Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
X-XSS-Protection
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-UA-Compatible
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Cacheable
X-Generator
X-Xss-Protection
X-Permitted-Cross-Domain-Policies
X-Cache-Status
Timing-Allow-Origin
X-Template
X-DNS-Prefetch-Control
X-Language
X-Request-ID
X-Iinfo
Status
X-AspNetMvc-Version
X-FRAME-OPTIONS
Content-Encoding
X-Content-Security-Policy
X-Buckets
X-Kinja-Server-Push
Xkey
Upgrade
X-Via
X-Ua-Compatible
X-Turbo-Charged-By
Access-Control-Expose-Headers
Keep-Alive
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-Drupal-Dynamic-Cache
P3p
X-Age
X-CDN
EagleId
X-Backend
X-Robots-Tag
X-Amz-Request-Id
X-Amz-Id-2
X-Page-Speed
X-Envoy-Upstream-Service-Time
X-Pingback
X-AH-Environment
X-Server-Powered-By
X-Proxy-Cache
X-Hacker
X-Server
X-UA-Device
Request-Context
X-Nginx-Cache-Status
Grace
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Server-Id
Cf-Railgun
X-Amz-Version-Id
X-Cdn
Server-Timing
Feature-Policy
X-Device
X-WebKit-CSP
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Rq
X-OneAgent-JS-Injection
X-Cnection
X-Ac
Report-To
X-Cloud-Trace-Context
X-Host
X-Node
X-Response-Time
Content-Location
X-Backend-Server
EagleEye-TraceId
Request-Id
X-Origin-Cache
X-Readtime
X-Application-Context
X-Vhost
X-Dns-Prefetch-Control
X-Cache-Lookup
X-ORACLE-DMS-ECID
NEL
X-Dispatcher
Surrogate-Control
Allow
X-Rack-Cache
X-Origin-Upstream-Status
X-Country
X-HW
X-Url
X-Ruxit-JS-Agent
Rating
X-Country-Code
X-ORACLE-DMS-RID
X-FTR-Request-ID
X-DynaTrace
X-TTL
X-DataDome
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Instart-Request-ID
Fusion-Content-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Source
Fusion-Component-Id
X-Goog-Hash
X-Varnish-TTL
X-MS-InvokeApp
X-Vname
X-TtlSet
X-PC
X-CST
X-Px
Verso
RTSS
Edge-Control
Public-Key-Pins
X-Powered-By-Plesk
X-VARITI-CCR
X-Recruiting
X-Mod-Pagespeed
Service-Worker-Allowed
Pinterest-Generated-By
X-Kinja-Build
X-Kinja-Revision
X-Kinja
X-Exp-Variant
X-Use-Magma
X-D2id
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja-Server
X-Exp-Id
Display
X-Middleton-Response
X-Middleton-Display
X-Sol
Response
SPRequestGuid
X-Vcap-Request-Id
X-Version
X-SharePointHealthScore
X-RateLimit-Remaining
MS-Author-Via
Accept-Ch-Lifetime
Accept-CH
X-Akam-SW-Version
X-GitHub-Request-Id
X-B3-TraceId
X-Navigation-Version
X-Powered-CMS
X-TEC-API-ROOT
X-Abt-Application-Version
X-TEC-API-ORIGIN
X-TEC-API-VERSION
TCN
X-Upstream
X-Forwarded-Proto
X-Shard
SPIisLatency
SPRequestDuration
AR-PoweredBy
Ar-Sid
AR-ATIME
AR-CACHE
X-Amz-Server-Side-Encryption
X-XRDS-Location
Charset
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Realpath
X-Ah-Environment
X-ESI
X-Amz-Rid
Fastly-Restarts
X-Aspnetmvc-Version
Nginx-Cache
X-Trace
X-Debug
Front-End-Https
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
Mrf-Cache-Status
MRF-Tech
X-Mrf-Section-Lastmod
X-Shield-Request-Id
X-Cached
AR-Request-ID
X-Server-Name
X-Ezoic-Cdn
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
Paypal-Debug-Id
X-MSEdge-Ref
Access-Control-Request-Method
X-NF-Request-ID
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Expires
DynaTrace
Arr-Disable-Session-Affinity
Pagespeed
ServerID
X-Id
Content-MD5
X-FTR-DC
X-FTR-Realm
X-FTR-Balancer
X-FTR-Backend-Server
MicrosoftSharePointTeamServices
X-FTR-Backend
X-Vcache
X-Goog-Storage-Class
X-T
S
X-DynaTrace-JS-Agent
X-Client-IP
X-Fastly-Request-ID
X-Amz-Meta-S3cmd-Attrs
X-Content-Type
X-Via-JSL
X-Dw-Request-Base-Id
X-Hits
X-Varnish-Age
X-Amzn-Trace-Id
X-RateLimit-Limit
X-VCache
X-N
X-SERVER
X-Frontend
X-Forwarded-For
X-FTR-Cache-Host
X-Grace
X-Correlation-Id
Fastcgi-Cache
X-Content-Digest
X-Mobile-Rewrite
Powered
PB-RID
X-B3-Traceid
PB-PID
Arc-Version
X-Logged-In
Server-Name
X-Ser
X-DIS-Request-ID
X-Accel-Expires
X-B3-Sampled
Accept-Ch
X-FastCGI-Cache
X-Fastcgi-Cache
AMP-Access-Control-Allow-Source-Origin
X-Zen-Fury
X-HS-Hub-Id
X-HS-Content-Id
X-Request-Handler-Origin-Region
X-Microsite
TP-Cache
TP-L2-Cache
X-Request-Processing-Time
X-Request-Received
X-Cache-Age
X-Kinsta-Cache
FilterID
X-Esi
X-LB-Cache
X-Rid
X-Revision
X-Type
X-Az
X-AppVersion
X-IPLB-Instance
X-User-Agent
X-Activity-Id
Healthy
Backend-Timing
X-GUploader-UploadID
X-Analytics
Edge-Cache-Tag
X-Node-Name
X-Acc-Meta-Resource-Type
X-F-Cache
X-Srv
X-Whom
X-Cache-2
X-Time
Retry-After
X-NWS-LOG-UUID
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Accept-Charset
X-Amz-Apigw-Id
X-Amzn-RequestId
Alternate-Protocol
Pinterest-Version
X-Pinterest-Rid
X-Cache-Hit
X-AOL-HN
Cache-Status
X-Cache-Rule
Server-Node
Surrogate-Key
DC
X-Content-Options
VIX-Pulpo-Node
X-Content-Powered-By
X-Akamai-Edgescape
X-Jobs
VIX-Pulpo-Upstream-Status
Refresh
X-Framework
X-Tumblr-Pixel
X-Cluster
X-Tumblr-Pixel-0
X-Tumblr-User
X-Content-Security-Policy-Report-Only
X-Forwarded-Host
X-Page-Id
X-Instance
X-FW-Static
X-FW-Hash
Access-Control-Allow-Method
X-FW-Server
X-FW-Type
X-FW-Serve
X-App-Environment
Source
X-FB-Debug
X-Debug-Info
X-Varnish-Grace
X-PHP-Backend
X-B
X-Request-Guid
MS-CV
X-Hp-Webp
Fastcgi-Useragent
Host
Cleartype
X-Ratelimit-Reset
X-DataStream-Cache-Status
Frame-Options
X-App-Server
X-Hostname
X-Cache-Key
X-B-Cache
X-Signature
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
Actual-Object-TTL
X-BCube-Filmed-By
X-Varnish-Backend
X-Cached-By
X-Mobile-URL
X-Cache-Operation
Cache-Tag
X-TA-CDN-Provider
Tracecode
X-PressLabs-Stats
X-Geo-Country
X-TT
X-Amz-Replication-Status
Xserver
Liferay-Portal
X-Cache-Control
X-Mobile
X-Pad
X-Seen-By
X-Response-Served-From
X-ATG-Version
X-Host-Name
NGB
X-Adobe-Content
X-Adobe-Loc
X-Git-Hash
Payment
Filters
Eomportal-Instance
X-WebKit-CSP-Report-Only
X-Status
X-WA-Info
X-GeoIP
WPE-Backend
Upgrade-Insecure-Requests
X-Tumblr-Pixel-1
Cache-Tv-Group
X-TT-TIMESTAMP
X-RTag
X-RequestSource
X-FW-Dynamic
X-Tumblr-Pixel-2
X-Handled-By
X-RemovedCookies
Ms-Operation-Id
X-ProcessESI
X-UA-Device-Type
X-Cacheable-TTL
X-TX-ID
From-Origin
X-Drupal-Cache-Tags
Webserver
X-Upstream-Proxy
X-Content-Age
X-Cache-TTL-Remaining
GEO-INFO
X-Cache-Remote
Datacenter
X-Cache-TTL
X-Webkit-CSP
X-Edge-Location
Viewport
X-Daa-Tunnel
Cache
Accept-CH-Lifetime
X-Storage
X-Accel-Buffering
X-Cache-Action
X-Varnish-Hostname
X-Origin-Server
X-EdgeConnect-Cache-Status
Version
X-CF-Powered-By
X-Hyper-Cache
X-Oracle-Dms-Rid
X-Ua
Host-Header
X-Contextid
X-Region
X-Yottaa-Optimizations
PageSpeed
X-Yottaa-Metrics
X-Oneagent-Js-Injection
X-Wix-Request-Id
X-Varnish-Server
X-Akamai-Request-ID2
Selected-Fe
X-Cache-Var
X-Akamai-Transformed
X-Cache-Var-Map
Load-Balancing
X-IP
X-RN-RSRV
X-Proxy-Build
X-Timing-Wait
X-ES-SERVER
Meta-Geo
X-Path-Route
X-Trace-Id
X-JoinUs
X-From
SRV
Cache-Name
S-Cnection
X-Generated
X-Locale
X-Cache-Enabled
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Backend-Name
X-CS
Rt-Fastcgi-Cache
X-Cluster-Node
Vix-Hermes-Req-Id
X-Proto
Cache-Tags
X-Site-Version
X-Proxy
Now
Cache-Hits
X-Section
X-Rule
Decoy-Debug-Key
Decoy-Debug-Status
Webcakes-Region
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-GeoIP-Country
X-Loop
TWC-Device-Class
X-NCache
TWC-Privacy
TWC-Connection-Speed
Webcakes-App-Version
Webcakes-App-Name
X-ApacheServer
X-Access
Country
X-Viewer-Country
X-Cache-Host
X-R9-Blue-Green-Version
X-Via-Fastly
X-FC-Vary-Parameters
X-DataStream-MidMile-RTT
X-EIG-Tracking-Id
X-Varnish-Cache-Hits
Property-Id
X-Labrador-Cache-Channel
X-Upgrade-Enabled
X-DataStream-Origin-MEX-Latency
Mn-Server-Ip
X-UnsetCookies
X-Hit
DSUID
DB-Nickname
Decoy-Debug-TTL
X-TNCMS
X-PERF
X-Tumblr-Pixel-3
X-Origin-Hint
NR-ENABLED
X-Cache-Config
X-Origin
Release
X-FW-Version
Ec-Rule-Version
X-PCL
X-Origin-Response-Time
X-Xfnlog-Site
X-Www-Served-By
X-Time-Microsecs
X-Upstream-CT
X-Upstream-HT
X-OCL
X-Human
X-CCM
X-Cache-Grace
X-Backend-TTL
X-Debug-Cache
X-Device-Type
X-Hosted-By
X-Format
X-FireWall-Port
X-Akamai-Request-ID
S-Rt
Azure-RegionName
Azure-InstanceId
Azure-SlotName
Azure-SiteName
Cache-Key
Azure-Version
X-Web-Node
Ohc-File-Size
X-Varnish-Hits
OT-Force-Account-Verify
X-S
X-Cache-Time
X-Drupal-Cache-Contexts
X-Rendered-As
Server-Info
ServedBy
Time
X-Cache-Server
X-ShardId
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Alternate-Cache-Key
X-ShopId
X-Cache-NE
X-VG-WebCache
X-VG-TLSProxy
X-NewRelic-App-Data
X-VCT
X-Vgn-Hpd-Reason
Hostname
X-FB-TRIP-ID
Ohc-Cache-HIT
X-Nginx-Cache
Accept-Language
X-Tb
Fastcgi-X-Cache-Version
Machine
Cteonnt-Length
X-Redis-Cache
X-OVcl-Cache
X-Real-IP
Origin
X-Mode
X-OVcl
NtCoent-Length
X-Presslabs-Stats
X-No-Session
Origin-Edge-Control
X-Webkit-Csp
Origin-Cache-Control
X-APP-VERSION
X-Pubstack
X-Environment-Context
X-L-Path
X-App-Version
X-Generated-By
X-Request-Time
L5d-Success-Class
X-B3-Spanid
X-VWS-Id
X-AWS-Id
Odigeo-Trace-Id
X-LJ-Flow-ID
X-HS-Cache-Config
Access-Control-Request-Headers
X-CSRF-TOKEN
X-Magnolia-Registration
X-Tt-Trace-Tag
Mime-Version
X-Load-Cache
X-Cluster-Name
X-NC
X-GEO
Fastly-SSL
Mail-Subject
X-Endurance-Cache-Level
We-Hiring
IBM-Web2-Location
X-Parent-Response-Time
Akamai-GRN
X-DC
X-Amzn-Remapped-Content-Length
X-UUID
Nel
Request-Time
X-B3-Parentspanid
X-Guploader-Uploadid
X-XRDS-LOCATION
X-CACHE-KEY
X-ServerID
X-Routing-Service
X-ECACHE
X-GoCache-CacheStatus
X-NGENIX-Cache
X-Zipkin-Id
X-Rocket-Nginx-Bypass
Proxy-Connection
X-Proxied
X-Urbn-Site-Id
X-Soup
X-Via-CDN
X-Urbn-Context-Path
Locale
X-PAYTM-SRV-ID
Arc-Country
X-Origin-Expires
Apple-News-Services-Request-Url
X-Release
Apple-News-Services-Parsed-Url
X-Region-Sid
AsisCache
Cache-Prefix
Content-Style-Type
X-Is-Bot
Cross-Origin-Window-Policy
X-Org
Content-Script-Type
Cdn-Host
Cdn-Request-Time
X-Origin-Date
BehaviorPad-Version
Apple-News-Services-Host
X-Trv-Group
X-Transaction
X-Thanos
X-Twitter-Response-Tags
X-VG-WebServer
Xc-Version
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-SRCache-Key
X-Server-Time
A
Apple-News-Services-Handled
X-Request-UUID
X-Rewrite-Enabled
X-Rojux
X-ScT
X-S-Maxage
X-S-Cookie
Fly-Cache
Fly-Request-Id
X-A-Dgt
X-Date
X-D
X-A-Dcw
X-Destination
X-A
X-A-Ccd
X-A-Dam
X-Connection-Hash
X-A-Wwc
X-Aed
X-ARC
X-AIR-PT
X-B-Cookie
X-Accel-Expires-Debug
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Bip
VivaBuild
Viewtype
Mobile-Detection-Method
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
Meta-Geo-Continent
Memcached
X-Application
GEO-REGION-INFO
MD5-Digest
Node
X-G
X-Detected-As
Server-ID
T-Server
X-Developer
X-DPWN-IS-SECURE
X-External-Request-Id
Rendered-Blocks
X-Edge-Server
X-Instart-Info
Rt-Proxy-Cache
X-ProxyCache-Key
X-MServer
X-ProxyCache-Status
X-Node-Id
X-BYPASS-REASON
X-B3-SpanId
ServerName
Request-Country
Country-Code
X-Cdn-Srv
X-Generated-On
X-RateLimit-Limit-Second
X-Request-Start
X-RateLimit-Remaining-Second
X-Owner
X-Cache-Bucket
Cache-Cookie-Set-Lfrom
X-Hash
Gh-Request-Id
Section-Io-Cache
IsBot
X-Developers
X-Level-Front-Cache
X-CUA
X-Core-Mission
Fastly-Soc-X-Request-Id
Cache-Cookie-Set-Idcheck
X-Device-Os
X-Cms-Context
X-Hl-Ver
Request-EU
N-Cache
X-Azure-Ref-OriginShield
X-VC-Cache
X-TrackingId
X-Distil-CS
Uber-Trace-Id
X-Azure-Ref
X-Auto-Login
X-Worker
X-Fastly-Cache
X-Distributor
X-WebServer
Cache-Cookie-Set-From
NGX
X-SVT-ORM-VERSION
X-Origin-TTL
X-Origin-CC
X-BBXSRF
X-SIPLIST1
X-SS-Set-Cookie
X-SVT-ORM-RULES
X-ElasticPress-Search
X-Ruxit-Js-Agent
User-Cache-Control
Backend-Name
X-Debug-Log
X-Epic-Correlation-Id
X-Dispatcher-Server
X-Dispatch
X-Cache-FS-Status
X-Block-Status
X-C
X-Eu-Site
X-Backend-Url
X-Backend-Host
X-Amz-Meta-Cache-Control
CF-IPCountry
X-App-Name
X-Cache-Id
X-Cache-Info
X-Compress-Hint
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Clientip
X-Clara-WADP
X-Cdn-Origin
X-CGP
X-Debug-Cache-Store
X-Irp-Debug
X-Qloud-Router
X-Reboot
X-Reqid
X-Request-URI
X-Proxy-Upstream
X-Proxy-Cache-Status
X-Old-Content-Length
X-Page-Type
X-PHP-Host
X-ServiceProvider
X-Sn-Servicetimems
X-WADP-Cache
X-Webstats-RespID
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-VServer
X-Up
X-Swa-Ws
X-Thinkindot-L3
X-Unique-ID
X-NX-Host
X-Nginx-Cache-Key
X-Geo-Header
X-GeoIP-City
X-Hello
X-Hnp-Log
X-Generation-Time
X-Generated-In
X-Fetched-On
X-Flog
X-Gen-Mode
X-HS-Combine-CSS
X-ABtesting
X-Method
X-MSEdge-Features
X-MSEdge-Flight
X-Matched-Rule
X-Location
X-Li-Fabric
X-Li-Pop
X-LI-UUID
X-MP-GENERATED-AT
X-Debug-Cookies
Server-Host
Served-By
RNT-Time
RNT-Machine
Server-Int
SS
True-Client-Country-4JS
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
AKAMAI
PFcat
HA-Ipaddr
Ha-Gx-Prefs
Countrycode
Esi-Enabled
Heartbleed
CDCHOST
Pagetype
Magicmarker
L
Kp-EeAlive
V-Age
Pramga
Wxu-Next-Commit
Wxu-Next-Region
W
Wxu-Next-Hostname
X-Microcachable
X-IPS-LoggedIn
X-We-Are-Hiring
X-GDPR
Memory
X-Skip-Cache
X-Variation
Adler-Geo
X-Rebelmouse-Cache-Control
X-LI-Proto
X-Server-IP
X-Key
Platform
X-SayCDN-TTL
Is-Eu
X-Response-By
X-Rebelmouse-Surrogate-Control
X-SD-PageType
X-Say-TTL
Content-Disposition
Web-Mar-Node
X-User
Fastly-SWR
X-Cdn-Forward
X-Platform-Server
Fastly-SIE
X-Backend-State
SD-X-WS
X-Say-Cacheable
X-Element-Page-Cache
X-Uri
X-SERVER-NAME
X-Policy
X-Internal-Host
UCS
X-Servername
ProcessTime
X-Nc
REQUESTUUID
Resin-Trace
X-Geo
Ajk
X-FPC
X-Logtrace-Id
X-Wa
Powered-By-ChinaCache
X-Service
X-Var-Ttl
X-HTML-Minification-Powered-By
X-Dc
Cache-Provider
X-Servedbyhost
X-Lb-Id
Proxy-Firewall
Srv
X-Ratelimit-Limit
X-Cache-Backend
X-Datadome
X-Grey
X-Is-Gdpr
Powered-By
X-Has-Esi
X-NWS-UUID-VERIFY
X-JWT-State
X-Cache-Category-Id
X-Oss-Storage-Class
X-VCL-Version
X-Processor
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Pjax-Url
X-ZONE
X-Varnish-Beresp-Ttl
X-Be
X-SRV
Fastly-Backend-Name
X-TH-Server
X-Tb-Optimization-Total-Bytes-Saved
X-Server-ID
SN
X-Svr
X-Info
X-Instart-Isnd
X-CDN-Forward
X-RateLimit-Reset
GeoIP-Country-Code
GeoIP-Latitude
X-Cache-URL
GeoIP-City
X-RCS-CacheZone
X-Tec-Api-Origin
X-UA
X-Tec-Api-Root
X-Tec-Api-Version
X-HS-Status
X-Cache-Ttl
X-Ftr-Request-Id
X-Ttl
PICS-Label
X-Zone
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-NodeID
X-Scheme
GW-Server
X-SN
Group
X-Source
X-GRACE
X-Varnish-Url
Cdn
CACHE
X-Pf-Uncompressing
X-LAGOON
X-EC-Lua
X-Gannett-Site-Version
WZWS-RAY
X-Secret
X-Bc
Dynatrace
X-Newrelic-Synthetics
X-Varnish-Beresp-TTL
X-Dynatrace-Js-Agent
Cache-Host
LB
X-Varnish-Cacheable
CF-Cached-On
X-Check-Cacheable
X-PF-Uncompressing
X-CDN-Cache
On-Server
X-NODE
X-Server-W
X-Sucuri-Id
User-Agent
X-GeoIP-Country-Code
X-Ftr-Cache-Host
X-LiteSpeed-Cache-Control
Ttl
X-BC
X-APP
X-Via-Ucdn
Inserted-Into-Cache-At
X-Ms-Request-Id
X-Tt-Trace-Host
Pics-Label
X-Ms-Version
X-Ratelimit-Remaining
Geoip-City
X-Fastly-Country-Code
Environment
Amp-Access-Control-Allow-Source-Origin
X-NU-AKA-ACS-Version
X-BE
Geoip-Latitude
X-Edge
GeoIp-Country-Code
X-COUNTRY
XServer
Cf-Ipcountry
X-Crawler
X-Akamai-SSL-Client-Sid
WWW
Who
X-URL
X-Aicache-OS
X-PJAX-URL
X-Dynatrace
MIME-Version
X-Ftr-Backend-Server
X-Ftr-Backend
X-Ftr-Realm
X-Ftr-Balancer
X-Ftr-Dc
Lfy
X-Cache-Debug
M-TraceId
X-Render-Time
X-Agile
X-CSRF-Token
Requestid
X-Session-Fingerprint
X-Vcl-Version
X-Mid
X-Agile-Age
X-Agile-Id
Ohc-Response-Time
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
X-FORWARDED-FOR
X-FE
X-LB-ID
SID
X-Varnish-Ttl
X-MCACHE
X-Logging-Id
X-Fastly-Backend-Reqs
X-Litespeed-Cache-Control
X-Served-From
X-Via-SSL
URI
X-UPSTREAM-Address
X-Via-Edge
X-Micro-Cache
Lb
Xkeyrz
X-WR-MODIFICATION
X-Proxy-Cacherz
HostName
X-7Graus-Varnish-XKeys
Host-ID
X-Cache-Tag
X-WA
X-7Graus-Varnish-Cache-Control
RequestUuid
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
Tcn
X-Cf-Powered-By
DataCenter
X-Correlation-ID
X-Zalando-Child-Request-Id
Correlation-Id
X-Flow-Id
X-Cache-Miss-From
X-Vct
X-Sedo-Request-Id
X-RPM
X-RPS
X-RSL
X-DW
X-DSS
X-Action
X-DB
X-DI
X-Protected-By
X-Page-Impression-Id
X-Fastly-Cache-Hits
X-ServedByHost
Xkeypdq
X-Nananana
CDN
X-Fpc
X-Newrelic-App-Data
X-NGINX-Cache
WebServer
X-TIME
Warning
X-Cdn-Request-ID
X-Ecache
X-VC
Cneonction
X-Via-NSCOPI
X-Vdms-Version
X-MID
X-Refresh
X-SB
X-Core-Value
X-ND-Cache
X-Request-Url
X-Dw-Trace-Id
X-ServerName
FNAC-ModuleRouting
X-HostName
X-Swift-Error
TTL
X-AK-Request-ID
X-Li-Proto
Cdnsip
Xet-Cookie
Processtime
X-Fe
X-ECache
Cdncip
X-Gdpr
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Apw-Access-Object
X-Serial
X-Apw-Access-Action
X-Apw-Access-Token
X-Request-URL
HitType
V-Cache
X-MiniProfiler-Ids
X-Apw-Hits
Pragrma
X-Bug-Bounty
X-Unique-Id