Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Xss-Protection
X-Served-By
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
X-Drupal-Cache
Alt-Svc
P3p
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
Status
X-Template
X-Language
Timing-Allow-Origin
Content-Encoding
X-FRAME-OPTIONS
X-Content-Security-Policy
X-Iinfo
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-Turbo-Charged-By
X-CDN
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Amz-Request-Id
X-Amz-Id-2
X-Pingback
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
X-Server-Powered-By
EagleId
X-Varnish-Cache
X-UA-Device
X-Nginx-Cache-Status
Request-Context
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-SaveTime
X-Swift-CacheTime
X-WebKit-CSP
X-Ua-Compatible
Ali-Swift-Global-Savetime
Feature-Policy
X-Device
Server-Timing
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Host
X-Ac
Report-To
X-Rq
Content-Location
X-OneAgent-JS-Injection
X-Node
X-Server-Id
X-Backend-Server
X-Cnection
X-Response-Time
X-Origin-Cache
EagleEye-TraceId
X-Cloud-Trace-Context
X-Application-Context
Allow
Request-Id
X-Readtime
Surrogate-Control
X-Cdn
X-Cache-Lookup
X-Country
X-ORACLE-DMS-ECID
X-Url
X-DynaTrace
X-Ruxit-JS-Agent
X-Vhost
X-Rack-Cache
X-Clacks-Overhead
Pinterest-Generated-By
X-ORACLE-DMS-RID
X-Origin-Upstream-Status
NEL
X-CST
X-TTL
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Rating
X-FTR-Request-ID
X-Country-Code
X-HW
X-Dns-Prefetch-Control
X-Goog-Hash
X-Instart-Request-ID
X-Dispatcher
X-DataStream-Cache-Status
Edge-Control
X-Px
X-PC
X-TtlSet
Fusion-Template-Id
Fusion-Component-Id
Fusion-Source
X-Vname
Fusion-Content-Source
Fusion-Content-Id
X-VARITI-CCR
Service-Worker-Allowed
X-Mod-Pagespeed
X-MS-InvokeApp
SPRequestGuid
X-B3-TraceId
Verso
X-ESI
X-Recruiting
X-Request-ID
X-Kinja-Server
X-Use-Magma
X-Kinja-Build
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja
X-D2id
X-Varnish-TTL
X-DataDome
X-Vcap-Request-Id
X-SharePointHealthScore
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
X-Server-Name
X-RateLimit-Remaining
X-Powered-By-Plesk
TCN
DynaTrace
X-Navigation-Version
X-Sol
X-GitHub-Request-Id
X-Middleton-Display
X-Middleton-Response
Response
Display
X-SRCache-Store-Status
RTSS
X-SRCache-Fetch-Status
X-Server-ID
Content-MD5
Charset
X-Akam-SW-Version
Ar-Sid
AR-CACHE
AR-ATIME
AR-PoweredBy
Accept-Ch-Lifetime
MS-Author-Via
X-Amz-Rid
X-Shield-Request-Id
ServerID
Realpath
AR-Request-ID
X-Trace
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Dw-Request-Base-Id
X-Goog-Metageneration
X-Goog-Generation
X-Powered-CMS
X-Cached
X-DynaTrace-JS-Agent
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Version
Nginx-Cache
X-Forwarded-Proto
X-Shard
SPRequestDuration
SPIisLatency
X-Upstream
Pagespeed
X-Goog-Storage-Class
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Proxy
Public-Key-Pins
MRF-Tech
X-Mrf-Section-Lastmod
Accept-CH
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
Paypal-Debug-Id
X-Client-IP
X-MSEdge-Ref
Fastly-Restarts
Access-Control-Request-Method
S
X-DataStream-Origin-MEX-Latency
X-Amz-Meta-S3cmd-Attrs
X-DataStream-MidMile-RTT
X-Ezoic-Cdn
X-Debug
Accept-Ch
X-FTR-DC
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
X-Country-Code-Real
X-Id
X-FTR-Expires
X-VCache
X-DIS-Request-ID
X-Fastly-Request-ID
X-T
X-N
MicrosoftSharePointTeamServices
X-XRDS-Location
X-Ser
Alternate-Protocol
Arr-Disable-Session-Affinity
X-Mobile-Rewrite
Arc-Version
PB-PID
PB-RID
X-Varnish-Age
X-NF-Request-ID
X-Hits
X-Grace
X-Amzn-Trace-Id
Fastcgi-Cache
Front-End-Https
X-Content-Type
X-B3-Sampled
X-Acc-Meta-Resource-Type
X-Frontend
X-FTR-Cache-Host
X-Logged-In
Server-Name
X-Content-Digest
X-Pad
X-Srv
Host
X-Forwarded-For
X-Fastcgi-Cache
AMP-Access-Control-Allow-Source-Origin
X-Correlation-Id
Nel
X-Vcache
X-Node-Name
X-FastCGI-Cache
X-Microsite
X-Request-Handler-Origin-Region
FilterID
Powered-By-ChinaCache
TP-Cache
Healthy
TP-L2-Cache
X-Debug-Info
X-LB-Cache
X-Type
Edge-Cache-Tag
X-Rid
X-Kinsta-Cache
X-IPLB-Instance
X-AOL-HN
X-GUploader-UploadID
X-User-Agent
X-Request-Received
X-Request-Processing-Time
X-Cached-By
X-Cache-2
X-HS-Hub-Id
X-HS-Content-Id
X-Hostname
X-Revision
X-Cache-Rule
Powered
X-F-Cache
Surrogate-Key
X-XRDS-LOCATION
X-RateLimit-Limit
X-Accel-Expires
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Analytics
X-Zen-Fury
X-Cache-Age
Backend-Timing
X-Page-Id
X-Content-Security-Policy-Report-Only
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Cache-Key
X-Varnish-Backend
X-Content-Options
X-Varnish-Grace
X-BCube-Filmed-By
Source
X-Cluster
X-FB-Debug
X-Jobs
X-Amz-Replication-Status
X-Content-Powered-By
X-Request-Guid
X-Instance
Cache-Status
X-PHP-Backend
X-Tumblr-User
X-TT
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Kong-Proxy-Latency
X-App-Environment
X-Kong-Upstream-Latency
Cleartype
X-Framework
X-Az
X-AppVersion
X-Activity-Id
X-Akamai-Edgescape
Tracecode
WPE-Backend
X-Varnish-Hostname
X-Via-JSL
Server-Node
X-Forwarded-Host
Host-Header
Refresh
X-Cache-TTL
X-Mobile
X-Cache-Control
X-ATG-Version
X-Cache-Operation
X-NWS-LOG-UUID
X-FW-Hash
X-FW-Static
X-FW-Type
X-FW-Server
X-FW-Serve
X-Signature
X-B-Cache
X-Time
Accept-Charset
Actual-Object-TTL
X-Drupal-Cache-Tags
DC
X-B3-Traceid
X-Cache-Action
X-Edge-Location
Liferay-Portal
Access-Control-Allow-Method
Upgrade-Insecure-Requests
X-Whom
X-Cache-Hit
X-App-Server
X-Accel-Buffering
X-TA-CDN-Provider
X-Response-Served-From
X-Mobile-URL
X-TX-ID
X-Storage
X-Hp-Webp
Payment
X-Content-Age
X-UA-Device-Type
X-WebKit-CSP-Report-Only
Fastcgi-Useragent
X-Yottaa-Optimizations
X-VG-WebCache
X-TT-TIMESTAMP
X-Yottaa-Metrics
X-Handled-By
X-GeoIP
X-SS-Set-Cookie
Filters
X-RequestSource
X-Cacheable-TTL
Cache
X-Adobe-Content
X-Git-Hash
Eomportal-Instance
X-Adobe-Loc
X-B
Server-Info
Xserver
X-ProcessESI
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Ratelimit-Reset
Cache-Tv-Group
Viewport
X-RemovedCookies
X-Geo-Country
X-WA-Info
X-FB-TRIP-ID
Cache-Tag
X-Cache-TTL-Remaining
Datacenter
X-Status
X-Cache-Enabled
Accept-CH-Lifetime
Retry-After
Webserver
X-Erf-Bev-Bev-Is-Generated
NGB
X-Erf-Bev-Bev
X-Contextid
X-Seen-By
X-FW-Dynamic
S-Cnection
X-Ratelimit-Limit
X-Presslabs-Stats
X-CF-Powered-By
X-Origin-Server
X-Host-Name
X-APP-VERSION
X-Mode
X-Magnolia-Registration
X-PressLabs-Stats
X-Varnish-Hits
Country
X-Rendered-As
X-Cache-Var
X-Cache-Config
X-AWS-Id
X-RN-RSRV
X-Cache-Var-Map
X-Path-Route
X-ES-SERVER
X-LJ-Flow-ID
Meta-Geo
X-VCT
X-VWS-Id
MS-CV
Load-Balancing
X-Daa-Tunnel
Machine
X-Zipkin-Id
X-Upstream-CT
X-Proxied
X-Routing-Service
X-Upstream-HT
X-Cache-Grace
Mail-Subject
From-Origin
DSUID
Cache-Key
Vix-Hermes-Req-Id
We-Hiring
X-Human
X-Cache-Host
GEO-INFO
X-Labrador-Cache-Channel
Release
X-Real-IP
X-OCL
Frame-Options
X-Access
X-Loop
X-Hit
X-PCL
X-EIG-Tracking-Id
X-Hyper-Cache
X-Backend-Name
X-Debug-Cache
X-Device-Type
Uber-Trace-Id
X-From
ServedBy
X-Cache-NE
X-Varnish-Cache-Hits
X-Varnish-Server
X-Viewer-Country
X-Web-Node
Mn-Server-Ip
X-TNCMS
X-Section
X-RCS-CacheZone
OT-Force-Account-Verify
Rt-Fastcgi-Cache
Now
X-BYPASS-REASON
X-Akamai-Request-ID
X-MP-GENERATED-AT
X-R9-Blue-Green-Version
X-Rule
X-Tumblr-Pixel-3
X-VG-TLSProxy
X-ProxyCache-Status
X-ProxyCache-Key
X-Cluster-Node
X-Esi
X-Origin-Response-Time
X-Proto
X-CCM
X-Upgrade-Enabled
X-JoinUs
X-L-Path
X-Proxy-Build
X-Hosted-By
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Environment-Context
X-FC-Vary-Parameters
X-Generated
X-Region
X-S
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Redis-Cache
X-Shopify-Stage
X-ShopId
X-Timing-Wait
X-Xfnlog-Site
X-Alternate-Cache-Key
NGX
X-ShardId
Akamai-GRN
X-Generated-By
X-Cache-Remote
X-Platform-Server
X-Guploader-Uploadid
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
X-NCache
Cache-Name
X-Via-Fastly
X-UUID
X-Trace-Id
X-Endurance-Cache-Level
X-RTag
Ms-Operation-Id
DB-Nickname
X-Nginx-Cache
X-Locale
X-Site-Version
X-Www-Served-By
X-Datadome
X-Hl-Ver
X-MServer
X-ECACHE
X-Drupal-Cache-Contexts
Cteonnt-Length
X-Vgn-Hpd-Reason
X-NewRelic-App-Data
X-Rocket-Nginx-Bypass
X-ServerID
X-EdgeConnect-Cache-Status
X-Load-Cache
ProcessTime
X-Ttl
X-Request-Time
X-Wix-Request-Id
Time
X-IP
X-Time-Microsecs
X-IPS-LoggedIn
X-GRACE
X-Litespeed-Cache
L5d-Success-Class
X-Cache-Backend
X-Dc
X-Via-CDN
X-GEO
S-Rt
Version
X-Origin
Webcakes-Region
X-Origin-Hint
Served-By
Webcakes-App-Version
TWC-Privacy
TWC-Device-Class
TWC-Connection-Speed
TWC-GeoIP-Country
TWC-GeoIP-LatLong
Property-Id
TWC-Locale-Group
Webcakes-App-Name
X-Unique-ID
Origin
Azure-Version
NtCoent-Length
X-FW-Version
Azure-SiteName
Azure-SlotName
Azure-RegionName
X-Microcachable
Azure-InstanceId
Origin-Cache-Control
X-Proxy
Origin-Edge-Control
X-Pubstack
SRV
X-Distributor
Fastcgi-X-Cache-Version
X-No-Session
X-FireWall-Port
X-Oneagent-Js-Injection
Fastly-SSL
X-B3-Spanid
X-Grey
X-Cache-Server
X-Cache-Category-Id
CACHE
X-Via-NSCOPI
X-RateLimit-Reset
Access-Control-Request-Headers
X-BACKEND-TTL
X-Detected-As
X-UA
X-Is-Bot
X-PERF
X-ApacheServer
IBM-Web2-Location
Hostname
X-Format
Odigeo-Trace-Id
X-CS
X-Ua
X-HTML-Minification-Powered-By
X-Webkit-Csp
X-Akamai-Transformed
Proxy-Connection
Cache-Tags
X-Edge
X-Powered-By-Defense
X-Cdn-Forward
X-Varnish-Cacheable
Backend-Name
X-Nc
X-Application
X-ARC
Content-Script-Type
X-Rebelmouse-Cache-Control
X-B-Cookie
Ec-Rule-Version
X-NX-Host
X-Org
X-NU-AKA-ACS-Version
Request-EU
Request-Country
X-ND-Cache
X-PAYTM-SRV-ID
Request-Time
Cross-Origin-Window-Policy
X-Cache-Bucket
X-Processor
X-App-Name
X-SRCache-Key
Content-Style-Type
X-Aed
Arc-Country
AsisCache
Server-ID
Cdn-Host
ServerName
Rt-Proxy-Cache
BehaviorPad-Version
Cache-Prefix
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Cdn-Request-Time
Viewtype
X-Rebelmouse-Surrogate-Control
X-A-Dgt
X-A-Wwc
X-Accel-Expires-Debug
Fastly-SIE
X-A-Dcw
X-A-Dam
VivaBuild
A
X-A
X-A-Ccd
X-AIR-PT
X-Instart-Info
Mobile-Detection-Method
X-Region-Sid
X-Edge-Server
X-Worker
X-ScT
Node
X-DPWN-IS-SECURE
X-Debug-Log
X-Destination
X-Request-UUID
X-Developer
X-S-Maxage
X-S-Cookie
X-G
X-Rewrite-Enabled
Xc-Version
X-External-Request-Id
MD5-Digest
HA-Ipaddr
X-Eu-Site
X-Rojux
X-Server-Time
Meta-Geo-Continent
Ha-Gx-Prefs
Rendered-Blocks
X-Debug-Cookies
X-CF-Lambda-Fn
X-IN-APIGATEWAY
X-VG-WebServer
X-CF-Lambda-Version
X-HS-Combine-CSS
Fly-Request-Id
Fly-Cache
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
Fastly-SWR
X-CGP
X-Vtex-Processado-Em
X-Connection-Hash
GEO-REGION-INFO
X-D
X-Date
X-Cluster-Name
X-HS-Cache-Config
X-Vtex-Remote-Cache
Proxy-Firewall
RNT-Machine
Memcached
Platform
Mime-Version
X-Server-IP
Resin-Trace
On-Server
Section-Io-Cache
X-PHP-Host
X-Hash
X-Dispatcher-Server
X-Core-Mission
X-Clientip
X-Reqid
X-Request-URI
X-GeoIP-Country-Code
X-We-Are-Hiring
X-Fastly-Cache
X-Internal-Host
X-Generated-On
X-Epic-Correlation-Id
X-Geo-Header
Is-Eu
X-Variation
X-Irp-Debug
X-ServiceProvider
X-Cache-Id
X-Qloud-Router
X-Backend-State
Server-Int
True-Client-Country-4JS
X-Cache-Info
X-Cdn-Origin
X-Level-Front-Cache
X-Key
X-TH-Server
X-Cdn-Srv
X-Sn-Servicetimems
Server-Host
RNT-Time
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Country-Code
Apple-News-Services-Handled
X-C
X-Tb
X-UnsetCookies
Adler-Geo
Countrycode
X-B3-Parentspanid
PageSpeed
X-Akamai-Request-ID2
X-Compress-Hint
X-B3-SpanId
X-Block-Status
X-Li-Fabric
X-Fetched-On
X-SD-PageType
X-Servername
X-Served-From
X-BBXSRF
X-SIPLIST1
X-Swa-Ws
X-Gen-Mode
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Skip-Cache
X-Fstrz
X-Hnp-Log
X-LI-Proto
X-Developers
X-Crawler
X-Protected-By
X-Device-Os
X-Dispatch
X-Distil-CS
X-Nginx-Cache-Key
X-Reboot
X-ElasticPress-Search
X-Response-By
X-LI-UUID
X-Method
X-Request-Start
X-CDN-Cache
X-Location
Wxu-Next-Region
X-Li-Pop
X-Amz-Meta-Cache-Control
Wxu-Next-Hostname
SS
Gh-Request-Id
X-WebServer
IsBot
X-Wikidot-Backend
X-Wikidot-Static-Cache
Content-Disposition
REQUESTUUID
CDCHOST
X-Webstats-RespID
SD-X-WS
Esi-Enabled
UCS
User-Cache-Control
PFcat
Wxu-Next-Commit
Pramga
Web-Mar-Node
Who
V-Age
AKAMAI
X-NC
X-Origin-Date
Heartbleed
Powered-By
X-Matched-Rule
X-Origin-Expires
Fastly-Soc-X-Request-Id
Pragrma
X-Cms-Context
GW-Server
X-Owner
X-VServer
X-Generation-Time
X-Via-Edge
X-Via-SSL
X-Thanos
X-Thinkindot-L3
X-GeoIP-City
X-Parent-Response-Time
X-Gannett-Site-Version
X-Auto-Login
X-Bip
X-Cache-FS-Status
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Secret
X-Release
X-CDN-Forward
X-FPC
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
LB
X-OVcl-Cache
X-VC-Cache
X-Planisys-CDN-Cache
X-OVcl
X-App-Version
X-Varnish-Ttl
X-Be
X-IN-WAF
W
X-CLOUD-TRACE-CONTEXT
X-CUA
X-Core-Value
CF-IPCountry
X-Birta-Cache-Post
X-Azure-Ref
X-Azure-Ref-OriginShield
X-Birta-Served
X-Phone
X-Origin-CC
X-Origin-TTL
X-Ratelimit-Remaining
X-Varnish-IP
X-CACHE-KEY
X-Clara-WADP
Memory
Accept-Language
X-WADP-Cache
X-Varnish-Url
HitType
Selected-FE
X-LAGOON
L
X-Info
N-Cache
X-Page-Type
X-Proxy-Upstream
X-Varnish-Beresp-Ttl
X-Proxy-Cache-Status
X-DC
X-Geo
Kp-EeAlive
X-TrackingId
X-FE
X-URL
User-Agent
X-Source
X-Amzn-Remapped-Content-Length
Cdn
X-Dynatrace-Js-Agent
Selected-Fe
Locale
Magicmarker
X-Urbn-Site-Id
X-Varnish-Beresp-Grace
X-Urbn-Context-Path
X-Web-Server
X-Pf-Uncompressing
X-Varnish-Beresp-Status
X-Oracle-Dms-Rid
X-Zone
X-Cache-Debug
X-Agile
X-Agile-Age
X-Agile-Id
X-Hello
X-Flog
Pagetype
X-TT-LOGID
X-Refresh
X-Servedbyhost
X-HS-Status
X-ABtesting
X-Newrelic-Synthetics
X-Backend-TTL
X-Generated-In
X-User
Geoip-City
Geoip-Latitude
GeoIp-Country-Code
X-MID
X-Mid
X-Aicache-OS
X-Check-Cacheable
X-Backend-Url
X-Backend-Host
X-Real-Ip
CF-Cached-On
X-ZONE
X-Vcl-Version
SN
X-VCL-Version
X-Debug-Cache-Fetch
X-Tt-Trace-Tag
X-MSEdge-Features
X-MSEdge-Flight
X-Debug-Cache-Expiry
X-Up
X-Soup
X-GoCache-CacheStatus
X-Debug-Cache-Store
Amp-Access-Control-Allow-Source-Origin
X-Ruxit-Js-Agent
Ohc-Cache-HIT
Ohc-File-Size
X-NWS-UUID-VERIFY
X-APP
Group
X-Tb-Optimization-Total-Bytes-Saved
GeoIP-Country-Code
FSS-Cache
FSS-Proxy
X-Oss-Request-Id
X-Oss-Server-Time
GeoIP-Latitude
HTTPS
GeoIP-City
X-Oss-Storage-Class
X-UPSTREAM-Address
X-Oss-Hash-Crc64ecma
X-ServedByHost
X-Oss-Object-Type
X-EC-Lua
WZWS-RAY
Server-Cache-Control
X-SN
X-Contensis-Viewer-Groups
Server-Surrogate-Control
X-Cache-ASPX
X-Varnish-Authentication
HostName
X-BC
RequestId
Backend
Www
X-SERVER-NAME
X-Instart-Isnd
X-COUNTRY
X-Via-Ucdn
X-SayCDN-TTL
X-Say-TTL
Lb
X-Old-Content-Length
WebServer
X-Say-Cacheable
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-CSRF-Token
Cf-Ipcountry
Srv
X-Bc
X-Cache-Expires
X-Akamai-SSL-Client-Sid
X-NGENIX-Cache
Host-ID
X-Varnish-Beresp-TTL
X-Nananana
X-PF-Uncompressing
Xkeyrz
X-Proxy-Cacherz
X-ECache
XServer
Cache-Hits
X-Cache-Ttl
X-Dynatrace
Inserted-Into-Cache-At
URI
X-Node-Id
Fastly-Backend-Name
Epwk-Cache
X-Varnish-Action
X-Request-Url
X-Cache-Tag
Requestid
Get-Access-Time
X-TIME
Is-Session-Tracking
X-PAGE-TYPE
Ajk
X-Logtrace-Id
Xkeynj
X-FORWARDED-FOR
X-WR-MODIFICATION
X-Fastly-Backend-Reqs
X-IN-APIGATEWAYSSL
X-Fastly-Country-Code
Fastcgi-X-Cache
X-Unique-Id
X-CSRF-TOKEN
X-MCACHE
X-AssetVersion
X-Requestid
X-Cache-Time
X-Edge-IP
X-Cache-Miss-From
X-Sedo-Request-Id
X-LiteSpeed-Cache-Control
Dynatrace
X-Wa
X-RateLimit-Limit-Second
X-Pjax-Url
X-RateLimit-Remaining-Second
Pics-Label
X-Var-Ttl
X-Sf
FNAC-ModuleRouting
X-Svr
Cneonction
X-SRV
Xet-Cookie
DataCenter
CDN
X-Lb-Id
X-Fastly-Cache-Hits
Cache-Provider
X-BE
Correlation-Id
X-Swift-Error
X-Correlation-ID
X-Dw-Trace-Id
X-NGINX-Cache
X-WA
X-Fpc
X-Apw-Access-Token
X-Apw-Access-Action
X-Apw-Hits
X-Apw-Access-Object
T-Server
X-LB-ID
X-PJAX-URL
Lfy
X-Alicdn-Da-Ups-Status
X-Html-Edge-Cache
X-ServerName
PICS-Label
X-LiteSpeed-Tag
X-WPE-Loopback-Upstream-Addr
RequestUuid
Ohc-Response-Time
X-DB
X-Flow-Id
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-App
X-Page-Impression-Id
X-Zalando-Child-Request-Id
X-Policy
Sid
X-Bug-Bounty
X-RPM
X-RPS
X-DW
X-DSS
Warning
X-DI
X-RSL