Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
CF-Cache-Status
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Request-Id
X-Varnish
X-Xss-Protection
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Alt-Svc
X-Adblock-Key
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-CDN
X-Via
X-Turbo-Charged-By
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Age
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Id-2
X-Amz-Request-Id
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
EagleId
Grace
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Server-Id
X-WebKit-CSP
Server-Timing
Feature-Policy
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Host
Report-To
X-Rq
X-Ac
X-Node
X-Request-ID
Content-Location
X-OneAgent-JS-Injection
X-Cnection
X-Response-Time
X-Backend-Server
X-Cloud-Trace-Context
X-Origin-Cache
X-Application-Context
X-Readtime
Request-Id
Allow
Surrogate-Control
EagleEye-TraceId
X-ORACLE-DMS-ECID
X-Country
X-Vhost
X-DynaTrace
X-TTL
X-Cache-Lookup
X-Ua-Compatible
X-Rack-Cache
X-Origin-Upstream-Status
X-Url
X-Clacks-Overhead
Pinterest-Generated-By
X-FTR-Request-ID
NEL
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Rating
X-Country-Code
X-Dispatcher
X-Ruxit-JS-Agent
X-ORACLE-DMS-RID
X-CST
X-HW
X-Cdn
X-Instart-Request-ID
X-Goog-Hash
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
Fusion-Component-Id
Fusion-Content-Id
X-DataStream-Cache-Status
X-PC
X-Vname
X-TtlSet
Edge-Control
X-Px
X-VARITI-CCR
X-DataDome
Service-Worker-Allowed
Verso
X-Mod-Pagespeed
X-MS-InvokeApp
RTSS
X-Recruiting
X-Dns-Prefetch-Control
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-Kinja-Server
X-Use-Magma
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-D2id
X-Varnish-TTL
SPRequestGuid
X-Vcap-Request-Id
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
TCN
X-ESI
X-GitHub-Request-Id
X-SharePointHealthScore
X-Navigation-Version
X-Akam-SW-Version
X-Middleton-Display
X-Middleton-Response
X-SRCache-Store-Status
Display
X-SRCache-Fetch-Status
X-Sol
Response
X-Powered-By-Plesk
MS-Author-Via
X-RateLimit-Remaining
X-B3-TraceId
DynaTrace
Charset
X-Forwarded-Proto
Realpath
X-Powered-CMS
X-Shield-Request-Id
X-Upstream
X-Amz-Rid
Public-Key-Pins
Fastly-Restarts
ServerID
X-Version
X-TEC-API-ROOT
X-Server-Name
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Trace
Nginx-Cache
X-Cached
Ar-Sid
AR-CACHE
AR-ATIME
AR-PoweredBy
Accept-CH
X-Goog-Metageneration
X-Shard
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Dw-Request-Base-Id
Content-MD5
X-Grace
MRF-Tech
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
Mrf-Cache-Status
AR-Request-ID
Access-Control-Request-Method
Paypal-Debug-Id
X-MSEdge-Ref
Pagespeed
X-Client-IP
SPRequestDuration
SPIisLatency
X-Goog-Storage-Class
S
X-Debug
X-Id
X-FTR-Backend
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Balancer
X-FTR-Expires
X-DynaTrace-JS-Agent
X-Ezoic-Cdn
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Amz-Meta-S3cmd-Attrs
Front-End-Https
Accept-Ch-Lifetime
X-Fastly-Request-ID
X-Amzn-Trace-Id
X-T
X-N
Accept-Ch
X-NF-Request-ID
Arr-Disable-Session-Affinity
X-DIS-Request-ID
MicrosoftSharePointTeamServices
X-Content-Type
X-Pinterest-Rid
Pinterest-Version
X-Hits
X-Upstream-Proxy
X-B3-Traceid
X-FastCGI-Cache
X-B3-Sampled
X-VCache
X-XRDS-Location
X-FTR-Cache-Host
X-Acc-Meta-Resource-Type
X-Frontend
Arc-Version
X-Vcache
PB-PID
X-Mobile-Rewrite
PB-RID
Fastcgi-Cache
X-Logged-In
X-Ser
X-Varnish-Age
X-Content-Digest
Server-Name
X-Correlation-Id
X-Srv
Alternate-Protocol
X-Node-Name
Nel
Accept-CH-Lifetime
X-Cache-Key
X-Forwarded-For
X-Pad
X-Request-Handler-Origin-Region
X-Microsite
FilterID
AMP-Access-Control-Allow-Source-Origin
X-User-Agent
X-Rid
Powered
X-Type
TP-Cache
TP-L2-Cache
X-F-Cache
X-IPLB-Instance
X-LB-Cache
Healthy
X-Amzn-RequestId
X-Request-Processing-Time
X-Zen-Fury
X-Amz-Apigw-Id
X-Kinsta-Cache
X-Request-Received
X-Cache-2
Host
X-Revision
Edge-Cache-Tag
Powered-By-ChinaCache
X-Debug-Info
X-AOL-HN
X-Via-JSL
X-Analytics
Backend-Timing
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Cache-Age
X-XRDS-LOCATION
X-GUploader-UploadID
X-Az
X-AppVersion
X-Cached-By
X-Activity-Id
X-HS-Hub-Id
X-HS-Content-Id
X-Hostname
X-Fastcgi-Cache
X-Accel-Expires
X-Cache-Rule
Surrogate-Key
X-Varnish-Backend
X-Content-Security-Policy-Report-Only
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Server-Node
X-Content-Options
X-Instance
X-Signature
X-Page-Id
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Amz-Replication-Status
X-B-Cache
X-Varnish-Grace
X-BCube-Filmed-By
X-PHP-Backend
Source
X-Request-Guid
X-Jobs
X-Akamai-Edgescape
X-Content-Powered-By
X-App-Environment
X-Forwarded-Host
Refresh
Cleartype
X-Cluster
X-TT
Cache-Status
X-FB-Debug
X-Framework
X-RateLimit-Limit
Liferay-Portal
X-FW-Type
X-FW-Hash
X-FW-Server
X-FW-Static
X-FW-Serve
DC
X-Time
X-ATG-Version
Tracecode
Accept-Charset
X-Varnish-Hostname
Fastcgi-Useragent
Access-Control-Allow-Method
X-Esi
Host-Header
X-Mobile
X-Cache-Action
X-Cache-Operation
WPE-Backend
X-Drupal-Cache-Tags
X-Whom
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Edge-Location
X-Cache-Control
X-Presslabs-Stats
X-APP-VERSION
X-B
X-WA-Info
X-Response-Served-From
X-Mobile-URL
Payment
NGB
X-Hp-Webp
X-Accel-Buffering
X-App-Server
X-Cache-TTL
X-Storage
X-WebKit-CSP-Report-Only
X-Git-Hash
X-Cache-Hit
Cache-Tag
Filters
X-TX-ID
Actual-Object-TTL
X-Content-Age
Retry-After
X-Handled-By
Cache-Tv-Group
X-TT-TIMESTAMP
Viewport
X-RequestSource
Upgrade-Insecure-Requests
X-Cacheable-TTL
X-Yottaa-Metrics
X-GeoIP
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Yottaa-Optimizations
Eomportal-Instance
X-UA-Device-Type
X-Adobe-Content
X-Adobe-Loc
X-RemovedCookies
X-ProcessESI
X-Status
X-NWS-LOG-UUID
MS-CV
X-SS-Set-Cookie
X-FW-Dynamic
X-Geo-Country
X-VG-WebCache
Webserver
Xserver
X-Server-ID
X-Seen-By
X-Cache-TTL-Remaining
X-TA-CDN-Provider
X-RTag
Ms-Operation-Id
X-Host-Name
X-FB-TRIP-ID
X-Ratelimit-Limit
X-Oracle-Dms-Rid
Frame-Options
X-Cache-Enabled
Datacenter
X-Hyper-Cache
From-Origin
Server-Info
X-Contextid
X-Origin-Server
Cache
X-B3-Spanid
X-Generated-By
X-Mode
Country
SRV
X-CF-Powered-By
S-Cnection
CACHE
GEO-INFO
X-RN-RSRV
Meta-Geo
X-Cache-Var
X-Cache-Var-Map
X-Tumblr-Pixel-3
X-Path-Route
X-Cache-Config
Load-Balancing
X-ES-SERVER
Machine
X-Drupal-Cache-Contexts
X-MP-GENERATED-AT
X-Zipkin-Id
X-Access
Vix-Hermes-Req-Id
X-Routing-Service
X-Cache-Grace
X-Upstream-HT
X-Section
Cache-Key
X-Proxied
X-Upstream-CT
X-Varnish-Server
X-R9-Blue-Green-Version
Decoy-Debug-TTL
ServedBy
Rt-Fastcgi-Cache
X-Labrador-Cache-Channel
X-Guploader-Uploadid
X-Backend-Name
X-Human
X-Loop
X-Hit
X-From
X-Web-Node
Mn-Server-Ip
Decoy-Debug-Key
X-Varnish-Cache-Hits
Decoy-Debug-Status
X-TNCMS
Akamai-GRN
X-Cache-Host
X-OCL
X-PCL
X-Akamai-Request-ID
Now
X-Origin-Response-Time
X-LJ-Flow-ID
Cache-Name
X-Magnolia-Registration
X-AWS-Id
X-Upgrade-Enabled
X-RateLimit-Reset
X-EIG-Tracking-Id
X-Ratelimit-Reset
X-Timing-Wait
X-Rule
X-Viewer-Country
X-VWS-Id
X-VG-TLSProxy
X-Cluster-Node
X-Region
X-Trace-Id
X-Proxy-Build
X-L-Path
X-Debug-Cache
X-Device-Type
X-Via-Fastly
X-Endurance-Cache-Level
X-Generated
X-Locale
X-Environment-Context
X-FC-Vary-Parameters
DSUID
Release
X-Www-Served-By
X-Proto
X-NCache
X-Site-Version
X-Alternate-Cache-Key
OT-Force-Account-Verify
We-Hiring
X-Hosted-By
X-Rendered-As
X-ShardId
X-JoinUs
X-ShopId
X-Goog-Meta-Goog-Reserved-File-Mtime
X-NewRelic-App-Data
X-Sorting-Hat-ShopId
X-Shopify-Stage
DB-Nickname
X-Sorting-Hat-PodId
Mail-Subject
ProcessTime
X-CCM
X-Akamai-Request-ID2
X-Xfnlog-Site
X-Time-Microsecs
X-S
X-IP
X-Request-Time
Version
Time
Uber-Trace-Id
X-Dc
X-RCS-CacheZone
X-Load-Cache
Azure-RegionName
Azure-Version
X-Varnish-Hits
Azure-SiteName
Property-Id
Azure-InstanceId
Azure-SlotName
X-VCT
Webcakes-App-Name
S-Rt
Webcakes-Region
X-FW-Version
NtCoent-Length
X-Wix-Request-Id
X-Origin-Hint
TWC-Privacy
Webcakes-App-Version
TWC-Locale-Group
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-Connection-Speed
Cteonnt-Length
X-Origin
X-No-Session
X-EdgeConnect-Cache-Status
NGX
X-Via-CDN
X-BYPASS-REASON
X-ProxyCache-Status
X-UUID
X-ProxyCache-Key
X-Redis-Cache
X-Proxy
X-Nginx-Cache
X-FireWall-Port
X-PressLabs-Stats
X-UA
X-GEO
X-Platform-Server
X-PERF
X-MServer
X-ApacheServer
X-Vgn-Hpd-Reason
X-ECACHE
Odigeo-Trace-Id
X-Rocket-Nginx-Bypass
X-HTML-Minification-Powered-By
X-Hl-Ver
X-CDN-Forward
Accept-Language
X-Format
X-CS
X-Akamai-Transformed
X-Cache-Server
X-Daa-Tunnel
Origin
X-Oneagent-Js-Injection
X-Cache-NE
X-IPS-LoggedIn
Ec-Rule-Version
X-UnsetCookies
Cache-Tags
Access-Control-Request-Headers
X-Dynatrace-Js-Agent
X-ServerID
X-Cache-Remote
X-Distributor
X-Real-IP
LB
X-Amzn-Remapped-Content-Length
X-Tb
X-Webkit-Csp
Selected-Fe
Fastly-SSL
Proxy-Connection
PageSpeed
Hostname
L5d-Success-Class
X-B3-Parentspanid
X-BACKEND-TTL
X-Pubstack
X-Compress-Hint
X-Unique-ID
X-Microcachable
X-URL
X-S-Maxage
Content-Script-Type
Content-Style-Type
X-ScT
AsisCache
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
Cache-Prefix
Cdn-Host
Cdn-Request-Time
BehaviorPad-Version
Arc-Country
X-Rewrite-Enabled
X-Rojux
X-Request-UUID
A
AKAMAI
X-S-Cookie
Rendered-Blocks
X-Cluster-Name
X-CF-Lambda-Version
X-Connection-Hash
X-Org
X-Date
X-D
X-CF-Lambda-Fn
X-Cdn-Srv
X-App-Name
X-AIR-PT
X-Application
X-ARC
X-Cache-Bucket
X-B-Cookie
X-Destination
X-Detected-As
X-IN-APIGATEWAY
X-Geo-Header
X-Instart-Info
X-Internal-Host
X-Level-Front-Cache
X-Is-Bot
X-Generated-On
X-G
X-DPWN-IS-SECURE
X-Developer
X-Edge-Server
X-External-Request-Id
X-NU-AKA-ACS-Version
X-PAYTM-SRV-ID
X-Aed
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
MD5-Digest
Meta-Geo-Continent
Node
Mobile-Detection-Method
X-Region-Sid
GEO-REGION-INFO
Fastly-SIE
Fastcgi-X-Cache-Version
Fastly-SWR
Fly-Cache
Fly-Request-Id
Proxy-Firewall
X-Server-Time
X-A-Dam
X-A-Ccd
X-A-Dcw
X-A-Dgt
X-Accel-Expires-Debug
X-A-Wwc
X-A
VivaBuild
REQUESTUUID
Request-Time
Rt-Proxy-Cache
Server-ID
Viewtype
Cross-Origin-Window-Policy
X-Varnish-Cacheable
X-SRCache-Key
X-SVT-ORM-RULES
X-Varnish-Url
X-Worker
X-Vtex-Processado-Em
X-SVT-ORM-VERSION
X-NC
X-VG-WebServer
X-Twitter-Response-Tags
X-Trv-Group
X-Transaction
X-Vtex-Remote-Cache
Xc-Version
ServerName
X-ElasticPress-Search
Served-By
X-Fastly-Cache
Server-Int
X-Qloud-Router
Ha-Gx-Prefs
HA-Ipaddr
W
UCS
X-Backend-State
X-Server-IP
Gh-Request-Id
X-We-Are-Hiring
IBM-Web2-Location
Kp-EeAlive
X-Nginx-Cache-Key
On-Server
Resin-Trace
Origin-Edge-Control
Request-Country
Origin-Cache-Control
X-HS-Combine-CSS
Memcached
X-HS-Cache-Config
Countrycode
Section-Io-Cache
X-Method
Request-EU
X-Eu-Site
Apple-News-Services-Handled
X-Clientip
X-Location
Apple-News-Services-Host
X-BBXSRF
Backend-Name
Apple-News-Services-Request-Url
X-Core-Mission
X-Sn-Servicetimems
X-Debug-Log
X-Debug-Cookies
X-Developers
X-ServiceProvider
X-CGP
X-Skip-Cache
X-C
Apple-News-Services-Parsed-Url
X-TrackingId
X-Distil-CS
X-Cache-Info
Content-Disposition
X-Cdn-Origin
X-NX-Host
Esi-Enabled
X-Urbn-Context-Path
X-Urbn-Site-Id
X-SERVER
Locale
X-Generation-Time
X-Cache-Category-Id
X-Device-Os
Powered-By
X-Crawler
Who
X-Nc
X-Block-Status
X-Webstats-RespID
X-Epic-Correlation-Id
Web-Mar-Node
X-Gannett-Site-Version
Wxu-Next-Commit
X-Bip
X-Dispatch
X-Wikidot-Backend
X-FPC
X-Auto-Login
X-Cache-Id
Wxu-Next-Hostname
Country-Code
Wxu-Next-Region
X-Gen-Mode
X-Wikidot-Static-Cache
Pramga
X-Servername
X-Irp-Debug
X-Reboot
GW-Server
User-Cache-Control
Is-Eu
X-Proxy-Upstream
Heartbleed
X-SIPLIST1
X-Variation
CDCHOST
X-TH-Server
X-Swa-Ws
X-Release
X-Reqid
Fastly-Soc-X-Request-Id
X-Key
X-Request-URI
IsBot
L
Server-Host
RNT-Time
RNT-Machine
SS
X-Hnp-Log
True-Client-Country-4JS
X-GeoIP-Country-Code
X-Grey
X-PHP-Host
X-Hash
X-Proxy-Cache-Status
X-Secret
X-Thanos
Adler-Geo
N-Cache
Platform
X-Cache-Backend
X-LI-Proto
X-Li-Pop
X-LI-UUID
X-Fetched-On
X-Matched-Rule
X-SERVER-NAME
X-WebServer
X-Request-Start
X-Origin-Expires
X-Li-Fabric
X-Origin-Date
X-Dispatcher-Server
V-Age
SD-X-WS
Thinkindot-Control
X-VServer
PFcat
X-Azure-Ref-OriginShield
X-WADP-Cache
X-Amz-Meta-Cache-Control
Thinkindot-CacheControl
X-Azure-Ref
X-VC-Cache
X-Cache-FS-Status
X-Response-By
X-SD-PageType
X-GeoIP-City
X-CUA
X-Thinkindot-L3
X-Owner
X-CDN-Cache
X-Clara-WADP
X-Cms-Context
Thinkindot-CacheControl-Type
X-Varnish-Ttl
X-Edge
CF-IPCountry
X-Pf-Uncompressing
X-OVcl-Cache
X-Hello
X-FE
X-CLOUD-TRACE-CONTEXT
X-OVcl
X-Flog
X-ABtesting
Magicmarker
X-Via-NSCOPI
User-Agent
X-Processor
Pagetype
X-Ratelimit-Remaining
X-Served-From
X-Generated-In
X-User
X-LAGOON
X-Powered-By-Defense
X-Parent-Response-Time
X-Backend-Url
X-Backend-Host
X-Via-SSL
X-Via-Edge
X-Be
Mime-Version
X-MSEdge-Flight
X-Tt-Trace-Tag
X-Up
X-MSEdge-Features
Memory
X-GoCache-CacheStatus
X-Datadome
X-Ua
X-Soup
X-Varnish-Beresp-Ttl
X-Debug-Cache-Expiry
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Protected-By
X-ND-Cache
X-Newrelic-Synthetics
X-B3-SpanId
X-Geo
X-Page-Type
X-Ttl
Cache-Hits
X-ZONE
Geoip-City
GeoIp-Country-Code
X-Check-Cacheable
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
Pragrma
X-Fstrz
X-Planisys-CDN-Cache
Geoip-Latitude
X-Say-TTL
X-Oss-Server-Time
X-Origin-TTL
X-Akamai-SSL-Client-Sid
X-Backend-TTL
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Origin-CC
X-SayCDN-TTL
X-Say-Cacheable
X-Oss-Storage-Class
X-Old-Content-Length
X-Cdn-Forward
X-Litespeed-Cache
X-Zone
X-CSRF-TOKEN
X-DC
X-Varnish-Beresp-Status
X-Phone
X-IN-WAF
X-Core-Value
X-Cache-Time
X-Varnish-Beresp-Grace
WZWS-RAY
X-TT-LOGID
XServer
Fastly-Backend-Name
X-Servedbyhost
Cdn
X-Cache-Ttl
X-Node-Id
X-IN-APIGATEWAYSSL
X-HS-Status
X-Logtrace-Id
Ajk
Inserted-Into-Cache-At
X-BC
Dynatrace
X-MID
X-Ruxit-Js-Agent
Amp-Access-Control-Allow-Source-Origin
FSS-Proxy
X-VCL-Version
X-Vcl-Version
X-Aicache-OS
FSS-Cache
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-Tb-Optimization-Total-Bytes-Saved
X-ServedByHost
SN
X-Tec-Api-Root
X-Tec-Api-Origin
X-Wa
X-Tec-Api-Version
X-Mid
X-Birta-Served
X-UPSTREAM-Address
X-Birta-Cache-Post
X-EC-Lua
Server-Surrogate-Control
Server-Cache-Control
CF-Cached-On
X-Cache-ASPX
Xkeyrz
X-Refresh
X-Varnish-Authentication
X-Proxy-Cacherz
X-Contensis-Viewer-Groups
X-APP
HostName
X-App-Version
Selected-FE
X-Info
X-Varnish-IP
X-COUNTRY
T-Server
RequestId
X-CACHE-KEY
X-Source
Srv
X-FORWARDED-FOR
X-CSRF-Token
X-Real-Ip
X-PJAX-URL
X-GDPR
X-Render-Time
X-Cache-Debug
HitType
X-Agile-Id
X-Agile
PICS-Label
X-Agile-Age
X-LiteSpeed-Cache-Control
MIME-Version
X-Bc
GeoIP-City
Ohc-File-Size
X-ECache
X-WR-MODIFICATION
GeoIP-Latitude
GeoIP-Country-Code
X-Varnish-Beresp-TTL
X-NWS-UUID-VERIFY
X-Nananana
WebServer
Cf-Ipcountry
X-LB-ID
DataCenter
SID
URI
X-Policy
X-Fastly-Country-Code
Ohc-Cache-HIT
X-Via-Ucdn
X-BE
X-TIME
Xkeynj
X-Uri
X-PAGE-TYPE
Is-Session-Tracking
Get-Access-Time
X-Web-Server
X-Unique-Id
X-Micro-Cache
X-Requestid
X-Request-Url
X-Lb-Id
X-Fastly-Backend-Reqs
X-Cache-Tag
X-Service
X-NGINX-Cache
X-Sedo-Request-Id
X-Cache-Miss-From
Cache-Provider
Group
X-Pjax-Url
Lb
Pics-Label
CDN
X-Var-Ttl
X-MCACHE
Xet-Cookie
X-Is-Gdpr
X-JWT-State
Ohc-Response-Time
X-Has-Esi
Cneonction
X-Apw-Access-Token
X-NGENIX-Cache
X-Apw-Access-Object
X-Apw-Access-Action
X-Vct
HTTPS
X-Apw-Hits
X-SRV
X-Dw-Trace-Id
X-Ecache
Warning
X-Cdn-Request-ID
X-Edge-IP
X-WA
X-Swift-Error
X-PF-Uncompressing
Correlation-Id
X-SN
Backend
FNAC-ModuleRouting
Www
X-Cf-Powered-By
X-Newrelic-App-Data
X-Akamai-ERRuleID
X-Serial
X-Fe
X-Instart-Isnd
Lfy
X-Akamai-ERPolicy
X-Litespeed-Cache-Control
X-Bug-Bounty
X-DI
X-Fpc
X-DSS
X-RSL
X-RPM
X-RPS
X-DB
Host-ID
X-Page-Impression-Id
X-Flow-Id
X-Zalando-Child-Request-Id
X-DW
X-ServerName
X-Cache-Expires
X-Fastly-Cache-Hits