Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
X-XSS-Protection
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Cacheable
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Xss-Protection
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Request-ID
X-Iinfo
Status
X-AspNetMvc-Version
Content-Encoding
X-Content-Security-Policy
X-Buckets
X-Kinja-Server-Push
Xkey
Upgrade
X-Via
X-Turbo-Charged-By
Access-Control-Expose-Headers
Keep-Alive
Access-Control-Max-Age
X-Cache-Group
X-Drupal-Dynamic-Cache
X-Pass-Why
P3p
X-Age
X-CDN
EagleId
X-Backend
X-Robots-Tag
X-Amz-Id-2
X-Amz-Request-Id
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Pingback
X-Ua-Compatible
X-Server-Powered-By
X-Proxy-Cache
X-Hacker
X-Server
X-UA-Device
X-AH-Environment
Request-Context
X-Nginx-Cache-Status
Grace
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Server-Id
Cf-Railgun
X-Amz-Version-Id
X-WebKit-CSP
X-Cdn
Feature-Policy
Server-Timing
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Rq
X-Cnection
X-Ac
Report-To
X-Cloud-Trace-Context
X-Host
X-Response-Time
X-Node
Content-Location
X-Backend-Server
EagleEye-TraceId
Request-Id
X-Origin-Cache
X-Readtime
X-Vhost
X-Application-Context
X-Cache-Lookup
X-Dns-Prefetch-Control
X-ORACLE-DMS-ECID
NEL
X-Dispatcher
Surrogate-Control
Allow
X-Rack-Cache
X-Ruxit-JS-Agent
X-Origin-Upstream-Status
X-Country
X-HW
X-Url
Rating
X-Country-Code
X-FTR-Request-ID
X-DataDome
X-Clacks-Overhead
X-TTL
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-ORACLE-DMS-RID
X-DynaTrace
Fusion-Template-Id
X-Instart-Request-ID
Fusion-Content-Source
Fusion-Source
Fusion-Content-Id
Fusion-Component-Id
X-Goog-Hash
X-Varnish-TTL
X-MS-InvokeApp
X-PC
X-TtlSet
X-Vname
X-CST
X-Ah-Environment
X-Px
Verso
RTSS
Edge-Control
X-Powered-By-Plesk
Public-Key-Pins
X-VARITI-CCR
X-Recruiting
X-Mod-Pagespeed
Service-Worker-Allowed
X-D2id
X-Exp-Id
X-GoogleNews-Bot
X-Use-Magma
X-Kinja-Server
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja
X-Exp-Variant
X-Kinja-Build
Pinterest-Generated-By
Display
Response
X-Middleton-Display
X-Sol
X-Middleton-Response
X-Vcap-Request-Id
X-Version
SPRequestGuid
X-SharePointHealthScore
Accept-Ch-Lifetime
MS-Author-Via
X-Akam-SW-Version
X-RateLimit-Remaining
TCN
X-GitHub-Request-Id
X-Navigation-Version
X-Abt-Application-Version
Accept-CH
X-Powered-CMS
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Upstream
X-Forwarded-Proto
X-Shard
X-Amz-Server-Side-Encryption
SPRequestDuration
SPIisLatency
Ar-Sid
Charset
AR-PoweredBy
AR-CACHE
X-XRDS-Location
AR-ATIME
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-B3-TraceId
Fastly-Restarts
X-Amz-Rid
Realpath
Nginx-Cache
X-Trace
X-Debug
X-Aspnetmvc-Version
Front-End-Https
AR-Request-ID
X-Shield-Request-Id
X-Cached
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Server-Name
X-ESI
X-Ezoic-Cdn
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
X-MSEdge-Ref
Access-Control-Request-Method
Paypal-Debug-Id
X-NF-Request-ID
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Expires
Arr-Disable-Session-Affinity
DynaTrace
Pagespeed
ServerID
X-Vcache
Content-MD5
X-Id
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Balancer
X-FTR-Realm
X-Goog-Storage-Class
MicrosoftSharePointTeamServices
S
X-DynaTrace-JS-Agent
X-T
X-Fastly-Request-ID
X-Amz-Meta-S3cmd-Attrs
X-Client-IP
X-Via-JSL
X-Content-Type
X-B3-Traceid
X-Varnish-Age
X-Dw-Request-Base-Id
X-Hits
X-Amzn-Trace-Id
X-RateLimit-Limit
X-N
X-FastCGI-Cache
X-Grace
X-Correlation-Id
X-Forwarded-For
Fastcgi-Cache
X-VCache
X-FTR-Cache-Host
X-Frontend
X-SERVER
X-Content-Digest
Powered
PB-PID
PB-RID
X-Mobile-Rewrite
Arc-Version
X-Esi
Accept-Ch
Server-Name
X-DIS-Request-ID
X-Logged-In
X-Ser
X-Accel-Expires
AMP-Access-Control-Allow-Source-Origin
X-B3-Sampled
X-GUploader-UploadID
X-HS-Hub-Id
X-HS-Content-Id
X-Zen-Fury
X-Microsite
TP-L2-Cache
TP-Cache
X-Request-Handler-Origin-Region
X-Kinsta-Cache
X-Cache-Age
X-Request-Received
X-Request-Processing-Time
X-Type
X-LB-Cache
FilterID
X-Rid
X-User-Agent
X-Activity-Id
X-Analytics
X-AppVersion
X-IPLB-Instance
X-Revision
X-Az
Backend-Timing
Healthy
X-Fastcgi-Cache
Edge-Cache-Tag
X-Node-Name
X-F-Cache
X-Srv
X-Whom
X-Acc-Meta-Resource-Type
X-Time
Retry-After
X-Cache-2
X-Kong-Upstream-Latency
X-NWS-LOG-UUID
X-Kong-Proxy-Latency
X-Amz-Apigw-Id
X-Amzn-RequestId
Accept-Charset
Alternate-Protocol
X-Pinterest-Rid
Pinterest-Version
X-Cache-Hit
X-AOL-HN
X-Cache-Rule
Cache-Status
Server-Node
X-Content-Options
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Surrogate-Key
X-Akamai-Edgescape
Access-Control-Allow-Method
DC
X-Cluster
X-Content-Powered-By
X-Content-Security-Policy-Report-Only
X-Jobs
X-Forwarded-Host
X-Tumblr-Pixel
X-FW-Serve
X-FW-Server
X-FW-Static
X-FW-Hash
X-FB-Debug
Refresh
X-Debug-Info
X-Instance
X-FW-Type
X-Tumblr-User
X-Page-Id
X-Tumblr-Pixel-0
X-Framework
X-Varnish-Grace
Source
X-PHP-Backend
X-Request-Guid
X-App-Environment
X-B
X-Hp-Webp
MS-CV
Fastcgi-Useragent
X-Hostname
X-App-Server
Host
Cleartype
X-Cache-Key
Frame-Options
X-Signature
X-B-Cache
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Ratelimit-Reset
X-DataStream-Cache-Status
Tracecode
X-Cached-By
X-BCube-Filmed-By
Actual-Object-TTL
X-Cache-Operation
X-PressLabs-Stats
X-Mobile-URL
Cache-Tag
X-TA-CDN-Provider
X-Oracle-Dms-Rid
X-Varnish-Backend
X-Geo-Country
X-Cache-Control
Xserver
X-TT
X-Amz-Replication-Status
X-Pad
Liferay-Portal
X-Seen-By
X-Mobile
X-Host-Name
NGB
X-ATG-Version
X-Response-Served-From
X-Git-Hash
X-Adobe-Content
X-Adobe-Loc
Payment
X-WebKit-CSP-Report-Only
X-TT-TIMESTAMP
Eomportal-Instance
Upgrade-Insecure-Requests
X-Status
X-WA-Info
X-FW-Dynamic
X-Tumblr-Pixel-1
X-RemovedCookies
WPE-Backend
Filters
X-ProcessESI
Cache-Tv-Group
X-Tumblr-Pixel-2
X-TX-ID
X-RTag
X-GeoIP
X-Cacheable-TTL
Ms-Operation-Id
X-Drupal-Cache-Tags
X-Handled-By
X-UA-Device-Type
X-RequestSource
From-Origin
Webserver
X-Content-Age
X-Cache-TTL-Remaining
GEO-INFO
Datacenter
X-Cache-Remote
X-Daa-Tunnel
X-Upstream-Proxy
X-Edge-Location
Cache
X-Storage
Viewport
X-Cache-Action
X-Webkit-CSP
X-Accel-Buffering
X-Origin-Server
X-Varnish-Hostname
Accept-CH-Lifetime
X-Ua
X-EdgeConnect-Cache-Status
X-Cache-TTL
Version
X-Hyper-Cache
X-CF-Powered-By
X-Contextid
Host-Header
X-Region
X-Yottaa-Metrics
X-Wix-Request-Id
X-Yottaa-Optimizations
SRV
PageSpeed
X-Akamai-Transformed
X-Varnish-Server
X-Path-Route
X-Akamai-Request-ID2
X-ES-SERVER
Load-Balancing
X-RN-RSRV
Meta-Geo
NR-ENABLED
X-Cache-Var-Map
X-Cache-Var
X-IP
X-From
S-Cnection
X-Timing-Wait
X-JoinUs
Selected-Fe
X-Proxy-Build
X-Generated
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Proto
X-Loop
Vix-Hermes-Req-Id
X-Cache-Config
X-TNCMS
X-Backend-Name
Now
Cache-Tags
X-CS
X-Proxy
Cache-Name
X-Hit
Cache-Hits
X-Tumblr-Pixel-3
X-PERF
DB-Nickname
X-FC-Vary-Parameters
X-Rule
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
Rt-Fastcgi-Cache
X-Cache-Enabled
X-Section
X-Viewer-Country
X-Access
X-Cluster-Node
X-Akamai-Request-ID
X-Origin
X-Labrador-Cache-Channel
X-Via-Fastly
X-NCache
X-ApacheServer
X-Upgrade-Enabled
X-Time-Microsecs
X-Origin-Response-Time
X-Trace-Id
X-Origin-Hint
X-Cache-Host
X-Upstream-CT
X-Web-Node
X-Xfnlog-Site
Cache-Key
Azure-Version
Ec-Rule-Version
Country
Mn-Server-Ip
X-PCL
X-R9-Blue-Green-Version
X-CCM
X-UnsetCookies
TWC-Privacy
X-FW-Version
X-Varnish-Cache-Hits
X-Cache-Grace
Webcakes-App-Version
Webcakes-App-Name
X-FireWall-Port
X-Format
X-Hosted-By
X-Backend-TTL
Webcakes-Region
Azure-SlotName
X-OCL
X-EIG-Tracking-Id
Property-Id
TWC-Connection-Speed
TWC-Device-Class
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Upstream-HT
S-Rt
Azure-InstanceId
Azure-SiteName
Azure-RegionName
X-Locale
X-S
X-Human
X-Device-Type
X-Debug-Cache
X-Varnish-Hits
X-Drupal-Cache-Contexts
X-Site-Version
X-DataStream-Origin-MEX-Latency
OT-Force-Account-Verify
X-NewRelic-App-Data
X-Cache-Time
DSUID
X-DataStream-MidMile-RTT
Server-Info
X-Cache-Server
Time
X-Rendered-As
Release
X-Cache-NE
Ohc-File-Size
X-Www-Served-By
Hostname
X-VG-WebCache
X-APP-VERSION
ServedBy
X-VG-TLSProxy
X-ShardId
X-ShopId
X-Sorting-Hat-PodId
X-Vgn-Hpd-Reason
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-FB-TRIP-ID
X-VCT
X-Mode
Accept-Language
X-Nginx-Cache
Fastcgi-X-Cache-Version
X-Redis-Cache
Machine
X-OVcl-Cache
X-Real-IP
X-B3-Spanid
X-Tb
X-OVcl
NtCoent-Length
Ohc-Cache-HIT
Origin
Cteonnt-Length
Origin-Cache-Control
Origin-Edge-Control
X-NC
X-Pubstack
X-GEO
X-Environment-Context
X-No-Session
X-Presslabs-Stats
L5d-Success-Class
X-CSRF-TOKEN
X-L-Path
Access-Control-Request-Headers
X-HS-Cache-Config
X-Request-Time
X-Generated-By
X-Load-Cache
Odigeo-Trace-Id
X-Magnolia-Registration
X-Tt-Trace-Tag
X-Cluster-Name
X-LJ-Flow-ID
Mime-Version
X-DC
X-VWS-Id
Fastly-SSL
X-Endurance-Cache-Level
X-AWS-Id
X-Amzn-Remapped-Content-Length
IBM-Web2-Location
X-Parent-Response-Time
Akamai-GRN
We-Hiring
X-UUID
Mail-Subject
X-App-Version
X-B3-Parentspanid
X-GoCache-CacheStatus
X-Rocket-Nginx-Bypass
X-ServerID
Nel
X-NGENIX-Cache
X-ECACHE
Request-Time
X-Urbn-Site-Id
X-XRDS-LOCATION
X-Urbn-Context-Path
Locale
X-CACHE-KEY
Cdn-Host
X-AIR-PT
X-Application
X-A-Dam
X-ARC
CF-IPCountry
Cache-Prefix
X-Aed
X-A-Wwc
Content-Script-Type
X-Accel-Expires-Debug
X-A-Dgt
X-A-Dcw
Content-Style-Type
Cross-Origin-Window-Policy
BehaviorPad-Version
A
Rt-Proxy-Cache
Server-ID
T-Server
X-Node-Id
MD5-Digest
Rendered-Blocks
X-Soup
Mobile-Detection-Method
Meta-Geo-Continent
Node
Memcached
GEO-REGION-INFO
Fly-Request-Id
AsisCache
Arc-Country
VivaBuild
Proxy-Connection
X-A
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-MServer
Fly-Cache
Viewtype
Apple-News-Services-Handled
Apple-News-Services-Host
X-A-Ccd
X-Vtex-Remote-Cache
X-ProxyCache-Key
X-ProxyCache-Status
X-Rojux
X-G
X-Proxied
X-External-Request-Id
X-Edge-Server
Uber-Trace-Id
Xc-Version
X-Routing-Service
X-DPWN-IS-SECURE
X-S-Cookie
X-Transaction
X-Twitter-Response-Tags
X-Region-Sid
X-Origin-Date
X-Origin-Expires
X-PAYTM-SRV-ID
X-Trv-Group
X-Org
X-Is-Bot
X-Rewrite-Enabled
X-Request-UUID
X-Worker
X-Instart-Info
X-S-Maxage
X-VG-WebServer
X-BYPASS-REASON
X-SS-Set-Cookie
X-Connection-Hash
X-ScT
X-SRCache-Key
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-D
X-Date
X-Server-Time
X-Vtex-Processado-Em
Cdn-Request-Time
X-Developer
X-B-Cookie
X-Destination
X-Detected-As
X-Zipkin-Id
X-Element-Page-Cache
ServerName
X-Oneagent-Js-Injection
X-Via-CDN
Backend-Name
X-SIPLIST1
X-TrackingId
X-Thanos
Fastly-Soc-X-Request-Id
X-Request-Start
X-Release
Countrycode
Gh-Request-Id
X-Up
X-Cms-Context
X-Core-Mission
X-Developers
X-WebServer
X-Clientip
X-Cdn-Srv
X-Azure-Ref
X-Auto-Login
X-Bip
X-Cache-Bucket
X-Distil-CS
X-Distributor
X-IN-APIGATEWAYSSL
Request-EU
Request-Country
NGX
Section-Io-Cache
X-IN-APIGATEWAY
X-VC-Cache
X-Fastly-Cache
X-Azure-Ref-OriginShield
X-Hl-Ver
N-Cache
IsBot
X-Origin-CC
X-Origin-TTL
User-Cache-Control
X-ElasticPress-Search
X-Level-Front-Cache
X-Li-Fabric
X-NX-Host
X-Li-Pop
X-Irp-Debug
X-ABtesting
X-Geo-Header
X-Amz-Meta-Cache-Control
X-GeoIP-City
X-Hash
X-Hello
X-Hnp-Log
X-LI-UUID
True-Client-Country-4JS
X-MSEdge-Flight
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-MSEdge-Features
V-Age
X-Generation-Time
X-Nginx-Cache-Key
X-Location
W
X-Matched-Rule
X-LI-Proto
X-Generated-In
X-Cache-Id
X-Cache-Info
X-Cache-FS-Status
X-Debug-Cookies
X-Debug-Log
X-Debug-Cache-Store
X-Cdn-Origin
X-CGP
X-Clara-WADP
X-CUA
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Device-Os
X-C
X-Flog
X-Fetched-On
X-Gen-Mode
X-Compress-Hint
X-App-Name
X-Eu-Site
X-Epic-Correlation-Id
Content-Disposition
X-Block-Status
X-BBXSRF
X-Backend-Url
X-Backend-Host
X-Generated-On
Server-Int
X-Thinkindot-L3
X-Old-Content-Length
Adler-Geo
X-Unique-ID
Fastly-SWR
X-Variation
Fastly-SIE
X-Request-URI
X-Wikidot-Static-Cache
Magicmarker
X-Sn-Servicetimems
X-SVT-ORM-RULES
Ha-Gx-Prefs
Is-Eu
X-We-Are-Hiring
X-SVT-ORM-VERSION
X-ServiceProvider
X-Skip-Cache
HA-Ipaddr
PFcat
RNT-Time
RNT-Machine
X-Platform-Server
X-Proxy-Cache-Status
X-VServer
X-PHP-Host
X-WADP-Cache
CDCHOST
X-Owner
Esi-Enabled
X-Proxy-Upstream
X-Rebelmouse-Surrogate-Control
Platform
X-Reboot
X-RateLimit-Remaining-Second
X-Rebelmouse-Cache-Control
X-Wikidot-Backend
X-RateLimit-Limit-Second
X-Microcachable
X-Swa-Ws
X-User
X-Webstats-RespID
X-SayCDN-TTL
X-Qloud-Router
X-Key
X-Internal-Host
X-Method
X-GDPR
X-Guploader-Uploadid
X-MP-GENERATED-AT
X-HS-Combine-CSS
X-Reqid
X-Server-IP
X-Servername
X-Dispatcher-Server
X-SD-PageType
X-Say-TTL
X-Response-By
X-Say-Cacheable
X-B3-SpanId
X-Dispatch
SS
Server-Host
L
Kp-EeAlive
X-Backend-State
Memory
X-Uri
Pramga
SD-X-WS
Pagetype
Served-By
Wxu-Next-Region
Heartbleed
Cache-Cookie-Set-Idcheck
Wxu-Next-Hostname
Wxu-Next-Commit
Country-Code
Web-Mar-Node
X-Cdn-Forward
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
AKAMAI
X-IPS-LoggedIn
X-Policy
X-Page-Type
Resin-Trace
UCS
X-FPC
X-SERVER-NAME
X-Wa
ProcessTime
X-Servedbyhost
X-Ttl
X-Dynatrace
REQUESTUUID
X-Var-Ttl
Ajk
X-Service
X-Logtrace-Id
Powered-By-ChinaCache
X-HTML-Minification-Powered-By
X-Lb-Id
Cache-Provider
X-JWT-State
X-Is-Gdpr
Proxy-Firewall
X-Nc
X-Has-Esi
X-Cache-Ttl
X-Geo
X-Ratelimit-Limit
X-Dc
X-Cache-Backend
X-VCL-Version
X-Datadome
X-NWS-UUID-VERIFY
X-Oss-Hash-Crc64ecma
Powered-By
X-Processor
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Object-Type
X-Tb-Optimization-Total-Bytes-Saved
X-Oss-Request-Id
X-Cache-Category-Id
X-Grey
Srv
X-Pjax-Url
X-SRV
X-Info
X-Varnish-Beresp-Ttl
X-ZONE
PICS-Label
X-Svr
GeoIP-Latitude
GeoIP-Country-Code
Fastly-Backend-Name
X-Server-ID
X-Cache-URL
SN
GeoIP-City
X-TH-Server
X-Be
X-Ruxit-Js-Agent
X-CDN-Forward
X-RCS-CacheZone
X-RateLimit-Reset
X-Instart-Isnd
X-HS-Status
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-Zone
X-Webkit-Csp
X-SN
X-Ftr-Request-Id
X-Varnish-Beresp-Grace
X-Newrelic-Synthetics
X-Varnish-Beresp-Status
X-NodeID
X-Pf-Uncompressing
GW-Server
Cdn
X-Scheme
X-UA
X-GRACE
X-Source
Group
X-Varnish-Url
CACHE
X-LAGOON
X-Check-Cacheable
WZWS-RAY
X-Gannett-Site-Version
CF-Cached-On
X-Bc
X-EC-Lua
X-Secret
X-Sucuri-Id
X-Varnish-Beresp-TTL
Dynatrace
X-Server-W
X-Dynatrace-Js-Agent
X-PF-Uncompressing
Ttl
X-CDN-Cache
On-Server
Cache-Host
LB
X-Varnish-Cacheable
X-LiteSpeed-Cache-Control
X-NODE
X-Ftr-Cache-Host
X-GeoIP-Country-Code
User-Agent
X-Ms-Request-Id
Environment
X-BE
X-BC
X-Tt-Trace-Host
X-Ratelimit-Remaining
Inserted-Into-Cache-At
X-Via-Ucdn
X-Ms-Version
X-APP
X-COUNTRY
X-Edge
X-NU-AKA-ACS-Version
Pics-Label
XServer
X-Fastly-Country-Code
Geoip-Latitude
WWW
X-Cache-Debug
GeoIp-Country-Code
Geoip-City
X-Session-Fingerprint
Lfy
X-Aicache-OS
X-Trafficlayer-App-Scope
X-Crawler
X-Trafficlayer-App-Name
X-Akamai-SSL-Client-Sid
X-URL
X-PJAX-URL
Who
X-Ftr-Backend
X-Ftr-Dc
MIME-Version
X-Ftr-Backend-Server
X-Ftr-Realm
X-Ftr-Balancer
Requestid
X-Agile-Age
X-Agile
Ohc-Response-Time
X-Mid
X-Render-Time
X-Fastly-Backend-Reqs
X-Agile-Id
Cf-Ipcountry
X-Vcl-Version
X-FE
M-TraceId
X-Varnish-Ttl
X-MCACHE
X-FORWARDED-FOR
X-CSRF-Token
SID
X-LB-ID
Amp-Access-Control-Allow-Source-Origin
Lb
X-Via-Edge
X-Litespeed-Cache-Control
X-Via-SSL
X-Served-From
X-Logging-Id
X-Micro-Cache
X-UPSTREAM-Address
X-7Graus-Varnish-Cache-Control
X-7Graus-Varnish-XKeys
URI
X-Cache-Miss-From
X-WR-MODIFICATION
X-Sedo-Request-Id
RequestUuid
X-Proxy-Cacherz
Xkeyrz
HostName
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-RPM
X-RSL
X-Action
X-RPS
Host-ID
X-DI
X-DSS
X-DW
X-Cache-Tag
X-DB
X-Correlation-ID
DataCenter
X-Cf-Powered-By
X-Protected-By
X-Fpc
X-Core-Value
X-Vct
X-Page-Impression-Id
X-Nananana
X-Zalando-Child-Request-Id
CDN
X-ServedByHost
X-WA
X-Fastly-Cache-Hits
Xkeypdq
X-Flow-Id
WebServer
X-Newrelic-App-Data
X-NGINX-Cache
X-Ecache
FNAC-ModuleRouting
X-TIME
X-VC
X-Cdn-Request-ID
Cneonction
X-ND-Cache
X-MID
Correlation-Id
X-Refresh
X-SB
X-Dw-Trace-Id
X-Via-NSCOPI
Cdncip
X-AK-Request-ID
Warning
X-Vdms-Version
Cdnsip
X-Request-Url
X-Swift-Error
X-Sucuri-Cache
X-Serial
Xet-Cookie
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Apw-Hits
X-ECache
Processtime
X-Unique-Id
HitType
X-ServerName
X-Bug-Bounty
X-Request-URL
Pragrma
X-Apw-Access-Token
X-Apw-Access-Object
V-Cache
X-Gdpr
X-Fe
X-MiniProfiler-Ids
X-Apw-Access-Action