Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
X-XSS-Protection
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Cacheable
X-Generator
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-Xss-Protection
Timing-Allow-Origin
X-Template
X-Language
X-DNS-Prefetch-Control
X-Request-ID
X-Iinfo
Status
Content-Encoding
X-Content-Security-Policy
X-AspNetMvc-Version
X-Buckets
X-Kinja-Server-Push
Xkey
Upgrade
X-Via
X-Turbo-Charged-By
Access-Control-Expose-Headers
Keep-Alive
Access-Control-Max-Age
X-Cache-Group
X-Drupal-Dynamic-Cache
X-Pass-Why
P3p
X-Age
EagleId
X-Backend
X-CDN
X-Robots-Tag
X-Amz-Request-Id
X-Amz-Id-2
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Pingback
X-Ua-Compatible
X-Server-Powered-By
X-Proxy-Cache
X-Hacker
X-UA-Device
X-AH-Environment
Request-Context
X-Nginx-Cache-Status
Grace
X-Server
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Server-Id
Cf-Railgun
X-Cdn
X-Amz-Version-Id
X-WebKit-CSP
Feature-Policy
Server-Timing
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Rq
X-Cnection
X-Ac
Report-To
X-Cloud-Trace-Context
X-Host
X-Response-Time
X-Node
Content-Location
X-Dns-Prefetch-Control
X-Backend-Server
EagleEye-TraceId
Request-Id
X-Origin-Cache
X-Readtime
X-Vhost
X-Application-Context
X-Cache-Lookup
X-ORACLE-DMS-ECID
NEL
X-Dispatcher
Surrogate-Control
Allow
X-Rack-Cache
X-Ruxit-JS-Agent
X-Origin-Upstream-Status
X-Country
X-HW
X-Url
Rating
X-Country-Code
X-FTR-Request-ID
X-DataDome
X-TTL
X-ORACLE-DMS-RID
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-DynaTrace
Fusion-Component-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Id
X-Instart-Request-ID
Fusion-Content-Source
X-Goog-Hash
X-Varnish-TTL
X-MS-InvokeApp
X-Vname
X-PC
X-TtlSet
X-CST
X-Ah-Environment
Verso
X-Px
RTSS
X-Aspnetmvc-Version
Edge-Control
X-Powered-By-Plesk
Public-Key-Pins
X-Recruiting
X-VARITI-CCR
X-Mod-Pagespeed
Service-Worker-Allowed
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
X-Exp-Id
X-D2id
X-Cdn-Fetch
X-Use-Magma
X-Kinja-Revision
X-Kinja-Server
Pinterest-Generated-By
X-Sol
X-Middleton-Response
X-Middleton-Display
Display
Response
X-Vcap-Request-Id
X-Version
SPRequestGuid
X-SharePointHealthScore
Accept-Ch-Lifetime
X-Akam-SW-Version
MS-Author-Via
X-RateLimit-Remaining
TCN
X-GitHub-Request-Id
X-Navigation-Version
X-Abt-Application-Version
Accept-CH
X-Powered-CMS
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-B3-TraceId
X-Upstream
X-Forwarded-Proto
X-Shard
X-Amz-Server-Side-Encryption
SPIisLatency
SPRequestDuration
AR-ATIME
Ar-Sid
Charset
AR-PoweredBy
AR-CACHE
X-SRCache-Store-Status
X-XRDS-Location
X-SRCache-Fetch-Status
Fastly-Restarts
X-Amz-Rid
Nginx-Cache
Realpath
X-Trace
X-Debug
Front-End-Https
AR-Request-ID
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-Shield-Request-Id
X-B3-TraceId-Primal
X-Cached
MRF-Tech
Mrf-Cache-Status
X-ESI
X-Server-Name
X-Ezoic-Cdn
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-MSEdge-Ref
Paypal-Debug-Id
Access-Control-Request-Method
X-NF-Request-ID
X-Country-Code-Real
X-FTR-Expires
X-FTR-Cache-Status
Arr-Disable-Session-Affinity
DynaTrace
X-SERVER
ServerID
Content-MD5
X-Id
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-DC
X-FTR-Balancer
Pagespeed
X-Goog-Storage-Class
S
MicrosoftSharePointTeamServices
X-DynaTrace-JS-Agent
X-T
X-Amz-Meta-S3cmd-Attrs
X-Client-IP
X-Fastly-Request-ID
X-Vcache
X-Via-JSL
X-Content-Type
X-Varnish-Age
X-Hits
X-Dw-Request-Base-Id
X-VCache
X-Amzn-Trace-Id
X-RateLimit-Limit
X-N
X-FastCGI-Cache
X-B3-Traceid
X-Grace
X-Correlation-Id
X-Forwarded-For
X-FTR-Cache-Host
Fastcgi-Cache
X-Frontend
X-Content-Digest
X-Mobile-Rewrite
PB-RID
PB-PID
Powered
Arc-Version
Accept-Ch
X-Esi
Server-Name
X-Accel-Expires
X-Ser
X-Logged-In
X-DIS-Request-ID
AMP-Access-Control-Allow-Source-Origin
X-B3-Sampled
X-GUploader-UploadID
X-HS-Content-Id
X-HS-Hub-Id
X-Microsite
TP-L2-Cache
TP-Cache
X-Request-Handler-Origin-Region
X-Zen-Fury
X-Kinsta-Cache
X-Cache-Age
X-Request-Processing-Time
X-Request-Received
FilterID
X-Type
X-LB-Cache
X-Rid
X-User-Agent
X-Revision
Backend-Timing
X-Activity-Id
X-Analytics
X-AppVersion
X-Az
X-Fastcgi-Cache
X-IPLB-Instance
Healthy
X-Node-Name
Edge-Cache-Tag
X-F-Cache
X-Srv
X-Acc-Meta-Resource-Type
X-Whom
Retry-After
X-Time
X-Cache-2
X-NWS-LOG-UUID
X-Amz-Apigw-Id
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Amzn-RequestId
Accept-Charset
Alternate-Protocol
X-Pinterest-Rid
Pinterest-Version
X-Cache-Hit
X-AOL-HN
X-Cache-Rule
Cache-Status
Server-Node
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Content-Options
Surrogate-Key
X-Akamai-Edgescape
X-Cluster
DC
Access-Control-Allow-Method
X-Jobs
X-Content-Security-Policy-Report-Only
X-Content-Powered-By
X-Forwarded-Host
X-Instance
X-FW-Type
X-FW-Static
X-Page-Id
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
X-Debug-Info
X-FW-Server
X-FB-Debug
X-FW-Serve
X-FW-Hash
Refresh
X-Framework
Source
X-Varnish-Grace
X-PHP-Backend
X-App-Environment
X-Request-Guid
X-B
MS-CV
X-Hp-Webp
Fastcgi-Useragent
X-App-Server
X-Hostname
Host
Frame-Options
X-Cache-Key
X-Signature
X-B-Cache
Cleartype
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Ratelimit-Reset
Tracecode
X-DataStream-Cache-Status
X-Cache-Operation
Actual-Object-TTL
X-Cached-By
X-BCube-Filmed-By
X-PressLabs-Stats
X-Mobile-URL
X-TA-CDN-Provider
Cache-Tag
X-Varnish-Backend
X-Geo-Country
X-TT
Xserver
X-Cache-Control
X-Pad
Liferay-Portal
X-Amz-Replication-Status
X-Seen-By
X-Host-Name
X-Mobile
X-Response-Served-From
NGB
X-ATG-Version
X-Adobe-Content
X-Adobe-Loc
X-Git-Hash
Payment
X-Status
X-WebKit-CSP-Report-Only
Eomportal-Instance
X-WA-Info
Upgrade-Insecure-Requests
X-TT-TIMESTAMP
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
Cache-Tv-Group
X-FW-Dynamic
Filters
WPE-Backend
X-Cacheable-TTL
X-Drupal-Cache-Tags
X-TX-ID
X-Handled-By
Ms-Operation-Id
X-RTag
X-GeoIP
X-RequestSource
X-RemovedCookies
X-ProcessESI
From-Origin
X-UA-Device-Type
Webserver
X-Cache-TTL-Remaining
X-Content-Age
X-Cache-Remote
GEO-INFO
Datacenter
X-Oracle-Dms-Rid
X-Daa-Tunnel
X-Edge-Location
Cache
X-Upstream-Proxy
X-Storage
X-Cache-Action
X-Cache-TTL
X-Accel-Buffering
X-Webkit-CSP
Viewport
X-Varnish-Hostname
X-Origin-Server
Accept-CH-Lifetime
X-Ua
PageSpeed
X-EdgeConnect-Cache-Status
Version
X-Hyper-Cache
X-Contextid
X-CF-Powered-By
X-Region
Host-Header
SRV
X-Wix-Request-Id
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Varnish-Server
X-Akamai-Transformed
NR-ENABLED
X-Cache-Var-Map
X-ES-SERVER
X-Cache-Var
X-Path-Route
X-Akamai-Request-ID2
X-RN-RSRV
Meta-Geo
Load-Balancing
X-From
Selected-Fe
S-Cnection
X-IP
X-JoinUs
X-Timing-Wait
X-Proxy-Build
X-TNCMS
X-Proto
Vix-Hermes-Req-Id
X-Loop
X-Cache-Config
X-Backend-Name
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated
X-Proxy
Now
Cache-Name
Cache-Tags
X-CS
Rt-Fastcgi-Cache
X-Rule
Cache-Hits
X-Cluster-Node
X-FC-Vary-Parameters
X-Hit
Decoy-Debug-TTL
X-Viewer-Country
Decoy-Debug-Status
Decoy-Debug-Key
X-PERF
X-Section
X-Time-Microsecs
DB-Nickname
X-Origin-Response-Time
X-Origin
X-ApacheServer
X-Akamai-Request-ID
X-Access
X-Cache-Enabled
X-Upgrade-Enabled
X-Labrador-Cache-Channel
X-Tumblr-Pixel-3
Country
Property-Id
TWC-Connection-Speed
Mn-Server-Ip
Cache-Key
Azure-Version
X-Cache-Host
X-Web-Node
X-FireWall-Port
X-Xfnlog-Site
X-FW-Version
Ec-Rule-Version
X-EIG-Tracking-Id
X-Format
X-R9-Blue-Green-Version
X-Upstream-CT
X-Upstream-HT
X-Varnish-Cache-Hits
X-Via-Fastly
X-Trace-Id
X-UnsetCookies
X-Hosted-By
Azure-SlotName
Webcakes-App-Name
Webcakes-App-Version
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-Country
TWC-GeoIP-LatLong
Webcakes-Region
X-Backend-TTL
X-Origin-Hint
X-PCL
X-OCL
X-NCache
X-CCM
TWC-Device-Class
S-Rt
Azure-SiteName
Azure-InstanceId
Azure-RegionName
X-Human
X-Locale
X-S
X-Drupal-Cache-Contexts
X-Debug-Cache
X-Cache-Grace
X-Varnish-Hits
X-Device-Type
X-Site-Version
X-DataStream-Origin-MEX-Latency
DSUID
X-DataStream-MidMile-RTT
X-NewRelic-App-Data
Server-Info
OT-Force-Account-Verify
X-Cache-Time
X-Cache-NE
Time
Release
X-Rendered-As
X-Www-Served-By
X-Cache-Server
Ohc-File-Size
Hostname
X-VG-WebCache
ServedBy
X-VG-TLSProxy
X-Vgn-Hpd-Reason
X-Alternate-Cache-Key
X-ShardId
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-ShopId
X-VCT
X-FB-TRIP-ID
X-Nginx-Cache
Fastcgi-X-Cache-Version
Accept-Language
X-Mode
X-Tb
Machine
X-APP-VERSION
X-OVcl
X-Real-IP
X-OVcl-Cache
X-Redis-Cache
Ohc-Cache-HIT
Cteonnt-Length
Origin
NtCoent-Length
X-GEO
Origin-Edge-Control
X-NC
X-Pubstack
Origin-Cache-Control
L5d-Success-Class
X-Environment-Context
X-No-Session
X-L-Path
X-B3-Spanid
X-Presslabs-Stats
X-CSRF-TOKEN
Access-Control-Request-Headers
X-HS-Cache-Config
Odigeo-Trace-Id
X-Generated-By
X-Load-Cache
X-Request-Time
X-App-Version
X-Tt-Trace-Tag
X-Magnolia-Registration
X-Cluster-Name
X-AWS-Id
X-VWS-Id
X-Endurance-Cache-Level
Fastly-SSL
X-DC
Mime-Version
X-LJ-Flow-ID
X-Amzn-Remapped-Content-Length
X-Parent-Response-Time
IBM-Web2-Location
Mail-Subject
X-UUID
Akamai-GRN
We-Hiring
X-ServerID
X-Rocket-Nginx-Bypass
X-GoCache-CacheStatus
Nel
Request-Time
X-B3-Parentspanid
X-ECACHE
X-NGENIX-Cache
X-CACHE-KEY
Locale
X-XRDS-LOCATION
X-Urbn-Site-Id
X-Urbn-Context-Path
X-A-Dcw
X-Aed
X-Accel-Expires-Debug
X-A
X-A-Dgt
X-ARC
X-A-Wwc
X-AIR-PT
X-A-Dam
X-Application
X-A-Ccd
Rendered-Blocks
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Apple-News-Services-Host
Apple-News-Services-Handled
Fly-Request-Id
Fly-Cache
Arc-Country
AsisCache
Content-Script-Type
Cdn-Request-Time
Cache-Prefix
Content-Style-Type
BehaviorPad-Version
Cross-Origin-Window-Policy
A
GEO-REGION-INFO
X-Node-Id
Server-ID
X-MServer
T-Server
Proxy-Connection
Viewtype
Rt-Proxy-Cache
Node
Memcached
MD5-Digest
Meta-Geo-Continent
X-Soup
Mobile-Detection-Method
VivaBuild
X-Vtex-Processado-Em
X-Is-Bot
X-Instart-Info
X-Org
X-Origin-Date
X-Transaction
X-Origin-Expires
X-G
X-Trv-Group
X-Edge-Server
X-DPWN-IS-SECURE
X-ProxyCache-Status
X-ProxyCache-Key
X-Proxied
X-External-Request-Id
X-PAYTM-SRV-ID
Xc-Version
X-Server-Time
X-ScT
X-BYPASS-REASON
Uber-Trace-Id
X-SS-Set-Cookie
X-SRCache-Key
X-S-Maxage
X-S-Cookie
X-Worker
X-Region-Sid
X-Request-UUID
X-Rewrite-Enabled
X-Rojux
X-Routing-Service
X-Twitter-Response-Tags
X-Vtex-Remote-Cache
X-D
X-Date
X-Destination
X-CF-Lambda-Version
CF-IPCountry
X-B-Cookie
X-Zipkin-Id
X-CF-Lambda-Fn
X-Detected-As
X-Connection-Hash
X-Developer
X-VG-WebServer
Cdn-Host
X-Element-Page-Cache
X-Oneagent-Js-Injection
X-Via-CDN
ServerName
Backend-Name
X-Developers
X-TrackingId
Fastly-Soc-X-Request-Id
X-Cdn-Srv
X-Auto-Login
X-Up
X-Azure-Ref
X-Thanos
Countrycode
X-Bip
X-Clientip
X-Cache-Bucket
X-SIPLIST1
X-Distil-CS
X-Release
Request-EU
Request-Country
X-Azure-Ref-OriginShield
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Hl-Ver
Section-Io-Cache
X-Fastly-Cache
NGX
X-WebServer
Gh-Request-Id
X-Cms-Context
X-Distributor
N-Cache
X-Core-Mission
X-Request-Start
IsBot
X-Origin-TTL
X-Origin-CC
X-B3-SpanId
X-ElasticPress-Search
User-Cache-Control
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Platform-Server
X-MSEdge-Flight
X-MSEdge-Features
X-Proxy-Cache-Status
X-Nginx-Cache-Key
True-Client-Country-4JS
X-NX-Host
X-Owner
X-PHP-Host
X-Device-Os
RNT-Time
X-BBXSRF
X-CGP
Server-Int
V-Age
X-Old-Content-Length
RNT-Machine
W
X-Fetched-On
X-Eu-Site
X-Hash
X-Epic-Correlation-Id
X-Generation-Time
X-Amz-Meta-Cache-Control
X-Gen-Mode
X-App-Name
X-Generated-In
X-Generated-On
X-Hnp-Log
X-Backend-Host
X-LI-UUID
X-Location
X-Proxy-Upstream
X-Matched-Rule
X-LI-Proto
X-Li-Pop
X-Irp-Debug
X-Level-Front-Cache
X-Li-Fabric
X-Backend-Url
X-RateLimit-Limit-Second
X-Thinkindot-L3
X-Unique-ID
Adler-Geo
X-Compress-Hint
X-CUA
X-SVT-ORM-VERSION
X-Debug-Cache-Expiry
HA-Ipaddr
Ha-Gx-Prefs
X-SVT-ORM-RULES
Fastly-SWR
X-Variation
X-VServer
X-WADP-Cache
CDCHOST
Content-Disposition
X-Clara-WADP
X-Wikidot-Backend
Fastly-SIE
X-VC-Cache
Esi-Enabled
X-Debug-Log
Is-Eu
X-Block-Status
X-Request-URI
X-C
X-Debug-Cookies
X-Reboot
Platform
X-RateLimit-Remaining-Second
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-We-Are-Hiring
X-Debug-Cache-Store
Magicmarker
X-ServiceProvider
X-Skip-Cache
X-Cache-Info
X-Cache-Id
X-Debug-Cache-Fetch
X-Wikidot-Static-Cache
X-Cache-FS-Status
X-Microcachable
X-Flog
X-Dispatcher-Server
X-Guploader-Uploadid
X-SD-PageType
X-SayCDN-TTL
X-Say-TTL
X-Say-Cacheable
X-Server-IP
X-Servername
X-Webstats-RespID
X-User
X-Swa-Ws
X-Sn-Servicetimems
X-Response-By
X-Reqid
X-Internal-Host
X-HS-Combine-CSS
X-Hello
X-GeoIP-City
X-Key
X-Method
X-Qloud-Router
X-GDPR
X-MP-GENERATED-AT
X-Geo-Header
X-Dispatch
L
Served-By
X-Backend-State
Kp-EeAlive
SS
Server-Host
Memory
Wxu-Next-Commit
SD-X-WS
Pramga
PFcat
X-ABtesting
Pagetype
X-Cdn-Forward
Heartbleed
Cache-Cookie-Set-Idcheck
X-Cdn-Origin
Wxu-Next-Region
Web-Mar-Node
Country-Code
Cache-Cookie-Set-From
AKAMAI
Wxu-Next-Hostname
Cache-Cookie-Set-Lfrom
X-IPS-LoggedIn
X-Uri
X-Page-Type
Resin-Trace
X-Policy
X-FPC
X-Wa
X-SERVER-NAME
UCS
ProcessTime
X-Servedbyhost
X-Var-Ttl
Powered-By-ChinaCache
Ajk
X-Logtrace-Id
REQUESTUUID
X-HTML-Minification-Powered-By
X-Service
X-Nc
Proxy-Firewall
X-JWT-State
X-Is-Gdpr
Cache-Provider
X-Lb-Id
X-Has-Esi
X-Geo
X-Ratelimit-Limit
X-Cache-Backend
X-VCL-Version
X-Dc
X-Datadome
X-NWS-UUID-VERIFY
X-Oss-Hash-Crc64ecma
Powered-By
X-Processor
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
X-Tb-Optimization-Total-Bytes-Saved
X-Oss-Object-Type
X-Grey
X-Cache-Category-Id
Srv
X-Pjax-Url
X-Varnish-Beresp-Ttl
X-SRV
X-Cache-Ttl
X-Info
X-ZONE
GeoIP-Country-Code
X-Svr
SN
X-Server-ID
GeoIP-Latitude
Fastly-Backend-Name
X-Cache-URL
X-TH-Server
GeoIP-City
PICS-Label
X-Ruxit-Js-Agent
X-Be
X-RateLimit-Reset
X-RCS-CacheZone
X-HS-Status
X-Instart-Isnd
X-CDN-Forward
X-Tec-Api-Root
X-Zone
X-Tec-Api-Version
X-Tec-Api-Origin
X-Webkit-Csp
X-Ftr-Request-Id
X-SN
X-Newrelic-Synthetics
X-Ttl
X-Dynatrace
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
Cdn
X-NodeID
GW-Server
X-Scheme
X-UA
X-Source
Group
X-GRACE
X-LAGOON
X-Varnish-Url
X-Pf-Uncompressing
CACHE
CF-Cached-On
WZWS-RAY
X-Secret
X-EC-Lua
X-Gannett-Site-Version
X-Check-Cacheable
X-Bc
X-Varnish-Beresp-TTL
Dynatrace
X-Sucuri-Id
X-Varnish-Cacheable
X-PF-Uncompressing
X-CDN-Cache
On-Server
Ttl
LB
X-Dynatrace-Js-Agent
X-LiteSpeed-Cache-Control
X-Server-W
Cache-Host
X-NODE
User-Agent
X-GeoIP-Country-Code
X-Ftr-Cache-Host
X-Ms-Request-Id
X-Tt-Trace-Host
Environment
X-Ms-Version
X-Ratelimit-Remaining
Inserted-Into-Cache-At
X-Via-Ucdn
X-APP
X-BC
X-BE
X-COUNTRY
X-NU-AKA-ACS-Version
X-Edge
Pics-Label
XServer
X-Fastly-Country-Code
Geoip-City
Lfy
X-Cache-Debug
WWW
Geoip-Latitude
GeoIp-Country-Code
X-Session-Fingerprint
X-Aicache-OS
X-Trafficlayer-App-Scope
X-Crawler
X-Trafficlayer-App-Name
X-Akamai-SSL-Client-Sid
X-URL
X-PJAX-URL
Who
X-Ftr-Backend
X-Ftr-Dc
MIME-Version
X-Ftr-Backend-Server
X-Ftr-Realm
X-Ftr-Balancer
Requestid
X-Agile-Age
X-Agile
Ohc-Response-Time
X-Mid
X-Render-Time
X-Fastly-Backend-Reqs
X-Agile-Id
Cf-Ipcountry
X-Vcl-Version
X-FE
M-TraceId
X-Varnish-Ttl
X-MCACHE
X-FORWARDED-FOR
X-CSRF-Token
SID
X-LB-ID
Amp-Access-Control-Allow-Source-Origin
Lb
X-Via-Edge
X-Litespeed-Cache-Control
X-Via-SSL
X-Served-From
X-Logging-Id
X-Micro-Cache
X-UPSTREAM-Address
X-7Graus-Varnish-Cache-Control
X-7Graus-Varnish-XKeys
URI
X-Cache-Miss-From
X-WR-MODIFICATION
X-Sedo-Request-Id
RequestUuid
X-Proxy-Cacherz
Xkeyrz
HostName
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-RPM
X-RSL
X-Action
X-RPS
Host-ID
X-DI
X-DSS
X-DW
X-Cache-Tag
X-DB
X-Correlation-ID
DataCenter
X-Cf-Powered-By
X-Protected-By
X-Fpc
X-Core-Value
X-Vct
X-Page-Impression-Id
X-Nananana
X-Zalando-Child-Request-Id
CDN
X-ServedByHost
X-WA
X-Fastly-Cache-Hits
Xkeypdq
X-Flow-Id
WebServer
X-Newrelic-App-Data
X-NGINX-Cache
X-Ecache
FNAC-ModuleRouting
X-TIME
X-VC
X-Cdn-Request-ID
Cneonction
X-ND-Cache
X-MID
Correlation-Id
X-Refresh
X-SB
X-Dw-Trace-Id
X-Via-NSCOPI
Cdncip
X-AK-Request-ID
Warning
X-Vdms-Version
Cdnsip
X-Request-Url
X-Swift-Error
X-Sucuri-Cache
X-Serial
Xet-Cookie
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Apw-Hits
X-ECache
Processtime
X-Unique-Id
HitType
X-ServerName
X-Bug-Bounty
X-Request-URL
Pragrma
X-Apw-Access-Token
X-Apw-Access-Object
V-Cache
X-Gdpr
X-Fe
X-MiniProfiler-Ids
X-Apw-Access-Action