Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
X-XSS-Protection
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Cacheable
X-Generator
X-Xss-Protection
X-Permitted-Cross-Domain-Policies
X-Cache-Status
Timing-Allow-Origin
X-Template
X-DNS-Prefetch-Control
X-Language
X-Request-ID
X-Iinfo
Status
X-AspNetMvc-Version
Content-Encoding
X-Content-Security-Policy
X-Buckets
X-Kinja-Server-Push
Xkey
Upgrade
X-Via
X-Turbo-Charged-By
Access-Control-Expose-Headers
Keep-Alive
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-Drupal-Dynamic-Cache
P3p
X-Age
X-CDN
EagleId
X-Backend
X-Robots-Tag
X-Ua-Compatible
X-Amz-Request-Id
X-Amz-Id-2
X-Page-Speed
X-Envoy-Upstream-Service-Time
X-Pingback
X-AH-Environment
X-Server-Powered-By
X-Proxy-Cache
X-Hacker
X-Server
X-UA-Device
Request-Context
X-Nginx-Cache-Status
Grace
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Server-Id
Cf-Railgun
X-Amz-Version-Id
X-Cdn
Server-Timing
Feature-Policy
X-Device
X-WebKit-CSP
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Rq
X-OneAgent-JS-Injection
X-Cnection
X-Ac
Report-To
X-Cloud-Trace-Context
X-Host
X-Node
X-Response-Time
Content-Location
X-Backend-Server
EagleEye-TraceId
Request-Id
X-Origin-Cache
X-Readtime
X-Vhost
X-Application-Context
X-Dns-Prefetch-Control
X-Cache-Lookup
X-ORACLE-DMS-ECID
NEL
X-Dispatcher
Surrogate-Control
Allow
X-Rack-Cache
X-Origin-Upstream-Status
X-Country
X-HW
X-Url
X-Ruxit-JS-Agent
Rating
X-Country-Code
X-ORACLE-DMS-RID
X-DynaTrace
X-TTL
X-DataDome
X-Clacks-Overhead
X-FTR-Request-ID
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Instart-Request-ID
Fusion-Content-Id
Fusion-Source
Fusion-Content-Source
Fusion-Component-Id
Fusion-Template-Id
X-Goog-Hash
X-Varnish-TTL
X-MS-InvokeApp
X-PC
X-Vname
X-TtlSet
X-CST
X-Px
Verso
RTSS
Edge-Control
Public-Key-Pins
X-Powered-By-Plesk
X-VARITI-CCR
X-Recruiting
X-Mod-Pagespeed
Service-Worker-Allowed
Pinterest-Generated-By
X-Cdn-Fetch
X-Kinja-Revision
X-GoogleNews-Bot
X-Kinja-Build
X-Exp-Variant
X-Exp-Id
X-Kinja-Server
X-Kinja
X-Use-Magma
X-D2id
X-Middleton-Response
X-Middleton-Display
Response
X-Sol
Display
X-Vcap-Request-Id
SPRequestGuid
X-Version
X-SharePointHealthScore
MS-Author-Via
X-RateLimit-Remaining
Accept-Ch-Lifetime
X-Akam-SW-Version
Accept-CH
X-GitHub-Request-Id
TCN
X-B3-TraceId
X-Abt-Application-Version
X-Navigation-Version
X-Powered-CMS
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Upstream
X-Forwarded-Proto
X-Shard
SPRequestDuration
SPIisLatency
AR-PoweredBy
Ar-Sid
AR-CACHE
X-Amz-Server-Side-Encryption
AR-ATIME
X-XRDS-Location
Charset
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Realpath
X-Ah-Environment
X-ESI
X-Amz-Rid
Fastly-Restarts
X-Aspnetmvc-Version
Nginx-Cache
X-Trace
X-Debug
Front-End-Https
X-Mrf-Item-Lastmod
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-Shield-Request-Id
AR-Request-ID
X-Cached
X-Server-Name
X-Ezoic-Cdn
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
Paypal-Debug-Id
X-MSEdge-Ref
Access-Control-Request-Method
X-NF-Request-ID
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Expires
DynaTrace
Arr-Disable-Session-Affinity
ServerID
Pagespeed
X-Id
Content-MD5
MicrosoftSharePointTeamServices
X-Goog-Storage-Class
S
X-T
X-DynaTrace-JS-Agent
X-FTR-Realm
X-FTR-DC
X-FTR-Balancer
X-FTR-Backend
X-FTR-Backend-Server
X-Fastly-Request-ID
X-Client-IP
X-Content-Type
X-Amz-Meta-S3cmd-Attrs
X-VCache
X-Via-JSL
X-Dw-Request-Base-Id
X-Vcache
X-Varnish-Age
X-Hits
X-Amzn-Trace-Id
X-RateLimit-Limit
X-N
X-SERVER
X-Frontend
X-Forwarded-For
Fastcgi-Cache
X-Correlation-Id
X-Grace
Arc-Version
X-Mobile-Rewrite
PB-RID
X-Content-Digest
PB-PID
X-B3-Traceid
Powered
X-Logged-In
Server-Name
X-Ser
X-FTR-Cache-Host
X-DIS-Request-ID
X-Accel-Expires
X-B3-Sampled
Accept-Ch
X-Fastcgi-Cache
X-FastCGI-Cache
AMP-Access-Control-Allow-Source-Origin
X-HS-Content-Id
X-Zen-Fury
X-HS-Hub-Id
X-Microsite
X-Request-Handler-Origin-Region
TP-L2-Cache
TP-Cache
X-Request-Processing-Time
X-Request-Received
X-Cache-Age
X-Kinsta-Cache
FilterID
X-Esi
X-LB-Cache
X-Revision
X-Type
X-Rid
X-User-Agent
X-IPLB-Instance
X-AppVersion
X-Az
Healthy
X-Activity-Id
X-GUploader-UploadID
X-Analytics
Backend-Timing
Edge-Cache-Tag
X-Node-Name
X-Acc-Meta-Resource-Type
X-F-Cache
X-Srv
X-Whom
X-Time
X-Cache-2
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Retry-After
X-NWS-LOG-UUID
X-Amzn-RequestId
X-Amz-Apigw-Id
Accept-Charset
Alternate-Protocol
X-Pinterest-Rid
Pinterest-Version
X-Cache-Hit
X-AOL-HN
Cache-Status
X-Cache-Rule
X-Content-Options
Server-Node
Surrogate-Key
DC
X-Content-Powered-By
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Akamai-Edgescape
X-Jobs
Refresh
X-Cluster
X-Tumblr-Pixel
Access-Control-Allow-Method
X-Content-Security-Policy-Report-Only
X-Tumblr-Pixel-0
X-Framework
X-Forwarded-Host
X-Tumblr-User
X-Instance
X-Page-Id
X-FW-Type
X-FW-Hash
X-FW-Serve
X-Debug-Info
X-FB-Debug
X-FW-Static
X-FW-Server
X-PHP-Backend
X-Varnish-Grace
Source
X-App-Environment
X-Request-Guid
X-B
X-Hostname
MS-CV
X-App-Server
X-Hp-Webp
Fastcgi-Useragent
Host
Cleartype
X-DataStream-Cache-Status
Frame-Options
X-Ratelimit-Reset
X-Signature
X-B-Cache
X-Cache-Key
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
Actual-Object-TTL
X-BCube-Filmed-By
X-Cache-Operation
Tracecode
Cache-Tag
X-Varnish-Backend
X-Mobile-URL
X-Cached-By
X-TA-CDN-Provider
X-Geo-Country
X-PressLabs-Stats
X-TT
X-Amz-Replication-Status
Xserver
Liferay-Portal
X-Cache-Control
X-Mobile
X-Pad
X-Seen-By
X-Host-Name
X-Response-Served-From
X-ATG-Version
NGB
X-Git-Hash
X-Adobe-Content
X-Adobe-Loc
Filters
Payment
Eomportal-Instance
X-Status
Upgrade-Insecure-Requests
X-GeoIP
X-TT-TIMESTAMP
X-WA-Info
X-WebKit-CSP-Report-Only
WPE-Backend
X-Tumblr-Pixel-2
X-RequestSource
Cache-Tv-Group
X-UA-Device-Type
X-RTag
X-Tumblr-Pixel-1
X-Cacheable-TTL
X-Drupal-Cache-Tags
X-FW-Dynamic
Ms-Operation-Id
X-Handled-By
X-ProcessESI
X-RemovedCookies
From-Origin
X-TX-ID
X-Content-Age
X-Upstream-Proxy
Webserver
X-Cache-TTL-Remaining
GEO-INFO
Datacenter
X-Edge-Location
X-Cache-Remote
X-Cache-TTL
X-Webkit-CSP
Viewport
Cache
X-Storage
X-Daa-Tunnel
X-Accel-Buffering
Accept-CH-Lifetime
X-Cache-Action
X-Varnish-Hostname
X-Origin-Server
X-Ua
X-EdgeConnect-Cache-Status
Version
X-CF-Powered-By
X-Hyper-Cache
X-Oracle-Dms-Rid
Host-Header
X-Contextid
X-Region
PageSpeed
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Oneagent-Js-Injection
X-Wix-Request-Id
X-Varnish-Server
X-Akamai-Request-ID2
X-ES-SERVER
X-Cache-Var-Map
X-IP
X-Path-Route
X-Cache-Var
X-Akamai-Transformed
Meta-Geo
X-Timing-Wait
Load-Balancing
X-Proxy-Build
X-RN-RSRV
Selected-Fe
X-JoinUs
X-From
X-Trace-Id
Cache-Name
S-Cnection
SRV
Cache-Hits
X-Generated
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Locale
X-Cluster-Node
X-Cache-Config
Now
Cache-Tags
Rt-Fastcgi-Cache
Vix-Hermes-Req-Id
X-Loop
X-Backend-Name
X-Cache-Enabled
X-CS
X-TNCMS
X-Proto
X-Site-Version
X-Proxy
Property-Id
X-UnsetCookies
TWC-Connection-Speed
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Device-Class
X-Upgrade-Enabled
DSUID
Country
X-Varnish-Cache-Hits
X-Via-Fastly
X-Viewer-Country
DB-Nickname
Decoy-Debug-Key
TWC-Privacy
Decoy-Debug-TTL
Decoy-Debug-Status
Mn-Server-Ip
Webcakes-App-Version
X-R9-Blue-Green-Version
X-FC-Vary-Parameters
X-EIG-Tracking-Id
X-Hit
X-PERF
X-NCache
X-Origin-Hint
X-Origin-Response-Time
X-Rule
X-Section
Webcakes-Region
X-Origin
Webcakes-App-Name
X-Access
X-Akamai-Request-ID
X-Cache-Host
X-Time-Microsecs
X-ApacheServer
X-Tumblr-Pixel-3
X-Labrador-Cache-Channel
NR-ENABLED
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-OCL
X-Human
X-PCL
Release
Ec-Rule-Version
X-Cache-Grace
X-Hosted-By
X-FW-Version
X-Debug-Cache
X-CCM
X-Device-Type
X-FireWall-Port
X-Format
S-Rt
X-Backend-TTL
X-Upstream-HT
Azure-InstanceId
X-Web-Node
X-Www-Served-By
X-Xfnlog-Site
Azure-SiteName
Azure-RegionName
Azure-SlotName
Azure-Version
Cache-Key
X-Upstream-CT
OT-Force-Account-Verify
X-Drupal-Cache-Contexts
X-Varnish-Hits
Ohc-File-Size
X-S
Server-Info
X-Cache-Time
Time
ServedBy
X-Cache-Server
X-Rendered-As
X-Alternate-Cache-Key
X-ShopId
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShardId
X-Cache-NE
X-VG-WebCache
X-VG-TLSProxy
Hostname
X-VCT
X-NewRelic-App-Data
X-Vgn-Hpd-Reason
X-FB-TRIP-ID
X-Nginx-Cache
Accept-Language
Ohc-Cache-HIT
X-Tb
Fastcgi-X-Cache-Version
X-Redis-Cache
Machine
Cteonnt-Length
X-OVcl-Cache
X-OVcl
X-Webkit-Csp
Origin
X-Real-IP
X-Mode
X-Presslabs-Stats
NtCoent-Length
X-No-Session
X-Pubstack
Origin-Edge-Control
X-APP-VERSION
Origin-Cache-Control
X-App-Version
X-Request-Time
X-Environment-Context
X-Generated-By
X-L-Path
X-CSRF-TOKEN
L5d-Success-Class
Odigeo-Trace-Id
X-HS-Cache-Config
X-VWS-Id
X-AWS-Id
X-B3-Spanid
Access-Control-Request-Headers
X-LJ-Flow-ID
X-Magnolia-Registration
X-Tt-Trace-Tag
X-Load-Cache
Mime-Version
X-Cluster-Name
X-GEO
X-NC
Mail-Subject
X-Amzn-Remapped-Content-Length
Fastly-SSL
X-Endurance-Cache-Level
We-Hiring
IBM-Web2-Location
X-UUID
X-DC
X-Parent-Response-Time
Nel
Akamai-GRN
X-B3-Parentspanid
X-Guploader-Uploadid
Request-Time
X-XRDS-LOCATION
X-CACHE-KEY
X-ServerID
X-Routing-Service
X-Soup
X-GoCache-CacheStatus
X-Rocket-Nginx-Bypass
X-Zipkin-Id
X-Proxied
X-NGENIX-Cache
Proxy-Connection
X-MServer
X-ECACHE
X-Via-CDN
Locale
X-Urbn-Context-Path
X-Urbn-Site-Id
Meta-Geo-Continent
X-Application
X-Node-Id
Memcached
X-G
X-AIR-PT
X-Aed
X-A-Dgt
X-A-Wwc
Content-Style-Type
X-Accel-Expires-Debug
X-BYPASS-REASON
X-SRCache-Key
X-B-Cookie
X-SS-Set-Cookie
GEO-REGION-INFO
X-Region-Sid
Fly-Request-Id
X-Edge-Server
MD5-Digest
Cross-Origin-Window-Policy
X-ARC
X-Request-UUID
X-External-Request-Id
X-Server-Time
X-A-Dcw
A
Rt-Proxy-Cache
Server-ID
T-Server
Viewtype
Apple-News-Services-Handled
Apple-News-Services-Host
AsisCache
Arc-Country
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Rendered-Blocks
Node
X-A
Content-Script-Type
X-A-Ccd
X-A-Dam
Mobile-Detection-Method
Cdn-Request-Time
VivaBuild
Cache-Prefix
X-Bip
Cdn-Host
BehaviorPad-Version
X-Release
X-Org
X-S-Maxage
X-Trv-Group
X-Worker
Fly-Cache
X-Rojux
Uber-Trace-Id
X-Rewrite-Enabled
X-Developer
X-Instart-Info
X-IN-APIGATEWAYSSL
Xc-Version
X-B3-SpanId
X-DPWN-IS-SECURE
X-PAYTM-SRV-ID
X-Vtex-Processado-Em
X-VG-WebServer
X-ProxyCache-Status
X-ProxyCache-Key
X-Origin-Expires
X-Vtex-Remote-Cache
X-Twitter-Response-Tags
X-S-Cookie
X-Origin-Date
X-IN-APIGATEWAY
X-Is-Bot
X-Transaction
X-Connection-Hash
X-CF-Lambda-Version
X-Detected-As
X-ScT
X-CF-Lambda-Fn
X-Thanos
X-Date
X-D
X-Destination
Backend-Name
ServerName
N-Cache
X-Cdn-Srv
NGX
X-Level-Front-Cache
X-SVT-ORM-RULES
X-Developers
X-Device-Os
IsBot
Gh-Request-Id
X-Distil-CS
X-VC-Cache
X-Cache-Bucket
X-BBXSRF
X-RateLimit-Limit-Second
X-Up
Request-Country
X-Distributor
X-RateLimit-Remaining-Second
X-Azure-Ref
X-Hl-Ver
X-Cms-Context
X-Request-Start
X-Hash
X-Core-Mission
X-SIPLIST1
X-CUA
X-TrackingId
X-Fastly-Cache
X-SVT-ORM-VERSION
X-Origin-TTL
X-WebServer
X-Azure-Ref-OriginShield
X-Clientip
Section-Io-Cache
X-Generated-On
X-Auto-Login
X-Owner
Request-EU
Country-Code
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Countrycode
X-Origin-CC
Fastly-Soc-X-Request-Id
X-Ruxit-Js-Agent
X-ElasticPress-Search
User-Cache-Control
X-ServiceProvider
X-Skip-Cache
X-Page-Type
X-Sn-Servicetimems
X-Backend-Host
X-Backend-Url
X-Block-Status
X-PHP-Host
X-Server-IP
X-Fetched-On
X-MSEdge-Flight
X-Thinkindot-L3
X-ABtesting
X-VServer
X-Gen-Mode
X-Generated-In
X-WADP-Cache
X-Flog
X-Variation
X-App-Name
X-Unique-ID
X-Amz-Meta-Cache-Control
X-User
X-Swa-Ws
X-Debug-Log
X-Proxy-Cache-Status
X-Proxy-Upstream
X-Clara-WADP
X-CGP
X-Dispatch
X-Debug-Cache-Fetch
X-Compress-Hint
X-Qloud-Router
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Reboot
X-Reqid
X-Request-URI
X-Debug-Cache-Store
X-Dispatcher-Server
X-Epic-Correlation-Id
Fastly-SWR
Wxu-Next-Region
X-Eu-Site
X-C
X-Cache-FS-Status
X-Cache-Id
X-Cdn-Origin
X-MP-GENERATED-AT
X-Debug-Cookies
X-Platform-Server
X-Cache-Info
X-Debug-Cache-Expiry
X-Generation-Time
X-Nginx-Cache-Key
CDCHOST
Content-Disposition
X-Li-Fabric
Esi-Enabled
X-NX-Host
Pagetype
Pramga
X-Irp-Debug
X-Old-Content-Length
Platform
PFcat
Magicmarker
X-Li-Pop
Fastly-SIE
X-Location
X-Matched-Rule
X-Method
X-MSEdge-Features
Ha-Gx-Prefs
HA-Ipaddr
Kp-EeAlive
L
Is-Eu
X-LI-UUID
Heartbleed
Wxu-Next-Hostname
AKAMAI
X-GeoIP-City
X-Wikidot-Backend
True-Client-Country-4JS
Thinkindot-Control
Thinkindot-CacheControl-Type
V-Age
X-Geo-Header
Wxu-Next-Commit
X-We-Are-Hiring
W
X-Webstats-RespID
X-Wikidot-Static-Cache
Thinkindot-CacheControl
X-HS-Combine-CSS
X-Hnp-Log
RNT-Time
RNT-Machine
CF-IPCountry
SS
Adler-Geo
Served-By
Server-Int
Server-Host
X-Hello
X-IPS-LoggedIn
X-Microcachable
X-Internal-Host
X-LI-Proto
X-Key
X-Backend-State
SD-X-WS
X-Say-TTL
X-SayCDN-TTL
X-SD-PageType
Web-Mar-Node
X-Say-Cacheable
Memory
X-Response-By
X-Cdn-Forward
X-GDPR
X-Element-Page-Cache
X-Uri
X-SERVER-NAME
X-Policy
X-Servername
UCS
ProcessTime
Resin-Trace
X-Nc
X-Ftr-Request-Id
REQUESTUUID
X-Geo
X-Logtrace-Id
Powered-By-ChinaCache
X-Service
X-FPC
X-Var-Ttl
X-Servedbyhost
X-Wa
Ajk
X-HTML-Minification-Powered-By
X-Dc
Proxy-Firewall
Cache-Provider
X-Lb-Id
Srv
X-Ratelimit-Limit
X-JWT-State
X-Has-Esi
X-Cache-Backend
X-Is-Gdpr
X-Datadome
X-Cache-Category-Id
X-Grey
X-NWS-UUID-VERIFY
Powered-By
X-Pjax-Url
X-Oss-Object-Type
X-VCL-Version
X-Oss-Storage-Class
X-Oss-Server-Time
X-Processor
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-SRV
X-Be
X-ZONE
X-Varnish-Beresp-Ttl
X-TH-Server
Fastly-Backend-Name
X-Tb-Optimization-Total-Bytes-Saved
X-Server-ID
X-RCS-CacheZone
X-Info
GeoIP-City
X-Instart-Isnd
X-Svr
X-Cache-URL
GeoIP-Country-Code
X-CDN-Forward
GeoIP-Latitude
X-RateLimit-Reset
SN
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-Cache-Ttl
PICS-Label
X-Ttl
X-HS-Status
X-Zone
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-SN
GW-Server
X-Scheme
X-NodeID
Group
X-Ftr-Cache-Host
X-Source
X-GRACE
X-UA
X-Varnish-Url
CACHE
X-LAGOON
Cdn
X-Pf-Uncompressing
WZWS-RAY
X-Gannett-Site-Version
X-EC-Lua
X-Secret
X-Bc
X-Newrelic-Synthetics
Dynatrace
X-Varnish-Beresp-TTL
On-Server
Cache-Host
CF-Cached-On
X-PF-Uncompressing
LB
X-Varnish-Cacheable
X-Dynatrace-Js-Agent
X-Check-Cacheable
X-CDN-Cache
X-Ftr-Dc
X-Ftr-Backend-Server
X-Ftr-Backend
X-Ftr-Balancer
X-Ftr-Realm
X-NODE
X-Server-W
X-Sucuri-Id
User-Agent
X-LiteSpeed-Cache-Control
X-GeoIP-Country-Code
X-Ratelimit-Remaining
X-BC
X-Tt-Trace-Host
Pics-Label
X-Via-Ucdn
Ttl
X-Ms-Request-Id
X-APP
Inserted-Into-Cache-At
X-Ms-Version
X-Edge
Environment
X-BE
X-COUNTRY
Geoip-City
Amp-Access-Control-Allow-Source-Origin
GeoIp-Country-Code
Geoip-Latitude
X-Fastly-Country-Code
X-NU-AKA-ACS-Version
XServer
WWW
X-URL
X-Crawler
Lfy
X-Akamai-SSL-Client-Sid
Cf-Ipcountry
X-Aicache-OS
X-Dynatrace
X-PJAX-URL
Who
MIME-Version
M-TraceId
X-Vcl-Version
Ohc-Response-Time
X-Cache-Debug
X-Session-Fingerprint
Requestid
X-Mid
X-Agile
X-Render-Time
X-Agile-Age
X-Agile-Id
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
SID
X-MCACHE
X-FORWARDED-FOR
X-LB-ID
X-CSRF-Token
X-FE
X-Varnish-Ttl
Lb
X-Served-From
X-Litespeed-Cache-Control
X-Logging-Id
X-Fastly-Backend-Reqs
X-UPSTREAM-Address
X-Via-Edge
X-Micro-Cache
X-Via-SSL
URI
Xkeyrz
X-7Graus-Varnish-XKeys
X-7Graus-Varnish-Cache-Control
X-WR-MODIFICATION
X-Proxy-Cacherz
HostName
X-Amzn-Remapped-Connection
X-Fpc
X-Cache-Tag
X-Cache-Miss-From
X-WA
Host-ID
RequestUuid
X-Amzn-Remapped-Date
X-Sedo-Request-Id
X-Correlation-ID
DataCenter
X-Cf-Powered-By
X-DB
X-Page-Impression-Id
X-Flow-Id
Correlation-Id
X-Vct
X-Zalando-Child-Request-Id
X-Action
X-RPM
X-DW
X-DI
Xkeypdq
X-ServedByHost
X-RPS
X-RSL
X-Nananana
CDN
X-Protected-By
X-DSS
X-Fastly-Cache-Hits
X-NGINX-Cache
X-Newrelic-App-Data
WebServer
X-TIME
X-Refresh
X-Dw-Trace-Id
X-VC
X-Request-Url
X-Ecache
X-Core-Value
X-MID
X-Vdms-Version
Cneonction
X-Cdn-Request-ID
X-SB
X-ServerName
X-Via-NSCOPI
FNAC-ModuleRouting
X-ND-Cache
Warning
X-Swift-Error
X-AK-Request-ID
TTL
X-Li-Proto
Xet-Cookie
Cdncip
Cdnsip
X-Planisys-CDN-Cache
X-Apw-Access-Object
X-Apw-Access-Token
X-Apw-Hits
X-Apw-Access-Action
X-Serial
Pragrma
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Fe
X-Request-URL
X-Bug-Bounty
X-MiniProfiler-Ids
X-Gdpr
HitType
X-Unique-Id
Processtime
X-ECache
V-Cache