Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Alt-Svc
X-Adblock-Key
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-AspNetMvc-Version
P3p
X-DNS-Prefetch-Control
X-Template
X-Language
Status
Timing-Allow-Origin
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Age
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Request-Id
X-Amz-Id-2
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
EagleId
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
X-Request-ID
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Server-Id
X-WebKit-CSP
Feature-Policy
Server-Timing
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Report-To
X-Host
X-Rq
X-Ac
X-Node
Content-Location
X-Response-Time
X-Cnection
X-OneAgent-JS-Injection
X-Backend-Server
X-Cloud-Trace-Context
X-Origin-Cache
X-Application-Context
X-Readtime
Request-Id
EagleEye-TraceId
Surrogate-Control
Allow
X-ORACLE-DMS-ECID
X-Country
X-DynaTrace
X-Cdn
X-Vhost
X-TTL
X-Cache-Lookup
Pinterest-Generated-By
X-Ua-Compatible
X-Rack-Cache
X-Clacks-Overhead
X-Origin-Upstream-Status
X-Url
NEL
X-Dns-Prefetch-Control
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country-Code
Rating
X-FTR-Request-ID
X-Dispatcher
X-Ruxit-JS-Agent
X-HW
X-CST
X-ORACLE-DMS-RID
X-Goog-Hash
X-Instart-Request-ID
Fusion-Content-Source
Fusion-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Template-Id
X-DataStream-Cache-Status
X-PC
Edge-Control
X-Vname
X-TtlSet
X-Px
X-DataDome
X-VARITI-CCR
Service-Worker-Allowed
Verso
X-Mod-Pagespeed
X-MS-InvokeApp
X-Recruiting
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-Kinja
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-Kinja-Build
X-GoogleNews-Bot
X-D2id
X-Varnish-TTL
SPRequestGuid
RTSS
X-Vcap-Request-Id
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
TCN
DynaTrace
X-Navigation-Version
X-SharePointHealthScore
X-GitHub-Request-Id
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-B3-TraceId
X-Akam-SW-Version
X-Middleton-Display
X-Middleton-Response
Display
Response
X-Sol
X-Powered-By-Plesk
X-RateLimit-Remaining
MS-Author-Via
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
Charset
X-Shield-Request-Id
Realpath
X-Amz-Rid
X-ESI
Content-MD5
ServerID
X-Forwarded-Proto
AR-CACHE
Ar-Sid
AR-PoweredBy
AR-ATIME
X-Powered-CMS
X-Upstream
X-Trace
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
Accept-Ch-Lifetime
X-Goog-Generation
X-Goog-Stored-Content-Length
Public-Key-Pins
Fastly-Restarts
Nginx-Cache
X-Version
X-Dw-Request-Base-Id
X-Cached
X-Shard
AR-Request-ID
X-DynaTrace-JS-Agent
X-Server-Name
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
MRF-Tech
X-Mrf-Item-Lastmod
Mrf-Cache-Status
Access-Control-Request-Method
Accept-CH
Pagespeed
Paypal-Debug-Id
X-MSEdge-Ref
X-Grace
X-Goog-Storage-Class
SPRequestDuration
SPIisLatency
X-Client-IP
S
Accept-Ch
X-Debug
X-Country-Code-Real
X-Id
X-FTR-Cache-Status
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Ezoic-Cdn
X-Amz-Meta-S3cmd-Attrs
X-Vcache
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Balancer
X-FTR-Expires
X-FTR-Backend
X-N
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Proxy
X-Fastly-Request-ID
Front-End-Https
X-T
X-NF-Request-ID
X-Amzn-Trace-Id
X-DIS-Request-ID
Arr-Disable-Session-Affinity
MicrosoftSharePointTeamServices
X-Content-Type
X-FastCGI-Cache
X-Hits
X-B3-Sampled
X-XRDS-Location
X-Varnish-Age
X-Ser
X-Frontend
X-FTR-Cache-Host
X-Acc-Meta-Resource-Type
X-Logged-In
X-Mobile-Rewrite
Fastcgi-Cache
PB-RID
PB-PID
Arc-Version
Server-Name
X-Correlation-Id
X-Content-Digest
Alternate-Protocol
X-B3-Traceid
X-Srv
Nel
X-Node-Name
X-Pad
X-Cache-Key
X-Microsite
X-VCache
X-Request-Handler-Origin-Region
TP-Cache
FilterID
TP-L2-Cache
Host
X-User-Agent
X-Forwarded-For
X-Type
Powered-By-ChinaCache
AMP-Access-Control-Allow-Source-Origin
Healthy
X-Kinsta-Cache
X-Rid
X-F-Cache
X-LB-Cache
X-Request-Processing-Time
X-Request-Received
X-AOL-HN
X-Debug-Info
Edge-Cache-Tag
X-IPLB-Instance
X-Cache-2
X-Zen-Fury
Powered
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Revision
X-Cached-By
X-XRDS-LOCATION
X-Esi
X-Hostname
X-Cache-Age
X-Kong-Upstream-Latency
Backend-Timing
X-Kong-Proxy-Latency
X-Analytics
X-HS-Content-Id
X-HS-Hub-Id
X-Via-JSL
X-Cache-Rule
X-GUploader-UploadID
X-Az
X-AppVersion
X-Activity-Id
X-Accel-Expires
X-Fastcgi-Cache
Surrogate-Key
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Content-Security-Policy-Report-Only
X-BCube-Filmed-By
X-Varnish-Backend
X-FB-Debug
X-Content-Options
X-Content-Powered-By
X-Page-Id
Server-Node
X-Amz-Replication-Status
X-Jobs
X-Cluster
X-PHP-Backend
X-Instance
Cleartype
Cache-Status
Source
X-RateLimit-Limit
X-Forwarded-Host
X-TT
Refresh
X-B-Cache
X-Varnish-Grace
X-Signature
X-Tumblr-User
X-Tumblr-Pixel-0
X-Framework
X-Akamai-Edgescape
X-Tumblr-Pixel
Accept-CH-Lifetime
X-App-Environment
X-Request-Guid
Liferay-Portal
X-FW-Type
X-FW-Serve
X-FW-Server
X-FW-Static
X-FW-Hash
X-Varnish-Hostname
DC
X-ATG-Version
Tracecode
Accept-Charset
Access-Control-Allow-Method
X-Mobile
Host-Header
Fastcgi-Useragent
X-Cache-Operation
WPE-Backend
X-Cache-Action
X-Drupal-Cache-Tags
X-Edge-Location
X-APP-VERSION
X-Time
X-B
X-Cache-Control
X-Mobile-URL
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Hp-Webp
X-Response-Served-From
X-Accel-Buffering
X-Whom
X-Storage
Payment
X-TX-ID
X-App-Server
Actual-Object-TTL
X-SS-Set-Cookie
X-Content-Age
NGB
X-WA-Info
X-WebKit-CSP-Report-Only
X-Yottaa-Metrics
X-Cache-Hit
X-Yottaa-Optimizations
X-TT-TIMESTAMP
Upgrade-Insecure-Requests
X-Cacheable-TTL
Cache-Tv-Group
X-UA-Device-Type
Filters
X-Git-Hash
X-Adobe-Loc
X-Adobe-Content
X-NWS-LOG-UUID
X-Status
Eomportal-Instance
Viewport
X-ProcessESI
X-Handled-By
X-GeoIP
X-RemovedCookies
Cache-Tag
X-RequestSource
X-Geo-Country
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Cache-TTL
X-VG-WebCache
Xserver
Retry-After
X-Presslabs-Stats
Webserver
X-Server-ID
X-Cache-TTL-Remaining
Datacenter
Cache
X-TA-CDN-Provider
X-FW-Dynamic
MS-CV
X-FB-TRIP-ID
Server-Info
X-Ratelimit-Limit
X-Oracle-Dms-Rid
X-Seen-By
X-Ratelimit-Reset
X-Cache-Enabled
X-Host-Name
Frame-Options
X-Contextid
X-Generated-By
X-RTag
Ms-Operation-Id
From-Origin
X-Guploader-Uploadid
X-Hyper-Cache
S-Cnection
X-Mode
X-Origin-Server
Country
X-B3-Spanid
X-Oneagent-Js-Injection
X-Cache-Config
X-Cache-Var-Map
X-ES-SERVER
Machine
X-Cache-Var
X-Path-Route
Load-Balancing
X-RN-RSRV
Meta-Geo
X-CF-Powered-By
X-Upstream-HT
X-Labrador-Cache-Channel
X-Upstream-CT
Vix-Hermes-Req-Id
X-Tumblr-Pixel-3
X-Cache-Grace
Cache-Key
X-Access
X-Proxied
X-Routing-Service
X-Cache-Host
GEO-INFO
X-Zipkin-Id
X-Section
X-Upgrade-Enabled
X-Varnish-Server
X-From
X-Drupal-Cache-Contexts
X-Loop
Now
X-LJ-Flow-ID
X-Akamai-Request-ID
X-Backend-Name
X-OCL
Decoy-Debug-TTL
Decoy-Debug-Status
X-CCM
X-AWS-Id
X-Human
X-Hit
Decoy-Debug-Key
Mn-Server-Ip
X-PCL
X-TNCMS
X-Region
ServedBy
X-ShardId
X-Trace-Id
X-Web-Node
X-Viewer-Country
X-Shopify-Stage
X-VWS-Id
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
Rt-Fastcgi-Cache
X-Varnish-Cache-Hits
X-Origin-Response-Time
X-R9-Blue-Green-Version
X-ShopId
X-EIG-Tracking-Id
X-Via-Fastly
X-VG-TLSProxy
X-Endurance-Cache-Level
X-Proxy-Build
X-Xfnlog-Site
X-Magnolia-Registration
X-Timing-Wait
We-Hiring
X-MP-GENERATED-AT
DSUID
X-Environment-Context
Mail-Subject
X-Debug-Cache
X-L-Path
X-Goog-Meta-Goog-Reserved-File-Mtime
X-RCS-CacheZone
X-JoinUs
X-PressLabs-Stats
Release
X-S
Cache-Name
X-Www-Served-By
X-Varnish-Hits
Version
X-Generated
OT-Force-Account-Verify
X-Site-Version
Akamai-GRN
X-Proto
X-Device-Type
X-Locale
X-Cluster-Node
X-Rule
X-Nginx-Cache
X-NCache
X-Rendered-As
X-Dc
X-FC-Vary-Parameters
SRV
DB-Nickname
X-Hosted-By
X-Request-Time
ProcessTime
Uber-Trace-Id
X-NewRelic-App-Data
X-BYPASS-REASON
X-ProxyCache-Status
X-ProxyCache-Key
X-Load-Cache
CACHE
X-VCT
X-IP
X-Time-Microsecs
Cteonnt-Length
NGX
X-Platform-Server
X-FW-Version
X-UUID
NtCoent-Length
X-Wix-Request-Id
X-Redis-Cache
X-Origin
X-Akamai-Request-ID2
Time
X-No-Session
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Privacy
Webcakes-App-Name
Azure-Version
Property-Id
TWC-Device-Class
TWC-GeoIP-Country
S-Rt
Webcakes-App-Version
Webcakes-Region
Azure-RegionName
Azure-InstanceId
X-Via-CDN
TWC-Connection-Speed
Azure-SiteName
Azure-SlotName
X-Origin-Hint
X-ECACHE
X-RateLimit-Reset
X-Cache-NE
X-MServer
X-Hl-Ver
X-EdgeConnect-Cache-Status
X-CDN-Forward
X-Rocket-Nginx-Bypass
X-Vgn-Hpd-Reason
Origin
X-UA
X-ServerID
Odigeo-Trace-Id
X-FireWall-Port
X-Proxy
X-IPS-LoggedIn
X-Cache-Remote
X-GEO
X-HTML-Minification-Powered-By
X-Distributor
X-PERF
X-Akamai-Transformed
X-ApacheServer
X-Daa-Tunnel
X-CS
X-Format
X-Cache-Server
LB
Access-Control-Request-Headers
Accept-Language
Cache-Tags
X-Webkit-Csp
X-UnsetCookies
X-SERVER-NAME
L5d-Success-Class
Ec-Rule-Version
X-Tb
Fastly-SSL
X-Unique-ID
Hostname
X-Microcachable
X-BACKEND-TTL
X-Pubstack
X-Cache-Backend
X-Varnish-Cacheable
X-Compress-Hint
Fastcgi-X-Cache-Version
X-URL
Arc-Country
X-Is-Bot
Origin-Cache-Control
AsisCache
X-Internal-Host
AKAMAI
X-B3-Parentspanid
X-Instart-Info
A
X-A-Dgt
X-Org
X-NU-AKA-ACS-Version
X-PAYTM-SRV-ID
X-Destination
X-AIR-PT
X-App-Name
X-Developer
X-A-Wwc
X-Level-Front-Cache
X-Accel-Expires-Debug
X-Aed
X-Grey
X-A-Dcw
Cache-Cookie-Set-From
Proxy-Firewall
Rendered-Blocks
Request-Country
X-G
X-A
Mobile-Detection-Method
X-Generated-On
Node
Request-EU
Request-Time
X-DPWN-IS-SECURE
Viewtype
VivaBuild
X-Edge-Server
X-External-Request-Id
REQUESTUUID
Rt-Proxy-Cache
Server-ID
Meta-Geo-Continent
X-A-Ccd
Cdn-Request-Time
Content-Script-Type
Content-Style-Type
Cdn-Host
Cache-Prefix
BehaviorPad-Version
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Cross-Origin-Window-Policy
Fastly-SIE
X-A-Dam
X-Geo-Header
MD5-Digest
GEO-REGION-INFO
Fly-Request-Id
Fastly-SWR
Fly-Cache
X-IN-APIGATEWAY
X-Detected-As
X-Vtex-Processado-Em
X-CF-Lambda-Version
Xc-Version
X-Region-Sid
X-Varnish-Url
Origin-Edge-Control
X-Trv-Group
X-CF-Lambda-Fn
X-B-Cookie
X-VG-WebServer
X-Cache-Category-Id
Proxy-Connection
X-Rebelmouse-Surrogate-Control
X-Connection-Hash
X-Twitter-Response-Tags
X-Worker
X-Rebelmouse-Cache-Control
X-D
X-Cluster-Name
X-Vtex-Remote-Cache
X-Rojux
X-S-Cookie
X-S-Maxage
X-ScT
X-Real-IP
X-Server-Time
X-ARC
X-Request-UUID
X-Transaction
X-SRCache-Key
X-Rewrite-Enabled
X-Cache-Bucket
X-Date
X-Application
ServerName
Served-By
Selected-Fe
X-Nc
X-Cdn-Srv
Memcached
Is-Eu
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
Content-Disposition
Platform
X-Cdn-Origin
HA-Ipaddr
Countrycode
X-Sn-Servicetimems
X-ServiceProvider
X-HS-Cache-Config
X-Variation
X-GeoIP-Country-Code
Ha-Gx-Prefs
X-Edge
RNT-Time
X-Cache-Id
RNT-Machine
Resin-Trace
Apple-News-Services-Host
X-Eu-Site
X-PHP-Host
X-Debug-Cookies
X-Clientip
X-HS-Combine-CSS
X-Method
X-NX-Host
X-C
True-Client-Country-4JS
X-Epic-Correlation-Id
X-Debug-Log
Server-Int
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Request-URI
X-Core-Mission
Apple-News-Services-Handled
Adler-Geo
X-CGP
IBM-Web2-Location
W
X-Amzn-Remapped-Content-Length
X-NC
Backend-Name
X-SERVER
X-ElasticPress-Search
X-Fetched-On
Server-Host
PFcat
X-Thanos
Section-Io-Cache
X-Fastly-Cache
V-Age
X-WebServer
X-Developers
X-Dispatcher-Server
X-Cms-Context
X-Backend-State
X-Location
X-Server-IP
X-We-Are-Hiring
X-Request-Start
X-Bip
X-Device-Os
X-Nginx-Cache-Key
X-Distil-CS
X-Proxy-Cache-Status
X-Proxy-Upstream
X-Owner
X-Qloud-Router
UCS
On-Server
CDCHOST
X-GeoIP-City
Gh-Request-Id
IsBot
L
X-Gannett-Site-Version
X-Swa-Ws
X-Secret
X-Hash
Esi-Enabled
Country-Code
Fastly-Soc-X-Request-Id
X-SIPLIST1
X-Skip-Cache
X-Cache-Info
X-Dispatch
X-Irp-Debug
X-Reqid
X-Response-By
X-SD-PageType
X-Reboot
X-Wikidot-Static-Cache
Powered-By
Heartbleed
X-Release
X-Served-From
X-Servername
X-TrackingId
X-VC-Cache
X-WADP-Cache
X-Thinkindot-L3
X-TH-Server
Kp-EeAlive
X-Wikidot-Backend
Who
Wxu-Next-Commit
X-Li-Fabric
X-Li-Pop
X-LI-Proto
X-Key
X-Hnp-Log
X-Gen-Mode
X-Generation-Time
X-LI-UUID
X-Matched-Rule
Wxu-Next-Region
X-Processor
Wxu-Next-Hostname
X-Origin-Expires
X-Origin-Date
X-Crawler
X-BBXSRF
X-FPC
X-Azure-Ref-OriginShield
Thinkindot-CacheControl-Type
X-Via-NSCOPI
SS
Thinkindot-Control
Web-Mar-Node
N-Cache
User-Cache-Control
X-Clara-WADP
X-Amz-Meta-Cache-Control
X-Powered-By-Defense
X-Cache-FS-Status
X-CDN-Cache
X-Block-Status
Thinkindot-CacheControl
X-Auto-Login
X-Azure-Ref
SD-X-WS
X-Varnish-Ttl
X-Parent-Response-Time
Locale
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Pf-Uncompressing
X-OVcl-Cache
X-OVcl
X-Via-Edge
GW-Server
X-Webstats-RespID
X-CUA
X-CLOUD-TRACE-CONTEXT
X-FE
Pramga
X-Via-SSL
X-VServer
CF-IPCountry
Mime-Version
PageSpeed
X-Ratelimit-Remaining
X-Dynatrace-Js-Agent
User-Agent
X-Ua
X-Varnish-Beresp-Ttl
X-LAGOON
X-Hello
X-ABtesting
Magicmarker
X-Protected-By
X-Flog
X-ND-Cache
Memory
X-Be
X-Generated-In
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
Pragrma
X-Fstrz
X-Page-Type
X-Planisys-CDN-Rules
Pagetype
X-User
X-Origin-CC
X-Newrelic-Synthetics
X-Origin-TTL
X-Geo
X-COUNTRY
X-Ruxit-Js-Agent
X-Ttl
X-B3-SpanId
X-Backend-Host
X-Up
X-Backend-Url
X-Cache-Ttl
X-MSEdge-Features
X-GoCache-CacheStatus
X-Soup
X-MSEdge-Flight
X-Tt-Trace-Tag
X-Zone
X-Check-Cacheable
X-Oss-Storage-Class
X-Varnish-Beresp-Grace
X-Debug-Cache-Expiry
X-Varnish-Beresp-Status
X-Oss-Hash-Crc64ecma
X-IN-WAF
X-Oss-Request-Id
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Core-Value
X-Oss-Server-Time
X-Oss-Object-Type
X-Phone
X-TT-LOGID
X-Cdn-Forward
Geoip-Latitude
GeoIp-Country-Code
Geoip-City
X-Backend-TTL
X-Litespeed-Cache
Amp-Access-Control-Allow-Source-Origin
Cdn
X-Servedbyhost
Cache-Hits
X-DC
X-ZONE
X-Birta-Cache-Post
X-SayCDN-TTL
X-Akamai-SSL-Client-Sid
X-Real-Ip
X-Say-Cacheable
X-Birta-Served
X-Say-TTL
X-Old-Content-Length
X-Mid
X-CSRF-TOKEN
X-Datadome
SN
X-HS-Status
X-Info
X-MID
X-Varnish-IP
X-Node-Id
X-FORWARDED-FOR
X-Vcl-Version
HitType
Selected-FE
X-Cache-Time
FSS-Cache
X-VCL-Version
X-Aicache-OS
FSS-Proxy
X-GRACE
WZWS-RAY
XServer
Inserted-Into-Cache-At
X-ServedByHost
X-Refresh
X-IN-APIGATEWAYSSL
X-Amzn-Remapped-Connection
Ajk
Fastly-Backend-Name
X-Tb-Optimization-Total-Bytes-Saved
X-Logtrace-Id
X-Amzn-Remapped-Date
Srv
X-EC-Lua
X-Varnish-Authentication
X-Agile
HostName
X-Agile-Age
X-UPSTREAM-Address
X-Agile-Id
X-Contensis-Viewer-Groups
Server-Cache-Control
CF-Cached-On
X-Cache-Debug
Server-Surrogate-Control
X-Cache-ASPX
X-Bc
X-BC
RequestId
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Wa
X-App-Version
X-CSRF-Token
X-Source
X-Nananana
GeoIP-Country-Code
X-Via-Ucdn
X-APP
X-CACHE-KEY
X-Web-Server
X-Proxy-Cacherz
T-Server
Xkeyrz
GeoIP-City
X-WR-MODIFICATION
GeoIP-Latitude
X-ECache
X-TIME
X-LiteSpeed-Cache-Control
WebServer
X-LB-ID
X-GDPR
PICS-Label
X-PJAX-URL
Cf-Ipcountry
Ohc-File-Size
X-Varnish-Beresp-TTL
X-Render-Time
Xkeynj
Ohc-Cache-HIT
X-NWS-UUID-VERIFY
Group
X-Unique-Id
URI
Get-Access-Time
Is-Session-Tracking
X-Ftr-Request-Id
X-SRV
MIME-Version
X-PAGE-TYPE
X-Cache-Tag
X-Fastly-Country-Code
X-Micro-Cache
X-Sedo-Request-Id
X-Policy
HTTPS
X-Cache-Miss-From
X-BE
Dynatrace
CDN
X-Requestid
X-MCACHE
Pics-Label
X-Uri
SID
X-Request-Url
X-Pjax-Url
Lb
Backend
X-Fastly-Backend-Reqs
Www
X-Edge-IP
X-SN
Xet-Cookie
DataCenter
X-Cdn-Request-ID
X-Ftr-Cache-Host
X-Ftr-Dc
X-Vct
X-Ftr-Balancer
X-Swift-Error
X-Lb-Id
X-Service
X-Ftr-Backend-Server
X-Ftr-Backend
X-Ftr-Realm
X-Ftr-Expires
X-Apw-Access-Object
X-Apw-Access-Token
X-Apw-Hits
X-Instart-Isnd
Cneonction
X-Apw-Access-Action
X-NGINX-Cache
X-Dw-Trace-Id
X-Ecache
X-Cf-Powered-By
X-PF-Uncompressing
X-Var-Ttl
Cache-Provider
Correlation-Id
X-Cache-Expires
X-WA
Host-ID
FNAC-ModuleRouting
Requestid
X-Newrelic-App-Data
NnCoection
X-Fe
X-Varnish-Action
X-Serial
Ohc-Response-Time
X-Fpc
X-Akamai-ERPolicy
X-DB
X-DI
X-Akamai-ERRuleID
X-Fastly-Cache-Hits
X-Zalando-Child-Request-Id
X-Page-Impression-Id
X-Flow-Id
X-DSS
X-DW
Warning
Lfy
X-ServerName
X-Bug-Bounty
X-RSL
X-RPM
X-RPS
X-Html-Edge-Cache