Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Xss-Protection
X-Served-By
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Alt-Svc
X-Adblock-Key
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Age
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Request-Id
X-Amz-Id-2
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
EagleId
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
X-Request-ID
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Server-Id
X-WebKit-CSP
Feature-Policy
Server-Timing
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Host
X-Rq
Report-To
X-Ac
X-Node
Content-Location
X-OneAgent-JS-Injection
X-Cnection
X-Response-Time
X-Backend-Server
X-Cloud-Trace-Context
X-Origin-Cache
X-Application-Context
X-Readtime
Request-Id
Allow
EagleEye-TraceId
Surrogate-Control
X-ORACLE-DMS-ECID
X-Country
X-DynaTrace
X-Vhost
X-Cache-Lookup
X-TTL
X-Cdn
Pinterest-Generated-By
X-Rack-Cache
X-Url
X-Clacks-Overhead
X-Origin-Upstream-Status
X-Ua-Compatible
NEL
X-FTR-Request-ID
X-Ruxit-JS-Agent
Rating
X-Country-Code
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Dns-Prefetch-Control
X-CST
X-Dispatcher
X-HW
X-ORACLE-DMS-RID
X-Goog-Hash
X-Instart-Request-ID
Fusion-Template-Id
Fusion-Content-Id
Fusion-Component-Id
Fusion-Source
Fusion-Content-Source
X-DataStream-Cache-Status
Edge-Control
X-PC
X-TtlSet
X-Vname
X-DataDome
X-Px
X-VARITI-CCR
Service-Worker-Allowed
X-Mod-Pagespeed
Verso
X-MS-InvokeApp
X-Recruiting
X-Varnish-TTL
X-D2id
X-Use-Magma
X-Kinja-Server
X-Kinja
X-Kinja-Revision
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Build
SPRequestGuid
RTSS
X-Vcap-Request-Id
X-Amz-Server-Side-Encryption
X-Abt-Application-Version
TCN
DynaTrace
X-SharePointHealthScore
X-Navigation-Version
X-GitHub-Request-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Sol
Display
X-Middleton-Display
Response
X-Middleton-Response
X-Akam-SW-Version
X-Powered-By-Plesk
X-RateLimit-Remaining
X-B3-TraceId
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
MS-Author-Via
Charset
X-Shield-Request-Id
X-Amz-Rid
ServerID
Content-MD5
X-Forwarded-Proto
AR-PoweredBy
AR-CACHE
AR-ATIME
Ar-Sid
Realpath
X-Powered-CMS
X-Trace
Accept-Ch-Lifetime
X-Upstream
X-ESI
Nginx-Cache
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Version
Public-Key-Pins
X-Cached
Fastly-Restarts
X-Dw-Request-Base-Id
AR-Request-ID
X-Server-Name
X-Shard
X-DynaTrace-JS-Agent
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
MRF-Tech
X-Mrf-Item-Lastmod
Mrf-Cache-Status
Pagespeed
Access-Control-Request-Method
Accept-Ch
X-MSEdge-Ref
Paypal-Debug-Id
X-Vcache
X-Goog-Storage-Class
Accept-CH
SPRequestDuration
X-Client-IP
X-Grace
SPIisLatency
S
X-Debug
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Expires
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Backend
X-FTR-Balancer
X-FTR-Realm
X-Id
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Ezoic-Cdn
X-Amz-Meta-S3cmd-Attrs
X-N
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Proxy
X-Fastly-Request-ID
Front-End-Https
X-DIS-Request-ID
X-Amzn-Trace-Id
X-T
Arr-Disable-Session-Affinity
X-NF-Request-ID
X-FastCGI-Cache
X-Content-Type
MicrosoftSharePointTeamServices
X-XRDS-Location
X-Hits
X-B3-Sampled
X-FTR-Cache-Host
X-Varnish-Age
X-Ser
Fastcgi-Cache
X-Frontend
PB-PID
PB-RID
X-Mobile-Rewrite
Arc-Version
X-B3-Traceid
X-Acc-Meta-Resource-Type
X-Logged-In
Server-Name
X-Content-Digest
X-Correlation-Id
Alternate-Protocol
X-Node-Name
X-Pad
X-Srv
Nel
AMP-Access-Control-Allow-Source-Origin
X-Cache-Key
X-Request-Handler-Origin-Region
X-Microsite
FilterID
X-Forwarded-For
TP-L2-Cache
TP-Cache
Host
X-Kinsta-Cache
X-User-Agent
X-Type
Healthy
X-LB-Cache
X-Rid
Powered-By-ChinaCache
X-IPLB-Instance
X-F-Cache
Edge-Cache-Tag
X-Request-Received
X-Request-Processing-Time
Powered
X-AOL-HN
X-Debug-Info
X-Esi
X-Cache-2
X-Zen-Fury
X-Amzn-RequestId
X-Amz-Apigw-Id
X-GUploader-UploadID
X-Revision
X-Cached-By
X-VCache
X-Hostname
Backend-Timing
X-Cache-Age
X-Analytics
X-HS-Content-Id
X-HS-Hub-Id
X-Kong-Upstream-Latency
X-Cache-Rule
X-Kong-Proxy-Latency
X-Accel-Expires
X-XRDS-LOCATION
X-Via-JSL
X-Activity-Id
X-AppVersion
X-Az
Surrogate-Key
X-Fastcgi-Cache
X-Content-Security-Policy-Report-Only
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Varnish-Backend
X-RateLimit-Limit
X-Content-Options
X-Page-Id
X-Instance
X-BCube-Filmed-By
X-Cluster
X-Amz-Replication-Status
X-Varnish-Grace
X-FB-Debug
X-Jobs
X-Content-Powered-By
X-Request-Guid
X-PHP-Backend
X-Akamai-Edgescape
Cache-Status
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
Source
X-App-Environment
Server-Node
X-TT
Cleartype
X-B-Cache
X-Forwarded-Host
Refresh
X-Signature
X-Framework
Liferay-Portal
X-FW-Hash
X-FW-Server
X-FW-Static
X-FW-Type
X-FW-Serve
Accept-CH-Lifetime
X-Varnish-Hostname
DC
X-ATG-Version
Tracecode
Host-Header
Accept-Charset
Access-Control-Allow-Method
Fastcgi-Useragent
WPE-Backend
X-Mobile
X-Cache-Operation
X-Cache-Control
X-Edge-Location
X-Cache-Action
X-Drupal-Cache-Tags
X-APP-VERSION
X-Time
X-B
Actual-Object-TTL
X-Whom
X-Cache-Hit
X-Accel-Buffering
X-Hp-Webp
X-Mobile-URL
Payment
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Response-Served-From
X-TX-ID
X-Storage
X-App-Server
X-WA-Info
X-WebKit-CSP-Report-Only
X-Content-Age
X-NWS-LOG-UUID
X-TT-TIMESTAMP
X-Git-Hash
X-Yottaa-Metrics
Upgrade-Insecure-Requests
X-Yottaa-Optimizations
X-SS-Set-Cookie
X-UA-Device-Type
NGB
Filters
X-Handled-By
X-Cacheable-TTL
Cache-Tv-Group
Eomportal-Instance
X-Adobe-Loc
X-Adobe-Content
X-Status
X-GeoIP
X-RemovedCookies
X-RequestSource
Cache-Tag
X-Tumblr-Pixel-1
X-ProcessESI
X-Tumblr-Pixel-2
Viewport
X-Geo-Country
X-VG-WebCache
Retry-After
X-Cache-TTL
X-Presslabs-Stats
Cache
Xserver
Webserver
Datacenter
X-FW-Dynamic
X-Cache-TTL-Remaining
X-Seen-By
Server-Info
MS-CV
X-Server-ID
X-FB-TRIP-ID
X-Ratelimit-Reset
X-TA-CDN-Provider
X-Cache-Enabled
X-Host-Name
X-Ratelimit-Limit
Frame-Options
X-Oracle-Dms-Rid
X-Contextid
X-Generated-By
X-Origin-Server
From-Origin
X-RTag
Ms-Operation-Id
S-Cnection
X-Hyper-Cache
X-Mode
X-B3-Spanid
X-CF-Powered-By
Country
Meta-Geo
X-RN-RSRV
X-Cache-Var
X-Path-Route
X-Cache-Var-Map
X-Cache-Config
X-ES-SERVER
Load-Balancing
Machine
Cache-Key
X-Zipkin-Id
X-Tumblr-Pixel-3
X-Hit
X-Proxied
X-Cache-Grace
X-Routing-Service
X-Upstream-CT
X-Upstream-HT
Vix-Hermes-Req-Id
X-Labrador-Cache-Channel
X-Section
X-Viewer-Country
X-TNCMS
X-Upgrade-Enabled
X-Varnish-Cache-Hits
X-Varnish-Server
GEO-INFO
Now
X-OCL
X-Cache-Host
X-Access
X-Web-Node
X-Backend-Name
X-Loop
X-From
Decoy-Debug-Key
Decoy-Debug-Status
X-Human
X-PCL
Decoy-Debug-TTL
X-EIG-Tracking-Id
X-Rule
X-CCM
X-Debug-Cache
X-Environment-Context
X-LJ-Flow-ID
X-Akamai-Request-ID
X-Region
X-Origin-Response-Time
X-R9-Blue-Green-Version
Mn-Server-Ip
Rt-Fastcgi-Cache
X-AWS-Id
X-Alternate-Cache-Key
ServedBy
X-Magnolia-Registration
X-ShopId
X-Sorting-Hat-ShopId
X-Via-Fastly
X-VWS-Id
X-Sorting-Hat-PodId
X-ShardId
X-Drupal-Cache-Contexts
X-Shopify-Stage
X-L-Path
X-VG-TLSProxy
Akamai-GRN
X-Proxy-Build
X-Xfnlog-Site
OT-Force-Account-Verify
X-Hosted-By
X-Cluster-Node
X-Proto
DSUID
X-NCache
X-Goog-Meta-Goog-Reserved-File-Mtime
Mail-Subject
X-Rendered-As
X-JoinUs
X-MP-GENERATED-AT
X-Timing-Wait
X-Endurance-Cache-Level
X-FC-Vary-Parameters
We-Hiring
X-RCS-CacheZone
X-S
X-Generated
Release
X-Guploader-Uploadid
X-Device-Type
DB-Nickname
X-Varnish-Hits
Cache-Name
Uber-Trace-Id
X-Trace-Id
Version
X-Site-Version
X-Locale
X-PressLabs-Stats
X-Nginx-Cache
SRV
X-Www-Served-By
X-NewRelic-App-Data
Cteonnt-Length
X-VCT
X-ProxyCache-Key
X-ProxyCache-Status
X-BYPASS-REASON
ProcessTime
X-Request-Time
NGX
X-IP
X-Load-Cache
X-Time-Microsecs
X-Platform-Server
X-UUID
X-Redis-Cache
Time
X-Origin
X-FW-Version
Azure-RegionName
CACHE
Azure-SlotName
Azure-SiteName
Azure-InstanceId
Azure-Version
S-Rt
X-Via-CDN
X-Wix-Request-Id
X-Dc
TWC-Locale-Group
Webcakes-App-Name
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Connection-Speed
Webcakes-Region
TWC-Privacy
Property-Id
Webcakes-App-Version
TWC-Device-Class
X-Origin-Hint
X-EdgeConnect-Cache-Status
NtCoent-Length
X-Cache-NE
X-ECACHE
X-MServer
X-Akamai-Request-ID2
X-No-Session
X-Daa-Tunnel
X-Rocket-Nginx-Bypass
X-Hl-Ver
X-Proxy
X-FireWall-Port
X-RateLimit-Reset
X-ServerID
X-IPS-LoggedIn
X-Cache-Remote
X-Vgn-Hpd-Reason
X-GEO
X-HTML-Minification-Powered-By
X-CDN-Forward
Origin
X-Akamai-Transformed
X-ApacheServer
X-PERF
X-CS
Odigeo-Trace-Id
X-Distributor
X-UA
X-Oneagent-Js-Injection
X-Format
Ec-Rule-Version
X-Cache-Server
Fastly-SSL
Access-Control-Request-Headers
Cache-Tags
X-Real-IP
L5d-Success-Class
Accept-Language
X-Unique-ID
X-Tb
X-UnsetCookies
LB
X-Microcachable
X-Pubstack
Hostname
X-Webkit-Csp
Origin-Cache-Control
Origin-Edge-Control
Served-By
X-Cache-Backend
Fastcgi-X-Cache-Version
X-SERVER-NAME
X-Varnish-Cacheable
X-Compress-Hint
X-Grey
X-Cache-Category-Id
IBM-Web2-Location
Fly-Request-Id
X-Varnish-Url
X-External-Request-Id
GEO-REGION-INFO
Fly-Cache
Backend-Name
X-VG-WebServer
Rt-Proxy-Cache
X-A-Ccd
X-Edge-Server
Request-Country
X-B3-Parentspanid
X-CF-Lambda-Fn
X-SRCache-Key
X-S-Maxage
X-Cache-Bucket
X-CF-Lambda-Version
X-A
X-G
X-B-Cookie
X-Twitter-Response-Tags
X-Trv-Group
X-Transaction
X-DPWN-IS-SECURE
X-Vtex-Remote-Cache
AsisCache
X-D
Arc-Country
X-Connection-Hash
Content-Script-Type
BehaviorPad-Version
Cache-Cookie-Set-From
Cdn-Request-Time
Cache-Prefix
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Content-Style-Type
Request-EU
Request-Time
X-Cluster-Name
Fastly-SIE
X-ARC
X-Developer
X-Detected-As
A
X-Date
Cross-Origin-Window-Policy
X-Destination
Fastly-SWR
Server-ID
X-Accel-Expires-Debug
X-PAYTM-SRV-ID
Xc-Version
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Org
MD5-Digest
X-Server-Time
Cdn-Host
Rendered-Blocks
X-NU-AKA-ACS-Version
X-Aed
X-ScT
Proxy-Firewall
X-Vtex-Processado-Em
X-Rewrite-Enabled
X-Rojux
X-S-Cookie
X-Request-UUID
Mobile-Detection-Method
Meta-Geo-Continent
X-Region-Sid
Viewtype
VivaBuild
X-Worker
X-A-Wwc
X-Application
X-Internal-Host
X-Is-Bot
Node
X-A-Dgt
X-App-Name
X-Instart-Info
X-AIR-PT
Proxy-Connection
X-A-Dam
X-BACKEND-TTL
X-A-Dcw
X-IN-APIGATEWAY
X-URL
ServerName
X-NC
X-Cache-Info
Gh-Request-Id
X-Cdn-Origin
Platform
Is-Eu
HA-Ipaddr
X-Cdn-Srv
X-Level-Front-Cache
Ha-Gx-Prefs
Content-Disposition
Countrycode
Memcached
X-Cache-Id
Esi-Enabled
X-Geo-Header
On-Server
X-Clientip
X-CGP
X-Generated-On
X-HS-Cache-Config
X-Sn-Servicetimems
True-Client-Country-4JS
REQUESTUUID
X-We-Are-Hiring
X-HS-Combine-CSS
X-GeoIP-Country-Code
Server-Int
X-Variation
X-Nginx-Cache-Key
X-NX-Host
W
X-ServiceProvider
X-Skip-Cache
X-Request-URI
AKAMAI
X-PHP-Host
X-Edge
X-Core-Mission
X-Amzn-Remapped-Content-Length
X-Backend-State
Resin-Trace
Apple-News-Services-Parsed-Url
X-Debug-Log
X-Debug-Cookies
Apple-News-Services-Handled
Adler-Geo
RNT-Machine
RNT-Time
Section-Io-Cache
Apple-News-Services-Request-Url
X-C
X-Fastly-Cache
X-Epic-Correlation-Id
X-Eu-Site
Apple-News-Services-Host
X-ElasticPress-Search
X-Nc
Selected-Fe
X-Auto-Login
X-Wikidot-Static-Cache
X-Amz-Meta-Cache-Control
X-BBXSRF
X-Fetched-On
X-Qloud-Router
X-Reboot
X-Reqid
X-Location
X-LI-UUID
X-Li-Fabric
X-Li-Pop
X-LI-Proto
X-Request-Start
X-Response-By
X-SIPLIST1
X-WADP-Cache
X-TH-Server
X-Servername
X-Server-IP
X-SD-PageType
X-Secret
X-Key
X-Irp-Debug
X-Developers
X-Device-Os
X-Dispatch
X-Cms-Context
X-Clara-WADP
X-Wikidot-Backend
X-Cache-FS-Status
X-CDN-Cache
X-Dispatcher-Server
X-Distil-CS
X-GeoIP-City
X-Hash
X-Hnp-Log
X-Gen-Mode
X-Gannett-Site-Version
X-WebServer
X-FPC
X-Block-Status
IsBot
CDCHOST
SD-X-WS
X-Method
PFcat
Country-Code
Fastly-Soc-X-Request-Id
N-Cache
SS
Server-Host
V-Age
X-SVT-ORM-VERSION
Web-Mar-Node
X-SVT-ORM-RULES
User-Cache-Control
UCS
X-Powered-By-Defense
X-SERVER
X-Owner
X-Processor
X-Swa-Ws
X-Thanos
X-Origin-Date
X-Proxy-Cache-Status
X-Matched-Rule
X-Proxy-Upstream
X-Via-NSCOPI
X-TrackingId
Wxu-Next-Region
X-Crawler
X-Origin-Expires
X-Release
X-Azure-Ref
X-Azure-Ref-OriginShield
X-VC-Cache
X-VServer
Thinkindot-CacheControl
Who
Thinkindot-Control
Thinkindot-CacheControl-Type
Pramga
Wxu-Next-Commit
Wxu-Next-Hostname
X-Generation-Time
Heartbleed
X-Thinkindot-L3
X-Webstats-RespID
Powered-By
X-Bip
L
CF-IPCountry
X-Via-Edge
X-Ua
Kp-EeAlive
GW-Server
X-OVcl-Cache
X-Via-SSL
X-OVcl
X-CUA
X-Served-From
X-Parent-Response-Time
X-Varnish-Ttl
X-Urbn-Context-Path
Locale
Mime-Version
X-Urbn-Site-Id
X-FE
X-Pf-Uncompressing
X-Varnish-Beresp-Ttl
X-CLOUD-TRACE-CONTEXT
Magicmarker
X-Dynatrace-Js-Agent
PageSpeed
User-Agent
X-LAGOON
X-Ratelimit-Remaining
X-ND-Cache
Memory
X-ABtesting
X-Protected-By
X-Hello
X-Flog
Pagetype
X-Page-Type
Pragrma
X-Fstrz
X-Origin-CC
X-Origin-TTL
X-Be
X-Geo
X-Planisys-CDN-TTL
X-User
X-Generated-In
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Newrelic-Synthetics
X-B3-SpanId
X-Tt-Trace-Tag
X-Up
X-Backend-Url
X-MSEdge-Features
X-Ttl
X-MSEdge-Flight
X-COUNTRY
X-Backend-Host
X-GoCache-CacheStatus
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Backend-TTL
X-Zone
X-DC
X-Cache-Ttl
X-IN-WAF
X-Core-Value
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Soup
X-Phone
X-Debug-Cache-Expiry
X-Check-Cacheable
X-Cdn-Forward
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Oss-Object-Type
Geoip-City
Geoip-Latitude
X-Servedbyhost
X-TT-LOGID
GeoIp-Country-Code
X-ZONE
X-Litespeed-Cache
Cdn
X-Say-Cacheable
X-Birta-Cache-Post
X-Birta-Served
X-SayCDN-TTL
X-Say-TTL
Cache-Hits
SN
X-Info
X-Real-Ip
X-Old-Content-Length
X-Varnish-IP
X-Akamai-SSL-Client-Sid
X-VCL-Version
Selected-FE
X-Mid
HitType
X-MID
X-Datadome
X-CSRF-TOKEN
X-HS-Status
X-Cache-Time
X-GRACE
Amp-Access-Control-Allow-Source-Origin
X-Ruxit-Js-Agent
X-Aicache-OS
X-Vcl-Version
X-FORWARDED-FOR
X-Node-Id
FSS-Proxy
Fastly-Backend-Name
FSS-Cache
Inserted-Into-Cache-At
XServer
WZWS-RAY
X-BC
CF-Cached-On
X-Refresh
X-ServedByHost
X-IN-APIGATEWAYSSL
X-Agile-Age
X-Cache-Debug
Ajk
X-Logtrace-Id
X-Agile
X-Agile-Id
X-Amzn-Remapped-Connection
X-Tb-Optimization-Total-Bytes-Saved
X-Amzn-Remapped-Date
X-Bc
Srv
X-EC-Lua
X-UPSTREAM-Address
Server-Cache-Control
X-App-Version
X-Contensis-Viewer-Groups
X-Source
X-Cache-ASPX
Server-Surrogate-Control
HostName
X-Varnish-Authentication
GeoIP-Country-Code
X-Web-Server
GeoIP-Latitude
X-Wa
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
GeoIP-City
X-Via-Ucdn
RequestId
X-CACHE-KEY
X-CSRF-Token
X-Nananana
X-NWS-UUID-VERIFY
X-APP
X-SRV
X-Proxy-Cacherz
X-TIME
Ohc-File-Size
X-WR-MODIFICATION
X-ECache
T-Server
Xkeyrz
X-LiteSpeed-Cache-Control
WebServer
PICS-Label
X-PJAX-URL
X-LB-ID
X-Render-Time
Cf-Ipcountry
Ohc-Cache-HIT
URI
Group
X-GDPR
X-Micro-Cache
X-Varnish-Beresp-TTL
X-Cache-Tag
HTTPS
X-Unique-Id
Get-Access-Time
Xkeynj
Is-Session-Tracking
X-BE
MIME-Version
X-Fastly-Country-Code
X-PAGE-TYPE
X-Edge-IP
CDN
Backend
Www
X-Requestid
Dynatrace
X-Sedo-Request-Id
X-Cache-Miss-From
X-Policy
X-SN
X-Uri
X-MCACHE
X-Fastly-Backend-Reqs
X-Pjax-Url
X-Instart-Isnd
SID
Pics-Label
Lb
X-Request-Url
DataCenter
Xet-Cookie
X-Lb-Id
X-Cache-Expires
X-Service
X-Vct
X-Cdn-Request-ID
Cache-Provider
X-Swift-Error
Requestid
Cneonction
Host-ID
X-Apw-Access-Action
X-Apw-Hits
X-Apw-Access-Token
X-Apw-Access-Object
X-Dw-Trace-Id
X-NGINX-Cache
FNAC-ModuleRouting
X-Ecache
X-Var-Ttl
X-PF-Uncompressing
X-Cf-Powered-By
X-WA
Correlation-Id
X-Newrelic-App-Data
Lfy
X-Html-Edge-Cache
Warning
X-Bug-Bounty
X-Serial
X-Varnish-Action
X-Akamai-ERPolicy
NnCoection
X-WPE-Loopback-Upstream-Addr
X-Fe
Epwk-Cache
Ohc-Response-Time
X-Akamai-ERRuleID
X-DW
X-DSS
X-RPM
X-RPS
X-ServerName
X-DI
X-DB
X-Fastly-Cache-Hits
X-Fpc
X-Flow-Id
X-Page-Impression-Id
X-Zalando-Child-Request-Id
X-RSL