Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
CF-Cache-Status
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Alt-Svc
X-Adblock-Key
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Age
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Request-Id
X-Amz-Id-2
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
EagleId
Grace
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Server-Id
X-WebKit-CSP
Server-Timing
Feature-Policy
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Host
Report-To
X-Rq
X-Ac
X-Node
Content-Location
X-OneAgent-JS-Injection
X-Request-ID
X-Cnection
X-Response-Time
X-Backend-Server
X-Cloud-Trace-Context
X-Origin-Cache
X-Application-Context
X-Readtime
Request-Id
Allow
Surrogate-Control
EagleEye-TraceId
X-ORACLE-DMS-ECID
X-Vhost
X-Country
X-DynaTrace
X-TTL
X-Cache-Lookup
X-Cdn
X-Rack-Cache
X-Origin-Upstream-Status
Pinterest-Generated-By
X-Url
X-Clacks-Overhead
NEL
X-Ua-Compatible
X-FTR-Request-ID
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Rating
X-Country-Code
X-Ruxit-JS-Agent
X-Dispatcher
X-ORACLE-DMS-RID
X-Dns-Prefetch-Control
X-CST
X-HW
X-Instart-Request-ID
X-Goog-Hash
Fusion-Source
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Content-Id
X-DataStream-Cache-Status
X-TtlSet
X-Vname
X-PC
Edge-Control
X-Px
X-VARITI-CCR
X-DataDome
Service-Worker-Allowed
Verso
X-Mod-Pagespeed
X-MS-InvokeApp
X-Recruiting
RTSS
X-Use-Magma
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja-Server
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja
X-Varnish-TTL
X-D2id
SPRequestGuid
X-Vcap-Request-Id
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
TCN
X-GitHub-Request-Id
X-SharePointHealthScore
X-Navigation-Version
Display
X-SRCache-Fetch-Status
X-Middleton-Display
X-SRCache-Store-Status
Response
X-Middleton-Response
X-Sol
X-ESI
X-Akam-SW-Version
X-Powered-By-Plesk
MS-Author-Via
X-B3-TraceId
X-RateLimit-Remaining
DynaTrace
Charset
X-Forwarded-Proto
Realpath
X-Shield-Request-Id
X-Powered-CMS
X-Amz-Rid
X-Upstream
Accept-CH
X-Server-Name
ServerID
Public-Key-Pins
X-Trace
X-Version
Fastly-Restarts
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
Nginx-Cache
X-Cached
AR-PoweredBy
Ar-Sid
AR-ATIME
AR-CACHE
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Generation
X-Shard
Content-MD5
X-Dw-Request-Base-Id
Mrf-Cache-Status
MRF-Tech
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
AR-Request-ID
X-Grace
Access-Control-Request-Method
Paypal-Debug-Id
X-MSEdge-Ref
Pagespeed
SPIisLatency
X-Client-IP
SPRequestDuration
X-Goog-Storage-Class
S
X-DynaTrace-JS-Agent
X-Debug
X-FTR-Realm
X-Id
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Expires
X-FTR-Backend
X-FTR-Balancer
X-Ezoic-Cdn
Accept-Ch-Lifetime
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Amz-Meta-S3cmd-Attrs
Front-End-Https
X-Fastly-Request-ID
X-T
X-N
X-Amzn-Trace-Id
X-NF-Request-ID
Arr-Disable-Session-Affinity
X-DIS-Request-ID
X-FastCGI-Cache
Pinterest-Version
MicrosoftSharePointTeamServices
X-Pinterest-Rid
X-Content-Type
Accept-Ch
X-Upstream-Proxy
X-XRDS-Location
X-Hits
X-B3-Sampled
X-FTR-Cache-Host
X-B3-Traceid
X-Vcache
X-VCache
X-Frontend
X-Acc-Meta-Resource-Type
PB-PID
X-Mobile-Rewrite
PB-RID
Arc-Version
X-Ser
X-Varnish-Age
Fastcgi-Cache
X-Logged-In
X-Content-Digest
Server-Name
X-Correlation-Id
Alternate-Protocol
X-Srv
X-Node-Name
X-Cache-Key
Nel
X-Pad
Accept-CH-Lifetime
AMP-Access-Control-Allow-Source-Origin
X-Request-Handler-Origin-Region
X-Microsite
FilterID
X-User-Agent
X-Forwarded-For
X-Rid
X-Type
TP-Cache
TP-L2-Cache
X-LB-Cache
Powered
Healthy
X-F-Cache
X-Request-Received
X-IPLB-Instance
Host
X-Request-Processing-Time
X-Kinsta-Cache
X-Zen-Fury
X-Cache-2
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Revision
Edge-Cache-Tag
X-Debug-Info
Powered-By-ChinaCache
X-AOL-HN
X-GUploader-UploadID
X-Via-JSL
Backend-Timing
X-Analytics
X-Cache-Age
X-Cached-By
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Activity-Id
X-Az
X-HS-Hub-Id
X-HS-Content-Id
X-AppVersion
X-Hostname
X-Accel-Expires
X-XRDS-LOCATION
X-Cache-Rule
Surrogate-Key
X-Fastcgi-Cache
X-Varnish-Backend
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Content-Security-Policy-Report-Only
X-Instance
X-Content-Options
X-BCube-Filmed-By
X-Amz-Replication-Status
X-Varnish-Grace
X-Tumblr-Pixel-0
X-Page-Id
X-Tumblr-Pixel
X-RateLimit-Limit
X-Tumblr-User
Server-Node
X-PHP-Backend
X-B-Cache
X-Request-Guid
X-Jobs
X-Akamai-Edgescape
X-App-Environment
X-Signature
X-Content-Powered-By
Refresh
Cleartype
X-TT
Source
X-Cluster
X-Forwarded-Host
X-FB-Debug
X-Framework
Cache-Status
Liferay-Portal
X-FW-Serve
X-FW-Hash
X-FW-Server
X-FW-Static
X-Esi
X-FW-Type
DC
X-ATG-Version
Tracecode
X-Varnish-Hostname
Accept-Charset
Access-Control-Allow-Method
Fastcgi-Useragent
X-Time
Host-Header
X-Mobile
WPE-Backend
X-Cache-Action
X-Cache-Operation
X-Whom
X-Drupal-Cache-Tags
X-Cache-Control
X-Edge-Location
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-APP-VERSION
X-B
X-Mobile-URL
X-Response-Served-From
X-Hp-Webp
X-Accel-Buffering
X-WA-Info
X-App-Server
NGB
Payment
X-Storage
X-Cache-Hit
Actual-Object-TTL
X-Presslabs-Stats
X-TX-ID
Filters
X-WebKit-CSP-Report-Only
X-Git-Hash
X-Content-Age
X-TT-TIMESTAMP
X-Handled-By
Cache-Tag
Cache-Tv-Group
X-RequestSource
Retry-After
Viewport
X-Cacheable-TTL
X-Cache-TTL
Upgrade-Insecure-Requests
X-Yottaa-Metrics
X-Tumblr-Pixel-2
X-GeoIP
X-Tumblr-Pixel-1
X-UA-Device-Type
Eomportal-Instance
X-Yottaa-Optimizations
X-NWS-LOG-UUID
X-Adobe-Content
X-Adobe-Loc
X-Status
X-RemovedCookies
X-ProcessESI
X-SS-Set-Cookie
MS-CV
X-Geo-Country
X-TA-CDN-Provider
X-VG-WebCache
X-FW-Dynamic
Webserver
X-Cache-TTL-Remaining
X-Seen-By
Xserver
X-Server-ID
X-FB-TRIP-ID
X-Host-Name
Ms-Operation-Id
X-RTag
Datacenter
X-Cache-Enabled
Frame-Options
Cache
Server-Info
From-Origin
X-Ratelimit-Limit
X-Hyper-Cache
X-Oracle-Dms-Rid
X-Contextid
X-Origin-Server
X-B3-Spanid
X-Generated-By
X-Mode
SRV
X-CF-Powered-By
S-Cnection
Country
GEO-INFO
X-Tumblr-Pixel-3
X-Cache-Config
X-Cache-Var-Map
X-RN-RSRV
X-Ratelimit-Reset
X-Path-Route
X-ES-SERVER
X-Cache-Var
Meta-Geo
Machine
Load-Balancing
Cache-Key
X-Zipkin-Id
X-Proxied
X-Routing-Service
X-Section
X-MP-GENERATED-AT
X-Access
X-Upstream-HT
X-Upstream-CT
X-Cache-Grace
X-Drupal-Cache-Contexts
Vix-Hermes-Req-Id
ServedBy
X-Backend-Name
X-From
Rt-Fastcgi-Cache
Decoy-Debug-TTL
Decoy-Debug-Key
Decoy-Debug-Status
X-Hit
X-Human
X-Varnish-Cache-Hits
X-Varnish-Server
X-TNCMS
X-R9-Blue-Green-Version
X-Labrador-Cache-Channel
X-Loop
CACHE
X-Web-Node
X-PCL
X-OCL
Akamai-GRN
X-Proxy-Build
X-Region
X-Timing-Wait
X-Rule
Cache-Name
X-Magnolia-Registration
X-Cache-Host
X-AWS-Id
X-Akamai-Request-ID
X-Cluster-Node
X-EIG-Tracking-Id
X-LJ-Flow-ID
Now
X-Trace-Id
X-Origin-Response-Time
X-VWS-Id
X-Upgrade-Enabled
Mn-Server-Ip
X-VG-TLSProxy
X-Viewer-Country
X-Locale
DSUID
X-Www-Served-By
X-Site-Version
X-Device-Type
Release
X-L-Path
X-Endurance-Cache-Level
X-Environment-Context
X-FC-Vary-Parameters
X-Generated
X-Via-Fastly
X-NCache
X-Proto
X-Debug-Cache
X-JoinUs
We-Hiring
X-Hosted-By
X-Goog-Meta-Goog-Reserved-File-Mtime
Mail-Subject
X-Rendered-As
X-Sorting-Hat-ShopId
X-ShardId
X-ShopId
X-Shopify-Stage
DB-Nickname
X-Alternate-Cache-Key
X-Guploader-Uploadid
X-Sorting-Hat-PodId
OT-Force-Account-Verify
X-RateLimit-Reset
X-NewRelic-App-Data
X-CCM
ProcessTime
Version
X-Dc
X-Xfnlog-Site
X-S
X-IP
X-Time-Microsecs
X-Request-Time
Uber-Trace-Id
X-Load-Cache
X-RCS-CacheZone
X-VCT
X-Varnish-Hits
Time
NtCoent-Length
X-Akamai-Request-ID2
Webcakes-Region
Webcakes-App-Version
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Privacy
X-FW-Version
Cteonnt-Length
X-Wix-Request-Id
Azure-SiteName
X-Origin-Hint
TWC-GeoIP-Country
Webcakes-App-Name
Azure-SlotName
Azure-RegionName
TWC-Device-Class
Azure-InstanceId
Property-Id
Azure-Version
TWC-Connection-Speed
S-Rt
X-Origin
X-PressLabs-Stats
NGX
X-EdgeConnect-Cache-Status
X-Redis-Cache
X-No-Session
X-UUID
X-Via-CDN
X-Nginx-Cache
X-ProxyCache-Key
X-UA
X-ProxyCache-Status
X-BYPASS-REASON
X-Proxy
X-GEO
X-Platform-Server
X-FireWall-Port
X-ECACHE
X-MServer
X-Vgn-Hpd-Reason
X-CDN-Forward
X-Hl-Ver
X-Daa-Tunnel
X-Cache-NE
X-Rocket-Nginx-Bypass
X-PERF
X-ApacheServer
X-IPS-LoggedIn
X-HTML-Minification-Powered-By
Odigeo-Trace-Id
X-Format
X-CS
Origin
X-Cache-Server
X-Akamai-Transformed
Accept-Language
Ec-Rule-Version
Access-Control-Request-Headers
X-Cache-Remote
X-UnsetCookies
X-Oneagent-Js-Injection
Cache-Tags
X-ServerID
X-Distributor
X-Tb
LB
Fastly-SSL
X-Dynatrace-Js-Agent
X-Amzn-Remapped-Content-Length
X-Real-IP
Hostname
X-Webkit-Csp
Proxy-Connection
L5d-Success-Class
Selected-Fe
X-Pubstack
X-Microcachable
X-Unique-ID
X-NC
X-B3-Parentspanid
X-Compress-Hint
Served-By
X-Cache-Bucket
X-Developer
GEO-REGION-INFO
Fastcgi-X-Cache-Version
Fastly-SIE
X-Detected-As
Fly-Request-Id
Fly-Cache
X-Date
AKAMAI
A
X-Geo-Header
X-DPWN-IS-SECURE
Fastly-SWR
X-Destination
BehaviorPad-Version
Cross-Origin-Window-Policy
X-CF-Lambda-Fn
Mobile-Detection-Method
PageSpeed
AsisCache
X-IN-APIGATEWAY
X-G
X-Cdn-Srv
X-Generated-On
X-External-Request-Id
X-CF-Lambda-Version
X-Edge-Server
X-D
Meta-Geo-Continent
X-Instart-Info
Arc-Country
MD5-Digest
X-BACKEND-TTL
Cdn-Host
X-Rebelmouse-Surrogate-Control
X-A-Wwc
X-Region-Sid
X-A-Dcw
X-A-Dgt
Server-ID
X-Accel-Expires-Debug
X-Internal-Host
X-SRCache-Key
Rt-Proxy-Cache
X-Aed
X-Connection-Hash
X-Rebelmouse-Cache-Control
X-Server-Time
Xc-Version
Content-Style-Type
X-Rojux
X-S-Cookie
X-S-Maxage
X-Worker
X-ScT
X-Rewrite-Enabled
VivaBuild
X-A-Ccd
X-A-Dam
X-A
Cdn-Request-Time
X-Request-UUID
Viewtype
X-SVT-ORM-RULES
X-AIR-PT
X-Level-Front-Cache
Content-Script-Type
X-VG-WebServer
X-SVT-ORM-VERSION
X-Varnish-Cacheable
X-Varnish-Url
X-Vtex-Processado-Em
Cache-Cookie-Set-Idcheck
X-B-Cookie
X-Vtex-Remote-Cache
X-NU-AKA-ACS-Version
X-Cluster-Name
X-Application
Proxy-Firewall
Rendered-Blocks
Request-Time
Cache-Prefix
X-App-Name
REQUESTUUID
Cache-Cookie-Set-From
X-Is-Bot
Cache-Cookie-Set-Lfrom
X-Transaction
Node
X-Org
X-Twitter-Response-Tags
X-Trv-Group
X-PAYTM-SRV-ID
X-ARC
X-ElasticPress-Search
IBM-Web2-Location
X-URL
ServerName
Origin-Cache-Control
Origin-Edge-Control
Countrycode
Esi-Enabled
On-Server
Resin-Trace
Request-EU
Request-Country
Section-Io-Cache
Server-Int
W
UCS
X-Backend-State
X-BBXSRF
Ha-Gx-Prefs
X-CGP
Gh-Request-Id
HA-Ipaddr
X-Cdn-Origin
Memcached
X-Cache-Info
X-Clientip
X-We-Are-Hiring
X-NX-Host
X-Sn-Servicetimems
X-Server-IP
X-Qloud-Router
X-Fastly-Cache
X-TrackingId
X-Nginx-Cache-Key
X-Skip-Cache
X-HS-Combine-CSS
X-ServiceProvider
X-HS-Cache-Config
Content-Disposition
X-C
X-Method
X-Location
X-Eu-Site
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Request-Url
Backend-Name
X-Core-Mission
X-Debug-Cookies
Apple-News-Services-Handled
X-Distil-CS
X-Debug-Log
X-Developers
X-Grey
X-Cache-Category-Id
Kp-EeAlive
X-Proxy-Cache-Status
X-Proxy-Upstream
X-Reqid
Wxu-Next-Hostname
Wxu-Next-Region
Wxu-Next-Commit
X-Request-URI
X-Secret
X-Wikidot-Static-Cache
X-Swa-Ws
X-Reboot
X-Wikidot-Backend
X-Servername
X-Release
X-SIPLIST1
X-Webstats-RespID
X-Gen-Mode
X-Generation-Time
X-GeoIP-Country-Code
X-Cache-Id
X-Gannett-Site-Version
X-FPC
X-Crawler
X-Device-Os
X-Dispatch
X-Epic-Correlation-Id
X-Hash
X-Block-Status
Who
X-Variation
X-Thanos
X-TH-Server
X-Auto-Login
X-Key
X-Hnp-Log
X-Bip
X-Irp-Debug
X-PHP-Host
RNT-Machine
X-Cache-Backend
CDCHOST
Platform
Server-Host
Powered-By
Adler-Geo
IsBot
Is-Eu
RNT-Time
L
SS
User-Cache-Control
Web-Mar-Node
Fastly-Soc-X-Request-Id
GW-Server
True-Client-Country-4JS
Country-Code
N-Cache
Heartbleed
Pramga
Locale
X-SERVER
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Cms-Context
X-Li-Fabric
X-VC-Cache
X-Thinkindot-L3
X-CUA
X-VServer
X-Response-By
X-Origin-Date
X-Origin-Expires
X-Matched-Rule
X-LI-UUID
X-Li-Pop
X-LI-Proto
X-Owner
X-GeoIP-City
X-WADP-Cache
X-SD-PageType
X-Request-Start
X-Edge
X-Fetched-On
X-Dispatcher-Server
X-Nc
X-Azure-Ref-OriginShield
PFcat
SD-X-WS
X-Amz-Meta-Cache-Control
X-Clara-WADP
Thinkindot-CacheControl
X-Cache-FS-Status
V-Age
X-WebServer
X-Azure-Ref
Thinkindot-Control
Thinkindot-CacheControl-Type
X-CDN-Cache
CF-IPCountry
X-OVcl
X-SERVER-NAME
X-OVcl-Cache
X-Pf-Uncompressing
X-FE
X-Varnish-Ttl
Magicmarker
X-Via-NSCOPI
X-Served-From
X-Processor
User-Agent
X-CLOUD-TRACE-CONTEXT
X-ABtesting
X-Flog
X-Hello
X-Powered-By-Defense
Pagetype
X-Via-SSL
X-Via-Edge
X-Parent-Response-Time
X-Ratelimit-Remaining
X-LAGOON
Mime-Version
X-Be
X-Generated-In
X-User
X-Backend-Url
Memory
X-Backend-Host
X-ND-Cache
X-Up
X-MSEdge-Features
X-Datadome
X-Varnish-Beresp-Ttl
X-Tt-Trace-Tag
X-Protected-By
X-GoCache-CacheStatus
X-MSEdge-Flight
X-Newrelic-Synthetics
X-Ua
X-Debug-Cache-Store
X-Page-Type
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Soup
X-B3-SpanId
X-Geo
X-Planisys-CDN-TTL
X-Fstrz
X-Ttl
X-COUNTRY
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
Pragrma
X-Backend-TTL
X-ZONE
X-Origin-CC
X-Origin-TTL
Cache-Hits
GeoIp-Country-Code
X-Check-Cacheable
Geoip-City
Geoip-Latitude
X-Say-TTL
X-Oss-Request-Id
X-Oss-Server-Time
X-Akamai-SSL-Client-Sid
X-Oss-Storage-Class
X-Say-Cacheable
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-SayCDN-TTL
X-Zone
X-Cdn-Forward
X-Old-Content-Length
X-Phone
X-Cache-Ttl
X-Core-Value
XServer
X-IN-WAF
X-CSRF-TOKEN
X-Litespeed-Cache
X-Varnish-Beresp-Status
X-Cache-Time
X-TT-LOGID
X-Servedbyhost
X-Varnish-Beresp-Grace
X-DC
WZWS-RAY
Fastly-Backend-Name
X-HS-Status
Cdn
X-Logtrace-Id
X-IN-APIGATEWAYSSL
X-VCL-Version
X-Node-Id
X-BC
Ajk
X-Aicache-OS
Inserted-Into-Cache-At
X-Birta-Cache-Post
Dynatrace
X-Birta-Served
X-Ruxit-Js-Agent
X-MID
Amp-Access-Control-Allow-Source-Origin
X-Mid
X-Vcl-Version
X-FORWARDED-FOR
FSS-Cache
FSS-Proxy
SN
X-EC-Lua
X-RateLimit-Remaining-Second
X-APP
X-Amzn-Remapped-Date
X-Tb-Optimization-Total-Bytes-Saved
X-RateLimit-Limit-Second
X-UPSTREAM-Address
X-Wa
X-Amzn-Remapped-Connection
X-ServedByHost
X-Real-Ip
X-Varnish-IP
X-Info
X-Tec-Api-Origin
X-Tec-Api-Root
Selected-FE
X-Tec-Api-Version
Server-Cache-Control
CF-Cached-On
Server-Surrogate-Control
X-Refresh
HostName
X-Proxy-Cacherz
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-App-Version
Xkeyrz
HitType
X-Varnish-Authentication
X-Source
X-Agile-Id
X-Cache-Debug
X-Agile
X-Agile-Age
T-Server
RequestId
X-CACHE-KEY
X-Bc
Srv
X-CSRF-Token
PICS-Label
X-Render-Time
Ohc-File-Size
GeoIP-Country-Code
X-GDPR
X-PJAX-URL
MIME-Version
X-LiteSpeed-Cache-Control
X-Nananana
X-TIME
X-Via-Ucdn
GeoIP-City
GeoIP-Latitude
X-ECache
X-WR-MODIFICATION
X-Varnish-Beresp-TTL
Ohc-Cache-HIT
X-NWS-UUID-VERIFY
WebServer
Cf-Ipcountry
SID
X-Fastly-Country-Code
URI
X-LB-ID
DataCenter
X-Policy
X-Web-Server
Xkeynj
Get-Access-Time
X-PAGE-TYPE
X-Cache-Tag
X-Unique-Id
X-Uri
X-BE
Is-Session-Tracking
X-Micro-Cache
X-SRV
CDN
X-Lb-Id
X-Service
Group
X-Request-Url
X-Cache-Miss-From
Cache-Provider
X-Requestid
X-NGINX-Cache
X-Fastly-Backend-Reqs
X-Sedo-Request-Id
X-MCACHE
X-GRACE
Lb
X-Var-Ttl
X-Pjax-Url
Pics-Label
HTTPS
Xet-Cookie
X-JWT-State
X-Is-Gdpr
X-Apw-Access-Token
X-SN
Ohc-Response-Time
X-Swift-Error
X-NGENIX-Cache
Backend
Cneonction
X-Has-Esi
X-Apw-Hits
X-Edge-IP
X-Apw-Access-Object
X-Apw-Access-Action
X-Vct
Www
X-Dw-Trace-Id
X-Ecache
X-Cdn-Request-ID
FNAC-ModuleRouting
X-PF-Uncompressing
X-Cache-Expires
Warning
Correlation-Id
X-Cf-Powered-By
Host-ID
X-WA
X-Instart-Isnd
X-Newrelic-App-Data
X-Akamai-ERPolicy
X-Litespeed-Cache-Control
X-Bug-Bounty
X-Akamai-ERRuleID
Lfy
X-Fastly-Cache-Hits
X-Fe
X-Html-Edge-Cache
X-Serial
X-RPM
X-DW
X-RPS
X-RSL
X-Fpc
X-DSS
X-DI
X-Flow-Id
Requestid
X-Page-Impression-Id
X-Zalando-Child-Request-Id
X-DB
X-ServerName