Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
X-Drupal-Cache
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
P3p
X-Template
Status
X-Language
Timing-Allow-Origin
Content-Encoding
X-Content-Security-Policy
X-Iinfo
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-Turbo-Charged-By
X-CDN
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Amz-Request-Id
X-Amz-Id-2
X-Pingback
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
X-Server-Powered-By
EagleId
X-Varnish-Cache
X-UA-Device
X-Nginx-Cache-Status
Request-Context
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
X-WebKit-CSP
Ali-Swift-Global-Savetime
Feature-Policy
X-Device
Server-Timing
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Server-Id
X-Host
X-Ac
Report-To
X-Rq
Content-Location
X-Node
X-OneAgent-JS-Injection
X-Backend-Server
X-Response-Time
X-Cnection
X-Origin-Cache
X-Cloud-Trace-Context
X-Application-Context
EagleEye-TraceId
Allow
Request-Id
X-Readtime
Surrogate-Control
X-Cache-Lookup
X-Country
X-ORACLE-DMS-ECID
X-Cdn
X-TTL
Pinterest-Generated-By
X-Url
X-DynaTrace
X-Vhost
X-Ua-Compatible
X-Clacks-Overhead
X-Rack-Cache
X-Ruxit-JS-Agent
X-Origin-Upstream-Status
X-ORACLE-DMS-RID
X-CST
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Rating
X-FTR-Request-ID
X-Country-Code
NEL
X-HW
X-Goog-Hash
X-Instart-Request-ID
X-Dispatcher
X-DataStream-Cache-Status
Fusion-Template-Id
Fusion-Component-Id
Fusion-Source
Fusion-Content-Id
Fusion-Content-Source
Edge-Control
X-PC
X-TtlSet
X-Vname
X-Px
X-VARITI-CCR
Service-Worker-Allowed
X-MS-InvokeApp
X-Mod-Pagespeed
X-Request-ID
X-Dns-Prefetch-Control
SPRequestGuid
Verso
X-DataDome
X-Recruiting
X-Cdn-Fetch
X-Kinja-Revision
X-Use-Magma
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
X-Kinja-Server
X-Exp-Id
X-D2id
X-B3-TraceId
X-Varnish-TTL
X-Vcap-Request-Id
X-ESI
X-SharePointHealthScore
X-Abt-Application-Version
TCN
X-Amz-Server-Side-Encryption
DynaTrace
X-Navigation-Version
RTSS
X-Powered-By-Plesk
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-RateLimit-Remaining
X-GitHub-Request-Id
Response
X-Middleton-Response
X-Middleton-Display
X-Server-Name
Display
X-Sol
Content-MD5
X-Akam-SW-Version
Accept-Ch-Lifetime
Charset
AR-ATIME
AR-PoweredBy
Ar-Sid
AR-CACHE
MS-Author-Via
ServerID
X-Trace
X-Amz-Rid
Realpath
X-Shield-Request-Id
X-Dw-Request-Base-Id
AR-Request-ID
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Metageneration
X-Powered-CMS
X-Cached
X-DynaTrace-JS-Agent
X-TEC-API-VERSION
X-Version
X-TEC-API-ROOT
X-TEC-API-ORIGIN
Nginx-Cache
X-Forwarded-Proto
X-Shard
Accept-Ch
X-Upstream
SPRequestDuration
Fastly-Restarts
SPIisLatency
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
MRF-Tech
Mrf-Cache-Status
Public-Key-Pins
Pinterest-Version
X-Upstream-Proxy
X-Pinterest-Rid
Paypal-Debug-Id
X-Goog-Storage-Class
X-MSEdge-Ref
X-Client-IP
Access-Control-Request-Method
Pagespeed
S
X-Server-ID
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Debug
X-Id
X-Amz-Meta-S3cmd-Attrs
X-FTR-Cache-Status
X-FTR-Balancer
X-Country-Code-Real
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Realm
X-Ezoic-Cdn
X-FTR-Expires
Accept-CH
X-N
X-DIS-Request-ID
X-T
X-Fastly-Request-ID
X-Grace
MicrosoftSharePointTeamServices
X-VCache
Arr-Disable-Session-Affinity
X-Ser
X-Mobile-Rewrite
Arc-Version
PB-PID
X-Varnish-Age
PB-RID
X-Amzn-Trace-Id
X-Content-Type
X-Hits
Alternate-Protocol
Front-End-Https
X-NF-Request-ID
X-B3-Sampled
Nel
Fastcgi-Cache
X-Acc-Meta-Resource-Type
X-FTR-Cache-Host
X-Frontend
X-Logged-In
X-Content-Digest
X-XRDS-Location
Server-Name
X-Srv
X-Pad
X-Correlation-Id
X-Forwarded-For
Host
X-Vcache
X-FastCGI-Cache
AMP-Access-Control-Allow-Source-Origin
Powered-By-ChinaCache
X-Node-Name
X-Request-Handler-Origin-Region
X-Microsite
X-Fastcgi-Cache
FilterID
TP-L2-Cache
TP-Cache
Healthy
X-Rid
X-XRDS-LOCATION
X-LB-Cache
Edge-Cache-Tag
X-Type
X-Kinsta-Cache
X-IPLB-Instance
X-Request-Received
X-Debug-Info
X-Request-Processing-Time
X-AOL-HN
X-Cached-By
X-User-Agent
X-Cache-Key
X-GUploader-UploadID
X-Cache-2
X-Revision
X-HS-Content-Id
X-HS-Hub-Id
X-Hostname
X-Cache-Rule
X-F-Cache
Powered
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Zen-Fury
Surrogate-Key
X-Accel-Expires
Backend-Timing
X-Analytics
X-Cache-Age
X-Page-Id
X-Kong-Upstream-Latency
X-B3-Traceid
X-Kong-Proxy-Latency
X-Varnish-Backend
X-Varnish-Grace
X-BCube-Filmed-By
X-Content-Options
X-Cluster
X-Instance
X-Content-Security-Policy-Report-Only
VIX-Pulpo-Node
X-Activity-Id
X-AppVersion
X-Az
X-Jobs
VIX-Pulpo-Upstream-Status
X-FB-Debug
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-User
X-Akamai-Edgescape
X-App-Environment
X-Request-Guid
Cache-Status
X-PHP-Backend
X-Content-Powered-By
Source
X-Amz-Replication-Status
X-TT
Cleartype
X-Via-JSL
X-RateLimit-Limit
Tracecode
X-Framework
X-Varnish-Hostname
Server-Node
WPE-Backend
Refresh
X-Forwarded-Host
Host-Header
X-Signature
X-FW-Server
X-FW-Serve
X-FW-Hash
X-FW-Type
X-FW-Static
X-Mobile
X-B-Cache
X-ATG-Version
X-Cache-Operation
X-Cache-Control
X-Cache-TTL
X-Time
DC
X-NWS-LOG-UUID
Accept-Charset
Liferay-Portal
Actual-Object-TTL
X-Drupal-Cache-Tags
X-Edge-Location
X-Cache-Action
Access-Control-Allow-Method
X-Cache-Hit
X-App-Server
Fastcgi-Useragent
Upgrade-Insecure-Requests
X-Mobile-URL
X-Accel-Buffering
X-Response-Served-From
X-Hp-Webp
Payment
X-Whom
X-Content-Age
X-UA-Device-Type
X-TX-ID
X-SS-Set-Cookie
X-Handled-By
X-WebKit-CSP-Report-Only
X-B
X-Storage
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cacheable-TTL
X-RequestSource
X-VG-WebCache
X-Tumblr-Pixel-1
X-GeoIP
Filters
X-TT-TIMESTAMP
X-Git-Hash
X-Tumblr-Pixel-2
X-Adobe-Loc
Eomportal-Instance
Cache-Tv-Group
X-Adobe-Content
Xserver
X-WA-Info
Viewport
X-ProcessESI
X-RemovedCookies
X-Geo-Country
Cache
X-TA-CDN-Provider
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
Server-Info
X-Status
X-FB-TRIP-ID
Cache-Tag
Accept-CH-Lifetime
X-Ratelimit-Limit
Webserver
NGB
X-Cache-TTL-Remaining
Datacenter
X-Presslabs-Stats
X-Esi
X-APP-VERSION
X-Cache-Enabled
Retry-After
X-Ratelimit-Reset
X-FW-Dynamic
X-Contextid
X-Seen-By
S-Cnection
X-Origin-Server
X-Host-Name
X-Mode
Country
MS-CV
X-CF-Powered-By
From-Origin
X-Path-Route
X-LJ-Flow-ID
Frame-Options
X-Cache-Var
X-Magnolia-Registration
X-RN-RSRV
X-Varnish-Hits
X-ES-SERVER
X-Cache-Var-Map
X-Tumblr-Pixel-3
Load-Balancing
X-VWS-Id
X-AWS-Id
Meta-Geo
Machine
X-Cache-Config
X-Zipkin-Id
X-Routing-Service
X-Proxied
X-Hit
Release
X-Human
X-Hyper-Cache
We-Hiring
Mail-Subject
X-Rendered-As
X-Upstream-HT
X-Upstream-CT
X-Varnish-Cache-Hits
DSUID
X-Daa-Tunnel
GEO-INFO
X-Backend-Name
X-Device-Type
X-Debug-Cache
X-Loop
X-MP-GENERATED-AT
X-EIG-Tracking-Id
Vix-Hermes-Req-Id
X-Labrador-Cache-Channel
X-From
X-Cache-Host
Now
Mn-Server-Ip
X-Access
X-OCL
X-RCS-CacheZone
X-Guploader-Uploadid
X-PCL
X-Section
X-TNCMS
X-Varnish-Server
Uber-Trace-Id
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Cluster-Node
X-Akamai-Request-ID
X-Generated-By
X-Upgrade-Enabled
Ms-Operation-Id
X-RTag
X-Web-Node
X-VG-TLSProxy
Akamai-GRN
X-BYPASS-REASON
X-VCT
X-ShopId
X-Alternate-Cache-Key
Rt-Fastcgi-Cache
X-Viewer-Country
X-Shopify-Stage
X-ShardId
X-ProxyCache-Status
X-Proto
OT-Force-Account-Verify
X-Origin-Response-Time
X-R9-Blue-Green-Version
X-ProxyCache-Key
X-Rule
X-NCache
X-Via-Fastly
DB-Nickname
Cache-Name
X-Xfnlog-Site
Decoy-Debug-Key
X-Endurance-Cache-Level
Decoy-Debug-TTL
Decoy-Debug-Status
Cache-Key
X-S
X-Environment-Context
X-Hosted-By
X-Cache-Grace
X-Proxy-Build
X-FC-Vary-Parameters
X-L-Path
X-CCM
X-Timing-Wait
X-JoinUs
X-Generated
X-Goog-Meta-Goog-Reserved-File-Mtime
ServedBy
X-Region
X-Cache-NE
X-UUID
X-Platform-Server
X-Drupal-Cache-Contexts
X-NewRelic-App-Data
X-Redis-Cache
X-Nginx-Cache
X-Www-Served-By
X-Trace-Id
X-Locale
X-Site-Version
X-PressLabs-Stats
NGX
X-Load-Cache
X-Real-IP
X-MServer
X-EdgeConnect-Cache-Status
Cteonnt-Length
X-Hl-Ver
ProcessTime
X-Vgn-Hpd-Reason
X-Cache-Remote
X-ServerID
X-Rocket-Nginx-Bypass
X-ECACHE
X-B3-Spanid
X-Request-Time
X-Dc
Time
X-IP
CACHE
X-RateLimit-Reset
X-Time-Microsecs
X-IPS-LoggedIn
Azure-Version
S-Rt
Azure-SlotName
X-FW-Version
Azure-InstanceId
X-Wix-Request-Id
X-GEO
X-Via-CDN
X-Origin
Azure-SiteName
Azure-RegionName
NtCoent-Length
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-Connection-Speed
Property-Id
TWC-Locale-Group
Version
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
TWC-Privacy
X-Origin-Hint
L5d-Success-Class
X-Proxy
X-UA
Served-By
X-Oneagent-Js-Injection
X-Distributor
SRV
X-Datadome
X-FireWall-Port
X-No-Session
Origin
X-Microcachable
Fastly-SSL
X-Cache-Backend
Origin-Edge-Control
Origin-Cache-Control
X-Pubstack
X-Unique-ID
Fastcgi-X-Cache-Version
X-Cache-Category-Id
X-Grey
X-Cache-Server
X-Webkit-Csp
Access-Control-Request-Headers
X-Format
X-CS
X-Via-NSCOPI
X-ApacheServer
X-Edge
X-Powered-By-Defense
X-PERF
IBM-Web2-Location
Odigeo-Trace-Id
X-Is-Bot
X-HTML-Minification-Powered-By
X-Detected-As
X-BACKEND-TTL
X-Akamai-Request-ID2
Ec-Rule-Version
X-Akamai-Transformed
X-UnsetCookies
Cache-Tags
X-CDN-Forward
Backend-Name
X-Compress-Hint
Fly-Cache
Cache-Prefix
X-Nc
X-Application
X-ARC
Hostname
Fly-Request-Id
X-Processor
Proxy-Connection
BehaviorPad-Version
AsisCache
Arc-Country
Cache-Cookie-Set-Idcheck
X-D
X-App-Name
Cache-Cookie-Set-Lfrom
X-S-Maxage
Rendered-Blocks
Request-Time
Cross-Origin-Window-Policy
X-S-Cookie
Request-Country
Request-EU
X-Cache-Bucket
X-Rewrite-Enabled
X-Rojux
X-AIR-PT
X-Region-Sid
X-Date
X-B-Cookie
X-Request-UUID
X-VG-WebServer
X-NU-AKA-ACS-Version
Cdn-Host
Content-Style-Type
Content-Script-Type
Cdn-Request-Time
A
Rt-Proxy-Cache
X-Worker
Server-ID
Xc-Version
X-Destination
X-Org
X-A-Ccd
X-Vtex-Processado-Em
X-Connection-Hash
X-Trv-Group
X-IN-APIGATEWAY
X-HS-Combine-CSS
X-ScT
X-A-Dam
X-A
Viewtype
X-External-Request-Id
Mobile-Detection-Method
X-Eu-Site
Node
X-Edge-Server
Meta-Geo-Continent
X-Twitter-Response-Tags
MD5-Digest
ServerName
X-Developer
X-G
PageSpeed
X-Instart-Info
X-HS-Cache-Config
X-Accel-Expires-Debug
VivaBuild
X-DPWN-IS-SECURE
X-A-Wwc
X-Cluster-Name
X-Server-Time
X-Aed
X-PAYTM-SRV-ID
GEO-REGION-INFO
Cache-Cookie-Set-From
X-Transaction
X-CF-Lambda-Fn
X-Cdn-Srv
X-CF-Lambda-Version
X-Vtex-Remote-Cache
X-SRCache-Key
X-A-Dgt
X-CGP
X-Internal-Host
Ha-Gx-Prefs
X-A-Dcw
HA-Ipaddr
X-Oracle-Dms-Rid
X-Tb
X-Varnish-Cacheable
X-ND-Cache
Platform
Mime-Version
Memcached
Fastly-SIE
Is-Eu
Gh-Request-Id
Country-Code
X-Nginx-Cache-Key
Esi-Enabled
X-Location
Fastly-SWR
X-NX-Host
Countrycode
X-Dispatch
X-We-Are-Hiring
X-Clientip
X-Key
X-Irp-Debug
X-Skip-Cache
Server-Host
Apple-News-Services-Request-Url
RNT-Time
X-Server-IP
Section-Io-Cache
X-Debug-Log
X-Hash
X-Fastly-Cache
X-Level-Front-Cache
X-Variation
X-Epic-Correlation-Id
SS
X-Generated-On
X-Core-Mission
X-GeoIP-Country-Code
X-Geo-Header
RNT-Machine
X-Debug-Cookies
X-Qloud-Router
X-Rebelmouse-Cache-Control
X-TH-Server
Adler-Geo
Proxy-Firewall
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-Backend-State
X-Rebelmouse-Surrogate-Control
X-Dispatcher-Server
X-B3-Parentspanid
Resin-Trace
LB
X-C
X-Reqid
X-ElasticPress-Search
X-NC
Wxu-Next-Commit
Who
Wxu-Next-Hostname
User-Cache-Control
UCS
Web-Mar-Node
X-Li-Fabric
X-CDN-Cache
X-Cdn-Origin
X-Cache-Info
X-Cache-Id
X-Cache-FS-Status
X-Hnp-Log
True-Client-Country-4JS
X-Fetched-On
X-FPC
X-Gen-Mode
X-Generation-Time
X-Crawler
X-Distil-CS
X-Auto-Login
X-LI-UUID
X-Amz-Meta-Cache-Control
X-Method
X-BBXSRF
X-LI-Proto
X-Device-Os
X-Developers
X-Li-Pop
X-Block-Status
Wxu-Next-Region
X-Served-From
X-Request-Start
X-Request-URI
X-Response-By
X-SD-PageType
X-Reboot
X-Protected-By
Content-Disposition
CDCHOST
AKAMAI
X-Servername
X-ServiceProvider
X-Wikidot-Backend
X-Webstats-RespID
X-WebServer
X-Wikidot-Static-Cache
X-GRACE
X-Sn-Servicetimems
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-PHP-Host
X-SIPLIST1
PFcat
On-Server
Pramga
REQUESTUUID
Server-Int
IsBot
Powered-By
SD-X-WS
X-Ua
X-Swa-Ws
X-Cms-Context
Pragrma
X-Fstrz
X-Gannett-Site-Version
X-CUA
X-Via-SSL
V-Age
X-Via-Edge
X-Parent-Response-Time
Fastly-Soc-X-Request-Id
X-Thanos
W
X-Owner
X-Release
X-Origin-Date
X-Bip
X-Secret
GW-Server
X-Origin-Expires
X-Azure-Ref
X-Azure-Ref-OriginShield
X-GeoIP-City
Heartbleed
X-Varnish-Ttl
CF-IPCountry
X-Cdn-Forward
X-VC-Cache
Thinkindot-CacheControl-Type
X-VServer
Thinkindot-CacheControl
X-Matched-Rule
X-OVcl-Cache
Accept-Language
X-Varnish-Url
X-Clara-WADP
X-OVcl
Thinkindot-Control
X-CLOUD-TRACE-CONTEXT
X-Thinkindot-L3
X-WADP-Cache
X-Origin-CC
X-Origin-TTL
L
X-Ratelimit-Remaining
X-B3-SpanId
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Be
Memory
X-Phone
N-Cache
X-Proxy-Upstream
X-IN-WAF
X-Core-Value
X-Proxy-Cache-Status
X-Varnish-Beresp-Ttl
X-LAGOON
X-Birta-Cache-Post
X-Birta-Served
X-TrackingId
X-FE
X-Amzn-Remapped-Content-Length
Selected-Fe
Kp-EeAlive
X-Pf-Uncompressing
X-Varnish-IP
Selected-FE
X-URL
HitType
X-Info
X-Urbn-Site-Id
X-Ttl
User-Agent
X-Geo
X-Urbn-Context-Path
Locale
X-Page-Type
Magicmarker
X-DC
X-Dynatrace-Js-Agent
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Zone
Cdn
X-App-Version
Pagetype
X-Backend-TTL
X-Source
X-Newrelic-Synthetics
X-User
X-Hello
X-ABtesting
Geoip-Latitude
Geoip-City
X-Flog
GeoIp-Country-Code
X-TT-LOGID
X-Litespeed-Cache
X-Backend-Url
X-Backend-Host
X-Web-Server
X-Generated-In
X-SERVER-NAME
X-Agile-Id
X-HS-Status
X-Agile-Age
X-Cache-Debug
X-Refresh
X-Agile
X-MID
X-Mid
X-MSEdge-Flight
CF-Cached-On
X-MSEdge-Features
X-Debug-Cache-Expiry
X-Real-Ip
SN
X-Debug-Cache-Fetch
X-GoCache-CacheStatus
X-Debug-Cache-Store
X-Up
X-Soup
X-Servedbyhost
X-Check-Cacheable
X-CACHE-KEY
X-Tt-Trace-Tag
X-Aicache-OS
X-Vcl-Version
X-ZONE
X-Ruxit-Js-Agent
Amp-Access-Control-Allow-Source-Origin
X-VCL-Version
FSS-Proxy
X-ServedByHost
X-Tb-Optimization-Total-Bytes-Saved
FSS-Cache
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
HostName
X-APP
Ohc-Cache-HIT
Srv
Ohc-File-Size
Group
X-NWS-UUID-VERIFY
X-Old-Content-Length
Server-Surrogate-Control
X-Amzn-Remapped-Date
GeoIP-Country-Code
X-Varnish-Authentication
X-UPSTREAM-Address
X-Contensis-Viewer-Groups
X-Amzn-Remapped-Connection
X-Cache-ASPX
Server-Cache-Control
X-CSRF-Token
X-EC-Lua
GeoIP-Latitude
X-Via-Ucdn
WZWS-RAY
X-Say-Cacheable
RequestId
X-Say-TTL
X-SayCDN-TTL
X-COUNTRY
HTTPS
GeoIP-City
X-Bc
X-Cache-Ttl
Www
X-SN
X-Akamai-SSL-Client-Sid
X-BC
Backend
X-Nananana
Cache-Hits
X-ECache
Inserted-Into-Cache-At
X-Varnish-Beresp-TTL
X-Instart-Isnd
X-Proxy-Cacherz
X-Node-Id
Xkeyrz
WebServer
X-Dynatrace
XServer
Ajk
Lb
X-WR-MODIFICATION
X-Logtrace-Id
X-IN-APIGATEWAYSSL
Fastly-Backend-Name
X-Cache-Expires
Requestid
Host-ID
Cf-Ipcountry
X-Cache-Tag
X-Request-Url
X-NGENIX-Cache
Xkeynj
X-Unique-Id
X-TIME
X-Fastly-Country-Code
Is-Session-Tracking
X-FORWARDED-FOR
X-PAGE-TYPE
X-Cache-Time
Get-Access-Time
X-CSRF-TOKEN
URI
X-MCACHE
X-Tec-Api-Version
Epwk-Cache
X-Tec-Api-Root
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Edge-IP
X-Fastly-Backend-Reqs
X-Cache-Miss-From
X-PF-Uncompressing
X-Requestid
X-Varnish-Action
X-Sedo-Request-Id
X-Tec-Api-Origin
X-LiteSpeed-Cache-Control
Dynatrace
X-Pjax-Url
Fastcgi-X-Cache
X-Wa
Cneonction
X-BE
Xet-Cookie
DataCenter
X-SRV
PICS-Label
X-Swift-Error
X-Lb-Id
Pics-Label
X-WA
CDN
T-Server
Correlation-Id
X-Svr
X-AssetVersion
X-NGINX-Cache
X-Dw-Trace-Id
X-Sf
X-Apw-Access-Object
X-Render-Time
X-Micro-Cache
X-Ecache
X-GDPR
X-Apw-Access-Action
X-Apw-Hits
X-Apw-Access-Token
X-PJAX-URL
X-Var-Ttl
FNAC-ModuleRouting
X-LB-ID
X-Cf-Powered-By
X-Vct
X-Serial
X-Fpc
X-Litespeed-Cache-Control
X-Request-URL
X-ServerName
Warning
X-Html-Edge-Cache
Lfy
X-Bug-Bounty
X-Akamai-ERPolicy
X-WPE-Loopback-Upstream-Addr
RequestUuid
Cache-Provider
Ohc-Response-Time
X-LiteSpeed-Tag
X-Akamai-ERRuleID
X-Fastly-Cache-Hits
X-DSS
X-DW
X-RPM
X-RPS
X-DI
X-DB
X-Flow-Id
X-Page-Impression-Id
X-Zalando-Child-Request-Id
X-RSL