Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
CF-Cache-Status
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Request-Id
X-Varnish
X-Xss-Protection
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Alt-Svc
X-Adblock-Key
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-CDN
X-Via
X-Turbo-Charged-By
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Age
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Id-2
X-Amz-Request-Id
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
EagleId
Grace
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Server-Id
X-WebKit-CSP
Server-Timing
Feature-Policy
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Host
Report-To
X-Rq
X-Ac
X-Node
X-Request-ID
Content-Location
X-OneAgent-JS-Injection
X-Cnection
X-Response-Time
X-Backend-Server
X-Cloud-Trace-Context
X-Origin-Cache
X-Application-Context
X-Readtime
Request-Id
Allow
Surrogate-Control
EagleEye-TraceId
X-ORACLE-DMS-ECID
X-Country
X-Vhost
X-DynaTrace
X-TTL
X-Cache-Lookup
X-Ua-Compatible
X-Rack-Cache
X-Origin-Upstream-Status
X-Url
X-Clacks-Overhead
Pinterest-Generated-By
X-FTR-Request-ID
NEL
Rating
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country-Code
X-Dispatcher
X-Ruxit-JS-Agent
X-ORACLE-DMS-RID
X-CST
X-HW
X-Cdn
X-Instart-Request-ID
X-Goog-Hash
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
X-DataStream-Cache-Status
X-TtlSet
X-DataDome
X-Vname
X-PC
Edge-Control
X-Px
X-VARITI-CCR
Service-Worker-Allowed
Verso
X-Mod-Pagespeed
X-MS-InvokeApp
RTSS
X-Recruiting
X-Dns-Prefetch-Control
X-Kinja
X-Kinja-Revision
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Build
X-Exp-Id
X-GoogleNews-Bot
X-Use-Magma
X-Kinja-Server
X-Varnish-TTL
X-D2id
SPRequestGuid
X-Vcap-Request-Id
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
TCN
X-ESI
X-GitHub-Request-Id
X-SharePointHealthScore
X-Navigation-Version
X-Akam-SW-Version
X-SRCache-Fetch-Status
X-Middleton-Display
X-Middleton-Response
X-Sol
X-SRCache-Store-Status
Response
Display
X-Powered-By-Plesk
MS-Author-Via
X-RateLimit-Remaining
X-B3-TraceId
DynaTrace
Charset
X-Forwarded-Proto
Realpath
X-Powered-CMS
X-Shield-Request-Id
X-Upstream
X-Amz-Rid
Fastly-Restarts
Public-Key-Pins
ServerID
X-Version
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Server-Name
Nginx-Cache
X-Trace
X-Cached
AR-ATIME
AR-CACHE
Ar-Sid
AR-PoweredBy
Accept-CH
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Shard
Content-MD5
X-Dw-Request-Base-Id
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-Grace
AR-Request-ID
Pagespeed
Access-Control-Request-Method
Paypal-Debug-Id
X-MSEdge-Ref
X-Client-IP
SPRequestDuration
SPIisLatency
Accept-Ch-Lifetime
X-Goog-Storage-Class
S
X-Debug
X-FTR-Backend
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Realm
X-Id
X-FTR-Expires
X-FTR-DC
X-FTR-Cache-Status
X-DynaTrace-JS-Agent
X-Ezoic-Cdn
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Amz-Meta-S3cmd-Attrs
Front-End-Https
X-Fastly-Request-ID
X-T
Accept-Ch
X-N
X-Amzn-Trace-Id
X-NF-Request-ID
Arr-Disable-Session-Affinity
MicrosoftSharePointTeamServices
X-DIS-Request-ID
X-Content-Type
X-Hits
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Proxy
X-B3-Traceid
X-FastCGI-Cache
X-VCache
X-B3-Sampled
X-XRDS-Location
X-Acc-Meta-Resource-Type
X-Frontend
X-FTR-Cache-Host
PB-PID
X-Vcache
Arc-Version
X-Mobile-Rewrite
PB-RID
Fastcgi-Cache
X-Ser
X-Logged-In
X-Varnish-Age
X-Content-Digest
Server-Name
X-Srv
Alternate-Protocol
X-Correlation-Id
X-Node-Name
Nel
X-Cache-Key
X-Forwarded-For
X-Pad
X-Request-Handler-Origin-Region
X-Microsite
FilterID
AMP-Access-Control-Allow-Source-Origin
X-User-Agent
X-Rid
TP-L2-Cache
X-Type
Powered
TP-Cache
X-F-Cache
X-IPLB-Instance
X-LB-Cache
Healthy
X-Cache-2
X-Zen-Fury
X-Request-Processing-Time
X-Request-Received
X-Kinsta-Cache
X-Amz-Apigw-Id
Host
X-Amzn-RequestId
Accept-CH-Lifetime
X-Revision
Edge-Cache-Tag
Powered-By-ChinaCache
X-Debug-Info
X-AOL-HN
X-Via-JSL
X-Kong-Proxy-Latency
X-Cache-Age
X-Kong-Upstream-Latency
X-Analytics
Backend-Timing
X-XRDS-LOCATION
X-Cached-By
X-Az
X-AppVersion
X-Activity-Id
X-HS-Content-Id
X-HS-Hub-Id
X-Hostname
X-Fastcgi-Cache
X-Accel-Expires
X-Cache-Rule
X-GUploader-UploadID
Surrogate-Key
X-Content-Security-Policy-Report-Only
VIX-Pulpo-Upstream-Status
X-Varnish-Backend
VIX-Pulpo-Node
X-Content-Options
X-Instance
Server-Node
X-Varnish-Grace
X-Signature
X-B-Cache
X-PHP-Backend
X-Page-Id
X-Tumblr-Pixel
X-Tumblr-User
Cache-Status
X-Tumblr-Pixel-0
X-BCube-Filmed-By
X-Amz-Replication-Status
X-Content-Powered-By
X-App-Environment
X-Akamai-Edgescape
X-Request-Guid
X-Jobs
X-Forwarded-Host
Source
Refresh
X-TT
X-Cluster
Cleartype
X-Framework
X-FB-Debug
X-RateLimit-Limit
Liferay-Portal
X-FW-Static
X-FW-Serve
X-FW-Server
X-FW-Hash
X-FW-Type
DC
X-Time
X-ATG-Version
Tracecode
Accept-Charset
Fastcgi-Useragent
X-Varnish-Hostname
Access-Control-Allow-Method
X-Esi
Host-Header
X-Cache-Action
X-Mobile
X-Drupal-Cache-Tags
X-Cache-Operation
X-Whom
WPE-Backend
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Cache-Control
X-Edge-Location
X-Presslabs-Stats
X-APP-VERSION
X-WA-Info
X-B
X-Response-Served-From
X-Mobile-URL
Payment
X-App-Server
NGB
X-Cache-TTL
X-Accel-Buffering
X-Hp-Webp
X-Storage
Filters
X-TX-ID
Actual-Object-TTL
X-Cache-Hit
Cache-Tag
X-Content-Age
X-Git-Hash
X-WebKit-CSP-Report-Only
Cache-Tv-Group
X-Handled-By
X-TT-TIMESTAMP
Retry-After
Upgrade-Insecure-Requests
X-Cacheable-TTL
X-RequestSource
Viewport
Eomportal-Instance
X-Tumblr-Pixel-2
X-NWS-LOG-UUID
X-GeoIP
X-Tumblr-Pixel-1
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-UA-Device-Type
X-ProcessESI
X-Adobe-Loc
X-Status
X-Adobe-Content
X-RemovedCookies
MS-CV
X-SS-Set-Cookie
X-Geo-Country
X-FW-Dynamic
X-VG-WebCache
Webserver
X-Server-ID
Xserver
X-Seen-By
X-TA-CDN-Provider
X-Cache-TTL-Remaining
X-Host-Name
X-RTag
Ms-Operation-Id
X-FB-TRIP-ID
X-Oracle-Dms-Rid
X-Ratelimit-Limit
X-Cache-Enabled
Datacenter
Frame-Options
From-Origin
X-Guploader-Uploadid
X-Hyper-Cache
Cache
X-Contextid
X-Origin-Server
Server-Info
X-B3-Spanid
X-Generated-By
X-Mode
Country
X-CF-Powered-By
CACHE
GEO-INFO
S-Cnection
X-Tumblr-Pixel-3
Machine
Meta-Geo
X-Path-Route
X-Cache-Var
X-Drupal-Cache-Contexts
X-Cache-Var-Map
X-ES-SERVER
Load-Balancing
X-RN-RSRV
X-Cache-Config
X-MP-GENERATED-AT
X-Upstream-CT
X-Section
X-Access
X-Routing-Service
X-Proxied
X-Cache-Grace
Vix-Hermes-Req-Id
X-Zipkin-Id
X-Upstream-HT
Cache-Key
X-Web-Node
X-R9-Blue-Green-Version
X-Labrador-Cache-Channel
ServedBy
Rt-Fastcgi-Cache
X-From
X-Hit
X-Loop
X-Human
X-Varnish-Cache-Hits
X-Varnish-Server
Decoy-Debug-Status
Decoy-Debug-Key
X-TNCMS
Decoy-Debug-TTL
Mn-Server-Ip
X-Backend-Name
Now
X-VWS-Id
X-Viewer-Country
X-Ratelimit-Reset
X-Cluster-Node
X-LJ-Flow-ID
X-Region
X-Proxy-Build
Akamai-GRN
Cache-Name
X-Akamai-Request-ID
X-AWS-Id
X-PCL
X-Origin-Response-Time
X-EIG-Tracking-Id
X-OCL
X-Cache-Host
X-Rule
X-RateLimit-Reset
X-VG-TLSProxy
X-Upgrade-Enabled
X-Trace-Id
X-Timing-Wait
SRV
Release
X-Via-Fastly
X-Site-Version
X-Www-Served-By
DSUID
X-FC-Vary-Parameters
X-Generated
X-Debug-Cache
X-Proto
X-NCache
X-Magnolia-Registration
X-L-Path
X-Locale
X-Device-Type
X-Dc
X-Endurance-Cache-Level
X-Environment-Context
X-NewRelic-App-Data
Mail-Subject
X-Rendered-As
We-Hiring
X-Alternate-Cache-Key
OT-Force-Account-Verify
X-Shopify-Stage
X-Goog-Meta-Goog-Reserved-File-Mtime
X-ShopId
X-ShardId
X-Hosted-By
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
DB-Nickname
X-JoinUs
X-Akamai-Request-ID2
ProcessTime
X-CCM
X-Time-Microsecs
X-S
X-IP
Version
X-Xfnlog-Site
X-Request-Time
X-RCS-CacheZone
Time
Uber-Trace-Id
X-Load-Cache
NtCoent-Length
X-Origin-Hint
Azure-InstanceId
Azure-RegionName
X-Wix-Request-Id
X-VCT
TWC-Connection-Speed
TWC-Device-Class
Azure-SlotName
S-Rt
Property-Id
Azure-Version
TWC-GeoIP-LatLong
Azure-SiteName
Webcakes-App-Version
Webcakes-Region
Webcakes-App-Name
TWC-Privacy
TWC-Locale-Group
X-FW-Version
TWC-GeoIP-Country
X-Origin
X-Varnish-Hits
X-No-Session
X-EdgeConnect-Cache-Status
Cteonnt-Length
NGX
X-Via-CDN
X-ProxyCache-Status
X-ProxyCache-Key
X-UUID
X-Proxy
X-Redis-Cache
X-Nginx-Cache
X-BYPASS-REASON
X-PressLabs-Stats
X-FireWall-Port
X-Platform-Server
X-UA
X-Vgn-Hpd-Reason
X-MServer
X-Daa-Tunnel
X-ApacheServer
X-ECACHE
X-PERF
X-Akamai-Transformed
X-Rocket-Nginx-Bypass
Odigeo-Trace-Id
Accept-Language
X-HTML-Minification-Powered-By
X-CDN-Forward
X-CS
X-Format
X-Hl-Ver
Origin
X-GEO
X-Cache-NE
X-Oneagent-Js-Injection
X-Cache-Server
X-IPS-LoggedIn
Ec-Rule-Version
Access-Control-Request-Headers
Cache-Tags
X-UnsetCookies
X-Cache-Remote
X-Distributor
X-Dynatrace-Js-Agent
X-ServerID
X-Real-IP
LB
X-Tb
X-Webkit-Csp
X-Amzn-Remapped-Content-Length
Selected-Fe
Fastly-SSL
Proxy-Connection
X-BACKEND-TTL
X-B3-Parentspanid
Hostname
L5d-Success-Class
X-Microcachable
X-URL
X-Pubstack
X-Compress-Hint
X-Unique-ID
X-Instart-Info
Cdn-Host
X-Trv-Group
X-PAYTM-SRV-ID
Cdn-Request-Time
X-Org
X-Level-Front-Cache
X-Internal-Host
Cache-Cookie-Set-From
Arc-Country
AsisCache
BehaviorPad-Version
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-Is-Bot
A
Content-Script-Type
AKAMAI
Cache-Prefix
Meta-Geo-Continent
X-Edge-Server
X-AIR-PT
X-App-Name
X-Application
X-ARC
X-External-Request-Id
X-Aed
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-Accel-Expires-Debug
X-DPWN-IS-SECURE
X-B-Cookie
X-Detected-As
X-Connection-Hash
X-Destination
X-D
X-Date
X-Developer
X-Cluster-Name
X-Cache-Bucket
X-Cdn-Srv
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-A-Dam
X-A-Ccd
X-IN-APIGATEWAY
GEO-REGION-INFO
X-Geo-Header
MD5-Digest
Mobile-Detection-Method
Fly-Request-Id
Fly-Cache
Cross-Origin-Window-Policy
Fastcgi-X-Cache-Version
Fastly-SIE
Fastly-SWR
Node
X-Generated-On
X-G
Viewtype
VivaBuild
X-A
Server-ID
Rt-Proxy-Cache
Proxy-Firewall
Rendered-Blocks
Request-Time
REQUESTUUID
Content-Style-Type
X-NU-AKA-ACS-Version
X-SRCache-Key
X-Request-UUID
X-Rewrite-Enabled
X-VG-WebServer
X-SVT-ORM-RULES
X-Region-Sid
X-SVT-ORM-VERSION
X-Rojux
X-Vtex-Remote-Cache
Xc-Version
X-Worker
X-ScT
X-S-Maxage
X-Server-Time
X-S-Cookie
X-Nc
X-Vtex-Processado-Em
X-Varnish-Url
X-Rebelmouse-Surrogate-Control
X-Transaction
X-Twitter-Response-Tags
X-Rebelmouse-Cache-Control
X-Varnish-Cacheable
X-ElasticPress-Search
ServerName
Served-By
Ha-Gx-Prefs
X-We-Are-Hiring
HA-Ipaddr
X-C
X-HS-Cache-Config
X-Eu-Site
X-Qloud-Router
X-Location
X-HS-Combine-CSS
Gh-Request-Id
Origin-Edge-Control
X-ServiceProvider
Countrycode
UCS
Request-EU
Request-Country
Resin-Trace
X-Server-IP
Server-Int
Section-Io-Cache
X-Debug-Cookies
Origin-Cache-Control
X-Fastly-Cache
Kp-EeAlive
X-Clientip
Memcached
W
On-Server
IBM-Web2-Location
X-Skip-Cache
X-Cache-Info
X-Debug-Log
X-CGP
Apple-News-Services-Handled
X-Method
Backend-Name
Apple-News-Services-Request-Url
X-Cdn-Origin
X-Nginx-Cache-Key
Apple-News-Services-Host
X-BBXSRF
X-Backend-State
X-Developers
X-TrackingId
Esi-Enabled
X-Sn-Servicetimems
Content-Disposition
X-Distil-CS
Apple-News-Services-Parsed-Url
X-NX-Host
X-Core-Mission
X-Urbn-Site-Id
X-Urbn-Context-Path
X-SERVER
Locale
X-Device-Os
X-TH-Server
SS
True-Client-Country-4JS
X-Swa-Ws
User-Cache-Control
X-Webstats-RespID
Who
X-Variation
Wxu-Next-Region
X-Block-Status
X-Wikidot-Backend
X-SIPLIST1
Wxu-Next-Hostname
Wxu-Next-Commit
X-Dispatch
Web-Mar-Node
X-Epic-Correlation-Id
X-Cache-Category-Id
X-Cache-Id
N-Cache
Server-Host
X-Reqid
X-Release
CDCHOST
Fastly-Soc-X-Request-Id
X-Bip
X-Hnp-Log
Powered-By
X-Auto-Login
X-Crawler
X-Hash
X-Reboot
X-Proxy-Upstream
X-Proxy-Cache-Status
X-PHP-Host
X-Key
X-Irp-Debug
X-NC
Adler-Geo
X-Thanos
GW-Server
X-Request-URI
Pramga
Platform
Country-Code
X-Gen-Mode
RNT-Machine
X-Gannett-Site-Version
X-Secret
RNT-Time
X-Generation-Time
X-Wikidot-Static-Cache
IsBot
Is-Eu
X-GeoIP-Country-Code
Heartbleed
X-Grey
L
X-Cache-Backend
X-Li-Pop
X-VC-Cache
X-LI-Proto
X-Servername
X-LI-UUID
X-Owner
X-Li-Fabric
X-Matched-Rule
X-FPC
X-Thinkindot-L3
X-SD-PageType
X-Origin-Date
X-GeoIP-City
X-Response-By
X-VServer
X-Origin-Expires
X-WADP-Cache
PFcat
X-Fetched-On
X-Request-Start
X-Dispatcher-Server
X-WebServer
Thinkindot-Control
X-SERVER-NAME
X-Azure-Ref
X-Amz-Meta-Cache-Control
SD-X-WS
Thinkindot-CacheControl
X-Azure-Ref-OriginShield
V-Age
X-Cms-Context
X-CUA
X-Clara-WADP
X-CDN-Cache
X-Cache-FS-Status
Thinkindot-CacheControl-Type
X-Varnish-Ttl
X-Edge
X-CLOUD-TRACE-CONTEXT
X-OVcl
X-Pf-Uncompressing
X-FE
X-ABtesting
X-Hello
X-OVcl-Cache
X-Flog
X-Ratelimit-Remaining
X-Served-From
X-Via-NSCOPI
Pagetype
CF-IPCountry
X-Processor
User-Agent
PageSpeed
Magicmarker
X-Be
X-Generated-In
X-User
X-Via-Edge
X-Parent-Response-Time
X-Powered-By-Defense
X-Backend-Url
X-Via-SSL
X-Backend-Host
X-LAGOON
Mime-Version
X-GoCache-CacheStatus
X-Up
X-MSEdge-Flight
X-MSEdge-Features
X-Tt-Trace-Tag
Memory
X-Geo
X-Ua
X-Debug-Cache-Store
X-Varnish-Beresp-Ttl
X-Debug-Cache-Fetch
X-Protected-By
X-Debug-Cache-Expiry
X-Soup
X-ND-Cache
X-Newrelic-Synthetics
X-B3-SpanId
GeoIp-Country-Code
Geoip-City
X-Ttl
Geoip-Latitude
X-Page-Type
Cache-Hits
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Fstrz
Pragrma
X-Planisys-CDN-TTL
X-Check-Cacheable
X-Say-TTL
X-ZONE
X-Zone
X-Say-Cacheable
X-Backend-TTL
X-SayCDN-TTL
X-Origin-TTL
X-Akamai-SSL-Client-Sid
X-Origin-CC
X-Old-Content-Length
X-Cdn-Forward
X-Litespeed-Cache
X-CSRF-TOKEN
X-Cache-Time
X-Varnish-Beresp-Status
X-IN-WAF
X-Core-Value
X-Varnish-Beresp-Grace
X-Phone
WZWS-RAY
Fastly-Backend-Name
X-TT-LOGID
XServer
Cdn
X-Servedbyhost
X-Cache-Ttl
X-IN-APIGATEWAYSSL
X-DC
X-Logtrace-Id
X-Vcl-Version
X-Node-Id
X-HS-Status
Ajk
Inserted-Into-Cache-At
X-Datadome
X-MID
X-Ruxit-Js-Agent
Dynatrace
Amp-Access-Control-Allow-Source-Origin
X-Aicache-OS
X-BC
FSS-Proxy
FSS-Cache
Srv
X-Mid
X-RateLimit-Remaining-Second
X-Wa
X-RateLimit-Limit-Second
SN
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-Tec-Api-Root
X-Tec-Api-Origin
X-ServedByHost
X-VCL-Version
X-Tb-Optimization-Total-Bytes-Saved
X-UPSTREAM-Address
X-Birta-Cache-Post
X-Tec-Api-Version
X-Birta-Served
X-EC-Lua
CF-Cached-On
Server-Surrogate-Control
Server-Cache-Control
HostName
X-APP
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-Proxy-Cacherz
X-App-Version
X-Refresh
X-Varnish-Authentication
Xkeyrz
X-Info
X-Varnish-IP
Selected-FE
RequestId
X-COUNTRY
T-Server
X-Bc
X-CSRF-Token
X-FORWARDED-FOR
X-CACHE-KEY
X-Source
X-Render-Time
X-GDPR
X-PJAX-URL
PICS-Label
X-Cache-Debug
X-Real-Ip
X-Agile-Age
X-Agile
HitType
X-Agile-Id
X-NWS-UUID-VERIFY
MIME-Version
X-LiteSpeed-Cache-Control
Cf-Ipcountry
X-Varnish-Beresp-TTL
Ohc-File-Size
X-ECache
X-WR-MODIFICATION
WebServer
X-Nananana
Ohc-Cache-HIT
X-Via-Ucdn
GeoIP-Country-Code
GeoIP-City
URI
SID
X-Policy
X-LB-ID
DataCenter
X-Fastly-Country-Code
GeoIP-Latitude
Is-Session-Tracking
X-Uri
X-Unique-Id
X-Web-Server
X-Micro-Cache
Xkeynj
Get-Access-Time
X-TIME
X-PAGE-TYPE
Cache-Provider
X-Cache-Miss-From
X-Service
X-Cache-Tag
X-BE
X-Lb-Id
X-Request-Url
X-NGINX-Cache
X-Sedo-Request-Id
X-Fastly-Backend-Reqs
X-Requestid
Lb
X-Ftr-Cache-Host
Pics-Label
CDN
Group
X-Pjax-Url
X-GRACE
X-Var-Ttl
Xet-Cookie
X-Correlation-ID
X-MCACHE
Cneonction
Ohc-Response-Time
X-Apw-Access-Token
X-Has-Esi
X-Vct
X-Is-Gdpr
X-Apw-Hits
X-Apw-Access-Object
X-Apw-Access-Action
X-JWT-State
HTTPS
X-NGENIX-Cache
X-Dw-Trace-Id
X-SRV
X-PF-Uncompressing
Www
X-Edge-IP
FNAC-ModuleRouting
X-Cdn-Request-ID
Correlation-Id
X-Ecache
X-SN
X-Fpc
Backend
X-Cf-Powered-By
X-WA
X-Swift-Error
X-ServerName
Warning
X-Newrelic-App-Data
X-Litespeed-Cache-Control
Lfy
X-DB
X-Zalando-Child-Request-Id
X-Fe
X-Flow-Id
X-Page-Impression-Id
X-DI
X-Serial
X-Fastly-Cache-Hits
X-RPS
X-RSL
X-Instart-Isnd
Host-ID
X-RPM
X-DW
X-Akamai-ERRuleID
X-Bug-Bounty
X-Cache-Expires
X-DSS
X-Akamai-ERPolicy