Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
CF-Cache-Status
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Alt-Svc
X-Adblock-Key
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-CDN
X-Via
X-Turbo-Charged-By
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Age
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Id-2
X-Amz-Request-Id
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
EagleId
Grace
X-Server-Powered-By
X-UA-Device
Request-Context
X-Varnish-Cache
X-Nginx-Cache-Status
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-SaveTime
X-Swift-CacheTime
X-Server-Id
Ali-Swift-Global-Savetime
X-WebKit-CSP
Server-Timing
Feature-Policy
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Rq
X-Host
Report-To
X-Ac
X-Request-ID
X-OneAgent-JS-Injection
X-Node
Content-Location
X-Cnection
X-Response-Time
X-Backend-Server
X-Cloud-Trace-Context
X-Origin-Cache
X-Application-Context
X-Readtime
Request-Id
Allow
Surrogate-Control
EagleEye-TraceId
X-ORACLE-DMS-ECID
X-Country
X-Vhost
X-DynaTrace
X-TTL
X-Cache-Lookup
X-Origin-Upstream-Status
X-Ua-Compatible
X-Rack-Cache
X-Url
X-FTR-Request-ID
X-Clacks-Overhead
Pinterest-Generated-By
NEL
Rating
X-ORACLE-DMS-RID
X-Country-Code
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Dispatcher
X-Ruxit-JS-Agent
X-CST
X-HW
X-Cdn
X-Instart-Request-ID
X-Goog-Hash
Fusion-Component-Id
Fusion-Content-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Source
X-DataStream-Cache-Status
X-TtlSet
X-Vname
X-PC
Edge-Control
X-VARITI-CCR
X-Px
X-DataDome
Service-Worker-Allowed
Verso
X-MS-InvokeApp
X-Mod-Pagespeed
RTSS
X-Dns-Prefetch-Control
X-Recruiting
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Kinja
X-GoogleNews-Bot
X-Kinja-Build
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Varnish-TTL
X-D2id
SPRequestGuid
X-Vcap-Request-Id
X-ESI
X-Abt-Application-Version
TCN
X-GitHub-Request-Id
X-Amz-Server-Side-Encryption
X-SharePointHealthScore
X-Akam-SW-Version
X-Navigation-Version
X-B3-TraceId
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Powered-By-Plesk
X-Middleton-Display
X-Sol
Response
X-Middleton-Response
Display
MS-Author-Via
X-RateLimit-Remaining
X-Forwarded-Proto
DynaTrace
Realpath
Charset
X-Upstream
X-Version
X-Powered-CMS
Public-Key-Pins
Fastly-Restarts
X-Amz-Rid
X-Shield-Request-Id
ServerID
X-Cached
X-Server-Name
Nginx-Cache
X-Trace
AR-PoweredBy
AR-CACHE
Ar-Sid
AR-ATIME
X-Shard
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Goog-Generation
X-Goog-Stored-Content-Length
X-TEC-API-VERSION
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Grace
X-Dw-Request-Base-Id
X-B3-TraceId-Primal
MRF-Tech
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Mrf-Cache-Status
Content-MD5
AR-Request-ID
Accept-CH
Paypal-Debug-Id
Access-Control-Request-Method
X-MSEdge-Ref
X-DynaTrace-JS-Agent
SPIisLatency
SPRequestDuration
X-Client-IP
Pagespeed
Accept-Ch-Lifetime
Accept-Ch
X-Goog-Storage-Class
X-Debug
X-FTR-Backend
X-FTR-Realm
X-FTR-Expires
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Balancer
X-Country-Code-Real
S
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Id
X-Ezoic-Cdn
Front-End-Https
X-Fastly-Request-ID
X-Amz-Meta-S3cmd-Attrs
X-VCache
X-T
X-Amzn-Trace-Id
X-NF-Request-ID
Arr-Disable-Session-Affinity
X-N
MicrosoftSharePointTeamServices
X-Content-Type
X-DIS-Request-ID
X-Hits
X-FastCGI-Cache
X-B3-Sampled
X-FTR-Cache-Host
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Proxy
X-Frontend
X-Acc-Meta-Resource-Type
X-XRDS-Location
X-B3-Traceid
Fastcgi-Cache
PB-PID
X-Varnish-Age
Arc-Version
X-Content-Digest
X-Mobile-Rewrite
PB-RID
X-Logged-In
Server-Name
X-Ser
X-Correlation-Id
X-Srv
X-Vcache
Alternate-Protocol
X-Forwarded-For
X-Node-Name
Nel
X-Cache-Key
FilterID
X-Request-Handler-Origin-Region
X-Microsite
AMP-Access-Control-Allow-Source-Origin
X-Pad
Powered
X-User-Agent
X-Rid
X-LB-Cache
Healthy
X-Kinsta-Cache
TP-L2-Cache
X-XRDS-LOCATION
X-Type
TP-Cache
X-IPLB-Instance
X-F-Cache
X-Request-Received
X-Request-Processing-Time
X-Zen-Fury
X-Cache-2
X-Amzn-RequestId
X-Amz-Apigw-Id
Accept-CH-Lifetime
Host
X-Revision
Edge-Cache-Tag
X-Via-JSL
X-AOL-HN
X-Debug-Info
X-Kong-Proxy-Latency
Backend-Timing
X-Analytics
X-Kong-Upstream-Latency
X-Cache-Age
X-Activity-Id
X-Az
X-AppVersion
Powered-By-ChinaCache
X-GUploader-UploadID
X-Cached-By
X-HS-Hub-Id
X-HS-Content-Id
X-Fastcgi-Cache
X-Accel-Expires
X-Hostname
X-Cache-Rule
Surrogate-Key
Cache-Status
X-Varnish-Backend
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Jobs
X-Content-Options
X-Signature
X-PHP-Backend
X-Content-Security-Policy-Report-Only
X-Tumblr-Pixel-0
X-Varnish-Grace
X-Tumblr-User
X-Page-Id
X-Instance
X-BCube-Filmed-By
X-Cluster
X-B-Cache
X-FB-Debug
Cleartype
Server-Node
X-Forwarded-Host
X-Tumblr-Pixel
X-Amz-Replication-Status
X-Content-Powered-By
X-Request-Guid
X-Akamai-Edgescape
X-App-Environment
Refresh
Source
X-TT
Liferay-Portal
X-FW-Server
X-FW-Hash
X-FW-Serve
X-FW-Static
X-Framework
X-FW-Type
DC
X-Time
Accept-Charset
X-RateLimit-Limit
X-ATG-Version
Tracecode
Access-Control-Allow-Method
Fastcgi-Useragent
X-Varnish-Hostname
X-Whom
Host-Header
X-Cache-Action
X-Drupal-Cache-Tags
X-Mobile
X-Cache-Operation
WPE-Backend
X-Presslabs-Stats
X-Cache-Control
X-B
X-WA-Info
X-App-Server
X-Edge-Location
X-APP-VERSION
Retry-After
X-Mobile-URL
X-Hp-Webp
X-Cache-TTL
Payment
NGB
X-Accel-Buffering
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Response-Served-From
X-Content-Age
Filters
X-Git-Hash
Cache-Tag
Cache-Tv-Group
X-Storage
Viewport
X-NWS-LOG-UUID
X-WebKit-CSP-Report-Only
X-Handled-By
Actual-Object-TTL
X-GeoIP
X-Esi
X-TT-TIMESTAMP
X-RequestSource
X-TX-ID
Eomportal-Instance
X-Cacheable-TTL
X-Cache-Hit
MS-CV
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
Upgrade-Insecure-Requests
X-Adobe-Content
X-Adobe-Loc
X-ProcessESI
X-RemovedCookies
X-UA-Device-Type
X-Status
X-Yottaa-Optimizations
X-Yottaa-Metrics
Xserver
X-FW-Dynamic
X-Ratelimit-Limit
Webserver
X-Geo-Country
X-SS-Set-Cookie
X-VG-WebCache
X-Seen-By
X-Server-ID
X-TA-CDN-Provider
X-RTag
Ms-Operation-Id
X-Host-Name
X-Cache-TTL-Remaining
X-FB-TRIP-ID
Datacenter
Frame-Options
X-Cache-Enabled
From-Origin
X-Hyper-Cache
Cache
X-Origin-Server
X-B3-Spanid
X-Generated-By
X-Contextid
X-CF-Powered-By
GEO-INFO
X-Mode
Country
SRV
Load-Balancing
Meta-Geo
X-Tumblr-Pixel-3
X-Path-Route
Machine
Server-Info
X-Cache-Var
X-ES-SERVER
X-Drupal-Cache-Contexts
X-Cache-Var-Map
X-Proxy-Build
X-RN-RSRV
X-Timing-Wait
Vix-Hermes-Req-Id
X-Access
X-Generated
X-Cache-Config
X-Loop
X-Hit
X-MP-GENERATED-AT
X-Upstream-HT
S-Cnection
X-Routing-Service
CACHE
X-Proxied
X-Upstream-CT
X-Zipkin-Id
X-Varnish-Server
X-TNCMS
X-Section
X-JoinUs
X-Cluster-Node
X-From
X-Human
X-R9-Blue-Green-Version
X-Varnish-Cache-Hits
Mn-Server-Ip
Rt-Fastcgi-Cache
X-Backend-Name
X-Guploader-Uploadid
X-Goog-Meta-Goog-Reserved-File-Mtime
X-VWS-Id
X-EIG-Tracking-Id
X-Ratelimit-Reset
Decoy-Debug-Status
X-AWS-Id
Now
X-Akamai-Request-ID
X-Upgrade-Enabled
DSUID
Decoy-Debug-TTL
Cache-Name
Decoy-Debug-Key
X-Web-Node
X-VG-TLSProxy
X-FC-Vary-Parameters
X-Region
X-Labrador-Cache-Channel
X-Rule
X-LJ-Flow-ID
X-Origin-Response-Time
X-RateLimit-Reset
X-Www-Served-By
X-Cache-Host
X-Cache-Grace
Akamai-GRN
X-Site-Version
Release
X-NCache
X-Trace-Id
X-PCL
X-Proto
X-Locale
Cache-Key
X-Debug-Cache
X-Device-Type
X-Hosted-By
X-OCL
X-Akamai-Request-ID2
X-Viewer-Country
X-Via-Fastly
X-Alternate-Cache-Key
X-Magnolia-Registration
Mail-Subject
We-Hiring
X-ShopId
ServedBy
OT-Force-Account-Verify
X-Environment-Context
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Rendered-As
X-ShardId
DB-Nickname
ProcessTime
X-Sorting-Hat-ShopId
X-L-Path
X-Request-Time
X-IP
X-NewRelic-App-Data
X-Endurance-Cache-Level
X-Time-Microsecs
X-Xfnlog-Site
X-S
X-CCM
Time
TWC-Locale-Group
X-RCS-CacheZone
TWC-Privacy
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-Connection-Speed
X-Load-Cache
Webcakes-App-Name
X-Dc
X-Wix-Request-Id
X-Origin-Hint
NtCoent-Length
X-FW-Version
Webcakes-App-Version
Webcakes-Region
S-Rt
TWC-GeoIP-Country
Version
Azure-RegionName
Azure-InstanceId
Uber-Trace-Id
Azure-SiteName
Property-Id
Azure-SlotName
Azure-Version
X-VCT
X-Origin
X-Oracle-Dms-Rid
X-No-Session
X-Varnish-Hits
X-EdgeConnect-Cache-Status
X-Via-CDN
X-Nginx-Cache
Cteonnt-Length
X-Proxy
X-FireWall-Port
X-Redis-Cache
X-UUID
X-BYPASS-REASON
X-ProxyCache-Key
X-ProxyCache-Status
X-Akamai-Transformed
X-PressLabs-Stats
NGX
X-CS
X-HTML-Minification-Powered-By
X-GEO
X-Daa-Tunnel
X-Vgn-Hpd-Reason
Accept-Language
X-Platform-Server
X-Format
X-ApacheServer
X-PERF
Odigeo-Trace-Id
X-Hl-Ver
X-UA
X-MServer
X-Rocket-Nginx-Bypass
X-Cache-NE
X-ECACHE
X-Cache-Server
Ec-Rule-Version
X-CDN-Forward
X-UnsetCookies
Access-Control-Request-Headers
X-IPS-LoggedIn
Origin
Selected-Fe
X-Cache-Remote
Cache-Tags
X-Real-IP
X-Tb
X-Amzn-Remapped-Content-Length
X-Distributor
LB
X-ServerID
X-Webkit-Csp
Fastly-SSL
PageSpeed
Proxy-Connection
L5d-Success-Class
X-URL
X-B3-Parentspanid
X-Compress-Hint
X-Microcachable
BehaviorPad-Version
Arc-Country
Rendered-Blocks
AKAMAI
Node
Mobile-Detection-Method
AsisCache
Cdn-Host
Meta-Geo-Continent
Fastcgi-X-Cache-Version
Fly-Cache
Fly-Request-Id
GEO-REGION-INFO
MD5-Digest
Cross-Origin-Window-Policy
Countrycode
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Cache-Prefix
Cdn-Request-Time
Content-Style-Type
Content-Script-Type
Cache-Cookie-Set-From
X-B-Cookie
X-PAYTM-SRV-ID
X-Org
X-NU-AKA-ACS-Version
X-Region-Sid
X-Request-UUID
X-Rojux
X-Rewrite-Enabled
X-Level-Front-Cache
X-Is-Bot
X-Generated-On
X-G
X-Geo-Header
X-IN-APIGATEWAY
X-Internal-Host
X-Instart-Info
X-S-Cookie
X-S-Maxage
X-VG-WebServer
X-Varnish-Url
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-Worker
X-Twitter-Response-Tags
X-Trv-Group
X-Server-Time
X-ScT
X-SRCache-Key
X-SVT-ORM-RULES
X-Transaction
X-SVT-ORM-VERSION
X-External-Request-Id
X-Edge-Server
X-A-Wwc
X-A-Dgt
X-A-Dcw
X-Accel-Expires-Debug
X-Aed
X-Application
X-AIR-PT
X-A-Dam
X-A-Ccd
Rt-Proxy-Cache
REQUESTUUID
Server-ID
Viewtype
X-A
VivaBuild
X-ARC
A
X-Date
X-D
X-Destination
X-Detected-As
X-DPWN-IS-SECURE
X-Developer
X-Core-Mission
X-Connection-Hash
X-Cdn-Srv
X-Cache-Bucket
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Cluster-Name
X-Clientip
Request-Time
X-App-Name
X-Nc
X-Unique-ID
Hostname
ServerName
X-BACKEND-TTL
Served-By
W
X-Auto-Login
X-Backend-State
X-CGP
X-Bip
X-BBXSRF
UCS
Section-Io-Cache
IBM-Web2-Location
HA-Ipaddr
Ha-Gx-Prefs
Memcached
Powered-By
Request-EU
Request-Country
Proxy-Firewall
X-Developers
X-Pubstack
X-Server-IP
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Skip-Cache
X-Thanos
X-We-Are-Hiring
X-Varnish-Cacheable
X-TrackingId
X-Qloud-Router
X-Method
X-Fastly-Cache
Gh-Request-Id
X-Eu-Site
X-Hash
X-HS-Cache-Config
X-Location
X-HS-Combine-CSS
X-Distil-CS
X-Nginx-Cache-Key
Fastly-SIE
Country-Code
X-C
Backend-Name
Apple-News-Services-Request-Url
Fastly-SWR
Apple-News-Services-Handled
Esi-Enabled
Content-Disposition
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Locale
X-SERVER
X-Urbn-Site-Id
X-Urbn-Context-Path
Origin-Cache-Control
X-Dynatrace-Js-Agent
X-ElasticPress-Search
Origin-Edge-Control
X-Cache-Category-Id
X-Reqid
X-Cache-Info
X-Release
X-SIPLIST1
Wxu-Next-Hostname
Wxu-Next-Commit
X-Variation
Wxu-Next-Region
X-TH-Server
X-Servername
X-Sn-Servicetimems
X-Request-Start
X-Origin-Expires
X-FPC
X-Irp-Debug
X-Key
X-NC
X-Generation-Time
X-Grey
X-GeoIP-Country-Code
X-GeoIP-City
X-Epic-Correlation-Id
X-Dispatch
X-Origin-Date
X-Crawler
X-Cdn-Origin
X-Debug-Cookies
X-Debug-Log
X-Device-Os
Adler-Geo
X-NX-Host
X-Reboot
X-ServiceProvider
X-Wikidot-Static-Cache
Pramga
PFcat
X-Wikidot-Backend
X-Webstats-RespID
RNT-Machine
X-WebServer
On-Server
N-Cache
Heartbleed
Fastly-Soc-X-Request-Id
GW-Server
Is-Eu
IsBot
L
Kp-EeAlive
RNT-Time
Platform
Server-Host
Server-Int
SS
X-Cms-Context
X-CUA
X-PHP-Host
Who
X-Clara-WADP
X-CDN-Cache
True-Client-Country-4JS
X-Proxy-Upstream
X-Proxy-Cache-Status
X-LI-UUID
Web-Mar-Node
User-Cache-Control
X-Gannett-Site-Version
X-Gen-Mode
X-Hnp-Log
X-Fetched-On
X-VC-Cache
X-LI-Proto
X-Li-Pop
X-Li-Fabric
X-Dispatcher-Server
X-Owner
X-Azure-Ref
X-Cache-Id
CDCHOST
X-Response-By
Resin-Trace
X-SD-PageType
SD-X-WS
X-Secret
X-Amz-Meta-Cache-Control
X-Request-URI
X-Azure-Ref-OriginShield
X-Swa-Ws
X-SERVER-NAME
X-WADP-Cache
X-Block-Status
X-Cache-FS-Status
X-Varnish-Ttl
Thinkindot-CacheControl-Type
X-VServer
X-Pf-Uncompressing
Thinkindot-Control
X-Thinkindot-L3
X-FE
CF-IPCountry
X-CLOUD-TRACE-CONTEXT
V-Age
Thinkindot-CacheControl
X-OVcl-Cache
X-Flog
Pagetype
X-Cache-Backend
X-OVcl
X-Hello
X-ABtesting
X-Matched-Rule
X-Backend-Host
Magicmarker
X-Ratelimit-Remaining
X-Parent-Response-Time
X-Backend-Url
X-Edge
X-User
User-Agent
X-MSEdge-Features
X-Up
X-MSEdge-Flight
X-Served-From
X-Processor
X-Generated-In
X-GoCache-CacheStatus
Mime-Version
X-Via-NSCOPI
X-Via-SSL
X-Via-Edge
X-Be
X-Oneagent-Js-Injection
X-Debug-Cache-Expiry
X-Soup
X-Tt-Trace-Tag
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Datadome
Memory
X-LAGOON
X-Ua
X-Powered-By-Defense
Cache-Hits
X-Geo
X-Oss-Object-Type
X-B3-SpanId
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-ND-Cache
X-Protected-By
X-Varnish-Beresp-Ttl
X-Ttl
X-Oss-Server-Time
X-Backend-TTL
Geoip-Latitude
X-Newrelic-Synthetics
Geoip-City
GeoIp-Country-Code
X-Page-Type
X-Check-Cacheable
X-Akamai-SSL-Client-Sid
X-Say-Cacheable
X-SayCDN-TTL
X-Fstrz
X-Old-Content-Length
X-Say-TTL
X-Zone
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
Pragrma
X-ZONE
X-Tec-Api-Version
X-Tec-Api-Origin
X-Origin-TTL
X-Tec-Api-Root
X-Origin-CC
X-Cache-Time
WZWS-RAY
X-Cdn-Forward
X-Litespeed-Cache
X-CSRF-TOKEN
X-DC
X-Varnish-Beresp-Status
Cdn
X-Varnish-Beresp-Grace
X-Logtrace-Id
Ajk
X-IN-APIGATEWAYSSL
X-Node-Id
X-IN-WAF
X-Phone
Inserted-Into-Cache-At
Fastly-Backend-Name
X-Core-Value
X-Cache-Ttl
X-TT-LOGID
X-Tb-Optimization-Total-Bytes-Saved
X-Servedbyhost
X-Vcl-Version
X-Aicache-OS
Amp-Access-Control-Allow-Source-Origin
Dynatrace
X-Ruxit-Js-Agent
FSS-Cache
FSS-Proxy
X-HS-Status
SN
XServer
X-BC
HostName
X-NODE
X-Mid
X-Wa
X-UPSTREAM-Address
X-Amzn-Remapped-Connection
X-ServedByHost
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-APP
X-MID
X-VCL-Version
X-Amzn-Remapped-Date
Server-Surrogate-Control
X-CSRF-Token
X-Bc
X-Varnish-Authentication
Server-Cache-Control
X-Proxy-Cacherz
T-Server
CF-Cached-On
X-App-Version
X-Cache-ASPX
X-Contensis-Viewer-Groups
Xkeyrz
X-EC-Lua
X-Birta-Cache-Post
Selected-FE
X-NWS-UUID-VERIFY
X-Birta-Served
X-LiteSpeed-Cache-Control
X-Refresh
X-COUNTRY
PICS-Label
X-WR-MODIFICATION
X-GDPR
Srv
X-CACHE-KEY
X-Info
X-Varnish-Beresp-TTL
X-PJAX-URL
X-Varnish-IP
X-Cache-Debug
RequestId
X-Source
MIME-Version
Ohc-File-Size
X-ECache
GeoIP-City
X-Render-Time
X-Agile-Id
X-Agile
GeoIP-Country-Code
SID
GeoIP-Latitude
X-Agile-Age
WebServer
Ohc-Cache-HIT
URI
X-LB-ID
X-FORWARDED-FOR
X-Fastly-Country-Code
X-Uri
HitType
Cf-Ipcountry
DataCenter
X-Policy
X-Nananana
X-Real-Ip
X-Unique-Id
X-Via-Ucdn
Xkeynj
X-BE
Cache-Provider
X-Service
Is-Session-Tracking
X-PAGE-TYPE
X-Fastly-Backend-Reqs
X-Micro-Cache
X-Lb-Id
Get-Access-Time
X-Requestid
X-Cache-Miss-From
X-Sedo-Request-Id
X-Cache-Tag
X-NGINX-Cache
X-Var-Ttl
X-Web-Server
X-NGENIX-Cache
Pics-Label
X-Is-Gdpr
X-Has-Esi
X-Request-Url
X-TIME
X-JWT-State
X-Pjax-Url
Lb
Ohc-Response-Time
X-MCACHE
X-Apw-Hits
X-Apw-Access-Action
Cneonction
X-Vct
CDN
X-Apw-Access-Object
X-Apw-Access-Token
Group
Xet-Cookie
X-Dw-Trace-Id
X-SRV
HTTPS
X-Cf-Powered-By
X-Cdn-Request-ID
Backend
Warning
X-Ecache
X-SN
X-WA
FNAC-ModuleRouting
X-PF-Uncompressing
Correlation-Id
X-Newrelic-App-Data
X-Serial
Xkeypdq
X-Litespeed-Cache-Control
X-Fe
X-Request-URL
X-Akamai-ERPolicy
Lfy
X-Flow-Id
X-Page-Impression-Id
X-Fastly-Cache-Hits
X-Akamai-ERRuleID
X-Edge-IP
X-Bug-Bounty
Www
X-Zalando-Child-Request-Id
X-Swift-Error
X-RPS
X-RSL
X-Fpc
X-RPM
X-DW
X-DB
X-DI
X-DSS
X-ServerName