Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
X-XSS-Protection
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Cacheable
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Xss-Protection
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Request-ID
X-Iinfo
Status
X-AspNetMvc-Version
Content-Encoding
X-Content-Security-Policy
X-Buckets
X-FRAME-OPTIONS
X-Kinja-Server-Push
Xkey
Upgrade
X-Via
X-Turbo-Charged-By
Access-Control-Expose-Headers
Keep-Alive
Access-Control-Max-Age
X-Cache-Group
X-Drupal-Dynamic-Cache
X-Pass-Why
P3p
X-CDN
X-Age
EagleId
X-Backend
X-Robots-Tag
X-Amz-Request-Id
X-Amz-Id-2
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Pingback
X-Ua-Compatible
X-Server-Powered-By
X-Proxy-Cache
X-AH-Environment
X-Hacker
X-Server
X-UA-Device
Request-Context
X-Nginx-Cache-Status
Grace
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Server-Id
Cf-Railgun
X-Amz-Version-Id
X-Cdn
Feature-Policy
Server-Timing
X-WebKit-CSP
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Rq
X-Ac
X-Cnection
Report-To
X-Cloud-Trace-Context
X-Host
X-Response-Time
X-Node
Content-Location
X-Backend-Server
Request-Id
EagleEye-TraceId
X-Origin-Cache
X-Readtime
X-Vhost
X-Application-Context
X-Cache-Lookup
X-Dns-Prefetch-Control
X-ORACLE-DMS-ECID
NEL
X-Dispatcher
Surrogate-Control
Allow
X-Ruxit-JS-Agent
X-Rack-Cache
X-Origin-Upstream-Status
X-Country
X-HW
X-Url
Rating
X-Country-Code
X-FTR-Request-ID
X-TTL
X-DataDome
X-ORACLE-DMS-RID
X-Clacks-Overhead
X-DynaTrace
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Fusion-Content-Source
X-Instart-Request-ID
Fusion-Component-Id
Fusion-Content-Id
Fusion-Source
Fusion-Template-Id
X-Goog-Hash
X-Varnish-TTL
X-MS-InvokeApp
X-PC
X-Vname
X-TtlSet
X-CST
X-Px
Verso
RTSS
Edge-Control
Public-Key-Pins
X-Powered-By-Plesk
X-VARITI-CCR
X-Recruiting
X-Mod-Pagespeed
Service-Worker-Allowed
X-Exp-Id
X-Kinja-Revision
X-Cdn-Fetch
X-Kinja-Server
X-Exp-Variant
X-Use-Magma
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
Pinterest-Generated-By
X-D2id
X-Middleton-Display
Response
X-Middleton-Response
X-Ah-Environment
X-Sol
Display
X-Vcap-Request-Id
X-Version
SPRequestGuid
X-SharePointHealthScore
MS-Author-Via
Accept-CH
X-Akam-SW-Version
X-RateLimit-Remaining
TCN
X-GitHub-Request-Id
X-Abt-Application-Version
Accept-Ch-Lifetime
X-Navigation-Version
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Powered-CMS
X-B3-TraceId
X-Upstream
X-Forwarded-Proto
X-Amz-Server-Side-Encryption
X-Shard
SPIisLatency
X-XRDS-Location
SPRequestDuration
Charset
X-SRCache-Store-Status
X-SRCache-Fetch-Status
AR-ATIME
Ar-Sid
AR-CACHE
AR-PoweredBy
Fastly-Restarts
X-Amz-Rid
Nginx-Cache
Realpath
X-Trace
X-ESI
X-Debug
X-Aspnetmvc-Version
Front-End-Https
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
MRF-Tech
X-Cached
X-Mrf-Section-Lastmod
X-Shield-Request-Id
Mrf-Cache-Status
X-Server-Name
AR-Request-ID
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Ezoic-Cdn
Access-Control-Request-Method
X-MSEdge-Ref
Paypal-Debug-Id
X-NF-Request-ID
X-Country-Code-Real
X-FTR-Expires
X-FTR-Cache-Status
Arr-Disable-Session-Affinity
DynaTrace
Pagespeed
ServerID
X-Vcache
X-Id
Content-MD5
X-FTR-Backend
X-FTR-DC
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Realm
X-Goog-Storage-Class
S
MicrosoftSharePointTeamServices
X-T
X-Amz-Meta-S3cmd-Attrs
X-Fastly-Request-ID
X-DynaTrace-JS-Agent
X-Client-IP
X-Via-JSL
X-Content-Type
X-Dw-Request-Base-Id
X-Varnish-Age
X-Hits
X-Amzn-Trace-Id
X-RateLimit-Limit
X-B3-Traceid
X-N
X-Grace
X-Correlation-Id
X-VCache
X-FTR-Cache-Host
X-Frontend
X-Forwarded-For
Fastcgi-Cache
X-SERVER
Powered
X-Content-Digest
X-Mobile-Rewrite
PB-PID
Arc-Version
PB-RID
Server-Name
X-DIS-Request-ID
X-Logged-In
X-FastCGI-Cache
X-Accel-Expires
X-Ser
AMP-Access-Control-Allow-Source-Origin
X-B3-Sampled
X-Esi
X-Fastcgi-Cache
Accept-Ch
X-GUploader-UploadID
X-HS-Content-Id
X-HS-Hub-Id
X-Zen-Fury
X-Microsite
X-Request-Handler-Origin-Region
TP-Cache
TP-L2-Cache
X-Request-Received
X-Request-Processing-Time
X-Kinsta-Cache
X-Cache-Age
FilterID
X-LB-Cache
X-Rid
X-User-Agent
X-Type
Backend-Timing
X-IPLB-Instance
X-Analytics
X-Revision
Healthy
X-Az
X-AppVersion
X-Activity-Id
Edge-Cache-Tag
X-Node-Name
X-F-Cache
X-Srv
X-Whom
X-Acc-Meta-Resource-Type
Retry-After
X-Time
X-Cache-2
X-Amz-Apigw-Id
X-Amzn-RequestId
X-NWS-LOG-UUID
Accept-Charset
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Alternate-Protocol
X-Cache-Hit
Pinterest-Version
X-Pinterest-Rid
X-AOL-HN
X-Cache-Rule
Cache-Status
Server-Node
X-Content-Options
VIX-Pulpo-Upstream-Status
Surrogate-Key
VIX-Pulpo-Node
X-Cluster
Access-Control-Allow-Method
X-Content-Powered-By
Refresh
X-Forwarded-Host
X-Jobs
X-Instance
X-FW-Static
X-FW-Type
X-Page-Id
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Content-Security-Policy-Report-Only
X-FW-Server
X-FW-Serve
X-Debug-Info
X-FW-Hash
DC
X-Akamai-Edgescape
X-Framework
X-FB-Debug
X-Varnish-Grace
Source
X-PHP-Backend
X-Request-Guid
X-App-Environment
Fastcgi-Useragent
X-Hp-Webp
X-Hostname
X-B
MS-CV
X-App-Server
Cleartype
Host
Frame-Options
X-Signature
X-B-Cache
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-DataStream-Cache-Status
X-Ratelimit-Reset
Tracecode
Actual-Object-TTL
X-Cache-Operation
X-Cached-By
X-PressLabs-Stats
X-BCube-Filmed-By
X-Cache-Key
X-Mobile-URL
Cache-Tag
X-TA-CDN-Provider
X-Varnish-Backend
X-Geo-Country
Xserver
X-TT
X-Cache-Control
X-Amz-Replication-Status
Liferay-Portal
X-Pad
X-Seen-By
X-Response-Served-From
X-ATG-Version
X-Host-Name
NGB
X-Mobile
X-Adobe-Loc
X-Git-Hash
X-Adobe-Content
Payment
X-WA-Info
X-TT-TIMESTAMP
Upgrade-Insecure-Requests
X-Status
X-WebKit-CSP-Report-Only
WPE-Backend
X-Tumblr-Pixel-2
X-FW-Dynamic
Eomportal-Instance
X-Tumblr-Pixel-1
Accept-CH-Lifetime
X-TX-ID
X-Cacheable-TTL
X-ProcessESI
X-Handled-By
X-Drupal-Cache-Tags
X-RemovedCookies
X-UA-Device-Type
Ms-Operation-Id
Filters
X-GeoIP
X-RequestSource
Cache-Tv-Group
From-Origin
X-RTag
Webserver
X-Content-Age
X-Cache-TTL-Remaining
Datacenter
GEO-INFO
Cache
X-Oracle-Dms-Rid
X-Cache-Remote
X-Edge-Location
X-Upstream-Proxy
X-Daa-Tunnel
Viewport
X-Storage
X-Cache-Action
X-Accel-Buffering
X-Webkit-CSP
X-Cache-TTL
X-Varnish-Hostname
X-Origin-Server
X-Ua
X-EdgeConnect-Cache-Status
Version
X-Hyper-Cache
X-CF-Powered-By
X-Contextid
Host-Header
X-Region
X-Wix-Request-Id
SRV
X-Yottaa-Optimizations
X-Yottaa-Metrics
PageSpeed
X-Akamai-Transformed
X-Varnish-Server
X-ES-SERVER
X-Path-Route
X-RN-RSRV
Load-Balancing
X-Cache-Var-Map
Meta-Geo
X-Cache-Var
Selected-Fe
X-Timing-Wait
S-Cnection
X-Akamai-Request-ID2
X-From
NR-ENABLED
X-JoinUs
X-Proxy-Build
X-IP
X-Proto
X-TNCMS
Cache-Name
Cache-Tags
X-Proxy
X-Backend-Name
X-Cache-Config
X-Generated
Now
X-Loop
Vix-Hermes-Req-Id
X-Goog-Meta-Goog-Reserved-File-Mtime
X-CS
Cache-Hits
DB-Nickname
X-Cache-Enabled
X-NCache
X-Time-Microsecs
X-Hit
X-Viewer-Country
X-Origin
X-Rule
X-FC-Vary-Parameters
X-Origin-Response-Time
X-Cluster-Node
X-PERF
X-Via-Fastly
X-Labrador-Cache-Channel
X-Tumblr-Pixel-3
X-Akamai-Request-ID
X-ApacheServer
X-PCL
Decoy-Debug-Key
Decoy-Debug-Status
Azure-Version
Azure-SiteName
Azure-SlotName
X-Upgrade-Enabled
Decoy-Debug-TTL
X-EIG-Tracking-Id
X-Trace-Id
X-Xfnlog-Site
X-Section
Country
Cache-Key
X-UnsetCookies
X-Web-Node
Rt-Fastcgi-Cache
X-Varnish-Cache-Hits
X-Access
X-Cache-Grace
X-Cache-Host
X-Hosted-By
Webcakes-Region
Webcakes-App-Version
TWC-Locale-Group
TWC-Privacy
TWC-GeoIP-Country
Webcakes-App-Name
TWC-Device-Class
X-OCL
X-Format
TWC-GeoIP-LatLong
Property-Id
X-FireWall-Port
X-CCM
TWC-Connection-Speed
X-Origin-Hint
Ec-Rule-Version
Azure-RegionName
X-FW-Version
Mn-Server-Ip
S-Rt
Azure-InstanceId
X-Backend-TTL
X-R9-Blue-Green-Version
X-Debug-Cache
X-Varnish-Hits
X-Upstream-HT
X-Site-Version
X-Upstream-CT
X-Locale
X-S
X-Www-Served-By
X-Human
X-Device-Type
X-Drupal-Cache-Contexts
X-Cache-Time
Server-Info
OT-Force-Account-Verify
X-NewRelic-App-Data
DSUID
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
Time
Release
X-Cache-NE
X-Rendered-As
Ohc-File-Size
X-Cache-Server
X-VG-TLSProxy
Hostname
X-VG-WebCache
ServedBy
X-Sorting-Hat-PodId
X-ShopId
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Vgn-Hpd-Reason
X-ShardId
X-Alternate-Cache-Key
X-VCT
X-FB-TRIP-ID
X-Nginx-Cache
X-Redis-Cache
X-Mode
Fastcgi-X-Cache-Version
X-APP-VERSION
Machine
X-OVcl
X-OVcl-Cache
X-Tb
X-Real-IP
Cteonnt-Length
Accept-Language
Ohc-Cache-HIT
Origin
NtCoent-Length
X-GEO
X-Pubstack
Origin-Edge-Control
X-NC
Origin-Cache-Control
X-Environment-Context
X-L-Path
X-CSRF-TOKEN
X-B3-Spanid
X-Presslabs-Stats
L5d-Success-Class
Access-Control-Request-Headers
X-Request-Time
X-No-Session
Odigeo-Trace-Id
X-Generated-By
X-App-Version
X-HS-Cache-Config
X-Load-Cache
X-Magnolia-Registration
X-Cluster-Name
X-Tt-Trace-Tag
X-VWS-Id
Mime-Version
X-DC
X-LJ-Flow-ID
X-AWS-Id
X-Endurance-Cache-Level
Fastly-SSL
X-CACHE-KEY
X-Amzn-Remapped-Content-Length
IBM-Web2-Location
X-Parent-Response-Time
Akamai-GRN
We-Hiring
Mail-Subject
X-UUID
X-B3-Parentspanid
X-NGENIX-Cache
Nel
X-ServerID
X-Rocket-Nginx-Bypass
X-ECACHE
X-GoCache-CacheStatus
Request-Time
X-XRDS-LOCATION
X-SRCache-Key
Cache-Prefix
X-Server-Time
X-SS-Set-Cookie
Cdn-Host
X-Transaction
Content-Style-Type
Content-Script-Type
Cross-Origin-Window-Policy
Fly-Cache
Cdn-Request-Time
A
X-Vtex-Processado-Em
X-Node-Id
X-VG-WebServer
X-Vtex-Remote-Cache
X-Worker
Xc-Version
X-MServer
X-Soup
X-Twitter-Response-Tags
Apple-News-Services-Request-Url
Arc-Country
AsisCache
Apple-News-Services-Parsed-Url
X-Trv-Group
Apple-News-Services-Handled
Apple-News-Services-Host
BehaviorPad-Version
Mobile-Detection-Method
X-Origin-Date
X-ARC
X-Org
X-B-Cookie
X-CF-Lambda-Fn
X-Application
X-AIR-PT
X-Accel-Expires-Debug
X-Region-Sid
X-PAYTM-SRV-ID
X-Origin-Expires
X-CF-Lambda-Version
X-Is-Bot
X-Detected-As
X-Developer
X-DPWN-IS-SECURE
X-Edge-Server
X-Destination
X-Date
X-Connection-Hash
X-Instart-Info
X-D
X-G
X-A-Wwc
X-A-Dgt
Rendered-Blocks
Rt-Proxy-Cache
X-ScT
X-S-Maxage
Node
X-External-Request-Id
GEO-REGION-INFO
MD5-Digest
Memcached
Meta-Geo-Continent
X-S-Cookie
X-Rojux
X-A
X-A-Ccd
X-A-Dam
X-A-Dcw
VivaBuild
X-Request-UUID
Server-ID
T-Server
Viewtype
X-Rewrite-Enabled
Fly-Request-Id
X-Aed
X-ProxyCache-Status
X-Routing-Service
Uber-Trace-Id
X-ProxyCache-Key
X-Proxied
X-BYPASS-REASON
Proxy-Connection
X-Zipkin-Id
CF-IPCountry
ServerName
X-Oneagent-Js-Injection
X-Via-CDN
X-Urbn-Context-Path
Locale
X-Element-Page-Cache
X-Urbn-Site-Id
Backend-Name
X-Release
X-IN-APIGATEWAYSSL
Request-EU
Request-Country
X-Origin-TTL
X-Origin-CC
X-B3-SpanId
Countrycode
X-IN-APIGATEWAY
X-Hl-Ver
IsBot
Gh-Request-Id
X-Distributor
X-Distil-CS
NGX
Section-Io-Cache
X-Fastly-Cache
X-Request-Start
X-Up
X-Clientip
X-TrackingId
X-Thanos
X-Core-Mission
X-Bip
X-Cache-Bucket
X-Azure-Ref-OriginShield
X-WebServer
X-Cdn-Srv
X-Auto-Login
X-VC-Cache
X-Azure-Ref
X-SIPLIST1
User-Cache-Control
X-ElasticPress-Search
X-Hash
X-Hello
X-Cache-FS-Status
Server-Int
X-Clara-WADP
X-Generated-In
True-Client-Country-4JS
X-Cache-Id
X-GeoIP-City
X-Hnp-Log
X-Cdn-Origin
X-App-Name
X-Irp-Debug
X-CGP
X-Cache-Info
RNT-Time
RNT-Machine
X-Debug-Cache-Fetch
X-Gen-Mode
V-Age
X-Compress-Hint
X-Debug-Log
X-Debug-Cookies
X-Block-Status
X-Device-Os
X-BBXSRF
X-Backend-Url
X-Developers
X-ABtesting
X-Li-Fabric
X-Cms-Context
X-Debug-Cache-Store
W
X-Flog
X-CUA
X-Eu-Site
X-Debug-Cache-Expiry
X-Amz-Meta-Cache-Control
X-Epic-Correlation-Id
X-Backend-Host
X-Method
X-RateLimit-Remaining-Second
Esi-Enabled
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
CDCHOST
Platform
Fastly-SIE
X-Proxy-Cache-Status
X-Platform-Server
X-Proxy-Upstream
Fastly-SWR
Fastly-Soc-X-Request-Id
X-Request-URI
Adler-Geo
X-WADP-Cache
X-VServer
X-We-Are-Hiring
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Variation
X-Unique-ID
X-Skip-Cache
X-Sn-Servicetimems
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
Ha-Gx-Prefs
X-RateLimit-Limit-Second
X-LI-Proto
X-Nginx-Cache-Key
Magicmarker
L
X-MSEdge-Flight
X-MSEdge-Features
N-Cache
X-Location
HA-Ipaddr
X-LI-UUID
PFcat
X-NX-Host
X-Owner
X-Li-Pop
X-Old-Content-Length
X-PHP-Host
Is-Eu
X-Swa-Ws
X-Matched-Rule
X-HS-Combine-CSS
X-GDPR
X-Level-Front-Cache
X-Webstats-RespID
X-ServiceProvider
X-User
X-Cdn-Forward
X-Internal-Host
X-Thinkindot-L3
X-Say-TTL
X-Geo-Header
X-Dispatcher-Server
X-Dispatch
X-Generation-Time
X-Generated-On
X-Fetched-On
X-Qloud-Router
X-Reboot
X-Reqid
X-SD-PageType
X-MP-GENERATED-AT
X-Server-IP
X-Guploader-Uploadid
X-SayCDN-TTL
X-Response-By
X-Say-Cacheable
X-Servername
X-Key
SD-X-WS
Served-By
Pramga
AKAMAI
Web-Mar-Node
SS
Thinkindot-CacheControl
Thinkindot-Control
Wxu-Next-Commit
Thinkindot-CacheControl-Type
Wxu-Next-Hostname
Wxu-Next-Region
Memory
Pagetype
Cache-Cookie-Set-Lfrom
Content-Disposition
X-C
Cache-Cookie-Set-Idcheck
X-Uri
Cache-Cookie-Set-From
Kp-EeAlive
X-Backend-State
Country-Code
X-IPS-LoggedIn
X-Microcachable
X-Page-Type
Heartbleed
X-Policy
Server-Host
Resin-Trace
X-FPC
UCS
X-Wa
X-SERVER-NAME
ProcessTime
X-Servedbyhost
Powered-By-ChinaCache
X-Service
X-Var-Ttl
Ajk
REQUESTUUID
X-Logtrace-Id
X-HTML-Minification-Powered-By
X-Nc
Proxy-Firewall
X-Lb-Id
Cache-Provider
X-Geo
X-Has-Esi
X-Ratelimit-Limit
X-VCL-Version
X-Dc
X-JWT-State
X-Cache-Backend
X-Is-Gdpr
X-Datadome
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Processor
X-Cache-Category-Id
X-Tb-Optimization-Total-Bytes-Saved
X-Oss-Storage-Class
X-Grey
X-Oss-Request-Id
X-Oss-Server-Time
X-NWS-UUID-VERIFY
Powered-By
Srv
X-Pjax-Url
X-Cache-Ttl
X-Info
X-Varnish-Beresp-Ttl
X-SRV
X-ZONE
GeoIP-City
Fastly-Backend-Name
GeoIP-Country-Code
GeoIP-Latitude
X-Svr
X-Server-ID
X-TH-Server
X-Cache-URL
X-Be
X-Ruxit-Js-Agent
X-Instart-Isnd
X-HS-Status
SN
PICS-Label
X-RCS-CacheZone
X-RateLimit-Reset
X-CDN-Forward
X-Zone
X-Tec-Api-Version
X-Tec-Api-Origin
X-Webkit-Csp
X-Tec-Api-Root
X-Ftr-Request-Id
X-Varnish-Beresp-Status
X-Dynatrace
X-Ttl
X-Varnish-Beresp-Grace
X-Newrelic-Synthetics
Cdn
X-NodeID
GW-Server
X-SN
X-Scheme
Group
X-Source
X-UA
X-GRACE
X-LAGOON
X-Varnish-Url
X-Pf-Uncompressing
CACHE
CF-Cached-On
WZWS-RAY
X-EC-Lua
X-Secret
X-PF-Uncompressing
X-Gannett-Site-Version
X-Bc
X-Check-Cacheable
Dynatrace
X-Varnish-Beresp-TTL
X-Sucuri-Id
Ttl
X-Dynatrace-Js-Agent
Cache-Host
X-Server-W
X-LiteSpeed-Cache-Control
X-Varnish-Cacheable
LB
On-Server
X-CDN-Cache
X-NODE
X-GeoIP-Country-Code
X-Ftr-Cache-Host
User-Agent
Inserted-Into-Cache-At
X-Ratelimit-Remaining
X-BC
X-Via-Ucdn
X-Ms-Version
X-Ms-Request-Id
Environment
X-APP
X-Tt-Trace-Host
X-COUNTRY
X-BE
Pics-Label
X-Edge
X-NU-AKA-ACS-Version
XServer
Lfy
Who
X-Session-Fingerprint
X-Fastly-Country-Code
X-Akamai-SSL-Client-Sid
Geoip-City
GeoIp-Country-Code
Geoip-Latitude
X-Aicache-OS
X-Cache-Debug
X-Crawler
X-PJAX-URL
X-URL
WWW
X-Ftr-Dc
X-Trafficlayer-App-Name
X-Ftr-Backend
X-Ftr-Balancer
X-Trafficlayer-App-Scope
MIME-Version
X-Ftr-Realm
X-Ftr-Backend-Server
X-Agile
Requestid
Ohc-Response-Time
X-Render-Time
X-Agile-Id
X-Agile-Age
X-Mid
X-Fastly-Backend-Reqs
Cf-Ipcountry
X-MCACHE
X-Vcl-Version
X-FORWARDED-FOR
M-TraceId
SID
X-Varnish-Ttl
X-LB-ID
X-CSRF-Token
X-FE
Lb
Amp-Access-Control-Allow-Source-Origin
URI
X-7Graus-Varnish-XKeys
X-Micro-Cache
X-Litespeed-Cache-Control
X-Logging-Id
X-Via-SSL
X-Via-Edge
X-7Graus-Varnish-Cache-Control
X-Served-From
X-UPSTREAM-Address
Xkeyrz
X-Cache-Miss-From
X-Sedo-Request-Id
X-WR-MODIFICATION
X-Proxy-Cacherz
HostName
X-DSS
X-Action
X-Amzn-Remapped-Connection
RequestUuid
X-DW
X-RPM
X-RPS
X-RSL
X-Amzn-Remapped-Date
X-Cache-Tag
Host-ID
X-DI
X-DB
X-Correlation-ID
DataCenter
X-Cf-Powered-By
X-Nananana
X-WA
X-Flow-Id
X-Vct
X-Protected-By
X-ServedByHost
X-Fpc
CDN
X-Page-Impression-Id
Xkeypdq
X-Fastly-Cache-Hits
X-Zalando-Child-Request-Id
X-NGINX-Cache
X-Newrelic-App-Data
WebServer
X-SB
X-Core-Value
Cdnsip
X-MID
X-AK-Request-ID
Cdncip
X-Vdms-Version
X-VC
X-TIME
X-Cdn-Request-ID
FNAC-ModuleRouting
Warning
Cneonction
Correlation-Id
X-Ecache
X-Via-NSCOPI
X-Request-Url
X-Refresh
X-ND-Cache
X-Dw-Trace-Id
X-Swift-Error
Pragrma
X-Sucuri-Cache
Xet-Cookie
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Serial
X-Planisys-CDN-Cache
X-Apw-Hits
X-ECache
X-MiniProfiler-Ids
X-Unique-Id
HitType
X-ServerName
X-Bug-Bounty
Processtime
X-Gdpr
X-Apw-Access-Token
X-Apw-Access-Object
X-Fe
X-Request-URL
V-Cache
X-Apw-Access-Action