Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
X-XSS-Protection
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-UA-Compatible
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Cacheable
X-Generator
X-Xss-Protection
X-Permitted-Cross-Domain-Policies
X-Cache-Status
Timing-Allow-Origin
X-Template
X-DNS-Prefetch-Control
X-Language
X-Request-ID
X-Iinfo
Status
X-AspNetMvc-Version
Content-Encoding
X-Content-Security-Policy
X-Buckets
Xkey
X-Kinja-Server-Push
Upgrade
X-Via
X-Ua-Compatible
X-Turbo-Charged-By
Access-Control-Expose-Headers
Keep-Alive
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-Drupal-Dynamic-Cache
P3p
X-Age
EagleId
X-CDN
X-Backend
X-Robots-Tag
X-Amz-Request-Id
X-Amz-Id-2
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Pingback
X-AH-Environment
X-Server-Powered-By
X-Proxy-Cache
X-Hacker
X-Server
X-UA-Device
Request-Context
X-Nginx-Cache-Status
Grace
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Server-Id
Cf-Railgun
X-Amz-Version-Id
X-Cdn
Server-Timing
Feature-Policy
X-WebKit-CSP
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Rq
X-Cnection
X-Ac
Report-To
X-Cloud-Trace-Context
X-Host
X-Node
X-Response-Time
Content-Location
X-Backend-Server
EagleEye-TraceId
Request-Id
X-Origin-Cache
X-Readtime
X-Vhost
X-Application-Context
X-Dns-Prefetch-Control
X-Cache-Lookup
X-ORACLE-DMS-ECID
NEL
X-Dispatcher
Surrogate-Control
Allow
X-Rack-Cache
X-Origin-Upstream-Status
X-Ruxit-JS-Agent
X-Country
X-HW
X-TTL
X-Url
Rating
X-Country-Code
X-ORACLE-DMS-RID
X-FTR-Request-ID
X-DynaTrace
X-DataDome
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Instart-Request-ID
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
X-Goog-Hash
X-Varnish-TTL
X-MS-InvokeApp
X-TtlSet
X-PC
X-Vname
X-CST
X-Px
Verso
RTSS
Public-Key-Pins
Edge-Control
X-Powered-By-Plesk
X-VARITI-CCR
X-Recruiting
X-Mod-Pagespeed
Service-Worker-Allowed
Pinterest-Generated-By
X-Use-Magma
X-Kinja-Server
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-Kinja
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Build
X-D2id
X-Middleton-Display
X-Sol
Display
Response
X-Middleton-Response
X-Vcap-Request-Id
X-Version
SPRequestGuid
X-SharePointHealthScore
MS-Author-Via
Accept-Ch-Lifetime
Accept-CH
X-Akam-SW-Version
X-RateLimit-Remaining
TCN
X-GitHub-Request-Id
X-Navigation-Version
X-Abt-Application-Version
X-Powered-CMS
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Upstream
X-Forwarded-Proto
X-B3-TraceId
X-Shard
X-Amz-Server-Side-Encryption
SPIisLatency
SPRequestDuration
Charset
X-SRCache-Store-Status
AR-ATIME
X-XRDS-Location
X-SRCache-Fetch-Status
AR-PoweredBy
Ar-Sid
AR-CACHE
X-Ah-Environment
Realpath
Fastly-Restarts
X-Amz-Rid
X-Aspnetmvc-Version
Nginx-Cache
X-Trace
X-Debug
X-ESI
Front-End-Https
Mrf-Cache-Status
MRF-Tech
X-Mrf-Item-Lastmod
X-Shield-Request-Id
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
X-Cached
AR-Request-ID
X-Ezoic-Cdn
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Generation
Paypal-Debug-Id
X-MSEdge-Ref
Access-Control-Request-Method
X-NF-Request-ID
X-Country-Code-Real
X-FTR-Expires
X-FTR-Cache-Status
X-Server-Name
Arr-Disable-Session-Affinity
DynaTrace
ServerID
Pagespeed
X-FTR-Backend
X-FTR-Realm
Content-MD5
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Balancer
X-Id
X-Vcache
MicrosoftSharePointTeamServices
X-Goog-Storage-Class
S
X-T
X-DynaTrace-JS-Agent
X-Amz-Meta-S3cmd-Attrs
X-Fastly-Request-ID
X-Client-IP
X-Content-Type
X-Via-JSL
X-Dw-Request-Base-Id
X-Hits
X-Varnish-Age
X-Amzn-Trace-Id
X-B3-Traceid
X-N
X-VCache
X-RateLimit-Limit
X-SERVER
X-FTR-Cache-Host
X-Grace
Fastcgi-Cache
X-Correlation-Id
X-Frontend
X-FastCGI-Cache
X-Content-Digest
Powered
PB-RID
PB-PID
Arc-Version
X-Mobile-Rewrite
X-Logged-In
Server-Name
X-Forwarded-For
X-Ser
X-DIS-Request-ID
X-Accel-Expires
X-B3-Sampled
AMP-Access-Control-Allow-Source-Origin
X-Esi
Accept-Ch
X-GUploader-UploadID
X-HS-Hub-Id
X-HS-Content-Id
X-Request-Handler-Origin-Region
X-Microsite
X-Zen-Fury
TP-Cache
TP-L2-Cache
X-Fastcgi-Cache
X-Request-Processing-Time
X-Kinsta-Cache
X-Cache-Age
X-Request-Received
FilterID
X-Type
X-LB-Cache
X-Activity-Id
X-User-Agent
X-AppVersion
X-Az
X-Revision
X-Rid
Backend-Timing
X-IPLB-Instance
X-Analytics
Healthy
X-Node-Name
X-Acc-Meta-Resource-Type
Edge-Cache-Tag
X-F-Cache
X-Whom
X-Cache-2
Retry-After
X-NWS-LOG-UUID
X-Amzn-RequestId
X-Kong-Upstream-Latency
X-Amz-Apigw-Id
X-Kong-Proxy-Latency
Accept-Charset
X-Srv
Alternate-Protocol
X-Time
X-Pinterest-Rid
Pinterest-Version
X-Cache-Hit
X-AOL-HN
Cache-Status
X-Cache-Rule
Server-Node
X-Content-Options
DC
VIX-Pulpo-Upstream-Status
X-Content-Powered-By
Surrogate-Key
VIX-Pulpo-Node
Access-Control-Allow-Method
Refresh
X-Akamai-Edgescape
X-Content-Security-Policy-Report-Only
X-Cluster
X-Jobs
X-Forwarded-Host
X-Instance
X-Tumblr-User
X-Tumblr-Pixel-0
X-Page-Id
X-FW-Static
X-Tumblr-Pixel
X-FW-Type
X-Debug-Info
X-FW-Server
X-Framework
X-FW-Hash
X-FW-Serve
X-FB-Debug
X-PHP-Backend
Source
X-Varnish-Grace
X-B
X-Request-Guid
X-App-Environment
X-Hostname
MS-CV
X-Hp-Webp
Fastcgi-Useragent
Cleartype
X-App-Server
Host
X-DataStream-Cache-Status
X-B-Cache
X-Signature
Frame-Options
X-Cache-Key
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-BCube-Filmed-By
Actual-Object-TTL
X-Cached-By
X-Cache-Operation
Tracecode
X-Ratelimit-Reset
Cache-Tag
X-TA-CDN-Provider
X-Mobile-URL
X-PressLabs-Stats
X-Geo-Country
X-Varnish-Backend
X-TT
Liferay-Portal
X-Amz-Replication-Status
Xserver
X-Cache-Control
X-Pad
X-Mobile
X-Seen-By
X-Git-Hash
X-Response-Served-From
X-Host-Name
NGB
X-ATG-Version
X-Adobe-Content
X-Adobe-Loc
Payment
X-TT-TIMESTAMP
Upgrade-Insecure-Requests
X-Status
X-WA-Info
Eomportal-Instance
X-WebKit-CSP-Report-Only
X-RemovedCookies
Cache-Tv-Group
X-Cacheable-TTL
X-ProcessESI
Filters
X-RTag
X-Tumblr-Pixel-1
WPE-Backend
X-Tumblr-Pixel-2
Ms-Operation-Id
X-FW-Dynamic
X-Handled-By
X-GeoIP
X-TX-ID
X-Drupal-Cache-Tags
From-Origin
X-RequestSource
X-UA-Device-Type
X-Content-Age
Webserver
X-Upstream-Proxy
X-Cache-TTL-Remaining
GEO-INFO
X-Cache-Remote
Datacenter
X-Webkit-CSP
X-Edge-Location
Cache
Viewport
X-Storage
X-Daa-Tunnel
X-Accel-Buffering
Accept-CH-Lifetime
X-Cache-Action
X-Varnish-Hostname
X-Cache-TTL
X-Origin-Server
X-Ua
X-EdgeConnect-Cache-Status
Version
X-CF-Powered-By
X-Hyper-Cache
X-Oracle-Dms-Rid
X-Contextid
Host-Header
X-Region
PageSpeed
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Wix-Request-Id
SRV
X-Varnish-Server
X-Akamai-Transformed
Meta-Geo
X-Cache-Var
X-Akamai-Request-ID2
X-Path-Route
X-RN-RSRV
X-Cache-Var-Map
Load-Balancing
X-ES-SERVER
X-Trace-Id
X-Proxy-Build
S-Cnection
X-JoinUs
Selected-Fe
X-Timing-Wait
X-IP
X-From
X-TNCMS
X-Proxy
Cache-Hits
Cache-Tags
X-Proto
Vix-Hermes-Req-Id
X-Cache-Config
X-Site-Version
X-CS
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated
X-Locale
X-Loop
X-Backend-Name
X-Cluster-Node
Cache-Name
Now
X-FC-Vary-Parameters
X-Origin-Response-Time
X-Tumblr-Pixel-3
X-Upgrade-Enabled
X-Via-Fastly
X-Access
X-R9-Blue-Green-Version
X-Section
X-Time-Microsecs
X-Rule
X-PERF
X-Akamai-Request-ID
X-ApacheServer
X-Labrador-Cache-Channel
X-Hit
Decoy-Debug-Status
Decoy-Debug-Key
X-NCache
X-Origin
X-Cache-Enabled
X-Viewer-Country
Decoy-Debug-TTL
DB-Nickname
Rt-Fastcgi-Cache
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
Azure-Version
Azure-SlotName
Webcakes-App-Version
Cache-Key
X-UnsetCookies
Azure-SiteName
Azure-RegionName
Webcakes-Region
Azure-InstanceId
Property-Id
Webcakes-App-Name
X-Backend-TTL
Country
TWC-Connection-Speed
X-PCL
S-Rt
Mn-Server-Ip
TWC-Device-Class
TWC-GeoIP-Country
X-Cache-Host
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-LatLong
X-Varnish-Cache-Hits
X-Cache-Grace
X-Upstream-CT
X-Hosted-By
X-Web-Node
X-CCM
X-Upstream-HT
X-Human
X-Origin-Hint
Ec-Rule-Version
X-OCL
X-Xfnlog-Site
X-Format
X-FW-Version
X-FireWall-Port
X-EIG-Tracking-Id
X-Drupal-Cache-Contexts
X-Device-Type
X-Www-Served-By
X-Varnish-Hits
X-S
OT-Force-Account-Verify
NR-ENABLED
X-Debug-Cache
DSUID
X-Cache-Time
Server-Info
Release
ServedBy
X-Rendered-As
Time
Ohc-File-Size
X-Cache-NE
X-NewRelic-App-Data
X-Cache-Server
X-VG-WebCache
X-VG-TLSProxy
X-Sorting-Hat-PodId
X-Vgn-Hpd-Reason
X-Alternate-Cache-Key
X-Shopify-Stage
X-ShardId
X-Sorting-Hat-ShopId
X-ShopId
Hostname
X-FB-TRIP-ID
X-APP-VERSION
X-VCT
Accept-Language
X-Mode
X-Nginx-Cache
Fastcgi-X-Cache-Version
Machine
X-Tb
X-Redis-Cache
X-OVcl-Cache
X-OVcl
X-Real-IP
Origin
Ohc-Cache-HIT
X-Presslabs-Stats
NtCoent-Length
X-B3-Spanid
Cteonnt-Length
X-Pubstack
Origin-Cache-Control
Origin-Edge-Control
X-Environment-Context
X-L-Path
X-No-Session
X-Request-Time
X-GEO
X-NC
X-CSRF-TOKEN
L5d-Success-Class
X-Generated-By
Odigeo-Trace-Id
Access-Control-Request-Headers
X-Tt-Trace-Tag
X-Magnolia-Registration
X-HS-Cache-Config
X-Load-Cache
X-LJ-Flow-ID
X-Cluster-Name
X-AWS-Id
X-VWS-Id
Fastly-SSL
X-App-Version
X-Amzn-Remapped-Content-Length
X-Endurance-Cache-Level
X-DC
IBM-Web2-Location
We-Hiring
Mime-Version
X-Parent-Response-Time
Mail-Subject
Akamai-GRN
Nel
X-UUID
X-B3-Parentspanid
X-XRDS-LOCATION
X-CACHE-KEY
X-GoCache-CacheStatus
X-ServerID
X-Rocket-Nginx-Bypass
X-Routing-Service
X-NGENIX-Cache
X-ECACHE
Request-Time
X-SERVER-NAME
X-Proxied
X-Zipkin-Id
X-Urbn-Context-Path
X-Oneagent-Js-Injection
Locale
X-Soup
X-Urbn-Site-Id
Meta-Geo-Continent
Apple-News-Services-Host
X-Node-Id
A
Apple-News-Services-Handled
Apple-News-Services-Request-Url
Content-Script-Type
Cdn-Request-Time
Content-Style-Type
Cross-Origin-Window-Policy
Fly-Cache
GEO-REGION-INFO
Cdn-Host
Cache-Prefix
Fly-Request-Id
Memcached
Arc-Country
MD5-Digest
BehaviorPad-Version
AsisCache
Apple-News-Services-Parsed-Url
X-CF-Lambda-Fn
X-Region-Sid
X-PAYTM-SRV-ID
X-Request-UUID
X-Rewrite-Enabled
X-S-Cookie
X-Rojux
X-Origin-Expires
X-Origin-Date
X-G
X-External-Request-Id
X-Instart-Info
X-Is-Bot
X-Org
X-S-Maxage
X-ScT
X-Vtex-Processado-Em
X-VG-WebServer
X-Vtex-Remote-Cache
X-Worker
Xc-Version
X-Twitter-Response-Tags
X-Trv-Group
X-SRCache-Key
X-Server-Time
X-SS-Set-Cookie
X-Thanos
X-Transaction
X-Edge-Server
X-DPWN-IS-SECURE
X-A-Dam
X-A-Ccd
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-A
VivaBuild
Rendered-Blocks
Node
Rt-Proxy-Cache
Server-ID
T-Server
X-Accel-Expires-Debug
X-Aed
X-Date
X-D
X-Destination
X-Detected-As
X-Developer
X-Connection-Hash
X-CF-Lambda-Version
X-Application
X-AIR-PT
X-ARC
X-B-Cookie
X-Bip
Mobile-Detection-Method
Viewtype
Proxy-Connection
X-MServer
X-BYPASS-REASON
Uber-Trace-Id
X-ProxyCache-Status
X-ProxyCache-Key
Backend-Name
CF-IPCountry
X-Via-CDN
ServerName
Request-EU
Request-Country
Fastly-Soc-X-Request-Id
Section-Io-Cache
X-Cms-Context
X-Core-Mission
X-Owner
Countrycode
X-Developers
X-Fastly-Cache
X-Distributor
X-Generated-On
N-Cache
NGX
X-Distil-CS
IsBot
X-Cdn-Srv
X-Level-Front-Cache
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Hl-Ver
Gh-Request-Id
X-Clientip
X-Azure-Ref
X-Up
X-Auto-Login
X-SVT-ORM-VERSION
X-TrackingId
X-Azure-Ref-OriginShield
X-SVT-ORM-RULES
X-Origin-TTL
X-Origin-CC
X-VC-Cache
X-SIPLIST1
X-Release
X-WebServer
X-Request-Start
X-Cache-Bucket
X-ElasticPress-Search
User-Cache-Control
X-Flog
X-Backend-Host
X-Amz-Meta-Cache-Control
X-App-Name
X-Device-Os
X-Epic-Correlation-Id
X-MP-GENERATED-AT
X-Eu-Site
X-Fetched-On
X-Backend-Url
X-Cache-FS-Status
X-Compress-Hint
X-C
X-Clara-WADP
X-CGP
X-Cdn-Origin
X-Cache-Id
X-Block-Status
X-CUA
X-Debug-Cache-Store
X-Debug-Cookies
X-Cache-Info
X-BBXSRF
X-Debug-Cache-Fetch
X-Guploader-Uploadid
X-Debug-Cache-Expiry
X-Debug-Log
X-Irp-Debug
X-Reboot
X-Request-URI
X-B3-SpanId
X-ServiceProvider
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Proxy-Upstream
X-Qloud-Router
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Skip-Cache
X-Sn-Servicetimems
X-WADP-Cache
X-We-Are-Hiring
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-VServer
X-Variation
X-Swa-Ws
X-Thinkindot-L3
X-Unique-ID
X-Proxy-Cache-Status
X-Platform-Server
X-Hello
X-Hnp-Log
X-ABtesting
X-Li-Fabric
X-Hash
X-GeoIP-City
X-Generated-In
X-Generation-Time
X-Geo-Header
X-Li-Pop
X-LI-UUID
X-Nginx-Cache-Key
X-NX-Host
X-Old-Content-Length
X-PHP-Host
X-MSEdge-Flight
X-MSEdge-Features
X-Location
X-Matched-Rule
X-Method
X-Gen-Mode
X-LI-Proto
True-Client-Country-4JS
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Ha-Gx-Prefs
Fastly-SWR
Esi-Enabled
V-Age
Pramga
HA-Ipaddr
Heartbleed
Platform
RNT-Time
RNT-Machine
PFcat
Magicmarker
Is-Eu
Server-Int
L
Country-Code
Fastly-SIE
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Content-Disposition
Cache-Cookie-Set-Lfrom
Adler-Geo
AKAMAI
W
CDCHOST
X-Microcachable
Pagetype
Memory
X-Webstats-RespID
X-Dispatch
X-GDPR
X-Servername
X-Dispatcher-Server
X-User
X-SayCDN-TTL
X-Internal-Host
X-Reqid
X-Key
X-Page-Type
X-Response-By
X-Say-Cacheable
X-SD-PageType
X-HS-Combine-CSS
X-Say-TTL
Kp-EeAlive
X-Server-IP
X-Backend-State
Server-Host
Served-By
SD-X-WS
Web-Mar-Node
Wxu-Next-Region
SS
Wxu-Next-Commit
Wxu-Next-Hostname
X-IPS-LoggedIn
X-Element-Page-Cache
X-Uri
UCS
X-Policy
Resin-Trace
ProcessTime
X-Cdn-Forward
X-FPC
X-Wa
REQUESTUUID
X-Servedbyhost
Ajk
X-Service
Powered-By-ChinaCache
X-Logtrace-Id
X-HTML-Minification-Powered-By
X-Nc
Proxy-Firewall
X-Var-Ttl
X-Geo
X-SRV
X-Ratelimit-Limit
X-Cache-Backend
X-Dc
X-Has-Esi
X-Is-Gdpr
Cache-Provider
X-JWT-State
X-Lb-Id
X-Datadome
X-VCL-Version
X-Cache-Category-Id
Powered-By
X-Grey
Srv
X-NWS-UUID-VERIFY
X-Tb-Optimization-Total-Bytes-Saved
X-Processor
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Server-Time
X-Cache-Ttl
X-Varnish-Beresp-Ttl
X-ZONE
X-CDN-Forward
X-TH-Server
X-Server-ID
Fastly-Backend-Name
X-Pjax-Url
X-Ruxit-Js-Agent
X-Be
X-RCS-CacheZone
X-RateLimit-Reset
GeoIP-Latitude
X-Info
X-Cache-URL
SN
GeoIP-City
GeoIP-Country-Code
X-Svr
PICS-Label
X-Tec-Api-Origin
X-Tec-Api-Root
X-Webkit-Csp
X-Tec-Api-Version
X-Instart-Isnd
X-Ftr-Request-Id
X-HS-Status
X-Varnish-Beresp-Grace
X-Zone
X-Varnish-Beresp-Status
X-NodeID
X-Scheme
X-SN
GW-Server
X-GRACE
X-UA
Group
X-Source
X-Newrelic-Synthetics
X-LAGOON
X-Varnish-Url
Cdn
CACHE
X-Pf-Uncompressing
X-Gannett-Site-Version
X-Bc
X-EC-Lua
WZWS-RAY
X-Secret
X-Varnish-Beresp-TTL
Dynatrace
X-PF-Uncompressing
CF-Cached-On
X-CDN-Cache
On-Server
LB
Cache-Host
X-Check-Cacheable
X-Dynatrace-Js-Agent
X-Varnish-Cacheable
X-NODE
X-GeoIP-Country-Code
X-LiteSpeed-Cache-Control
User-Agent
X-Sucuri-Id
X-Ftr-Cache-Host
Ttl
X-Server-W
X-Ratelimit-Remaining
X-BC
Inserted-Into-Cache-At
X-FORWARDED-FOR
X-Ms-Version
X-Via-Ucdn
X-Ms-Request-Id
X-Tt-Trace-Host
X-APP
Environment
X-BE
X-PJAX-URL
X-Fastly-Country-Code
X-COUNTRY
Pics-Label
X-Edge
MIME-Version
X-NU-AKA-ACS-Version
XServer
X-Crawler
Lfy
WWW
GeoIp-Country-Code
Geoip-City
X-URL
Geoip-Latitude
X-Akamai-SSL-Client-Sid
Who
X-Aicache-OS
X-Dynatrace
X-Ftr-Realm
X-Ttl
X-Ftr-Dc
X-Ftr-Balancer
X-Ftr-Backend
X-Ftr-Backend-Server
Ohc-Response-Time
X-Session-Fingerprint
X-Agile
X-LB-ID
X-Cache-Debug
X-Mid
X-Agile-Age
X-Render-Time
X-Agile-Id
Cf-Ipcountry
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
X-MCACHE
X-CSRF-Token
X-Vcl-Version
X-Fastly-Backend-Reqs
M-TraceId
X-Varnish-Ttl
Requestid
X-FE
SID
Amp-Access-Control-Allow-Source-Origin
X-Logging-Id
X-Micro-Cache
X-UPSTREAM-Address
X-Via-Edge
URI
X-Served-From
X-Litespeed-Cache-Control
X-Via-SSL
Lb
X-7Graus-Varnish-XKeys
X-7Graus-Varnish-Cache-Control
Xkeyrz
X-WR-MODIFICATION
X-Proxy-Cacherz
X-TIME
HostName
X-Cache-Tag
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
RequestUuid
X-Cache-Miss-From
Host-ID
X-Sedo-Request-Id
X-Correlation-ID
DataCenter
X-Cf-Powered-By
X-ID
X-Action
X-Page-Impression-Id
Correlation-Id
X-Flow-Id
X-Protected-By
X-Zalando-Child-Request-Id
X-Fpc
X-Fastly-Cache-Hits
X-ServedByHost
X-WA
X-RSL
X-Vct
X-DB
X-Nananana
Xkeypdq
X-RPS
CDN
X-DSS
X-DI
X-DW
X-RPM
X-NGINX-Cache
X-Newrelic-App-Data
WebServer
X-Ecache
X-ND-Cache
X-Request-Url
X-SB
X-Cdn-Request-ID
FNAC-ModuleRouting
X-Via-NSCOPI
X-Vdms-Version
X-VC
X-Dw-Trace-Id
Warning
X-MID
X-Refresh
X-Core-Value
Cneonction
X-Swift-Error
Cdncip
Xet-Cookie
Cdnsip
X-AK-Request-ID
X-ServerName
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Request-URL
X-Apw-Access-Action
X-Apw-Access-Object
X-Apw-Hits
X-Apw-Access-Token
X-Fe
Processtime
X-ECache
X-Planisys-CDN-TTL
X-MiniProfiler-Ids
X-Gdpr
Pragrma
X-Bug-Bounty
X-Serial
X-Unique-Id
HitType
V-Cache