Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
X-XSS-Protection
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Cacheable
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Xss-Protection
X-Request-ID
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Iinfo
Status
X-AspNetMvc-Version
Content-Encoding
X-Content-Security-Policy
X-Buckets
X-Kinja-Server-Push
Xkey
Upgrade
X-Via
X-Turbo-Charged-By
Access-Control-Expose-Headers
Keep-Alive
Access-Control-Max-Age
X-Cache-Group
X-Drupal-Dynamic-Cache
X-Pass-Why
P3p
X-Age
X-CDN
EagleId
X-Backend
X-Robots-Tag
X-Amz-Request-Id
X-Amz-Id-2
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Pingback
X-Ua-Compatible
X-Server-Powered-By
X-Proxy-Cache
X-AH-Environment
X-Hacker
X-Server
X-UA-Device
Request-Context
X-Nginx-Cache-Status
Grace
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Server-Id
Cf-Railgun
X-Amz-Version-Id
X-WebKit-CSP
X-Cdn
Feature-Policy
Server-Timing
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Rq
X-Cnection
X-Ac
Report-To
X-Cloud-Trace-Context
X-Host
X-Response-Time
X-Node
Content-Location
X-Backend-Server
EagleEye-TraceId
Request-Id
X-Origin-Cache
X-Readtime
X-Vhost
X-Application-Context
X-Cache-Lookup
X-Dns-Prefetch-Control
X-ORACLE-DMS-ECID
NEL
X-Dispatcher
Surrogate-Control
Allow
X-Rack-Cache
X-Ruxit-JS-Agent
X-Origin-Upstream-Status
X-Country
X-HW
X-Url
Rating
X-Country-Code
X-FTR-Request-ID
X-TTL
X-DataDome
X-ORACLE-DMS-RID
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-DynaTrace
X-EdgeConnect-MidMile-RTT
Fusion-Component-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
X-Instart-Request-ID
Fusion-Content-Id
X-Goog-Hash
X-Varnish-TTL
X-MS-InvokeApp
X-PC
X-TtlSet
X-Vname
X-CST
X-Px
Verso
RTSS
Edge-Control
Public-Key-Pins
X-Powered-By-Plesk
X-VARITI-CCR
X-Recruiting
X-Mod-Pagespeed
Service-Worker-Allowed
X-Cdn-Fetch
X-Exp-Id
X-D2id
X-Use-Magma
X-Kinja-Build
X-Kinja-Server
X-Kinja-Revision
X-Kinja
X-Exp-Variant
X-GoogleNews-Bot
Pinterest-Generated-By
Response
X-Middleton-Display
X-Middleton-Response
Display
X-Sol
X-Ah-Environment
X-Vcap-Request-Id
X-Version
SPRequestGuid
Accept-Ch-Lifetime
X-SharePointHealthScore
MS-Author-Via
X-Akam-SW-Version
X-RateLimit-Remaining
TCN
X-GitHub-Request-Id
X-Abt-Application-Version
X-Navigation-Version
Accept-CH
X-TEC-API-ROOT
X-Powered-CMS
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-B3-TraceId
X-Upstream
X-Forwarded-Proto
X-Shard
X-Amz-Server-Side-Encryption
SPRequestDuration
SPIisLatency
X-XRDS-Location
Charset
AR-CACHE
Ar-Sid
AR-ATIME
AR-PoweredBy
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Fastly-Restarts
X-Amz-Rid
Nginx-Cache
Realpath
X-Trace
X-ESI
X-Debug
X-Aspnetmvc-Version
Front-End-Https
X-Shield-Request-Id
AR-Request-ID
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-Cached
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Server-Name
X-Ezoic-Cdn
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-MSEdge-Ref
Access-Control-Request-Method
Paypal-Debug-Id
X-NF-Request-ID
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Expires
Arr-Disable-Session-Affinity
DynaTrace
Pagespeed
ServerID
X-Vcache
Content-MD5
X-Id
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Realm
X-FTR-Balancer
X-FTR-DC
X-Goog-Storage-Class
S
MicrosoftSharePointTeamServices
X-DynaTrace-JS-Agent
X-T
X-Amz-Meta-S3cmd-Attrs
X-Fastly-Request-ID
X-Client-IP
X-Content-Type
X-Via-JSL
X-Varnish-Age
X-Dw-Request-Base-Id
X-Hits
X-Amzn-Trace-Id
X-RateLimit-Limit
X-N
X-B3-Traceid
X-Grace
X-Correlation-Id
X-Forwarded-For
X-Frontend
X-VCache
Fastcgi-Cache
X-FTR-Cache-Host
X-Content-Digest
X-SERVER
PB-RID
Arc-Version
PB-PID
X-Mobile-Rewrite
Powered
Accept-Ch
Server-Name
X-Logged-In
X-Accel-Expires
X-DIS-Request-ID
X-Ser
X-FastCGI-Cache
AMP-Access-Control-Allow-Source-Origin
X-B3-Sampled
X-Esi
X-Fastcgi-Cache
X-GUploader-UploadID
X-HS-Content-Id
X-HS-Hub-Id
TP-Cache
X-Microsite
TP-L2-Cache
X-Zen-Fury
X-Request-Handler-Origin-Region
X-Cache-Age
X-Request-Received
X-Request-Processing-Time
X-Kinsta-Cache
X-Type
FilterID
X-LB-Cache
X-User-Agent
X-Rid
X-AppVersion
X-Activity-Id
X-IPLB-Instance
X-Revision
X-Az
Backend-Timing
X-Analytics
Healthy
Edge-Cache-Tag
X-Node-Name
X-F-Cache
X-Whom
X-Acc-Meta-Resource-Type
Retry-After
X-Time
X-Cache-2
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-NWS-LOG-UUID
Accept-Charset
X-Srv
Alternate-Protocol
X-Pinterest-Rid
Pinterest-Version
X-Cache-Hit
X-AOL-HN
X-Cache-Rule
Server-Node
Cache-Status
X-Content-Options
VIX-Pulpo-Upstream-Status
Surrogate-Key
VIX-Pulpo-Node
X-Cluster
X-Content-Powered-By
X-Content-Security-Policy-Report-Only
Access-Control-Allow-Method
Refresh
DC
X-Akamai-Edgescape
X-Forwarded-Host
X-Jobs
X-Instance
X-FW-Type
X-FB-Debug
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
X-FW-Static
X-Page-Id
X-FW-Server
X-Debug-Info
X-FW-Serve
X-FW-Hash
X-Framework
Source
X-Varnish-Grace
X-PHP-Backend
X-Request-Guid
X-App-Environment
X-B
Fastcgi-Useragent
X-Hp-Webp
MS-CV
X-Hostname
X-App-Server
Cleartype
Host
Frame-Options
X-B-Cache
X-Signature
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
Tracecode
X-Ratelimit-Reset
X-DataStream-Cache-Status
X-Cached-By
Actual-Object-TTL
X-Cache-Operation
X-BCube-Filmed-By
X-Cache-Key
Cache-Tag
X-Mobile-URL
X-TA-CDN-Provider
X-Varnish-Backend
X-Geo-Country
X-Amz-Replication-Status
X-Cache-Control
X-TT
Xserver
Liferay-Portal
X-Pad
X-PressLabs-Stats
X-Seen-By
X-Mobile
X-Host-Name
NGB
X-ATG-Version
X-Response-Served-From
X-Git-Hash
X-Adobe-Loc
X-Adobe-Content
Payment
Upgrade-Insecure-Requests
X-WebKit-CSP-Report-Only
X-WA-Info
Eomportal-Instance
X-Status
X-TT-TIMESTAMP
Filters
X-Tumblr-Pixel-1
X-FW-Dynamic
X-ProcessESI
Cache-Tv-Group
WPE-Backend
X-Tumblr-Pixel-2
X-RemovedCookies
X-TX-ID
X-Cacheable-TTL
X-GeoIP
X-RTag
Ms-Operation-Id
X-Handled-By
X-Drupal-Cache-Tags
X-RequestSource
X-UA-Device-Type
From-Origin
Webserver
X-Cache-TTL-Remaining
X-Content-Age
X-Cache-Remote
Datacenter
GEO-INFO
Cache
X-Daa-Tunnel
X-Oracle-Dms-Rid
X-Upstream-Proxy
X-Edge-Location
X-Storage
Viewport
X-Cache-TTL
X-Cache-Action
X-Accel-Buffering
X-Webkit-CSP
X-Origin-Server
X-Varnish-Hostname
Accept-CH-Lifetime
X-Ua
X-EdgeConnect-Cache-Status
Version
X-Hyper-Cache
X-Contextid
X-CF-Powered-By
X-Region
Host-Header
X-Yottaa-Optimizations
X-Wix-Request-Id
X-Yottaa-Metrics
PageSpeed
X-Varnish-Server
X-Akamai-Transformed
X-ES-SERVER
Load-Balancing
Meta-Geo
X-Cache-Var
X-Cache-Var-Map
X-Akamai-Request-ID2
X-RN-RSRV
NR-ENABLED
SRV
X-Path-Route
X-Timing-Wait
S-Cnection
X-IP
X-JoinUs
X-Proxy-Build
X-From
Selected-Fe
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Loop
X-Proto
X-Proxy
X-Generated
X-CS
Vix-Hermes-Req-Id
X-Backend-Name
X-Cache-Config
X-TNCMS
Now
Cache-Tags
Cache-Name
Rt-Fastcgi-Cache
X-FC-Vary-Parameters
DB-Nickname
X-Tumblr-Pixel-3
X-Labrador-Cache-Channel
X-Hit
X-Viewer-Country
X-Cluster-Node
X-Akamai-Request-ID
X-Access
X-ApacheServer
Cache-Hits
X-Cache-Enabled
Decoy-Debug-Key
X-Via-Fastly
X-Rule
Decoy-Debug-TTL
X-PERF
Decoy-Debug-Status
X-NCache
X-Upgrade-Enabled
X-Section
X-Origin-Response-Time
X-Origin
X-Time-Microsecs
Cache-Key
TWC-Locale-Group
Azure-Version
TWC-Privacy
TWC-Device-Class
Property-Id
Mn-Server-Ip
Webcakes-App-Name
S-Rt
TWC-Connection-Speed
TWC-GeoIP-Country
Country
TWC-GeoIP-LatLong
X-EIG-Tracking-Id
X-UnsetCookies
X-Trace-Id
X-R9-Blue-Green-Version
X-PCL
X-Upstream-CT
X-Upstream-HT
Ec-Rule-Version
X-Xfnlog-Site
X-Web-Node
X-Varnish-Cache-Hits
X-Origin-Hint
X-OCL
X-Cache-Host
X-Cache-Grace
X-Backend-TTL
Webcakes-Region
X-CCM
Azure-SlotName
X-FW-Version
X-Format
X-FireWall-Port
Webcakes-App-Version
X-Hosted-By
Azure-SiteName
Azure-InstanceId
Azure-RegionName
X-Device-Type
X-Drupal-Cache-Contexts
X-Locale
X-Human
X-Debug-Cache
X-S
X-Site-Version
X-Www-Served-By
X-Cache-Time
X-DataStream-MidMile-RTT
X-NewRelic-App-Data
OT-Force-Account-Verify
X-Varnish-Hits
X-DataStream-Origin-MEX-Latency
DSUID
Server-Info
Release
Time
X-Cache-Server
X-Cache-NE
X-Rendered-As
Ohc-File-Size
ServedBy
X-VG-WebCache
Hostname
X-VG-TLSProxy
X-Alternate-Cache-Key
X-ShardId
X-Vgn-Hpd-Reason
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShopId
X-VCT
X-FB-TRIP-ID
X-Presslabs-Stats
Accept-Language
X-Nginx-Cache
X-Mode
X-Redis-Cache
Fastcgi-X-Cache-Version
Machine
X-Tb
X-OVcl-Cache
X-Real-IP
X-OVcl
X-APP-VERSION
Ohc-Cache-HIT
Cteonnt-Length
Origin
NtCoent-Length
Origin-Cache-Control
Origin-Edge-Control
X-Pubstack
X-L-Path
X-Environment-Context
X-B3-Spanid
X-CSRF-TOKEN
X-No-Session
L5d-Success-Class
X-HS-Cache-Config
Access-Control-Request-Headers
X-App-Version
X-Load-Cache
X-Generated-By
X-Request-Time
Odigeo-Trace-Id
X-Tt-Trace-Tag
X-Magnolia-Registration
X-Cluster-Name
X-NC
X-GEO
X-LJ-Flow-ID
X-AWS-Id
Mime-Version
X-DC
X-CACHE-KEY
X-Endurance-Cache-Level
X-VWS-Id
Fastly-SSL
X-Amzn-Remapped-Content-Length
X-Parent-Response-Time
IBM-Web2-Location
We-Hiring
X-UUID
Akamai-GRN
Mail-Subject
X-B3-Parentspanid
X-ServerID
Nel
X-Rocket-Nginx-Bypass
X-GoCache-CacheStatus
X-SS-Set-Cookie
X-NGENIX-Cache
Request-Time
X-ECACHE
X-Urbn-Site-Id
Locale
X-XRDS-LOCATION
X-Urbn-Context-Path
X-A-Dam
Content-Style-Type
X-A-Dcw
X-A-Wwc
Cdn-Request-Time
Cache-Prefix
X-Aed
Content-Script-Type
X-AIR-PT
X-A-Dgt
X-Accel-Expires-Debug
X-Application
X-ARC
Proxy-Connection
Node
Mobile-Detection-Method
Rendered-Blocks
Rt-Proxy-Cache
Cross-Origin-Window-Policy
Server-ID
Meta-Geo-Continent
Fly-Cache
GEO-REGION-INFO
Fly-Request-Id
MD5-Digest
Memcached
X-Soup
X-Node-Id
Apple-News-Services-Handled
VivaBuild
A
Arc-Country
X-A
AsisCache
X-A-Ccd
Viewtype
Apple-News-Services-Request-Url
X-MServer
X-B-Cookie
T-Server
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
BehaviorPad-Version
X-Edge-Server
X-Trv-Group
X-G
X-Connection-Hash
X-Transaction
X-Detected-As
X-Proxied
X-Twitter-Response-Tags
X-Request-UUID
X-S-Maxage
X-ProxyCache-Status
X-ProxyCache-Key
X-Rewrite-Enabled
X-Destination
X-Instart-Info
X-Server-Time
X-ScT
X-Date
X-Is-Bot
X-SRCache-Key
X-Rojux
X-D
X-S-Cookie
Cdn-Host
X-BYPASS-REASON
X-Developer
Xc-Version
X-Worker
X-Routing-Service
X-Vtex-Remote-Cache
X-Zipkin-Id
X-CF-Lambda-Fn
X-Origin-Expires
X-PAYTM-SRV-ID
Uber-Trace-Id
X-Region-Sid
X-Vtex-Processado-Em
CF-IPCountry
X-Origin-Date
X-VG-WebServer
X-External-Request-Id
X-Org
X-CF-Lambda-Version
X-DPWN-IS-SECURE
X-Element-Page-Cache
X-Oneagent-Js-Injection
Backend-Name
ServerName
X-Via-CDN
NGX
X-IN-APIGATEWAYSSL
X-Request-Start
Gh-Request-Id
Fastly-Soc-X-Request-Id
X-Release
Countrycode
IsBot
X-SVT-ORM-VERSION
X-Fastly-Cache
X-Up
X-Distributor
X-Clientip
X-Distil-CS
X-VC-Cache
X-WebServer
X-Bip
X-Azure-Ref
X-Auto-Login
X-Cache-Bucket
X-Cms-Context
X-TrackingId
X-SVT-ORM-RULES
Request-Country
X-SIPLIST1
N-Cache
X-IN-APIGATEWAY
Section-Io-Cache
X-Thanos
X-Core-Mission
X-Azure-Ref-OriginShield
X-Hl-Ver
X-Developers
Request-EU
X-B3-SpanId
X-Origin-TTL
X-Origin-CC
X-ElasticPress-Search
User-Cache-Control
X-Fetched-On
X-Epic-Correlation-Id
X-Eu-Site
X-Device-Os
X-Debug-Cache-Store
X-Debug-Cookies
X-Debug-Log
X-Flog
X-Generated-In
X-GeoIP-City
X-Hash
X-Geo-Header
X-Generation-Time
X-Debug-Cache-Fetch
X-Generated-On
X-Gen-Mode
X-Compress-Hint
X-BBXSRF
X-Block-Status
X-C
X-Backend-Url
X-Backend-Host
X-Amz-Meta-Cache-Control
X-App-Name
X-Cache-FS-Status
X-Cache-Id
X-Clara-WADP
X-Hello
X-CUA
X-CGP
X-Cdn-Srv
X-Cache-Info
X-Cdn-Origin
X-Debug-Cache-Expiry
X-Level-Front-Cache
X-Request-URI
X-ServiceProvider
X-Skip-Cache
X-Reboot
X-Rebelmouse-Surrogate-Control
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Rebelmouse-Cache-Control
X-Sn-Servicetimems
X-Thinkindot-L3
X-We-Are-Hiring
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-WADP-Cache
X-VServer
X-Unique-ID
X-Variation
X-Proxy-Upstream
X-Proxy-Cache-Status
X-LI-Proto
X-LI-UUID
X-Location
X-Li-Pop
X-Li-Fabric
X-Irp-Debug
X-ABtesting
X-Matched-Rule
X-Method
X-Old-Content-Length
X-PHP-Host
X-Platform-Server
X-NX-Host
X-Nginx-Cache-Key
X-MSEdge-Features
X-MSEdge-Flight
X-Hnp-Log
X-Owner
Thinkindot-Control
Thinkindot-CacheControl
Ha-Gx-Prefs
True-Client-Country-4JS
V-Age
Adler-Geo
W
Server-Int
HA-Ipaddr
RNT-Machine
PFcat
Platform
RNT-Time
Magicmarker
Is-Eu
L
Fastly-SWR
Thinkindot-CacheControl-Type
CDCHOST
Content-Disposition
Esi-Enabled
Fastly-SIE
AKAMAI
X-HS-Combine-CSS
X-Microcachable
Server-Host
Served-By
Kp-EeAlive
Wxu-Next-Hostname
Pramga
X-Swa-Ws
X-MP-GENERATED-AT
Heartbleed
SD-X-WS
Cache-Cookie-Set-Lfrom
X-Internal-Host
X-Dispatch
X-Dispatcher-Server
Pagetype
Cache-Cookie-Set-Idcheck
X-GDPR
X-Uri
Memory
X-Key
X-Webstats-RespID
X-Cdn-Forward
Wxu-Next-Region
X-SD-PageType
Country-Code
X-Server-IP
X-Guploader-Uploadid
X-User
X-Servername
Web-Mar-Node
X-Backend-State
X-Say-TTL
X-SayCDN-TTL
Cache-Cookie-Set-From
X-Response-By
SS
X-Say-Cacheable
X-Qloud-Router
Wxu-Next-Commit
X-Reqid
X-IPS-LoggedIn
X-Page-Type
Resin-Trace
X-Policy
X-FPC
X-SERVER-NAME
UCS
X-Wa
ProcessTime
Powered-By-ChinaCache
X-Nc
X-Servedbyhost
REQUESTUUID
X-Geo
X-Logtrace-Id
Ajk
X-Var-Ttl
X-Service
X-HTML-Minification-Powered-By
X-Lb-Id
X-Has-Esi
X-SRV
Proxy-Firewall
X-JWT-State
X-Is-Gdpr
Cache-Provider
Srv
X-VCL-Version
X-Dc
X-Cache-Backend
X-Ratelimit-Limit
X-Datadome
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-NWS-UUID-VERIFY
X-Oss-Server-Time
X-Grey
X-Cache-Category-Id
X-Tb-Optimization-Total-Bytes-Saved
X-Processor
Powered-By
X-Oss-Storage-Class
X-Pjax-Url
X-Cache-Ttl
X-Info
X-Varnish-Beresp-Ttl
X-Be
X-ZONE
X-TH-Server
X-Cache-URL
GeoIP-Latitude
GeoIP-City
X-Server-ID
X-Svr
GeoIP-Country-Code
Fastly-Backend-Name
SN
X-Ruxit-Js-Agent
PICS-Label
X-Instart-Isnd
X-RateLimit-Reset
X-CDN-Forward
X-HS-Status
X-RCS-CacheZone
X-Tec-Api-Origin
X-Tec-Api-Root
X-Webkit-Csp
X-Tec-Api-Version
X-Zone
X-SN
X-Scheme
X-Ftr-Request-Id
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Dynatrace
X-Newrelic-Synthetics
X-Ttl
X-NodeID
Cdn
GW-Server
X-UA
X-Source
Group
X-GRACE
X-Varnish-Url
X-LAGOON
CACHE
X-Pf-Uncompressing
X-EC-Lua
WZWS-RAY
CF-Cached-On
X-PF-Uncompressing
X-Gannett-Site-Version
X-Bc
X-Secret
X-Check-Cacheable
Dynatrace
X-Sucuri-Id
X-Varnish-Beresp-TTL
X-LiteSpeed-Cache-Control
X-Server-W
X-Varnish-Cacheable
X-CDN-Cache
X-Dynatrace-Js-Agent
Ttl
On-Server
LB
Cache-Host
X-NODE
User-Agent
X-Ftr-Cache-Host
X-GeoIP-Country-Code
X-Via-Ucdn
Inserted-Into-Cache-At
X-APP
X-Ms-Version
X-Tt-Trace-Host
Pics-Label
X-BC
X-Ratelimit-Remaining
Environment
X-Ms-Request-Id
X-COUNTRY
X-Edge
X-BE
X-NU-AKA-ACS-Version
XServer
X-Cache-Debug
GeoIp-Country-Code
WWW
X-URL
Geoip-Latitude
X-Fastly-Country-Code
Geoip-City
Lfy
X-Session-Fingerprint
Who
X-Aicache-OS
X-Crawler
X-Akamai-SSL-Client-Sid
X-PJAX-URL
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
X-Ftr-Backend
X-Ftr-Dc
X-Ftr-Backend-Server
X-Ftr-Balancer
X-Ftr-Realm
MIME-Version
X-Agile-Age
X-Agile
Ohc-Response-Time
X-Mid
X-Agile-Id
X-Fastly-Backend-Reqs
Requestid
X-Render-Time
Cf-Ipcountry
X-CSRF-Token
X-FORWARDED-FOR
X-FE
X-LB-ID
M-TraceId
SID
X-MCACHE
X-Varnish-Ttl
X-Vcl-Version
Amp-Access-Control-Allow-Source-Origin
Lb
X-Litespeed-Cache-Control
X-Via-SSL
X-Via-Edge
X-Logging-Id
URI
X-7Graus-Varnish-Cache-Control
X-Micro-Cache
X-UPSTREAM-Address
X-7Graus-Varnish-XKeys
X-Served-From
X-WR-MODIFICATION
Xkeyrz
X-Sedo-Request-Id
X-Proxy-Cacherz
X-Cache-Miss-From
HostName
X-DI
X-DB
X-Cache-Tag
X-Action
Host-ID
X-RPS
X-Amzn-Remapped-Date
X-RSL
X-RPM
X-Amzn-Remapped-Connection
RequestUuid
X-DSS
X-DW
X-Cf-Powered-By
DataCenter
X-Correlation-ID
X-Vct
X-Nananana
X-Core-Value
X-WA
X-ServedByHost
CDN
X-Fpc
X-Protected-By
X-Page-Impression-Id
X-Flow-Id
Xkeypdq
X-Zalando-Child-Request-Id
X-Fastly-Cache-Hits
X-NGINX-Cache
WebServer
X-Newrelic-App-Data
X-Request-Url
X-VC
X-SB
X-MID
Correlation-Id
X-TIME
X-Refresh
Cdnsip
X-AK-Request-ID
Cdncip
X-Dw-Trace-Id
X-ND-Cache
X-Vdms-Version
X-Ecache
X-Via-NSCOPI
FNAC-ModuleRouting
Warning
X-Cdn-Request-ID
Cneonction
X-Swift-Error
X-TT-LOGID
Xet-Cookie
Pragrma
X-Unique-Id
X-ECache
X-Sucuri-Cache
X-Bug-Bounty
X-ServerName
HitType
Processtime
Is-Session-Tracking
Get-Access-Time
X-Planisys-CDN-TTL
X-MiniProfiler-Ids
X-Apw-Access-Object
X-Serial
V-Cache
X-Gdpr
X-Apw-Access-Token
X-Apw-Hits
X-Planisys-CDN-Rules
X-Apw-Access-Action
X-Request-URL
X-Fe
X-Planisys-CDN-Cache