Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
CF-RAY
ETag
Expect-CT
X-XSS-Protection
Via
CF-Cache-Status
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Alt-Svc
X-Adblock-Key
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-CDN
X-Via
X-Turbo-Charged-By
Keep-Alive
CF-Ray
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Age
X-Server
X-Backend
X-Pingback
X-Amz-Id-2
X-Amz-Request-Id
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
EagleId
Grace
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
X-Request-ID
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-SaveTime
X-Swift-CacheTime
X-Server-Id
Ali-Swift-Global-Savetime
X-Ua-Compatible
X-WebKit-CSP
Server-Timing
Feature-Policy
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Host
X-Rq
Report-To
X-Ac
X-Node
Content-Location
X-OneAgent-JS-Injection
X-Cnection
X-Response-Time
X-Backend-Server
X-Cloud-Trace-Context
X-Origin-Cache
X-Application-Context
X-Readtime
Request-Id
Allow
Surrogate-Control
EagleEye-TraceId
X-ORACLE-DMS-ECID
X-Country
X-Vhost
X-DynaTrace
X-TTL
X-Cache-Lookup
X-Origin-Upstream-Status
X-Rack-Cache
X-Url
X-Clacks-Overhead
NEL
X-FTR-Request-ID
Rating
Pinterest-Generated-By
X-Country-Code
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Dispatcher
X-Ruxit-JS-Agent
X-CST
X-HW
X-ORACLE-DMS-RID
X-Instart-Request-ID
X-Goog-Hash
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
Fusion-Component-Id
X-Cdn
X-DataStream-Cache-Status
X-PC
X-TtlSet
X-Vname
X-DataDome
Edge-Control
X-VARITI-CCR
X-Px
Service-Worker-Allowed
Verso
X-Mod-Pagespeed
X-MS-InvokeApp
RTSS
X-Recruiting
X-Use-Magma
X-Kinja-Build
X-Kinja-Revision
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja
X-Exp-Variant
X-Exp-Id
X-Kinja-Server
X-Varnish-TTL
X-D2id
X-Dns-Prefetch-Control
SPRequestGuid
X-Vcap-Request-Id
X-Abt-Application-Version
TCN
X-Amz-Server-Side-Encryption
X-SharePointHealthScore
X-GitHub-Request-Id
X-Navigation-Version
X-SRCache-Fetch-Status
X-Akam-SW-Version
X-SRCache-Store-Status
X-Powered-By-Plesk
X-Middleton-Display
Response
X-Sol
Display
X-Middleton-Response
X-ESI
X-B3-TraceId
MS-Author-Via
X-RateLimit-Remaining
X-Forwarded-Proto
Charset
Realpath
X-Upstream
DynaTrace
X-Powered-CMS
X-Version
X-Shield-Request-Id
Public-Key-Pins
X-Server-Name
X-Amz-Rid
Fastly-Restarts
ServerID
Nginx-Cache
X-Cached
X-Trace
AR-PoweredBy
AR-CACHE
AR-ATIME
Ar-Sid
X-Shard
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Generation
X-Dw-Request-Base-Id
Content-MD5
X-Grace
MRF-Tech
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
Pagespeed
AR-Request-ID
Paypal-Debug-Id
Accept-Ch
Access-Control-Request-Method
Accept-Ch-Lifetime
X-MSEdge-Ref
Accept-CH
SPRequestDuration
SPIisLatency
X-Client-IP
X-Goog-Storage-Class
X-FTR-Backend-Server
X-FTR-Backend
S
X-Debug
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Realm
X-DynaTrace-JS-Agent
X-FTR-Expires
X-FTR-DC
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Ezoic-Cdn
X-Id
X-FastCGI-Cache
Front-End-Https
X-Amz-Meta-S3cmd-Attrs
X-Fastly-Request-ID
X-T
X-N
X-Amzn-Trace-Id
X-NF-Request-ID
Arr-Disable-Session-Affinity
MicrosoftSharePointTeamServices
X-DIS-Request-ID
X-Content-Type
X-Hits
Pinterest-Version
X-Pinterest-Rid
X-B3-Sampled
X-Upstream-Proxy
X-FTR-Cache-Host
X-Vcache
X-B3-Traceid
X-VCache
X-XRDS-Location
X-Acc-Meta-Resource-Type
Fastcgi-Cache
X-Frontend
PB-PID
X-Mobile-Rewrite
PB-RID
Arc-Version
X-Logged-In
X-Varnish-Age
X-Content-Digest
X-Ser
Server-Name
X-Correlation-Id
Alternate-Protocol
X-Cache-Key
X-Srv
X-Node-Name
Nel
X-Request-Handler-Origin-Region
X-Microsite
AMP-Access-Control-Allow-Source-Origin
X-Pad
FilterID
X-Rid
X-User-Agent
Powered
TP-L2-Cache
X-Type
X-Forwarded-For
TP-Cache
X-IPLB-Instance
Healthy
X-LB-Cache
X-Cache-2
X-Request-Received
X-Request-Processing-Time
X-Zen-Fury
X-F-Cache
X-Kinsta-Cache
Host
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Revision
X-XRDS-LOCATION
Edge-Cache-Tag
X-Via-JSL
Accept-CH-Lifetime
X-Debug-Info
X-AOL-HN
Powered-By-ChinaCache
X-Kong-Proxy-Latency
Backend-Timing
X-Analytics
X-Kong-Upstream-Latency
X-Activity-Id
X-Az
X-AppVersion
X-Cache-Age
X-GUploader-UploadID
X-HS-Content-Id
X-Cached-By
X-HS-Hub-Id
X-Hostname
X-Accel-Expires
X-Cache-Rule
Surrogate-Key
Cache-Status
X-Varnish-Backend
X-Content-Options
X-BCube-Filmed-By
X-Page-Id
Server-Node
X-PHP-Backend
X-Tumblr-User
X-Tumblr-Pixel-0
X-Varnish-Grace
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Instance
X-Content-Security-Policy-Report-Only
X-Tumblr-Pixel
X-Request-Guid
X-Jobs
X-Amz-Replication-Status
X-App-Environment
X-Akamai-Edgescape
X-Content-Powered-By
Cleartype
X-Cluster
X-Signature
X-B-Cache
X-Forwarded-Host
Source
Refresh
X-TT
X-FB-Debug
X-Framework
Liferay-Portal
X-FW-Server
X-FW-Hash
X-Esi
X-FW-Static
X-FW-Serve
X-FW-Type
DC
X-Fastcgi-Cache
X-RateLimit-Limit
Tracecode
Accept-Charset
Fastcgi-Useragent
X-ATG-Version
X-Varnish-Hostname
Access-Control-Allow-Method
X-Time
Host-Header
X-APP-VERSION
X-Mobile
X-Whom
X-Cache-Action
X-Presslabs-Stats
X-Cache-Operation
X-Drupal-Cache-Tags
WPE-Backend
X-Cache-Control
X-Edge-Location
X-B
X-Hp-Webp
X-App-Server
X-Mobile-URL
Payment
X-WA-Info
X-Response-Served-From
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Accel-Buffering
NGB
Retry-After
Actual-Object-TTL
Filters
X-Git-Hash
X-Content-Age
X-Oracle-Dms-Rid
Cache-Tag
X-Storage
X-NWS-LOG-UUID
X-Cache-Hit
X-Handled-By
X-WebKit-CSP-Report-Only
Cache-Tv-Group
X-TT-TIMESTAMP
X-Cacheable-TTL
X-RequestSource
Viewport
X-TX-ID
X-Cache-TTL
Eomportal-Instance
X-GeoIP
X-Tumblr-Pixel-1
Upgrade-Insecure-Requests
X-Tumblr-Pixel-2
X-Adobe-Loc
X-UA-Device-Type
X-RemovedCookies
X-ProcessESI
X-Adobe-Content
MS-CV
X-Yottaa-Metrics
X-Status
X-Yottaa-Optimizations
X-SS-Set-Cookie
X-FW-Dynamic
X-Geo-Country
X-VG-WebCache
Webserver
Xserver
X-Ratelimit-Limit
X-Seen-By
X-Cache-TTL-Remaining
X-Server-ID
X-Host-Name
X-RTag
Ms-Operation-Id
X-TA-CDN-Provider
X-FB-TRIP-ID
Datacenter
X-Cache-Enabled
X-B3-Spanid
Frame-Options
From-Origin
X-Origin-Server
X-Hyper-Cache
X-Contextid
Server-Info
X-Generated-By
X-Mode
Cache
CACHE
GEO-INFO
Country
X-CF-Powered-By
SRV
Meta-Geo
X-Cache-Var-Map
Machine
X-Cache-Var
X-ES-SERVER
X-Drupal-Cache-Contexts
Load-Balancing
S-Cnection
X-Path-Route
X-Tumblr-Pixel-3
X-RN-RSRV
X-RateLimit-Reset
X-Routing-Service
X-Cache-Config
X-Zipkin-Id
X-Upstream-HT
X-Upstream-CT
X-Section
X-Proxied
X-MP-GENERATED-AT
X-Access
X-TNCMS
Rt-Fastcgi-Cache
Vix-Hermes-Req-Id
X-Backend-Name
X-From
X-Varnish-Server
X-Loop
X-R9-Blue-Green-Version
X-Hit
X-Human
Mn-Server-Ip
X-Varnish-Cache-Hits
X-AWS-Id
X-Akamai-Request-ID
Now
Cache-Name
X-Proxy-Build
Decoy-Debug-Key
Decoy-Debug-Status
X-Timing-Wait
Decoy-Debug-TTL
X-Cluster-Node
X-VWS-Id
X-Upgrade-Enabled
X-EIG-Tracking-Id
X-Web-Node
X-Rule
X-Origin-Response-Time
X-VG-TLSProxy
X-LJ-Flow-ID
X-Labrador-Cache-Channel
Akamai-GRN
X-PCL
X-Region
Cache-Key
X-Generated
X-Locale
X-OCL
X-Device-Type
Release
X-Viewer-Country
X-Cache-Host
X-Www-Served-By
X-Cache-Grace
X-Via-Fastly
DSUID
X-FC-Vary-Parameters
X-Site-Version
X-Trace-Id
X-Debug-Cache
X-Proto
X-NCache
OT-Force-Account-Verify
X-Environment-Context
X-Hosted-By
X-Guploader-Uploadid
Mail-Subject
DB-Nickname
We-Hiring
X-JoinUs
X-Rendered-As
X-Magnolia-Registration
X-L-Path
ServedBy
X-ShopId
ProcessTime
X-Endurance-Cache-Level
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Ratelimit-Reset
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShardId
X-Alternate-Cache-Key
X-Request-Time
X-Xfnlog-Site
X-CCM
X-S
X-Akamai-Request-ID2
X-IP
X-Dc
X-NewRelic-App-Data
X-Load-Cache
X-Time-Microsecs
NtCoent-Length
Time
Version
S-Rt
Webcakes-Region
TWC-Privacy
Property-Id
TWC-Locale-Group
TWC-Connection-Speed
TWC-GeoIP-LatLong
TWC-Device-Class
X-FW-Version
X-Wix-Request-Id
Azure-SiteName
X-Origin-Hint
X-RCS-CacheZone
Azure-SlotName
Azure-RegionName
Webcakes-App-Name
Webcakes-App-Version
TWC-GeoIP-Country
Azure-InstanceId
X-VCT
Uber-Trace-Id
Azure-Version
X-Origin
X-Varnish-Hits
X-No-Session
Cteonnt-Length
X-EdgeConnect-Cache-Status
X-Nginx-Cache
X-Via-CDN
X-Proxy
X-ProxyCache-Key
X-FireWall-Port
X-UUID
X-Redis-Cache
X-ProxyCache-Status
X-BYPASS-REASON
NGX
X-GEO
X-CDN-Forward
X-UA
X-Platform-Server
X-Daa-Tunnel
X-PressLabs-Stats
X-HTML-Minification-Powered-By
X-Akamai-Transformed
X-Vgn-Hpd-Reason
X-ECACHE
X-PERF
X-Format
X-CS
X-MServer
X-ApacheServer
X-Rocket-Nginx-Bypass
Odigeo-Trace-Id
Accept-Language
X-Hl-Ver
Ec-Rule-Version
X-Cache-NE
X-Cache-Server
X-Cache-Remote
X-IPS-LoggedIn
X-UnsetCookies
Access-Control-Request-Headers
Origin
Cache-Tags
LB
X-Oneagent-Js-Injection
X-Distributor
X-Tb
X-ServerID
X-Real-IP
Selected-Fe
X-Dynatrace-Js-Agent
X-Amzn-Remapped-Content-Length
Fastly-SSL
X-Webkit-Csp
L5d-Success-Class
Proxy-Connection
X-Microcachable
X-B3-Parentspanid
X-Compress-Hint
X-Unique-ID
X-Server-Time
X-B-Cookie
X-ARC
X-Accel-Expires-Debug
Fly-Cache
Fastcgi-X-Cache-Version
Fly-Request-Id
GEO-REGION-INFO
VivaBuild
Cross-Origin-Window-Policy
Content-Style-Type
X-A
Cdn-Host
Cdn-Request-Time
Content-Script-Type
Viewtype
X-PAYTM-SRV-ID
REQUESTUUID
X-Org
Request-Time
Rendered-Blocks
Node
Mobile-Detection-Method
Server-ID
MD5-Digest
Rt-Proxy-Cache
Meta-Geo-Continent
X-A-Ccd
Cache-Prefix
X-Rewrite-Enabled
X-Rojux
X-Aed
X-Request-UUID
X-A-Wwc
X-S-Cookie
X-S-Maxage
X-App-Name
X-AIR-PT
X-NU-AKA-ACS-Version
X-ScT
X-A-Dgt
X-Region-Sid
BehaviorPad-Version
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
AsisCache
Arc-Country
X-A-Dcw
A
X-A-Dam
AKAMAI
X-Application
X-Cache-Bucket
X-Developer
X-G
X-Internal-Host
Xc-Version
Hostname
X-SRCache-Key
X-Twitter-Response-Tags
X-Cluster-Name
X-Generated-On
X-CF-Lambda-Fn
X-VG-WebServer
X-IN-APIGATEWAY
X-Instart-Info
X-Is-Bot
X-BACKEND-TTL
X-Level-Front-Cache
X-Geo-Header
X-Trv-Group
X-External-Request-Id
X-Connection-Hash
X-Vtex-Remote-Cache
X-CF-Lambda-Version
X-Cdn-Srv
X-Detected-As
X-Vtex-Processado-Em
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Varnish-Url
X-DPWN-IS-SECURE
X-D
X-Worker
X-Transaction
X-Edge-Server
X-Destination
X-Date
X-URL
ServerName
Served-By
X-Pubstack
X-NC
Content-Disposition
Countrycode
Esi-Enabled
Fastly-SIE
X-CGP
Ha-Gx-Prefs
Memcached
Section-Io-Cache
X-We-Are-Hiring
X-Location
Request-Country
Proxy-Firewall
Origin-Cache-Control
IBM-Web2-Location
Gh-Request-Id
X-Nc
W
HA-Ipaddr
UCS
Origin-Edge-Control
Fastly-SWR
Apple-News-Services-Request-Url
X-C
X-Skip-Cache
X-Distil-CS
Request-EU
X-HS-Cache-Config
X-Server-IP
X-Backend-State
X-Nginx-Cache-Key
X-Core-Mission
X-Fastly-Cache
X-Developers
X-Method
X-HS-Combine-CSS
X-Varnish-Cacheable
X-TrackingId
Backend-Name
X-Clientip
X-BBXSRF
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Eu-Site
X-Qloud-Router
Apple-News-Services-Handled
X-ElasticPress-Search
X-Debug-Cookies
X-Dispatch
X-Cache-Category-Id
X-Cache-Info
X-Cdn-Origin
RNT-Machine
RNT-Time
X-FPC
X-GeoIP-Country-Code
Wxu-Next-Hostname
X-Grey
Wxu-Next-Region
X-Device-Os
X-Irp-Debug
Wxu-Next-Commit
X-NX-Host
Server-Int
Server-Host
SS
X-Debug-Log
X-Generation-Time
X-Epic-Correlation-Id
X-Auto-Login
GW-Server
Powered-By
X-Hash
Heartbleed
X-Wikidot-Backend
X-Thanos
X-ServiceProvider
X-Servername
X-Webstats-RespID
X-Reboot
X-Release
Adler-Geo
X-Key
Fastly-Soc-X-Request-Id
X-Bip
X-Reqid
X-SIPLIST1
Platform
X-Sn-Servicetimems
X-Variation
Pramga
On-Server
N-Cache
X-Wikidot-Static-Cache
L
Country-Code
Is-Eu
IsBot
X-TH-Server
Kp-EeAlive
X-SERVER
Locale
X-Urbn-Site-Id
X-Urbn-Context-Path
X-WADP-Cache
X-Clara-WADP
X-VC-Cache
X-Cms-Context
X-CUA
X-Crawler
X-Gen-Mode
X-Gannett-Site-Version
X-LI-Proto
X-WebServer
X-Hnp-Log
X-Li-Fabric
X-Li-Pop
X-Fetched-On
X-Request-Start
X-Dispatcher-Server
X-CDN-Cache
X-GeoIP-City
X-LI-UUID
X-Origin-Expires
X-Origin-Date
PFcat
X-Cache-FS-Status
X-Proxy-Cache-Status
X-PHP-Host
X-Proxy-Upstream
CDCHOST
X-Response-By
X-Request-URI
Who
X-Pf-Uncompressing
SD-X-WS
Resin-Trace
True-Client-Country-4JS
X-Owner
User-Cache-Control
X-SD-PageType
Web-Mar-Node
X-Azure-Ref-OriginShield
X-Secret
X-Block-Status
X-Swa-Ws
X-Azure-Ref
X-Amz-Meta-Cache-Control
X-Cache-Id
X-Cache-Backend
Thinkindot-CacheControl-Type
X-SERVER-NAME
X-Thinkindot-L3
X-OVcl
X-OVcl-Cache
X-Matched-Rule
Thinkindot-CacheControl
Thinkindot-Control
X-VServer
X-Parent-Response-Time
CF-IPCountry
V-Age
X-Edge
X-Varnish-Ttl
X-Flog
Magicmarker
X-CLOUD-TRACE-CONTEXT
X-FE
X-Hello
Pagetype
X-ABtesting
X-Backend-Host
PageSpeed
X-Backend-Url
X-User
X-Served-From
X-Ratelimit-Remaining
X-Via-NSCOPI
User-Agent
X-Processor
X-Be
X-MSEdge-Features
X-Via-Edge
X-Up
X-GoCache-CacheStatus
X-Generated-In
X-Via-SSL
X-Powered-By-Defense
X-LAGOON
Memory
X-MSEdge-Flight
Mime-Version
X-Tt-Trace-Tag
X-Debug-Cache-Fetch
X-Varnish-Beresp-Ttl
X-Debug-Cache-Expiry
X-Soup
X-Debug-Cache-Store
X-Ua
X-ND-Cache
X-Protected-By
X-Newrelic-Synthetics
Cache-Hits
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Object-Type
X-Ttl
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
Geoip-City
Geoip-Latitude
X-Geo
GeoIp-Country-Code
X-Page-Type
X-Backend-TTL
X-Zone
X-Fstrz
X-Check-Cacheable
Pragrma
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-SayCDN-TTL
X-Akamai-SSL-Client-Sid
X-ZONE
X-B3-SpanId
X-Say-Cacheable
X-Origin-TTL
X-Old-Content-Length
X-Say-TTL
X-Origin-CC
X-Tec-Api-Version
Dynatrace
X-Tec-Api-Origin
X-Tec-Api-Root
X-Cache-Time
X-Cache-Ttl
WZWS-RAY
X-CSRF-TOKEN
X-Litespeed-Cache
X-Phone
X-DC
X-Core-Value
X-IN-WAF
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Cdn-Forward
Inserted-Into-Cache-At
X-Logtrace-Id
Fastly-Backend-Name
X-IN-APIGATEWAYSSL
X-Node-Id
XServer
Ajk
Cdn
X-TT-LOGID
X-Servedbyhost
X-HS-Status
X-Datadome
X-Tb-Optimization-Total-Bytes-Saved
X-Vcl-Version
X-Aicache-OS
X-Ruxit-Js-Agent
Amp-Access-Control-Allow-Source-Origin
X-MID
X-BC
FSS-Cache
X-FORWARDED-FOR
FSS-Proxy
X-VCL-Version
HostName
X-NODE
X-Birta-Served
SN
X-ServedByHost
X-Birta-Cache-Post
X-Wa
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-UPSTREAM-Address
X-APP
X-Mid
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-EC-Lua
X-Contensis-Viewer-Groups
X-Varnish-Authentication
X-Proxy-Cacherz
Xkeyrz
PICS-Label
T-Server
X-Refresh
X-Bc
Server-Cache-Control
Server-Surrogate-Control
X-Cache-ASPX
X-CSRF-Token
CF-Cached-On
X-NWS-UUID-VERIFY
Selected-FE
X-Info
X-Varnish-IP
X-PJAX-URL
X-GDPR
MIME-Version
RequestId
X-WR-MODIFICATION
X-LiteSpeed-Cache-Control
X-COUNTRY
Ohc-File-Size
Srv
X-Source
X-Real-Ip
X-TIME
HitType
X-Agile
X-Agile-Age
X-Agile-Id
X-Cache-Debug
X-App-Version
Ohc-Cache-HIT
SID
X-LB-ID
GeoIP-Country-Code
X-ECache
GeoIP-Latitude
GeoIP-City
X-Render-Time
URI
X-Varnish-Beresp-TTL
X-Fastly-Country-Code
WebServer
X-Nananana
DataCenter
Cf-Ipcountry
X-Via-Ucdn
X-Uri
X-Policy
Xkeynj
X-SRV
X-Web-Server
Is-Session-Tracking
Cache-Provider
X-Fastly-Backend-Reqs
X-PAGE-TYPE
Get-Access-Time
X-CACHE-KEY
X-BE
X-Service
X-Micro-Cache
X-Unique-Id
X-Cache-Miss-From
X-Cache-Tag
X-Requestid
X-Var-Ttl
X-NGINX-Cache
X-Lb-Id
X-Sedo-Request-Id
X-NGENIX-Cache
X-Request-Url
X-Is-Gdpr
X-JWT-State
CDN
Ohc-Response-Time
Group
X-ID
X-Has-Esi
X-MCACHE
Xet-Cookie
Pics-Label
X-Pjax-Url
Lb
HTTPS
X-Apw-Access-Token
X-Apw-Access-Object
X-Apw-Access-Action
X-Vct
X-Apw-Hits
Cneonction
X-Dw-Trace-Id
Warning
Backend
X-WA
X-Cdn-Request-ID
X-Cf-Powered-By
FNAC-ModuleRouting
X-SN
Correlation-Id
X-Swift-Error
X-Edge-IP
X-Ecache
Www
X-Newrelic-App-Data
X-DI
X-Fe
X-ServerName
X-DB
X-Fastly-Cache-Hits
X-DSS
X-Akamai-ERRuleID
X-Request-URL
Xkeypdq
X-Litespeed-Cache-Control
X-Instart-Isnd
X-Akamai-ERPolicy
X-Bug-Bounty
X-Cache-Expires
X-RPS
X-Zalando-Child-Request-Id
Host-ID
X-DW
X-PF-Uncompressing
X-Fpc
X-Page-Impression-Id
X-RPM
X-Flow-Id
X-Serial
Lfy
X-RSL