Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
X-XSS-Protection
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Cacheable
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Xss-Protection
X-Request-ID
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Iinfo
Status
X-AspNetMvc-Version
Content-Encoding
X-Content-Security-Policy
X-Buckets
X-Kinja-Server-Push
Xkey
Upgrade
X-Via
X-Turbo-Charged-By
Access-Control-Expose-Headers
Keep-Alive
Access-Control-Max-Age
X-Cache-Group
X-Drupal-Dynamic-Cache
X-Pass-Why
P3p
X-Age
X-CDN
EagleId
X-Backend
X-Robots-Tag
X-Amz-Request-Id
X-Amz-Id-2
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Pingback
X-Ua-Compatible
X-Server-Powered-By
X-Proxy-Cache
X-AH-Environment
X-Hacker
X-Server
X-UA-Device
Request-Context
X-Nginx-Cache-Status
Grace
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Server-Id
Cf-Railgun
X-Amz-Version-Id
Feature-Policy
X-Cdn
Server-Timing
X-WebKit-CSP
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Rq
X-Ac
X-Cnection
Report-To
X-Cloud-Trace-Context
X-Host
X-Response-Time
X-Node
Content-Location
X-Backend-Server
EagleEye-TraceId
Request-Id
X-Origin-Cache
X-Readtime
X-Vhost
X-Application-Context
X-Cache-Lookup
X-Dns-Prefetch-Control
X-ORACLE-DMS-ECID
NEL
X-Dispatcher
Surrogate-Control
Allow
X-Ruxit-JS-Agent
X-Rack-Cache
X-Origin-Upstream-Status
X-Country
X-HW
X-Url
Rating
X-Country-Code
X-FTR-Request-ID
X-TTL
X-DataDome
X-ORACLE-DMS-RID
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-DynaTrace
X-Instart-Request-ID
Fusion-Component-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Id
Fusion-Content-Source
X-Goog-Hash
X-Varnish-TTL
X-Vname
X-TtlSet
X-MS-InvokeApp
X-PC
X-CST
X-Px
Verso
RTSS
Edge-Control
Public-Key-Pins
X-Powered-By-Plesk
X-VARITI-CCR
X-Recruiting
X-Mod-Pagespeed
Service-Worker-Allowed
X-D2id
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Server
X-Exp-Id
X-Use-Magma
X-Kinja-Revision
X-Kinja
X-Cdn-Fetch
Pinterest-Generated-By
X-Middleton-Display
Response
Display
X-Middleton-Response
X-Sol
X-Ah-Environment
X-Vcap-Request-Id
X-Version
SPRequestGuid
X-SharePointHealthScore
Accept-Ch-Lifetime
MS-Author-Via
X-Akam-SW-Version
X-RateLimit-Remaining
TCN
X-GitHub-Request-Id
X-Navigation-Version
X-Abt-Application-Version
Accept-CH
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Powered-CMS
X-TEC-API-ROOT
X-B3-TraceId
X-Upstream
X-Forwarded-Proto
X-Shard
SPRequestDuration
SPIisLatency
X-XRDS-Location
X-Amz-Server-Side-Encryption
Ar-Sid
AR-ATIME
AR-PoweredBy
AR-CACHE
Charset
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Fastly-Restarts
X-Amz-Rid
Realpath
Nginx-Cache
X-Trace
X-ESI
X-Aspnetmvc-Version
X-Debug
Front-End-Https
X-Shield-Request-Id
AR-Request-ID
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Cached
X-Server-Name
X-Ezoic-Cdn
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
Access-Control-Request-Method
X-MSEdge-Ref
Paypal-Debug-Id
X-NF-Request-ID
X-FTR-Expires
X-FTR-Cache-Status
X-Country-Code-Real
Arr-Disable-Session-Affinity
DynaTrace
Pagespeed
ServerID
X-Vcache
Content-MD5
X-Id
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-DC
X-FTR-Realm
X-Goog-Storage-Class
S
MicrosoftSharePointTeamServices
X-DynaTrace-JS-Agent
X-Fastly-Request-ID
X-Amz-Meta-S3cmd-Attrs
X-Client-IP
X-T
X-Content-Type
X-Via-JSL
X-Dw-Request-Base-Id
X-Varnish-Age
X-Hits
X-Amzn-Trace-Id
X-RateLimit-Limit
X-N
X-B3-Traceid
X-Grace
X-Correlation-Id
X-Forwarded-For
X-VCache
X-FTR-Cache-Host
X-Frontend
Fastcgi-Cache
X-SERVER
X-Content-Digest
Powered
PB-PID
Arc-Version
X-Mobile-Rewrite
PB-RID
Accept-Ch
Server-Name
X-Logged-In
X-Accel-Expires
X-DIS-Request-ID
X-Ser
X-FastCGI-Cache
X-B3-Sampled
AMP-Access-Control-Allow-Source-Origin
X-Esi
X-Fastcgi-Cache
X-GUploader-UploadID
X-HS-Content-Id
TP-Cache
X-HS-Hub-Id
TP-L2-Cache
X-Microsite
X-Request-Handler-Origin-Region
X-Zen-Fury
X-Kinsta-Cache
X-Cache-Age
X-Type
X-LB-Cache
FilterID
X-Request-Processing-Time
X-User-Agent
X-Request-Received
X-Rid
X-AppVersion
X-Az
X-Revision
X-Activity-Id
Backend-Timing
X-Analytics
X-IPLB-Instance
Healthy
X-Node-Name
Edge-Cache-Tag
X-F-Cache
X-Acc-Meta-Resource-Type
X-Whom
Retry-After
X-Time
X-Cache-2
X-NWS-LOG-UUID
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Accept-Charset
X-Srv
Alternate-Protocol
X-Pinterest-Rid
Pinterest-Version
X-Cache-Hit
X-AOL-HN
X-Cache-Rule
Cache-Status
Server-Node
X-Content-Options
VIX-Pulpo-Node
Surrogate-Key
VIX-Pulpo-Upstream-Status
Access-Control-Allow-Method
DC
Refresh
X-Content-Security-Policy-Report-Only
X-Akamai-Edgescape
X-Forwarded-Host
X-Jobs
X-Cluster
X-Content-Powered-By
X-FW-Type
X-Instance
X-FW-Static
X-FW-Hash
X-Debug-Info
X-FB-Debug
X-FW-Serve
X-FW-Server
X-Page-Id
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel
X-Framework
Source
X-Varnish-Grace
X-PHP-Backend
X-App-Environment
X-Request-Guid
X-B
Fastcgi-Useragent
MS-CV
X-Hostname
X-Hp-Webp
X-App-Server
Cleartype
Host
Frame-Options
X-Signature
X-B-Cache
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
Tracecode
X-Ratelimit-Reset
X-DataStream-Cache-Status
X-Cache-Operation
X-BCube-Filmed-By
X-Cached-By
Actual-Object-TTL
X-PressLabs-Stats
X-Cache-Key
X-Mobile-URL
Cache-Tag
X-TA-CDN-Provider
X-Varnish-Backend
X-Geo-Country
X-Amz-Replication-Status
X-Cache-Control
X-TT
Xserver
Liferay-Portal
X-Pad
X-Seen-By
X-Host-Name
X-Mobile
NGB
X-ATG-Version
X-Response-Served-From
X-Git-Hash
X-Adobe-Loc
X-Adobe-Content
Payment
X-Status
Upgrade-Insecure-Requests
X-WebKit-CSP-Report-Only
X-TT-TIMESTAMP
X-WA-Info
Eomportal-Instance
X-ProcessESI
X-FW-Dynamic
X-RemovedCookies
Filters
X-Handled-By
X-TX-ID
X-Tumblr-Pixel-1
Ms-Operation-Id
X-RTag
X-Tumblr-Pixel-2
X-GeoIP
X-Cacheable-TTL
WPE-Backend
Cache-Tv-Group
X-Drupal-Cache-Tags
From-Origin
X-RequestSource
X-UA-Device-Type
Webserver
X-Cache-TTL-Remaining
X-Content-Age
Datacenter
X-Cache-Remote
GEO-INFO
Cache
X-Oracle-Dms-Rid
X-Daa-Tunnel
X-Edge-Location
X-Upstream-Proxy
X-Storage
Viewport
X-Cache-TTL
X-Cache-Action
X-Webkit-CSP
X-Accel-Buffering
X-Origin-Server
Accept-CH-Lifetime
X-Varnish-Hostname
X-Ua
X-EdgeConnect-Cache-Status
Version
X-Hyper-Cache
X-Contextid
X-CF-Powered-By
X-Region
Host-Header
X-Yottaa-Metrics
X-Wix-Request-Id
X-Yottaa-Optimizations
PageSpeed
X-Varnish-Server
X-Akamai-Transformed
Meta-Geo
SRV
X-Akamai-Request-ID2
Load-Balancing
X-Cache-Var-Map
X-Path-Route
X-RN-RSRV
X-Cache-Var
X-ES-SERVER
X-Proxy-Build
X-Timing-Wait
Selected-Fe
X-IP
NR-ENABLED
S-Cnection
X-From
X-JoinUs
Vix-Hermes-Req-Id
Now
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated
X-Backend-Name
X-Loop
X-TNCMS
X-Proto
X-Proxy
X-CS
X-Cache-Config
Cache-Tags
X-Labrador-Cache-Channel
X-Origin
X-Time-Microsecs
X-Upgrade-Enabled
X-FC-Vary-Parameters
X-Hit
X-Access
Cache-Name
Rt-Fastcgi-Cache
X-NCache
X-Via-Fastly
X-Section
X-Cluster-Node
X-Rule
X-ApacheServer
X-Akamai-Request-ID
Decoy-Debug-Key
X-Cache-Enabled
X-Origin-Response-Time
Decoy-Debug-Status
Decoy-Debug-TTL
X-Viewer-Country
X-PERF
Cache-Hits
Azure-Version
DB-Nickname
TWC-Connection-Speed
Mn-Server-Ip
Property-Id
Country
Cache-Key
Webcakes-Region
X-Web-Node
X-Xfnlog-Site
Ec-Rule-Version
X-Upstream-CT
X-Varnish-Cache-Hits
X-Upstream-HT
X-Hosted-By
X-Tumblr-Pixel-3
X-CCM
X-FW-Version
X-Origin-Hint
X-OCL
X-Trace-Id
X-PCL
X-Cache-Host
TWC-Privacy
Webcakes-App-Name
X-FireWall-Port
TWC-Locale-Group
TWC-GeoIP-Country
TWC-GeoIP-LatLong
Webcakes-App-Version
Azure-SlotName
X-Backend-TTL
X-Cache-Grace
X-R9-Blue-Green-Version
X-EIG-Tracking-Id
X-Format
TWC-Device-Class
S-Rt
Azure-SiteName
Azure-InstanceId
Azure-RegionName
X-Device-Type
X-Site-Version
X-Debug-Cache
X-Drupal-Cache-Contexts
X-Locale
X-Human
X-UnsetCookies
X-S
X-Varnish-Hits
X-Www-Served-By
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Cache-Time
DSUID
OT-Force-Account-Verify
Server-Info
X-NewRelic-App-Data
Time
X-Cache-NE
Release
X-Rendered-As
X-Cache-Server
Ohc-File-Size
ServedBy
Hostname
X-VG-TLSProxy
X-VG-WebCache
X-Sorting-Hat-PodId
X-Vgn-Hpd-Reason
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-ShopId
X-ShardId
X-Shopify-Stage
X-VCT
X-FB-TRIP-ID
X-Redis-Cache
Accept-Language
X-Mode
Fastcgi-X-Cache-Version
X-Nginx-Cache
X-Tb
Machine
X-OVcl-Cache
X-OVcl
X-APP-VERSION
X-Real-IP
Cteonnt-Length
Ohc-Cache-HIT
NtCoent-Length
Origin
Origin-Edge-Control
Origin-Cache-Control
X-Pubstack
X-Environment-Context
L5d-Success-Class
X-No-Session
X-B3-Spanid
X-L-Path
X-Presslabs-Stats
X-CSRF-TOKEN
Access-Control-Request-Headers
X-HS-Cache-Config
X-Request-Time
X-Generated-By
Odigeo-Trace-Id
X-Load-Cache
X-App-Version
X-NC
X-Tt-Trace-Tag
X-Magnolia-Registration
X-Cluster-Name
X-GEO
X-DC
Fastly-SSL
X-AWS-Id
X-LJ-Flow-ID
X-Endurance-Cache-Level
X-CACHE-KEY
X-VWS-Id
Mime-Version
X-Amzn-Remapped-Content-Length
IBM-Web2-Location
X-Parent-Response-Time
Akamai-GRN
X-UUID
Mail-Subject
We-Hiring
X-B3-Parentspanid
X-Rocket-Nginx-Bypass
Nel
X-ServerID
X-NGENIX-Cache
X-GoCache-CacheStatus
Request-Time
X-ECACHE
Locale
X-XRDS-LOCATION
X-Urbn-Site-Id
X-Urbn-Context-Path
X-B-Cookie
X-A-Dam
X-ARC
X-AIR-PT
X-A-Wwc
X-Accel-Expires-Debug
X-Application
X-A-Dgt
X-Aed
X-A-Dcw
Rt-Proxy-Cache
Apple-News-Services-Request-Url
Arc-Country
AsisCache
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
GEO-REGION-INFO
Apple-News-Services-Handled
BehaviorPad-Version
Fly-Request-Id
Cdn-Request-Time
Content-Style-Type
Cdn-Host
Cross-Origin-Window-Policy
Fly-Cache
Cache-Prefix
MD5-Digest
A
VivaBuild
Viewtype
X-Node-Id
X-MServer
X-A-Ccd
X-A
T-Server
Server-ID
Meta-Geo-Continent
Memcached
Mobile-Detection-Method
X-Soup
Rendered-Blocks
Node
Proxy-Connection
X-Vtex-Remote-Cache
X-Is-Bot
X-Instart-Info
X-Org
X-Origin-Date
X-PAYTM-SRV-ID
X-Origin-Expires
X-Trv-Group
X-Twitter-Response-Tags
X-Edge-Server
X-Routing-Service
X-External-Request-Id
X-ProxyCache-Status
X-G
X-ProxyCache-Key
Xc-Version
X-Region-Sid
X-Server-Time
X-ScT
X-SRCache-Key
X-SS-Set-Cookie
Uber-Trace-Id
X-BYPASS-REASON
X-S-Maxage
X-S-Cookie
X-Worker
X-Transaction
X-Request-UUID
X-Rewrite-Enabled
X-Rojux
X-DPWN-IS-SECURE
X-Proxied
X-Developer
X-Vtex-Processado-Em
X-Connection-Hash
X-Detected-As
X-CF-Lambda-Fn
X-Destination
CF-IPCountry
X-Date
X-Zipkin-Id
X-D
X-VG-WebServer
X-CF-Lambda-Version
Content-Script-Type
ServerName
X-Oneagent-Js-Injection
Backend-Name
X-Via-CDN
X-Element-Page-Cache
X-Clientip
Gh-Request-Id
X-Cms-Context
X-Auto-Login
X-SIPLIST1
Countrycode
X-SVT-ORM-VERSION
X-Thanos
X-TrackingId
X-Cache-Bucket
X-Cdn-Srv
X-Azure-Ref-OriginShield
X-SVT-ORM-RULES
Fastly-Soc-X-Request-Id
X-Azure-Ref
NGX
X-Developers
X-Hl-Ver
X-Bip
X-Distil-CS
X-WebServer
X-Distributor
X-Up
X-Fastly-Cache
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-VC-Cache
X-Release
N-Cache
X-Core-Mission
Request-Country
Section-Io-Cache
Request-EU
X-Request-Start
IsBot
X-B3-SpanId
X-Origin-CC
X-Origin-TTL
User-Cache-Control
X-Li-Fabric
X-Level-Front-Cache
X-Li-Pop
X-Clara-WADP
X-LI-Proto
X-Irp-Debug
X-ABtesting
X-GeoIP-City
X-Hash
X-Hello
X-Hnp-Log
X-LI-UUID
X-Matched-Rule
X-Nginx-Cache-Key
X-MSEdge-Flight
True-Client-Country-4JS
Thinkindot-Control
Thinkindot-CacheControl-Type
V-Age
X-MSEdge-Features
Thinkindot-CacheControl
X-Amz-Meta-Cache-Control
W
X-Method
X-NX-Host
X-Generated-On
X-Debug-Cache-Fetch
X-Cache-FS-Status
X-Debug-Cache-Store
X-Debug-Cookies
X-C
X-Cache-Id
X-Cache-Info
X-Compress-Hint
X-CGP
X-CUA
X-Cdn-Origin
X-Debug-Cache-Expiry
X-Block-Status
X-Debug-Log
X-Gen-Mode
X-Flog
X-Generated-In
X-Owner
X-App-Name
X-Fetched-On
X-Eu-Site
X-Device-Os
X-BBXSRF
Content-Disposition
X-Epic-Correlation-Id
X-Geo-Header
Server-Int
Is-Eu
X-Sn-Servicetimems
HA-Ipaddr
Ha-Gx-Prefs
X-We-Are-Hiring
X-Skip-Cache
Magicmarker
X-ServiceProvider
L
X-Thinkindot-L3
X-Unique-ID
Esi-Enabled
CDCHOST
X-VServer
X-WADP-Cache
Fastly-SIE
X-Wikidot-Backend
AKAMAI
X-Variation
Fastly-SWR
Adler-Geo
X-Wikidot-Static-Cache
X-Request-URI
X-Rebelmouse-Cache-Control
X-Proxy-Upstream
X-RateLimit-Remaining-Second
PFcat
Platform
X-RateLimit-Limit-Second
X-Reboot
RNT-Machine
X-Platform-Server
X-PHP-Host
RNT-Time
X-Proxy-Cache-Status
X-Rebelmouse-Surrogate-Control
X-Microcachable
X-ElasticPress-Search
X-Swa-Ws
X-Qloud-Router
X-Old-Content-Length
X-Webstats-RespID
X-User
X-Location
X-SayCDN-TTL
X-SD-PageType
X-Say-TTL
X-Say-Cacheable
X-HS-Combine-CSS
X-Response-By
X-MP-GENERATED-AT
X-Server-IP
X-Guploader-Uploadid
X-Internal-Host
X-Reqid
X-Key
X-Generation-Time
X-Servername
X-Dispatch
X-Dispatcher-Server
Memory
SS
Kp-EeAlive
X-Backend-Url
Heartbleed
X-Backend-Host
X-Uri
SD-X-WS
Pramga
Pagetype
Served-By
Server-Host
X-Cdn-Forward
X-Backend-State
Cache-Cookie-Set-Lfrom
Country-Code
Wxu-Next-Hostname
Wxu-Next-Commit
Cache-Cookie-Set-Idcheck
Wxu-Next-Region
Cache-Cookie-Set-From
Web-Mar-Node
X-IPS-LoggedIn
Resin-Trace
X-GDPR
X-Page-Type
X-Policy
X-Wa
X-FPC
X-SERVER-NAME
UCS
ProcessTime
Powered-By-ChinaCache
X-Servedbyhost
REQUESTUUID
X-Nc
X-Var-Ttl
X-Geo
X-Logtrace-Id
X-Service
Ajk
X-HTML-Minification-Powered-By
Cache-Provider
Proxy-Firewall
X-Is-Gdpr
X-Lb-Id
X-JWT-State
X-Has-Esi
X-SRV
X-Dc
X-Cache-Backend
Srv
X-Ratelimit-Limit
X-VCL-Version
X-Datadome
X-Tb-Optimization-Total-Bytes-Saved
X-NWS-UUID-VERIFY
X-Oss-Server-Time
X-Processor
Powered-By
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Grey
X-Cache-Category-Id
X-Pjax-Url
X-Info
X-ZONE
X-Varnish-Beresp-Ttl
X-Be
X-Cache-Ttl
SN
X-TH-Server
GeoIP-Country-Code
GeoIP-Latitude
GeoIP-City
X-Svr
Fastly-Backend-Name
X-Cache-URL
X-Server-ID
X-Ruxit-Js-Agent
X-Instart-Isnd
PICS-Label
X-RateLimit-Reset
X-RCS-CacheZone
X-CDN-Forward
X-HS-Status
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-Webkit-Csp
X-Zone
X-Ftr-Request-Id
X-SN
X-Scheme
X-Dynatrace
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Newrelic-Synthetics
X-Ttl
X-NodeID
Cdn
GW-Server
X-Source
X-GRACE
Group
X-UA
CACHE
X-LAGOON
X-Pf-Uncompressing
X-Varnish-Url
X-Gannett-Site-Version
X-Check-Cacheable
X-EC-Lua
X-Bc
X-PF-Uncompressing
WZWS-RAY
CF-Cached-On
X-Secret
X-Sucuri-Id
X-Varnish-Beresp-TTL
Dynatrace
LB
X-CDN-Cache
Cache-Host
Ttl
X-Dynatrace-Js-Agent
X-LiteSpeed-Cache-Control
On-Server
X-Varnish-Cacheable
X-Server-W
X-NODE
X-GeoIP-Country-Code
X-Ftr-Cache-Host
User-Agent
X-Ratelimit-Remaining
X-Ms-Version
X-APP
Pics-Label
Environment
X-Tt-Trace-Host
X-Via-Ucdn
X-Ms-Request-Id
X-BC
Inserted-Into-Cache-At
X-NU-AKA-ACS-Version
X-Edge
X-COUNTRY
X-BE
XServer
Geoip-City
X-Cache-Debug
GeoIp-Country-Code
X-Fastly-Country-Code
X-Session-Fingerprint
Geoip-Latitude
Lfy
WWW
X-Aicache-OS
X-Crawler
X-Akamai-SSL-Client-Sid
X-URL
X-PJAX-URL
Who
MIME-Version
X-Trafficlayer-App-Name
X-Ftr-Realm
X-Ftr-Backend
X-Ftr-Balancer
X-Ftr-Backend-Server
X-Ftr-Dc
X-Trafficlayer-App-Scope
X-Agile-Id
Requestid
Ohc-Response-Time
X-Agile-Age
X-Fastly-Backend-Reqs
X-Render-Time
X-Agile
X-Mid
Cf-Ipcountry
X-FE
X-MCACHE
X-CSRF-Token
X-Vcl-Version
X-Varnish-Ttl
X-FORWARDED-FOR
M-TraceId
SID
X-LB-ID
Lb
Amp-Access-Control-Allow-Source-Origin
X-7Graus-Varnish-Cache-Control
X-Litespeed-Cache-Control
X-7Graus-Varnish-XKeys
URI
X-Micro-Cache
X-UPSTREAM-Address
X-Logging-Id
X-Served-From
X-Via-SSL
X-Via-Edge
X-Proxy-Cacherz
Xkeyrz
X-WR-MODIFICATION
HostName
X-RSL
X-DSS
RequestUuid
X-Cache-Miss-From
X-Cache-Tag
X-Sedo-Request-Id
X-DI
Host-ID
X-DW
X-RPS
X-Amzn-Remapped-Date
X-DB
X-Amzn-Remapped-Connection
X-Action
X-RPM
X-Cf-Powered-By
X-Correlation-ID
DataCenter
X-Core-Value
X-Protected-By
X-Fpc
X-Vct
X-Nananana
Xkeypdq
X-WA
X-ServedByHost
X-Flow-Id
X-Page-Impression-Id
X-Fastly-Cache-Hits
CDN
X-Zalando-Child-Request-Id
WebServer
X-Newrelic-App-Data
X-NGINX-Cache
X-Ecache
FNAC-ModuleRouting
X-TIME
X-VC
X-Cdn-Request-ID
Cneonction
X-ND-Cache
X-MID
Correlation-Id
X-Refresh
X-SB
X-Dw-Trace-Id
X-Via-NSCOPI
Cdncip
X-AK-Request-ID
Warning
X-Vdms-Version
Cdnsip
X-Request-Url
X-Swift-Error
X-Sucuri-Cache
X-Serial
Xet-Cookie
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Apw-Hits
X-ECache
Processtime
X-Unique-Id
HitType
X-ServerName
X-Bug-Bounty
X-Request-URL
Pragrma
X-Apw-Access-Token
X-Apw-Access-Object
V-Cache
X-Gdpr
X-Fe
X-MiniProfiler-Ids
X-Apw-Access-Action