Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
CF-Cache-Status
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Alt-Svc
X-Adblock-Key
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Age
X-Server
X-Backend
X-Pingback
X-Amz-Id-2
X-Amz-Request-Id
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
EagleId
Grace
X-Server-Powered-By
X-UA-Device
Request-Context
X-Varnish-Cache
X-Nginx-Cache-Status
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-SaveTime
X-Swift-CacheTime
X-Server-Id
Ali-Swift-Global-Savetime
X-Ua-Compatible
X-WebKit-CSP
Server-Timing
Feature-Policy
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Host
X-Rq
Report-To
X-Ac
X-Node
Content-Location
X-Request-ID
X-OneAgent-JS-Injection
X-Cnection
X-Response-Time
X-Backend-Server
X-Cloud-Trace-Context
X-Origin-Cache
X-Application-Context
X-Readtime
Request-Id
Allow
Surrogate-Control
EagleEye-TraceId
X-ORACLE-DMS-ECID
X-Vhost
X-DynaTrace
X-Country
X-TTL
X-Cache-Lookup
X-Cdn
X-Origin-Upstream-Status
X-Rack-Cache
X-Clacks-Overhead
NEL
X-FTR-Request-ID
Rating
X-Url
Pinterest-Generated-By
X-EdgeConnect-MidMile-RTT
X-Country-Code
X-EdgeConnect-Origin-MEX-Latency
X-Dispatcher
X-Ruxit-JS-Agent
X-CST
X-ORACLE-DMS-RID
X-HW
X-Instart-Request-ID
X-Goog-Hash
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
X-DataStream-Cache-Status
X-DataDome
X-Vname
X-PC
X-TtlSet
Edge-Control
X-VARITI-CCR
X-Px
Service-Worker-Allowed
Verso
X-Mod-Pagespeed
X-MS-InvokeApp
RTSS
X-Recruiting
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-Use-Magma
X-Kinja-Server
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Revision
X-Varnish-TTL
X-D2id
X-Dns-Prefetch-Control
SPRequestGuid
X-Vcap-Request-Id
X-Abt-Application-Version
TCN
X-Amz-Server-Side-Encryption
X-GitHub-Request-Id
X-SharePointHealthScore
X-Navigation-Version
X-SRCache-Store-Status
X-Akam-SW-Version
X-SRCache-Fetch-Status
X-Middleton-Display
X-Sol
X-Middleton-Response
Display
X-Powered-By-Plesk
Response
X-ESI
MS-Author-Via
X-B3-TraceId
X-RateLimit-Remaining
X-Forwarded-Proto
Realpath
Charset
DynaTrace
X-Powered-CMS
X-Version
X-Shield-Request-Id
X-Upstream
X-Amz-Rid
Public-Key-Pins
X-Server-Name
Fastly-Restarts
Nginx-Cache
ServerID
X-Cached
X-Trace
AR-ATIME
AR-CACHE
Ar-Sid
AR-PoweredBy
X-Shard
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-TEC-API-ORIGIN
X-Goog-Generation
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Goog-Stored-Content-Encoding
X-Dw-Request-Base-Id
Content-MD5
X-Grace
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
MRF-Tech
X-Mrf-Item-Lastmod
Mrf-Cache-Status
Accept-CH
Pagespeed
AR-Request-ID
Paypal-Debug-Id
Access-Control-Request-Method
X-MSEdge-Ref
Accept-Ch-Lifetime
X-Client-IP
SPRequestDuration
SPIisLatency
X-Goog-Storage-Class
X-Debug
X-FTR-Cache-Status
X-FTR-Expires
X-FTR-Realm
X-FTR-Balancer
X-FTR-DC
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Backend
X-DynaTrace-JS-Agent
X-Id
S
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Ezoic-Cdn
Accept-Ch
X-FastCGI-Cache
Front-End-Https
X-Fastly-Request-ID
X-Amz-Meta-S3cmd-Attrs
X-T
X-N
X-Amzn-Trace-Id
Arr-Disable-Session-Affinity
X-NF-Request-ID
MicrosoftSharePointTeamServices
X-Content-Type
X-DIS-Request-ID
X-Hits
X-Pinterest-Rid
Pinterest-Version
X-B3-Sampled
X-Upstream-Proxy
X-FTR-Cache-Host
X-Vcache
X-B3-Traceid
X-VCache
X-XRDS-Location
X-Acc-Meta-Resource-Type
X-Frontend
PB-RID
PB-PID
Arc-Version
Fastcgi-Cache
X-Mobile-Rewrite
X-Content-Digest
X-Varnish-Age
X-Logged-In
Server-Name
X-Correlation-Id
X-Ser
X-Srv
Alternate-Protocol
X-Cache-Key
X-Node-Name
Nel
X-Microsite
X-Request-Handler-Origin-Region
AMP-Access-Control-Allow-Source-Origin
X-Pad
FilterID
Powered
X-User-Agent
X-Rid
X-Forwarded-For
X-Type
TP-Cache
TP-L2-Cache
X-LB-Cache
X-IPLB-Instance
Healthy
X-Request-Received
X-Cache-2
X-Request-Processing-Time
X-F-Cache
X-Kinsta-Cache
X-Zen-Fury
Host
X-Amzn-RequestId
X-Amz-Apigw-Id
X-XRDS-LOCATION
X-Revision
Edge-Cache-Tag
X-Via-JSL
Accept-CH-Lifetime
X-Debug-Info
X-AOL-HN
Backend-Timing
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Powered-By-ChinaCache
X-Analytics
X-Cache-Age
X-Az
X-AppVersion
X-GUploader-UploadID
X-Activity-Id
X-Cached-By
X-HS-Hub-Id
X-HS-Content-Id
X-Hostname
X-Accel-Expires
X-Cache-Rule
Surrogate-Key
Cache-Status
X-Content-Options
X-Varnish-Backend
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-PHP-Backend
X-Instance
Server-Node
X-BCube-Filmed-By
X-Content-Security-Policy-Report-Only
VIX-Pulpo-Node
X-Page-Id
X-Tumblr-User
VIX-Pulpo-Upstream-Status
X-Request-Guid
X-Jobs
X-Content-Powered-By
X-App-Environment
X-Akamai-Edgescape
X-Varnish-Grace
X-Amz-Replication-Status
X-Signature
X-Forwarded-Host
Cleartype
X-Cluster
X-B-Cache
X-TT
X-FB-Debug
Refresh
Source
X-Framework
X-FW-Type
X-FW-Static
X-FW-Hash
X-FW-Server
X-FW-Serve
X-Esi
Liferay-Portal
DC
X-Fastcgi-Cache
X-RateLimit-Limit
X-Time
Accept-Charset
Tracecode
X-Presslabs-Stats
Fastcgi-Useragent
X-ATG-Version
Access-Control-Allow-Method
X-Varnish-Hostname
X-APP-VERSION
Host-Header
X-Whom
X-Cache-Action
X-Drupal-Cache-Tags
X-Mobile
X-Cache-Operation
WPE-Backend
X-Cache-Control
X-Edge-Location
X-B
X-Cache-TTL
X-App-Server
X-Hp-Webp
X-WA-Info
X-Accel-Buffering
NGB
Payment
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Mobile-URL
X-Response-Served-From
Retry-After
Filters
X-Git-Hash
X-Content-Age
Actual-Object-TTL
Cache-Tag
X-Storage
X-Handled-By
X-WebKit-CSP-Report-Only
Cache-Tv-Group
X-Cache-Hit
X-TX-ID
X-NWS-LOG-UUID
Viewport
X-TT-TIMESTAMP
X-Cacheable-TTL
X-RequestSource
Eomportal-Instance
X-Tumblr-Pixel-2
Upgrade-Insecure-Requests
X-Tumblr-Pixel-1
X-GeoIP
X-RemovedCookies
X-ProcessESI
X-Adobe-Loc
X-Adobe-Content
X-Status
MS-CV
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-UA-Device-Type
X-SS-Set-Cookie
X-FW-Dynamic
X-Geo-Country
X-VG-WebCache
Webserver
X-Ratelimit-Limit
X-Seen-By
X-Server-ID
X-Cache-TTL-Remaining
X-Host-Name
Ms-Operation-Id
Xserver
X-RTag
X-TA-CDN-Provider
X-FB-TRIP-ID
Datacenter
Frame-Options
X-Cache-Enabled
X-B3-Spanid
From-Origin
CACHE
X-Oracle-Dms-Rid
X-RateLimit-Reset
X-Origin-Server
X-Hyper-Cache
X-Contextid
Server-Info
X-Mode
X-Generated-By
GEO-INFO
Country
X-CF-Powered-By
SRV
Meta-Geo
Machine
X-Cache-Var
X-Cache-Var-Map
X-Tumblr-Pixel-3
X-ES-SERVER
X-Path-Route
X-RN-RSRV
Load-Balancing
X-Drupal-Cache-Contexts
S-Cnection
X-Upstream-HT
X-Upstream-CT
X-Section
X-Cache-Config
X-Zipkin-Id
X-Routing-Service
X-Proxied
X-MP-GENERATED-AT
X-Access
Vix-Hermes-Req-Id
X-Hit
X-Varnish-Cache-Hits
X-R9-Blue-Green-Version
Mn-Server-Ip
Rt-Fastcgi-Cache
X-TNCMS
X-Human
X-Backend-Name
X-Varnish-Server
X-From
X-Loop
Now
X-AWS-Id
X-Timing-Wait
X-Akamai-Request-ID
Decoy-Debug-Key
X-LJ-Flow-ID
X-Labrador-Cache-Channel
X-Proxy-Build
X-VWS-Id
X-VG-TLSProxy
X-Origin-Response-Time
X-Cluster-Node
Decoy-Debug-TTL
Decoy-Debug-Status
Cache
X-Rule
Cache-Name
X-Upgrade-Enabled
X-EIG-Tracking-Id
X-Web-Node
Akamai-GRN
Cache-Key
Release
X-OCL
X-Viewer-Country
X-Via-Fastly
X-Site-Version
X-FC-Vary-Parameters
X-Www-Served-By
DSUID
X-Generated
X-Region
X-Debug-Cache
X-Cache-Host
X-Locale
X-NCache
X-Trace-Id
X-PCL
X-Cache-Grace
X-Dc
X-L-Path
X-Environment-Context
X-Device-Type
ServedBy
X-Magnolia-Registration
X-Proto
X-Hosted-By
X-Guploader-Uploadid
X-Rendered-As
OT-Force-Account-Verify
X-JoinUs
DB-Nickname
X-Endurance-Cache-Level
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Alternate-Cache-Key
X-ShopId
X-Sorting-Hat-PodId
X-ShardId
X-Akamai-Request-ID2
X-Request-Time
X-CCM
X-IP
X-S
X-Xfnlog-Site
ProcessTime
X-Time-Microsecs
X-NewRelic-App-Data
We-Hiring
X-Load-Cache
Mail-Subject
Version
Time
TWC-Locale-Group
TWC-GeoIP-LatLong
X-VCT
Azure-Version
Azure-SiteName
Azure-RegionName
Azure-InstanceId
Azure-SlotName
Property-Id
TWC-Device-Class
TWC-Connection-Speed
S-Rt
TWC-GeoIP-Country
X-FW-Version
NtCoent-Length
TWC-Privacy
X-Origin-Hint
X-Wix-Request-Id
X-RCS-CacheZone
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
Uber-Trace-Id
X-Origin
X-Varnish-Hits
X-No-Session
X-UA
X-EdgeConnect-Cache-Status
X-URL
Cteonnt-Length
X-Ratelimit-Reset
X-Nginx-Cache
X-ProxyCache-Status
X-Redis-Cache
X-ProxyCache-Key
X-UUID
X-Proxy
X-BYPASS-REASON
X-FireWall-Port
X-Via-CDN
X-GEO
X-CDN-Forward
NGX
X-Daa-Tunnel
X-Platform-Server
X-HTML-Minification-Powered-By
X-Akamai-Transformed
X-Vgn-Hpd-Reason
X-PERF
X-MServer
X-ApacheServer
X-Format
X-ECACHE
X-CS
Accept-Language
X-Rocket-Nginx-Bypass
Odigeo-Trace-Id
X-Hl-Ver
X-Cache-Remote
Ec-Rule-Version
X-Cache-NE
X-Cache-Server
Origin
X-UnsetCookies
Access-Control-Request-Headers
Cache-Tags
X-Oneagent-Js-Injection
LB
X-IPS-LoggedIn
X-Distributor
X-Tb
X-ServerID
X-PressLabs-Stats
X-Real-IP
Selected-Fe
X-Amzn-Remapped-Content-Length
X-Dynatrace-Js-Agent
Fastly-SSL
X-Webkit-Csp
Proxy-Connection
X-Microcachable
X-B3-Parentspanid
X-Unique-ID
X-Compress-Hint
X-Vtex-Remote-Cache
X-A-Dgt
X-A-Dcw
X-Trv-Group
X-A-Dam
Cdn-Host
X-Twitter-Response-Tags
X-A
X-A-Ccd
X-A-Wwc
X-Aed
Content-Script-Type
Cross-Origin-Window-Policy
X-Application
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
Cdn-Request-Time
X-BACKEND-TTL
Fastcgi-X-Cache-Version
X-AIR-PT
X-Transaction
X-App-Name
X-Accel-Expires-Debug
VivaBuild
MD5-Digest
A
Meta-Geo-Continent
Mobile-Detection-Method
BehaviorPad-Version
AKAMAI
GEO-REGION-INFO
L5d-Success-Class
Fly-Cache
AsisCache
Fly-Request-Id
Node
Rendered-Blocks
X-VG-WebServer
Cache-Cookie-Set-Lfrom
Viewtype
Cache-Prefix
Arc-Country
X-Vtex-Processado-Em
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
REQUESTUUID
Rt-Proxy-Cache
Server-ID
X-Varnish-Url
X-SRCache-Key
X-D
X-Is-Bot
X-Date
X-Destination
Content-Style-Type
X-Level-Front-Cache
X-Connection-Hash
X-Cache-Bucket
X-Cdn-Srv
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Detected-As
X-Internal-Host
X-Generated-On
X-External-Request-Id
X-G
Hostname
X-Geo-Header
X-Edge-Server
X-Instart-Info
X-Developer
X-DPWN-IS-SECURE
X-IN-APIGATEWAY
X-NU-AKA-ACS-Version
X-Cluster-Name
Xc-Version
X-S-Cookie
X-PAYTM-SRV-ID
X-Rojux
X-Worker
X-Region-Sid
X-Request-UUID
X-Rewrite-Enabled
X-ScT
X-S-Maxage
X-Org
X-B-Cookie
X-ARC
X-Server-Time
X-Pubstack
ServerName
Served-By
X-Clientip
X-Fastly-Cache
X-TrackingId
Gh-Request-Id
X-Server-IP
Esi-Enabled
X-Distil-CS
X-Developers
Fastly-SIE
X-We-Are-Hiring
Memcached
UCS
X-Skip-Cache
Section-Io-Cache
X-Nginx-Cache-Key
Countrycode
W
X-Varnish-Cacheable
X-BBXSRF
X-Method
Request-Time
X-Rebelmouse-Cache-Control
X-Backend-State
X-Rebelmouse-Surrogate-Control
X-Qloud-Router
Proxy-Firewall
Request-EU
Request-Country
X-Location
IBM-Web2-Location
Fastly-SWR
Origin-Edge-Control
X-C
X-Nc
X-Core-Mission
Content-Disposition
X-NC
Apple-News-Services-Handled
Origin-Cache-Control
Backend-Name
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Apple-News-Services-Host
X-ElasticPress-Search
X-Epic-Correlation-Id
X-Dispatch
Server-Int
X-GeoIP-Country-Code
X-Generation-Time
X-FPC
SS
Who
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
X-Cache-Category-Id
X-Grey
X-CGP
X-Cdn-Origin
X-Cache-Info
X-Device-Os
X-Servername
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Webstats-RespID
Country-Code
Powered-By
X-Bip
X-Auto-Login
X-Hash
X-Variation
X-Thanos
X-Reboot
X-Irp-Debug
X-HS-Combine-CSS
X-Release
X-ServiceProvider
X-TH-Server
X-Sn-Servicetimems
X-SIPLIST1
X-HS-Cache-Config
X-Eu-Site
RNT-Machine
Is-Eu
RNT-Time
Heartbleed
HA-Ipaddr
IsBot
Kp-EeAlive
Platform
Pramga
On-Server
N-Cache
Server-Host
Ha-Gx-Prefs
L
GW-Server
Adler-Geo
Fastly-Soc-X-Request-Id
Locale
X-Urbn-Context-Path
X-Urbn-Site-Id
X-SERVER
X-Li-Pop
CDCHOST
X-Hnp-Log
X-Li-Fabric
PFcat
X-Gen-Mode
X-Crawler
X-Debug-Log
X-Debug-Cookies
X-CUA
X-Dispatcher-Server
X-LI-Proto
X-GeoIP-City
X-Fetched-On
X-Gannett-Site-Version
X-Pf-Uncompressing
X-Swa-Ws
X-Origin-Expires
X-Origin-Date
X-WebServer
X-WADP-Cache
X-VC-Cache
X-Request-Start
X-Cms-Context
X-Secret
X-PHP-Host
X-Owner
X-NX-Host
X-Reqid
X-Request-URI
X-SD-PageType
X-Response-By
X-LI-UUID
X-Key
X-Azure-Ref
X-Azure-Ref-OriginShield
Web-Mar-Node
X-Amz-Meta-Cache-Control
Resin-Trace
User-Cache-Control
True-Client-Country-4JS
X-Cache-FS-Status
SD-X-WS
X-Clara-WADP
X-CDN-Cache
X-Block-Status
X-Cache-Id
X-Cache-Backend
Thinkindot-CacheControl-Type
Thinkindot-Control
X-SERVER-NAME
CF-IPCountry
Thinkindot-CacheControl
V-Age
X-Matched-Rule
X-Proxy-Upstream
X-Thinkindot-L3
X-OVcl-Cache
X-OVcl
X-VServer
X-Parent-Response-Time
X-Proxy-Cache-Status
X-Edge
X-Varnish-Ttl
X-CLOUD-TRACE-CONTEXT
X-FE
X-ABtesting
X-Hello
Pagetype
Magicmarker
X-Flog
X-Be
X-Backend-Host
X-Processor
X-Backend-Url
PageSpeed
X-Served-From
X-Ratelimit-Remaining
User-Agent
X-Via-NSCOPI
X-GoCache-CacheStatus
X-MSEdge-Flight
X-MSEdge-Features
X-Via-Edge
X-Via-SSL
X-LAGOON
X-User
X-Up
X-Powered-By-Defense
X-Generated-In
Memory
Mime-Version
X-Varnish-Beresp-Ttl
X-Tt-Trace-Tag
Geoip-Latitude
GeoIp-Country-Code
X-Debug-Cache-Expiry
X-Protected-By
X-ND-Cache
Geoip-City
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Soup
Cache-Hits
X-Newrelic-Synthetics
X-Geo
X-Oss-Storage-Class
X-Ttl
X-Oss-Server-Time
X-Oss-Object-Type
X-Page-Type
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-COUNTRY
X-Backend-TTL
X-Ua
X-Zone
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Fstrz
X-Planisys-CDN-Rules
Pragrma
X-Check-Cacheable
X-B3-SpanId
X-Origin-CC
X-Origin-TTL
X-Old-Content-Length
X-Akamai-SSL-Client-Sid
X-Say-TTL
X-SayCDN-TTL
X-ZONE
X-Say-Cacheable
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
Dynatrace
X-Cache-Time
XServer
WZWS-RAY
X-Litespeed-Cache
X-CSRF-TOKEN
X-Core-Value
X-Varnish-Beresp-Status
X-IN-WAF
X-Phone
X-Varnish-Beresp-Grace
X-Cdn-Forward
Fastly-Backend-Name
Ajk
X-Node-Id
X-Servedbyhost
X-IN-APIGATEWAYSSL
Inserted-Into-Cache-At
Cdn
X-TT-LOGID
X-Logtrace-Id
X-Cache-Ttl
X-Vcl-Version
X-Aicache-OS
X-DC
X-HS-Status
X-Datadome
X-Tb-Optimization-Total-Bytes-Saved
X-Ruxit-Js-Agent
Amp-Access-Control-Allow-Source-Origin
X-MID
X-BC
X-FORWARDED-FOR
FSS-Cache
FSS-Proxy
X-VCL-Version
X-NODE
HostName
X-Amzn-Remapped-Date
X-APP
SN
X-ServedByHost
X-Amzn-Remapped-Connection
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Wa
X-Birta-Cache-Post
X-Mid
X-UPSTREAM-Address
X-Birta-Served
X-EC-Lua
X-CSRF-Token
CF-Cached-On
Server-Cache-Control
X-Contensis-Viewer-Groups
X-Bc
X-Refresh
X-Cache-ASPX
Server-Surrogate-Control
X-Proxy-Cacherz
PICS-Label
T-Server
Xkeyrz
X-Varnish-Authentication
X-Varnish-IP
Selected-FE
X-Info
X-NWS-UUID-VERIFY
X-GDPR
X-PJAX-URL
X-LiteSpeed-Cache-Control
MIME-Version
X-WR-MODIFICATION
RequestId
Ohc-File-Size
Srv
X-Source
X-Agile
X-Agile-Id
HitType
X-Cache-Debug
X-Agile-Age
X-Real-Ip
X-App-Version
Ohc-Cache-HIT
SID
X-ECache
URI
X-Fastly-Country-Code
X-LB-ID
X-Varnish-Beresp-TTL
X-Render-Time
WebServer
X-Nananana
Cf-Ipcountry
DataCenter
X-Via-Ucdn
X-Uri
GeoIP-Country-Code
GeoIP-City
GeoIP-Latitude
X-Policy
X-Service
X-CACHE-KEY
Xkeynj
Cache-Provider
X-Micro-Cache
Get-Access-Time
X-TIME
Is-Session-Tracking
X-Web-Server
X-Fastly-Backend-Reqs
X-Unique-Id
X-PAGE-TYPE
X-Cache-Tag
X-Cache-Miss-From
X-NGINX-Cache
X-Requestid
X-Lb-Id
X-Sedo-Request-Id
X-BE
X-Var-Ttl
X-NGENIX-Cache
X-Is-Gdpr
X-JWT-State
X-Request-Url
X-Has-Esi
Group
CDN
Ohc-Response-Time
Xet-Cookie
X-MCACHE
Lb
Pics-Label
HTTPS
X-Vct
X-Pjax-Url
X-Apw-Hits
Cneonction
X-Apw-Access-Action
X-Apw-Access-Object
X-Apw-Access-Token
X-Dw-Trace-Id
X-SRV
Www
X-Cf-Powered-By
X-Cdn-Request-ID
Correlation-Id
X-Ecache
X-Swift-Error
Warning
Backend
FNAC-ModuleRouting
X-Edge-IP
X-Request-URL
X-SN
X-WA
X-Newrelic-App-Data
Xkeypdq
X-Litespeed-Cache-Control
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Serial
X-Fe
X-Zalando-Child-Request-Id
Lfy
X-Fpc
X-Cache-Expires
X-DI
X-DSS
X-DW
X-RSL
X-RPM
X-ServerName
X-DB
X-Bug-Bounty
X-RPS
Host-ID
X-Page-Impression-Id
X-PF-Uncompressing
X-Flow-Id
X-Instart-Isnd
X-Fastly-Cache-Hits