id
X-PHP-Host
Meta-Geo-Continent
Mime-Version
X-Cache-Info
X-Reqid
X-Region-Sid
X-Cache-Id
X-We-Are-Hiring
X-Internal-Host
Resin-Trace
X-Request-URI
On-Server
X-Qloud-Router
Platform
PageSpeed
X-Variation
X-Tb
X-Server-IP
X-TH-Server
X-Irp-Debug
Content-Script-Type
X-Fastly-Cache
X-Clientip
Adler-Geo
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Request-Url
True-Client-Country-4JS
X-Core-Mission
Content-Style-Type
X-Cdn-Srv
Countrycode
X-Hash
X-Key
Country-Code
Server-Int
X-Compress-Hint
SS
X-Amz-Meta-Cache-Control
X-BBXSRF
X-Crawler
V-Age
Web-Mar-Node
Wxu-Next-Region
Wxu-Next-Hostname
X-CDN-Cache
Wxu-Next-Commit
User-Cache-Control
X-Block-Status
X-Cdn-Origin
SD-X-WS
Server-Host
Who
CDCHOST
X-WebServer
X-LI-Proto
X-Swa-Ws
X-Akamai-Request-ID2
Pramga
X-Webstats-RespID
X-Li-Pop
X-B3-Parentspanid
X-Wikidot-Backend
X-Sn-Servicetimems
X-Skip-Cache
X-Nginx-Cache-Key
X-SD-PageType
X-Response-By
X-Request-Start
X-Location
X-Servername
X-SIPLIST1
X-ServiceProvider
X-LI-UUID
X-Li-Fabric
X-B3-SpanId
X-ElasticPress-Search
X-Level-Front-Cache
X-Fstrz
Gh-Request-Id
X-Distil-CS
IsBot
X-Device-Os
X-Dispatch
X-Gen-Mode
Esi-Enabled
X-C
X-Hnp-Log
X-Wikidot-Static-Cache
X-Geo-Header
X-Generated-On
X-NC
X-Origin-Expires
X-Origin-Date
X-Cache-FS-Status
X-Protected-By
X-Release
X-Reboot
X-Developers
X-Method
X-VServer
X-Gannett-Site-Version
X-SVT-ORM-RULES
X-Fetched-On
Pragrma
X-SVT-ORM-VERSION
X-Served-From
Powered-By
X-Secret
REQUESTUUID
UCS
Content-Disposition
AKAMAI
X-Parent-Response-Time
PFcat
X-Auto-Login
X-CDN-Forward
GW-Server
Heartbleed
X-Bip
X-Thinkindot-L3
X-Thanos
X-OVcl
X-Planisys-CDN-TTL
Fastly-Soc-X-Request-Id
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Generation-Time
X-OVcl-Cache
X-Via-Edge
X-FPC
LB
X-Cms-Context
X-GeoIP-City
X-Matched-Rule
X-Via-SSL
X-Owner
Thinkindot-Control
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Varnish-Ttl
X-IN-WAF
W
X-Birta-Served
X-App-Version
X-Azure-Ref
X-Azure-Ref-OriginShield
X-VC-Cache
X-CUA
CF-IPCountry
X-CLOUD-TRACE-CONTEXT
X-Phone
X-Birta-Cache-Post
X-Core-Value
X-Origin-CC
X-Origin-TTL
X-Be
X-Ratelimit-Remaining
Memory
X-Clara-WADP
X-Varnish-IP
X-WADP-Cache
X-Varnish-Url
HitType
Accept-Language
Selected-FE
X-LAGOON
X-CACHE-KEY
X-Info
X-Varnish-Beresp-Ttl
L
X-Proxy-Cache-Status
X-Page-Type
X-Proxy-Upstream
X-Geo
X-DC
X-TrackingId
X-FE
Kp-EeAlive
N-Cache
X-URL
X-Source
Cdn
X-Amzn-Remapped-Content-Length
Selected-Fe
X-Dynatrace-Js-Agent
User-Agent
Magicmarker
X-Web-Server
X-Pf-Uncompressing
X-Oracle-Dms-Rid
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Zone
X-Urbn-Site-Id
X-Urbn-Context-Path
Locale
X-Cache-Debug
X-Agile-Age
X-Agile-Id
X-Agile
X-Servedbyhost
X-HS-Status
X-Refresh
X-TT-LOGID
Pagetype
X-Newrelic-Synthetics
X-User
X-Generated-In
X-Flog
Geoip-City
X-Backend-TTL
X-Hello
X-ABtesting
GeoIp-Country-Code
Geoip-Latitude
X-Mid
X-MID
X-Backend-Url
X-Real-Ip
X-Backend-Host
X-Aicache-OS
X-Check-Cacheable
CF-Cached-On
X-ZONE
X-Tt-Trace-Tag
X-Debug-Cache-Fetch
X-GoCache-CacheStatus
X-Debug-Cache-Store
X-Vcl-Version
X-MSEdge-Flight
X-MSEdge-Features
X-VCL-Version
X-Up
X-Debug-Cache-Expiry
X-Soup
Ohc-Cache-HIT
X-Ruxit-Js-Agent
Ohc-File-Size
X-NWS-UUID-VERIFY
Amp-Access-Control-Allow-Source-Origin
X-APP
GeoIP-Country-Code
FSS-Proxy
SN
Group
X-Tb-Optimization-Total-Bytes-Saved
FSS-Cache
GeoIP-Latitude
X-UPSTREAM-Address
HTTPS
GeoIP-City
X-ServedByHost
X-EC-Lua
WZWS-RAY
X-Oss-Server-Time
X-Oss-Object-Type
Backend
X-SN
X-BC
X-Oss-Request-Id
X-Varnish-Authentication
RequestId
X-Oss-Storage-Class
HostName
X-Contensis-Viewer-Groups
X-Cache-ASPX
Server-Cache-Control
Www
X-Oss-Hash-Crc64ecma
Server-Surrogate-Control
X-SERVER-NAME
X-Say-Cacheable
X-Old-Content-Length
X-Say-TTL
X-Amzn-Remapped-Connection
X-COUNTRY
X-Via-Ucdn
X-Instart-Isnd
WebServer
X-SayCDN-TTL
X-Amzn-Remapped-Date
Srv
Cf-Ipcountry
X-CSRF-Token
X-NGENIX-Cache
Host-ID
X-Cache-Expires
Lb
X-Varnish-Beresp-TTL
X-Akamai-SSL-Client-Sid
X-Bc
X-Nananana
X-ECache
Xkeyrz
X-Proxy-Cacherz
XServer
X-Cache-Ttl
X-Dynatrace
X-Cache-Tag
Fastly-Backend-Name
Inserted-Into-Cache-At
X-Node-Id
Epwk-Cache
Cache-Hits
X-Request-Url
Requestid
URI
X-Varnish-Action
X-PF-Uncompressing
Get-Access-Time
Is-Session-Tracking
X-IN-APIGATEWAYSSL
X-Logtrace-Id
X-WR-MODIFICATION
Xkeynj
X-CSRF-TOKEN
Ajk
X-TIME
X-FORWARDED-FOR
X-Unique-Id
Fastcgi-X-Cache
X-Fastly-Backend-Reqs
X-Fastly-Country-Code
X-PAGE-TYPE
X-AssetVersion
X-MCACHE
X-Edge-IP
X-Cache-Miss-From
X-Sedo-Request-Id
X-Requestid
X-LiteSpeed-Cache-Control
Dynatrace
X-Svr
X-Var-Ttl
X-Sf
Cneonction
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Wa
FNAC-ModuleRouting
X-Cache-Time
X-SRV
DataCenter
Xet-Cookie
X-Pjax-Url
X-Swift-Error
Correlation-Id
X-Fastly-Cache-Hits
Pics-Label
CDN
X-BE
Cache-Provider
X-Dw-Trace-Id
X-NGINX-Cache
X-Correlation-ID
X-WA
X-Fpc
X-Lb-Id
X-Apw-Hits
X-Apw-Access-Object
X-Apw-Access-Token
X-Apw-Access-Action
X-ServerName
Lfy
X-Html-Edge-Cache
X-App
Warning
Sid
X-WPE-Loopback-Upstream-Addr
X-Akamai-ERPolicy
X-LB-ID
X-PJAX-URL
T-Server
PICS-Label
X-Flow-Id
X-Bug-Bounty
Ohc-Response-Time
X-DB
X-DI
X-Page-Impression-Id
X-Alicdn-Da-Ups-Status
X-Akamai-ERRuleID
X-Zalando-Child-Request-Id
X-DSS
X-DW
X-Policy
X-LiteSpeed-Tag
X-RSL
X-RPS
X-RPM
RequestUuid