Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Request-Id
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
X-Drupal-Cache
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
P3p
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
Status
X-Template
X-Language
Timing-Allow-Origin
Content-Encoding
X-FRAME-OPTIONS
X-Content-Security-Policy
X-Iinfo
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Amz-Request-Id
X-Amz-Id-2
X-Pingback
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
X-Server-Powered-By
EagleId
X-Varnish-Cache
X-UA-Device
X-Nginx-Cache-Status
Request-Context
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
X-WebKit-CSP
X-Ua-Compatible
Ali-Swift-Global-Savetime
Feature-Policy
X-Device
Server-Timing
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Host
X-Ac
Report-To
X-Rq
X-OneAgent-JS-Injection
Content-Location
X-Node
X-Server-Id
X-Backend-Server
X-Cnection
X-Response-Time
X-Origin-Cache
EagleEye-TraceId
X-Cloud-Trace-Context
X-Application-Context
Allow
Request-Id
X-Readtime
Surrogate-Control
X-Cache-Lookup
X-Country
X-ORACLE-DMS-ECID
X-Url
X-DynaTrace
X-Ruxit-JS-Agent
X-Cdn
X-Vhost
X-Rack-Cache
X-Clacks-Overhead
X-ORACLE-DMS-RID
Pinterest-Generated-By
X-Origin-Upstream-Status
NEL
X-CST
X-TTL
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Rating
X-FTR-Request-ID
X-Country-Code
X-HW
X-Dns-Prefetch-Control
X-Goog-Hash
X-Instart-Request-ID
X-Dispatcher
X-DataStream-Cache-Status
Edge-Control
X-Px
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
X-Vname
X-TtlSet
X-PC
X-VARITI-CCR
Service-Worker-Allowed
X-Mod-Pagespeed
X-MS-InvokeApp
SPRequestGuid
Verso
X-B3-TraceId
X-ESI
X-DataDome
X-Recruiting
X-Request-ID
X-Kinja-Build
X-Kinja-Server
X-Kinja-Revision
X-GoogleNews-Bot
X-Exp-Variant
X-Use-Magma
X-Kinja
X-Cdn-Fetch
X-Exp-Id
X-D2id
X-Varnish-TTL
X-Vcap-Request-Id
X-SharePointHealthScore
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
X-Server-Name
X-RateLimit-Remaining
TCN
X-Powered-By-Plesk
DynaTrace
X-Navigation-Version
X-GitHub-Request-Id
X-Sol
Display
X-Middleton-Display
Response
X-Middleton-Response
X-SRCache-Fetch-Status
RTSS
X-SRCache-Store-Status
X-Server-ID
Accept-Ch-Lifetime
Content-MD5
Charset
X-Akam-SW-Version
AR-PoweredBy
Ar-Sid
AR-CACHE
AR-ATIME
MS-Author-Via
X-Amz-Rid
ServerID
X-Shield-Request-Id
AR-Request-ID
Realpath
X-Trace
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Dw-Request-Base-Id
X-Goog-Metageneration
X-Powered-CMS
X-Cached
X-TEC-API-ORIGIN
X-DynaTrace-JS-Agent
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Version
Nginx-Cache
X-Shard
X-Forwarded-Proto
SPRequestDuration
SPIisLatency
X-Upstream
Pagespeed
Pinterest-Version
X-Pinterest-Rid
X-Goog-Storage-Class
X-Upstream-Proxy
X-Mrf-Item-Lastmod
Public-Key-Pins
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
Accept-CH
X-Client-IP
Paypal-Debug-Id
X-MSEdge-Ref
Fastly-Restarts
Access-Control-Request-Method
S
X-VCache
X-Amz-Meta-S3cmd-Attrs
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Ezoic-Cdn
X-Debug
Accept-Ch
X-FTR-Backend
X-FTR-Realm
X-FTR-DC
X-FTR-Cache-Status
X-Country-Code-Real
X-Id
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Expires
X-DIS-Request-ID
X-T
X-Fastly-Request-ID
X-N
MicrosoftSharePointTeamServices
X-XRDS-Location
X-Ser
Alternate-Protocol
PB-RID
PB-PID
Arr-Disable-Session-Affinity
Arc-Version
X-Mobile-Rewrite
X-Varnish-Age
X-NF-Request-ID
X-Hits
Fastcgi-Cache
Front-End-Https
X-Amzn-Trace-Id
X-Content-Type
X-B3-Sampled
X-Acc-Meta-Resource-Type
X-FTR-Cache-Host
X-Frontend
X-Logged-In
X-Grace
Server-Name
X-Content-Digest
X-Pad
X-Srv
Host
X-FastCGI-Cache
X-Forwarded-For
AMP-Access-Control-Allow-Source-Origin
Nel
X-Node-Name
X-Request-Handler-Origin-Region
X-Microsite
FilterID
Powered-By-ChinaCache
X-Correlation-Id
TP-L2-Cache
TP-Cache
Healthy
X-LB-Cache
X-Debug-Info
X-Rid
X-Type
X-Kinsta-Cache
Edge-Cache-Tag
X-Fastcgi-Cache
X-IPLB-Instance
X-GUploader-UploadID
X-AOL-HN
X-Request-Processing-Time
X-Request-Received
X-User-Agent
X-Vcache
X-Cached-By
X-Cache-2
X-HS-Hub-Id
X-HS-Content-Id
X-Hostname
X-Revision
X-Cache-Rule
X-F-Cache
Powered
Surrogate-Key
X-XRDS-LOCATION
X-RateLimit-Limit
X-Accel-Expires
X-Zen-Fury
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Cache-Age
X-Analytics
Backend-Timing
X-Page-Id
VIX-Pulpo-Upstream-Status
X-Content-Security-Policy-Report-Only
VIX-Pulpo-Node
X-Varnish-Backend
X-Varnish-Grace
X-Cache-Key
X-Content-Options
X-BCube-Filmed-By
X-Jobs
X-Cluster
X-FB-Debug
Source
X-PHP-Backend
Cache-Status
X-Amz-Replication-Status
X-Instance
X-Content-Powered-By
X-Request-Guid
X-Tumblr-Pixel-0
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Tumblr-User
X-App-Environment
X-TT
X-Tumblr-Pixel
X-Az
X-Activity-Id
X-AppVersion
X-Akamai-Edgescape
X-Framework
Cleartype
Tracecode
WPE-Backend
X-Varnish-Hostname
X-Via-JSL
Server-Node
X-Forwarded-Host
Refresh
Host-Header
X-Cache-TTL
X-Mobile
X-NWS-LOG-UUID
X-Cache-Control
X-Cache-Operation
X-ATG-Version
X-FW-Hash
X-FW-Type
X-FW-Static
X-FW-Server
X-FW-Serve
X-Signature
X-B-Cache
Accept-Charset
Actual-Object-TTL
X-Time
X-Drupal-Cache-Tags
DC
X-Cache-Action
X-Edge-Location
X-B3-Traceid
Liferay-Portal
Access-Control-Allow-Method
Upgrade-Insecure-Requests
X-Cache-Hit
X-App-Server
X-Whom
X-Accel-Buffering
X-TA-CDN-Provider
X-Response-Served-From
X-Storage
Payment
X-Mobile-URL
X-Hp-Webp
X-TX-ID
Fastcgi-Useragent
X-UA-Device-Type
X-WebKit-CSP-Report-Only
X-Content-Age
X-TT-TIMESTAMP
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-VG-WebCache
X-Handled-By
X-RequestSource
Filters
X-Cacheable-TTL
Cache
X-SS-Set-Cookie
X-GeoIP
X-Adobe-Content
Eomportal-Instance
X-B
X-Git-Hash
Server-Info
X-Adobe-Loc
Cache-Tv-Group
X-Tumblr-Pixel-2
Xserver
X-Ratelimit-Reset
X-Geo-Country
Viewport
X-ProcessESI
X-RemovedCookies
X-Tumblr-Pixel-1
X-WA-Info
X-FB-TRIP-ID
Cache-Tag
X-Cache-TTL-Remaining
Webserver
Datacenter
X-Cache-Enabled
X-Status
Retry-After
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
NGB
X-Contextid
X-FW-Dynamic
X-Seen-By
S-Cnection
X-Presslabs-Stats
X-CF-Powered-By
X-Ratelimit-Limit
X-Origin-Server
X-Host-Name
X-Mode
X-APP-VERSION
X-Magnolia-Registration
Accept-CH-Lifetime
X-PressLabs-Stats
X-Rendered-As
X-Daa-Tunnel
X-Varnish-Hits
Country
X-Cache-Var
X-Cache-Config
X-LJ-Flow-ID
Meta-Geo
X-AWS-Id
MS-CV
X-Path-Route
Machine
Load-Balancing
X-RN-RSRV
X-VWS-Id
X-ES-SERVER
X-VCT
X-Cache-Var-Map
Release
From-Origin
GEO-INFO
Cache-Key
X-Zipkin-Id
DSUID
Vix-Hermes-Req-Id
Mail-Subject
We-Hiring
X-Human
X-Cache-Grace
X-Real-IP
X-Upstream-HT
X-Routing-Service
X-Proxied
X-Labrador-Cache-Channel
X-Upstream-CT
X-Cache-Host
Uber-Trace-Id
X-Cache-NE
X-EIG-Tracking-Id
X-Hit
X-Viewer-Country
ServedBy
X-Web-Node
Mn-Server-Ip
X-PCL
X-Varnish-Server
X-Varnish-Cache-Hits
X-Hyper-Cache
X-Debug-Cache
X-OCL
X-TNCMS
X-Loop
X-Device-Type
X-Section
X-Backend-Name
Frame-Options
X-Access
X-From
X-RCS-CacheZone
X-ProxyCache-Status
X-VG-TLSProxy
X-R9-Blue-Green-Version
X-Proto
X-Origin-Response-Time
X-Rule
X-Tumblr-Pixel-3
X-BYPASS-REASON
X-MP-GENERATED-AT
X-ProxyCache-Key
X-Akamai-Request-ID
X-Upgrade-Enabled
OT-Force-Account-Verify
X-CCM
X-Cluster-Node
Now
Rt-Fastcgi-Cache
X-Esi
X-ShardId
X-L-Path
X-S
NGX
X-ShopId
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Proxy-Build
X-Sorting-Hat-PodId
X-Hosted-By
X-Region
X-JoinUs
X-Alternate-Cache-Key
X-Xfnlog-Site
X-Timing-Wait
X-Environment-Context
X-Redis-Cache
Akamai-GRN
X-FC-Vary-Parameters
X-Generated
X-Goog-Meta-Goog-Reserved-File-Mtime
X-UUID
X-Platform-Server
Decoy-Debug-TTL
X-NCache
X-Cache-Remote
Decoy-Debug-Status
Decoy-Debug-Key
X-Guploader-Uploadid
Cache-Name
X-Generated-By
X-Via-Fastly
Ms-Operation-Id
X-Trace-Id
X-Endurance-Cache-Level
X-RTag
DB-Nickname
X-Nginx-Cache
X-Site-Version
X-Locale
X-Www-Served-By
X-Hl-Ver
X-MServer
X-ECACHE
X-Drupal-Cache-Contexts
X-GRACE
X-NewRelic-App-Data
Cteonnt-Length
X-Vgn-Hpd-Reason
X-EdgeConnect-Cache-Status
X-Rocket-Nginx-Bypass
X-ServerID
X-Load-Cache
ProcessTime
X-Ttl
X-Request-Time
X-Time-Microsecs
X-IP
Time
X-IPS-LoggedIn
X-Wix-Request-Id
X-Litespeed-Cache
L5d-Success-Class
X-Dc
S-Rt
X-Origin
X-Via-CDN
X-Cache-Backend
Version
X-GEO
TWC-Device-Class
TWC-Connection-Speed
Webcakes-App-Version
Webcakes-Region
X-Origin-Hint
Webcakes-App-Name
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Served-By
Property-Id
Azure-SlotName
X-Unique-ID
NtCoent-Length
Azure-SiteName
Azure-InstanceId
Origin
X-FW-Version
Azure-RegionName
X-Microcachable
Azure-Version
Origin-Cache-Control
X-Proxy
X-Distributor
Origin-Edge-Control
X-Pubstack
X-Oneagent-Js-Injection
X-B3-Spanid
X-FireWall-Port
X-No-Session
Fastly-SSL
Fastcgi-X-Cache-Version
CACHE
X-Datadome
X-Cache-Server
X-Cache-Category-Id
X-Grey
X-Via-NSCOPI
Access-Control-Request-Headers
X-RateLimit-Reset
X-UA
X-Nc
X-Detected-As
X-BACKEND-TTL
X-Is-Bot
X-PERF
X-ApacheServer
IBM-Web2-Location
SRV
Hostname
X-Format
X-Ua
X-HTML-Minification-Powered-By
X-CS
Odigeo-Trace-Id
Cache-Tags
X-Webkit-Csp
X-Powered-By-Defense
X-Edge
Proxy-Connection
X-Akamai-Transformed
Backend-Name
X-Cdn-Forward
X-Varnish-Cacheable
X-CF-Lambda-Fn
X-External-Request-Id
MD5-Digest
Xc-Version
X-Cache-Bucket
X-Eu-Site
A
AsisCache
X-CGP
Arc-Country
X-CF-Lambda-Version
X-Edge-Server
Meta-Geo-Continent
Mobile-Detection-Method
Rendered-Blocks
X-A
Request-Country
Request-EU
X-A-Dcw
Proxy-Firewall
X-HS-Cache-Config
X-ARC
X-G
X-A-Ccd
Node
Server-ID
X-DPWN-IS-SECURE
BehaviorPad-Version
X-Destination
Fastly-SWR
Fastly-SIE
X-Developer
Ec-Rule-Version
Fly-Cache
Fly-Request-Id
X-Date
X-D
X-Debug-Cookies
GEO-REGION-INFO
X-Debug-Log
Ha-Gx-Prefs
Cross-Origin-Window-Policy
Cache-Prefix
Rt-Proxy-Cache
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-Cluster-Name
Cdn-Host
Content-Style-Type
HA-Ipaddr
Content-Script-Type
Cdn-Request-Time
X-HS-Combine-CSS
X-Connection-Hash
X-Worker
X-Instart-Info
Viewtype
X-Rewrite-Enabled
X-Rojux
X-App-Name
X-Request-UUID
X-PAYTM-SRV-ID
X-ND-Cache
X-Application
X-Org
X-Server-Time
X-S-Cookie
Request-Time
X-AIR-PT
X-NU-AKA-ACS-Version
X-B-Cookie
X-ScT
X-S-Maxage
X-A-Dam
X-NX-Host
ServerName
X-A-Dgt
VivaBuild
X-IN-APIGATEWAY
X-Twitter-Response-Tags
X-Trv-Group
X-Transaction
X-Rebelmouse-Cache-Control
X-Processor
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-VG-WebServer
X-A-Wwc
X-Rebelmouse-Surrogate-Control
X-Region-Sid
X-SRCache-Key
X-Aed
X-Accel-Expires-Debug
X-Request-URI
Mime-Version
X-Core-Mission
X-Reqid
X-Cdn-Srv
RNT-Machine
Resin-Trace
X-Qloud-Router
Is-Eu
X-PHP-Host
On-Server
Memcached
True-Client-Country-4JS
X-Cdn-Origin
Platform
X-Cache-Info
PageSpeed
X-Clientip
X-Cache-Id
X-Dispatcher-Server
X-Fastly-Cache
Section-Io-Cache
Server-Host
X-Sn-Servicetimems
X-Internal-Host
X-Tb
X-Epic-Correlation-Id
X-UnsetCookies
X-Generated-On
X-C
X-Variation
X-B3-Parentspanid
X-We-Are-Hiring
X-Hash
X-TH-Server
X-Geo-Header
X-GeoIP-Country-Code
X-Server-IP
X-ServiceProvider
Server-Int
Adler-Geo
RNT-Time
X-Backend-State
Countrycode
Country-Code
X-Key
X-Level-Front-Cache
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Irp-Debug
X-Compress-Hint
X-Akamai-Request-ID2
X-ElasticPress-Search
X-B3-SpanId
X-Amz-Meta-Cache-Control
X-Block-Status
X-BBXSRF
X-Li-Fabric
X-Served-From
X-Servername
X-SIPLIST1
X-SD-PageType
X-Response-By
X-Reboot
X-Request-Start
X-Skip-Cache
X-SVT-ORM-RULES
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Webstats-RespID
X-WebServer
X-SVT-ORM-VERSION
X-Swa-Ws
X-Protected-By
X-Nginx-Cache-Key
X-Distil-CS
X-Fetched-On
X-Dispatch
X-Device-Os
X-Crawler
X-Developers
X-Fstrz
X-Gen-Mode
X-Location
X-Method
X-LI-UUID
X-LI-Proto
X-Hnp-Log
X-Li-Pop
X-CDN-Cache
Web-Mar-Node
Pramga
PFcat
REQUESTUUID
SD-X-WS
SS
IsBot
Gh-Request-Id
AKAMAI
CDCHOST
Content-Disposition
Esi-Enabled
UCS
Wxu-Next-Region
V-Age
User-Cache-Control
Who
Wxu-Next-Commit
Wxu-Next-Hostname
Heartbleed
X-Release
X-Generation-Time
X-Cms-Context
X-Thinkindot-L3
X-Thanos
X-Origin-Expires
X-Secret
X-Origin-Date
X-Matched-Rule
X-Owner
Thinkindot-Control
GW-Server
X-Gannett-Site-Version
Pragrma
Powered-By
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Auto-Login
X-Bip
X-GeoIP-City
X-Via-Edge
Fastly-Soc-X-Request-Id
X-Cache-FS-Status
X-Via-SSL
X-VServer
X-Parent-Response-Time
X-CDN-Forward
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-VC-Cache
X-OVcl-Cache
X-OVcl
X-Planisys-CDN-Cache
LB
X-Be
X-NC
X-App-Version
X-Varnish-Ttl
X-Azure-Ref-OriginShield
X-IN-WAF
X-Azure-Ref
X-CUA
X-Birta-Cache-Post
W
X-Birta-Served
X-Phone
X-FPC
X-CLOUD-TRACE-CONTEXT
X-Core-Value
X-Origin-CC
X-Origin-TTL
X-Varnish-Url
X-CACHE-KEY
X-Varnish-IP
X-Ratelimit-Remaining
Accept-Language
Memory
X-WADP-Cache
X-Clara-WADP
CF-IPCountry
Selected-FE
HitType
L
X-LAGOON
X-Info
X-Page-Type
X-Proxy-Cache-Status
N-Cache
X-Proxy-Upstream
X-Varnish-Beresp-Ttl
X-DC
X-Geo
X-TrackingId
X-FE
Kp-EeAlive
X-URL
Cdn
X-Amzn-Remapped-Content-Length
X-Source
User-Agent
X-Dynatrace-Js-Agent
Selected-Fe
X-Pf-Uncompressing
Locale
X-Oracle-Dms-Rid
X-Varnish-Beresp-Grace
X-Web-Server
Magicmarker
X-Urbn-Site-Id
X-Varnish-Beresp-Status
X-Urbn-Context-Path
X-Zone
X-Cache-Debug
X-Agile-Age
X-Agile-Id
X-Agile
X-Hello
X-HS-Status
X-Flog
X-TT-LOGID
X-ABtesting
X-Servedbyhost
X-Refresh
Pagetype
X-Newrelic-Synthetics
X-Backend-TTL
GeoIp-Country-Code
X-Generated-In
Geoip-Latitude
X-User
Geoip-City
X-MID
X-Mid
X-Real-Ip
X-Backend-Url
X-Check-Cacheable
X-Backend-Host
X-Aicache-OS
X-Vcl-Version
X-ZONE
CF-Cached-On
X-NWS-UUID-VERIFY
X-MSEdge-Flight
X-GoCache-CacheStatus
X-Soup
X-Tt-Trace-Tag
X-Up
X-MSEdge-Features
SN
X-Debug-Cache-Store
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
Ohc-File-Size
Amp-Access-Control-Allow-Source-Origin
Ohc-Cache-HIT
X-Ruxit-Js-Agent
FSS-Proxy
FSS-Cache
Group
X-Tb-Optimization-Total-Bytes-Saved
X-VCL-Version
GeoIP-Country-Code
X-APP
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Request-Id
X-ServedByHost
GeoIP-City
X-UPSTREAM-Address
GeoIP-Latitude
Srv
HTTPS
WZWS-RAY
X-EC-Lua
X-BC
X-SN
Server-Cache-Control
Backend
Www
RequestId
Server-Surrogate-Control
X-Contensis-Viewer-Groups
X-Varnish-Authentication
Cf-Ipcountry
X-Cache-ASPX
HostName
X-SERVER-NAME
X-Amzn-Remapped-Connection
X-Old-Content-Length
X-Amzn-Remapped-Date
X-COUNTRY
X-Say-TTL
X-Instart-Isnd
Lb
X-SayCDN-TTL
X-Via-Ucdn
X-Say-Cacheable
X-CSRF-Token
X-Akamai-SSL-Client-Sid
X-Varnish-Beresp-TTL
X-Bc
X-NGENIX-Cache
X-Cache-Expires
Host-ID
X-Nananana
X-PF-Uncompressing
X-Proxy-Cacherz
X-ECache
Xkeyrz
Cache-Hits
X-Dynatrace
WebServer
XServer
X-Cache-Ttl
X-Node-Id
Inserted-Into-Cache-At
Fastly-Backend-Name
X-Varnish-Action
URI
X-Request-Url
Epwk-Cache
X-Cache-Tag
Requestid
Fastcgi-X-Cache
X-Correlation-ID
X-FORWARDED-FOR
X-TIME
X-Fastly-Backend-Reqs
X-WR-MODIFICATION
Get-Access-Time
Is-Session-Tracking
X-Fastly-Country-Code
X-Unique-Id
Ajk
X-PAGE-TYPE
Xkeynj
X-IN-APIGATEWAYSSL
X-Logtrace-Id
X-CSRF-TOKEN
X-AssetVersion
X-MCACHE
X-Sedo-Request-Id
X-Edge-IP
X-Cache-Miss-From
X-Requestid
X-Cache-Time
Dynatrace
X-LiteSpeed-Cache-Control
X-Wa
FNAC-ModuleRouting
X-Svr
X-RateLimit-Limit-Second
Pics-Label
X-Pjax-Url
X-RateLimit-Remaining-Second
Cneonction
X-Var-Ttl
X-Sf
X-SRV
DataCenter
Xet-Cookie
X-Lb-Id
Cache-Provider
X-Fpc
X-BE
X-Swift-Error
Correlation-Id
X-Fastly-Cache-Hits
CDN
X-NGINX-Cache
X-Dw-Trace-Id
X-Apw-Access-Token
X-Apw-Access-Object
X-Apw-Access-Action
X-Apw-Hits
T-Server
X-WA
X-ServerName
X-WPE-Loopback-Upstream-Addr
X-Akamai-ERPolicy
X-Akamai-ERRuleID
PICS-Label
X-LB-ID
X-PJAX-URL
X-GDPR
RequestUuid
Lfy
X-Bug-Bounty
Warning
X-Html-Edge-Cache
X-DW
X-Alicdn-Da-Ups-Status
Sid
X-Flow-Id
X-Policy
X-Zalando-Child-Request-Id
X-Page-Impression-Id
Ohc-Response-Time
X-App
X-RPS
X-RSL
X-RPM
X-DSS
X-DB
X-DI
X-LiteSpeed-Tag