Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
X-XSS-Protection
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Cacheable
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Xss-Protection
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Request-ID
X-Iinfo
Status
X-AspNetMvc-Version
Content-Encoding
X-Content-Security-Policy
X-Buckets
X-Kinja-Server-Push
Xkey
Upgrade
X-Via
X-Turbo-Charged-By
Access-Control-Expose-Headers
Keep-Alive
Access-Control-Max-Age
X-Cache-Group
X-Drupal-Dynamic-Cache
X-Pass-Why
P3p
X-Age
X-CDN
EagleId
X-Backend
X-Robots-Tag
X-Amz-Id-2
X-Amz-Request-Id
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Pingback
X-Ua-Compatible
X-Server-Powered-By
X-Proxy-Cache
X-Hacker
X-Server
X-UA-Device
X-AH-Environment
Request-Context
X-Nginx-Cache-Status
Grace
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Server-Id
Cf-Railgun
X-Amz-Version-Id
X-WebKit-CSP
X-Cdn
Feature-Policy
Server-Timing
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Rq
X-Cnection
X-Ac
Report-To
X-Cloud-Trace-Context
X-Host
X-Response-Time
X-Node
Content-Location
X-Backend-Server
EagleEye-TraceId
Request-Id
X-Origin-Cache
X-Readtime
X-Vhost
X-Application-Context
X-Cache-Lookup
X-Dns-Prefetch-Control
X-ORACLE-DMS-ECID
NEL
X-Dispatcher
Surrogate-Control
Allow
X-Rack-Cache
X-Ruxit-JS-Agent
X-Origin-Upstream-Status
X-Country
X-HW
X-Url
Rating
X-Country-Code
X-FTR-Request-ID
X-DataDome
X-Clacks-Overhead
X-TTL
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-ORACLE-DMS-RID
X-DynaTrace
Fusion-Template-Id
X-Instart-Request-ID
Fusion-Content-Source
Fusion-Source
Fusion-Content-Id
Fusion-Component-Id
X-Goog-Hash
X-Varnish-TTL
X-MS-InvokeApp
X-PC
X-TtlSet
X-Vname
X-CST
X-Ah-Environment
X-Px
Verso
RTSS
Edge-Control
X-Powered-By-Plesk
Public-Key-Pins
X-VARITI-CCR
X-Recruiting
X-Mod-Pagespeed
Service-Worker-Allowed
X-Exp-Id
X-GoogleNews-Bot
X-Use-Magma
X-Kinja-Server
X-Cdn-Fetch
X-D2id
X-Kinja-Revision
X-Kinja
X-Exp-Variant
X-Kinja-Build
Pinterest-Generated-By
Display
Response
X-Middleton-Display
X-Sol
X-Middleton-Response
X-Vcap-Request-Id
X-Version
SPRequestGuid
X-SharePointHealthScore
Accept-Ch-Lifetime
MS-Author-Via
X-Akam-SW-Version
X-RateLimit-Remaining
TCN
X-GitHub-Request-Id
X-Navigation-Version
X-Abt-Application-Version
Accept-CH
X-Powered-CMS
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Upstream
X-Forwarded-Proto
X-Shard
X-Amz-Server-Side-Encryption
SPIisLatency
X-XRDS-Location
SPRequestDuration
Ar-Sid
Charset
AR-PoweredBy
AR-CACHE
AR-ATIME
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-B3-TraceId
Fastly-Restarts
X-Amz-Rid
Realpath
Nginx-Cache
X-Trace
X-Debug
X-Aspnetmvc-Version
Front-End-Https
AR-Request-ID
X-Shield-Request-Id
X-Cached
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Server-Name
X-ESI
X-Ezoic-Cdn
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
X-MSEdge-Ref
Access-Control-Request-Method
X-NF-Request-ID
X-FTR-Cache-Status
Paypal-Debug-Id
X-FTR-Expires
X-Country-Code-Real
Arr-Disable-Session-Affinity
DynaTrace
Pagespeed
ServerID
X-Vcache
Content-MD5
X-Id
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Balancer
X-FTR-Realm
X-Goog-Storage-Class
MicrosoftSharePointTeamServices
S
X-DynaTrace-JS-Agent
X-T
X-Fastly-Request-ID
X-Amz-Meta-S3cmd-Attrs
X-Client-IP
X-Via-JSL
X-Content-Type
X-B3-Traceid
X-Varnish-Age
X-Dw-Request-Base-Id
X-Hits
X-Amzn-Trace-Id
X-RateLimit-Limit
X-N
X-FastCGI-Cache
X-Grace
X-Correlation-Id
X-Forwarded-For
Fastcgi-Cache
X-VCache
X-FTR-Cache-Host
X-Frontend
X-SERVER
X-Content-Digest
Powered
PB-PID
PB-RID
X-Mobile-Rewrite
Arc-Version
X-Esi
Accept-Ch
Server-Name
X-DIS-Request-ID
X-Logged-In
X-Ser
X-Accel-Expires
AMP-Access-Control-Allow-Source-Origin
X-B3-Sampled
X-GUploader-UploadID
X-HS-Content-Id
X-HS-Hub-Id
X-Microsite
TP-Cache
TP-L2-Cache
X-Zen-Fury
X-Request-Handler-Origin-Region
X-Request-Received
X-Kinsta-Cache
X-Request-Processing-Time
X-Cache-Age
X-Type
X-LB-Cache
FilterID
X-Rid
X-User-Agent
X-Activity-Id
X-Analytics
X-AppVersion
X-IPLB-Instance
X-Revision
X-Az
Backend-Timing
Healthy
X-Fastcgi-Cache
X-Node-Name
Edge-Cache-Tag
X-F-Cache
X-Srv
X-Whom
X-Acc-Meta-Resource-Type
X-Time
Retry-After
X-Cache-2
X-Kong-Upstream-Latency
X-NWS-LOG-UUID
X-Kong-Proxy-Latency
X-Amz-Apigw-Id
X-Amzn-RequestId
Accept-Charset
Alternate-Protocol
X-Pinterest-Rid
Pinterest-Version
X-Cache-Hit
X-AOL-HN
X-Cache-Rule
Cache-Status
Server-Node
X-Content-Options
VIX-Pulpo-Upstream-Status
Surrogate-Key
VIX-Pulpo-Node
X-Akamai-Edgescape
Access-Control-Allow-Method
Refresh
X-Cluster
X-Content-Powered-By
X-Content-Security-Policy-Report-Only
X-Jobs
X-Forwarded-Host
X-Tumblr-Pixel
X-FW-Server
X-FW-Static
X-Instance
X-FW-Serve
X-FW-Hash
X-Debug-Info
X-FB-Debug
X-Page-Id
X-FW-Type
X-Tumblr-Pixel-0
X-Tumblr-User
DC
X-Framework
Source
X-PHP-Backend
X-Varnish-Grace
X-Request-Guid
X-App-Environment
X-B
Fastcgi-Useragent
MS-CV
X-Hp-Webp
X-Hostname
X-App-Server
Host
Cleartype
X-Cache-Key
Frame-Options
X-Signature
X-B-Cache
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Ratelimit-Reset
X-DataStream-Cache-Status
Tracecode
X-Cached-By
X-BCube-Filmed-By
Actual-Object-TTL
X-Cache-Operation
X-PressLabs-Stats
X-Mobile-URL
Cache-Tag
X-TA-CDN-Provider
X-Oracle-Dms-Rid
X-Varnish-Backend
X-Geo-Country
X-Cache-Control
Xserver
X-TT
X-Amz-Replication-Status
X-Pad
Liferay-Portal
X-Seen-By
X-Mobile
X-Host-Name
NGB
X-ATG-Version
X-Response-Served-From
X-Git-Hash
X-Adobe-Content
X-Adobe-Loc
Payment
X-WebKit-CSP-Report-Only
X-TT-TIMESTAMP
Eomportal-Instance
Upgrade-Insecure-Requests
X-Status
X-WA-Info
X-FW-Dynamic
X-Tumblr-Pixel-1
X-RemovedCookies
WPE-Backend
Filters
X-ProcessESI
Cache-Tv-Group
X-Tumblr-Pixel-2
X-TX-ID
X-RTag
X-GeoIP
X-Cacheable-TTL
Ms-Operation-Id
X-Drupal-Cache-Tags
X-Handled-By
X-UA-Device-Type
X-RequestSource
From-Origin
Webserver
X-Content-Age
X-Cache-TTL-Remaining
GEO-INFO
Datacenter
X-Cache-Remote
X-Daa-Tunnel
X-Upstream-Proxy
X-Edge-Location
Cache
X-Storage
Viewport
X-Cache-Action
X-Webkit-CSP
X-Accel-Buffering
X-Origin-Server
X-Varnish-Hostname
Accept-CH-Lifetime
X-Ua
X-EdgeConnect-Cache-Status
X-Cache-TTL
Version
X-Hyper-Cache
X-CF-Powered-By
X-Contextid
Host-Header
X-Region
X-Yottaa-Metrics
X-Wix-Request-Id
X-Yottaa-Optimizations
SRV
PageSpeed
X-Akamai-Transformed
X-Varnish-Server
X-Path-Route
X-Akamai-Request-ID2
X-ES-SERVER
Load-Balancing
X-RN-RSRV
Meta-Geo
NR-ENABLED
X-Cache-Var-Map
X-Cache-Var
X-IP
X-From
S-Cnection
X-Timing-Wait
X-JoinUs
Selected-Fe
X-Proxy-Build
X-Generated
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Proto
X-Loop
Vix-Hermes-Req-Id
X-Cache-Config
X-TNCMS
X-Backend-Name
Now
Cache-Tags
X-CS
X-Proxy
Cache-Name
X-Hit
Cache-Hits
X-Tumblr-Pixel-3
X-PERF
DB-Nickname
X-FC-Vary-Parameters
X-Rule
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
Rt-Fastcgi-Cache
X-Cache-Enabled
X-Section
X-Viewer-Country
X-Access
X-Cluster-Node
X-Akamai-Request-ID
X-Origin
X-Labrador-Cache-Channel
X-Via-Fastly
X-NCache
X-ApacheServer
X-Upgrade-Enabled
X-Time-Microsecs
X-Origin-Response-Time
X-Trace-Id
X-Origin-Hint
X-Cache-Host
X-Upstream-CT
X-Web-Node
X-Xfnlog-Site
Cache-Key
Azure-Version
Ec-Rule-Version
Country
Mn-Server-Ip
X-PCL
X-R9-Blue-Green-Version
X-CCM
X-UnsetCookies
TWC-Privacy
X-FW-Version
X-Varnish-Cache-Hits
X-Cache-Grace
Webcakes-App-Version
Webcakes-App-Name
X-FireWall-Port
X-Format
X-Hosted-By
X-Backend-TTL
Webcakes-Region
Azure-SlotName
X-OCL
X-EIG-Tracking-Id
Property-Id
TWC-Connection-Speed
TWC-Device-Class
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Upstream-HT
S-Rt
Azure-InstanceId
Azure-SiteName
Azure-RegionName
X-Drupal-Cache-Contexts
X-S
X-Human
X-Device-Type
X-Varnish-Hits
X-Debug-Cache
X-Www-Served-By
X-DataStream-Origin-MEX-Latency
X-NewRelic-App-Data
X-DataStream-MidMile-RTT
DSUID
Server-Info
OT-Force-Account-Verify
X-Cache-Time
Release
X-Cache-Server
X-Cache-NE
X-Rendered-As
Time
Ohc-File-Size
X-Locale
X-Site-Version
X-APP-VERSION
X-VG-WebCache
X-VG-TLSProxy
ServedBy
Hostname
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-ShardId
X-Shopify-Stage
X-Vgn-Hpd-Reason
X-Sorting-Hat-ShopId
X-ShopId
X-FB-TRIP-ID
X-VCT
Fastcgi-X-Cache-Version
X-Redis-Cache
Accept-Language
X-Nginx-Cache
X-Mode
X-Tb
X-OVcl
X-Real-IP
X-OVcl-Cache
Machine
X-B3-Spanid
NtCoent-Length
Ohc-Cache-HIT
Cteonnt-Length
Origin
X-Pubstack
Origin-Cache-Control
X-NC
Origin-Edge-Control
X-GEO
X-L-Path
X-Environment-Context
X-Presslabs-Stats
X-CSRF-TOKEN
L5d-Success-Class
X-No-Session
X-Request-Time
X-Load-Cache
X-Generated-By
Access-Control-Request-Headers
Odigeo-Trace-Id
X-HS-Cache-Config
X-Tt-Trace-Tag
X-Magnolia-Registration
X-Cluster-Name
X-LJ-Flow-ID
Fastly-SSL
X-Endurance-Cache-Level
X-VWS-Id
X-DC
Mime-Version
X-AWS-Id
X-Amzn-Remapped-Content-Length
IBM-Web2-Location
X-Parent-Response-Time
X-App-Version
X-UUID
Akamai-GRN
We-Hiring
Mail-Subject
X-B3-Parentspanid
Nel
X-ServerID
X-GoCache-CacheStatus
X-Rocket-Nginx-Bypass
X-NGENIX-Cache
X-ECACHE
Request-Time
X-XRDS-LOCATION
X-CACHE-KEY
X-Urbn-Context-Path
X-Urbn-Site-Id
Locale
X-Accel-Expires-Debug
X-Application
X-ARC
X-B-Cookie
X-AIR-PT
X-Aed
X-A-Dgt
X-A-Wwc
X-A-Dcw
Server-ID
Apple-News-Services-Request-Url
Arc-Country
AsisCache
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
GEO-REGION-INFO
Apple-News-Services-Handled
BehaviorPad-Version
Fly-Request-Id
Cdn-Request-Time
Content-Style-Type
Cdn-Host
Cross-Origin-Window-Policy
Fly-Cache
Cache-Prefix
MD5-Digest
A
X-Node-Id
VivaBuild
Viewtype
X-MServer
X-A
Proxy-Connection
X-A-Ccd
T-Server
Rt-Proxy-Cache
Meta-Geo-Continent
Memcached
Mobile-Detection-Method
X-Soup
Rendered-Blocks
Node
X-A-Dam
X-D
X-Origin-Date
X-Org
X-Origin-Expires
X-PAYTM-SRV-ID
X-Vtex-Processado-Em
Xc-Version
X-Instart-Info
X-Proxied
X-External-Request-Id
X-Routing-Service
X-G
X-ProxyCache-Status
X-ProxyCache-Key
X-Worker
X-Request-UUID
X-SS-Set-Cookie
X-SRCache-Key
X-BYPASS-REASON
Uber-Trace-Id
X-Twitter-Response-Tags
X-Transaction
X-Server-Time
X-ScT
X-Rojux
X-Rewrite-Enabled
X-S-Cookie
X-S-Maxage
X-VG-WebServer
X-Edge-Server
X-Is-Bot
X-Zipkin-Id
X-Date
X-Destination
X-Detected-As
X-CF-Lambda-Fn
X-CF-Lambda-Version
CF-IPCountry
X-Connection-Hash
X-Vtex-Remote-Cache
X-Developer
X-Trv-Group
Content-Script-Type
X-DPWN-IS-SECURE
X-Oneagent-Js-Injection
ServerName
X-Via-CDN
X-Element-Page-Cache
Backend-Name
X-Thanos
X-Cache-Bucket
X-Clientip
Fastly-Soc-X-Request-Id
X-VC-Cache
X-TrackingId
Gh-Request-Id
X-Auto-Login
X-Azure-Ref
X-SVT-ORM-RULES
X-Up
X-Cdn-Srv
X-SVT-ORM-VERSION
X-SIPLIST1
Countrycode
X-Azure-Ref-OriginShield
NGX
X-Developers
X-IN-APIGATEWAYSSL
X-Bip
X-IN-APIGATEWAY
X-Hl-Ver
X-Fastly-Cache
X-Distributor
X-Distil-CS
Section-Io-Cache
X-Region-Sid
X-Core-Mission
N-Cache
X-WebServer
X-Request-Start
Request-Country
X-Release
Request-EU
X-Cms-Context
IsBot
X-Origin-TTL
X-Origin-CC
User-Cache-Control
X-ElasticPress-Search
X-Irp-Debug
X-Level-Front-Cache
X-Li-Pop
X-LI-Proto
X-Li-Fabric
X-ABtesting
X-GeoIP-City
X-Geo-Header
X-Amz-Meta-Cache-Control
X-Hash
X-Hnp-Log
X-Hello
X-LI-UUID
X-Matched-Rule
True-Client-Country-4JS
X-NX-Host
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Nginx-Cache-Key
V-Age
X-Method
X-App-Name
W
X-MSEdge-Features
X-MSEdge-Flight
X-Location
X-Generated-On
X-Cache-Info
X-Debug-Cookies
X-Cache-Id
X-Cache-FS-Status
X-Debug-Log
X-Cdn-Origin
X-Debug-Cache-Store
X-Debug-Cache-Expiry
X-CUA
X-Clara-WADP
X-CGP
X-Debug-Cache-Fetch
X-Device-Os
X-C
X-Flog
X-Fetched-On
X-Gen-Mode
X-Generated-In
X-Compress-Hint
X-Backend-Host
X-Eu-Site
Content-Disposition
X-Block-Status
X-Epic-Correlation-Id
X-BBXSRF
X-Backend-Url
X-Generation-Time
X-Old-Content-Length
AKAMAI
X-Unique-ID
X-Owner
X-Wikidot-Static-Cache
X-Variation
X-Request-URI
Ha-Gx-Prefs
Fastly-SWR
PFcat
X-Thinkindot-L3
Adler-Geo
Is-Eu
X-Sn-Servicetimems
HA-Ipaddr
X-We-Are-Hiring
X-Skip-Cache
Magicmarker
X-ServiceProvider
L
Fastly-SIE
X-Wikidot-Backend
X-Proxy-Cache-Status
RNT-Time
RNT-Machine
X-Proxy-Upstream
X-Platform-Server
X-VServer
Server-Int
X-WADP-Cache
X-PHP-Host
Platform
CDCHOST
X-Reboot
Esi-Enabled
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Microcachable
X-Webstats-RespID
X-Dispatch
X-User
X-Swa-Ws
X-SD-PageType
X-Key
X-Internal-Host
X-MP-GENERATED-AT
X-Qloud-Router
X-Guploader-Uploadid
X-GDPR
X-Reqid
X-HS-Combine-CSS
X-Server-IP
X-Servername
X-SayCDN-TTL
X-Say-TTL
X-Response-By
X-Say-Cacheable
X-B3-SpanId
X-Dispatcher-Server
Server-Host
Memory
Kp-EeAlive
Heartbleed
Pramga
X-Backend-State
X-Uri
Pagetype
SS
Cache-Cookie-Set-From
SD-X-WS
Served-By
Cache-Cookie-Set-Lfrom
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
Country-Code
Cache-Cookie-Set-Idcheck
Web-Mar-Node
X-IPS-LoggedIn
X-Cdn-Forward
X-Page-Type
Resin-Trace
X-Policy
X-SERVER-NAME
X-Wa
UCS
X-FPC
ProcessTime
X-Servedbyhost
X-Ttl
X-Var-Ttl
REQUESTUUID
X-Logtrace-Id
Powered-By-ChinaCache
X-Dynatrace
X-Service
Ajk
X-HTML-Minification-Powered-By
X-Nc
X-Is-Gdpr
X-Lb-Id
Cache-Provider
X-JWT-State
X-Has-Esi
Proxy-Firewall
X-Cache-Ttl
X-Geo
X-Cache-Backend
X-Dc
X-Ratelimit-Limit
X-VCL-Version
X-Datadome
X-NWS-UUID-VERIFY
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
Powered-By
X-Oss-Request-Id
X-Oss-Object-Type
X-Processor
X-Tb-Optimization-Total-Bytes-Saved
X-Oss-Server-Time
X-Grey
X-Cache-Category-Id
Srv
X-Pjax-Url
X-ZONE
X-Varnish-Beresp-Ttl
X-SRV
X-Info
SN
GeoIP-Country-Code
X-Svr
X-TH-Server
X-Cache-URL
PICS-Label
GeoIP-City
GeoIP-Latitude
X-Server-ID
Fastly-Backend-Name
X-Be
X-Ruxit-Js-Agent
X-RateLimit-Reset
X-CDN-Forward
X-Instart-Isnd
X-RCS-CacheZone
X-HS-Status
X-Tec-Api-Root
X-Webkit-Csp
X-Zone
X-Tec-Api-Origin
X-Tec-Api-Version
X-Scheme
X-SN
X-Ftr-Request-Id
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Newrelic-Synthetics
X-Pf-Uncompressing
X-NodeID
GW-Server
Cdn
X-UA
X-Source
Group
X-GRACE
X-LAGOON
CACHE
X-Varnish-Url
X-Secret
CF-Cached-On
X-Check-Cacheable
X-EC-Lua
X-Gannett-Site-Version
WZWS-RAY
X-Bc
X-Sucuri-Id
X-Varnish-Beresp-TTL
Dynatrace
X-PF-Uncompressing
X-CDN-Cache
On-Server
X-Dynatrace-Js-Agent
X-Varnish-Cacheable
LB
Ttl
X-Server-W
Cache-Host
X-LiteSpeed-Cache-Control
X-NODE
X-GeoIP-Country-Code
User-Agent
X-Ftr-Cache-Host
X-Ms-Version
X-Tt-Trace-Host
X-APP
X-Ratelimit-Remaining
X-BC
Inserted-Into-Cache-At
X-BE
Environment
X-Ms-Request-Id
X-Via-Ucdn
Pics-Label
X-NU-AKA-ACS-Version
X-Edge
X-COUNTRY
XServer
GeoIp-Country-Code
Geoip-City
X-Session-Fingerprint
X-Cache-Debug
WWW
X-Fastly-Country-Code
Lfy
Geoip-Latitude
X-Aicache-OS
X-Trafficlayer-App-Scope
X-Crawler
X-Trafficlayer-App-Name
X-Akamai-SSL-Client-Sid
X-URL
X-PJAX-URL
Who
X-Ftr-Backend
X-Ftr-Dc
MIME-Version
X-Ftr-Backend-Server
X-Ftr-Realm
X-Ftr-Balancer
Requestid
X-Agile-Age
X-Agile
Ohc-Response-Time
X-Mid
X-Render-Time
X-Fastly-Backend-Reqs
X-Agile-Id
Cf-Ipcountry
X-Vcl-Version
X-FE
M-TraceId
X-Varnish-Ttl
X-MCACHE
X-FORWARDED-FOR
X-CSRF-Token
SID
X-LB-ID
Amp-Access-Control-Allow-Source-Origin
Lb
X-Via-Edge
X-Litespeed-Cache-Control
X-Via-SSL
X-Served-From
X-7Graus-Varnish-XKeys
X-7Graus-Varnish-Cache-Control
X-Micro-Cache
X-UPSTREAM-Address
URI
X-Logging-Id
X-Sedo-Request-Id
Xkeyrz
X-Proxy-Cacherz
X-Cache-Miss-From
X-WR-MODIFICATION
HostName
X-DB
Host-ID
X-Amzn-Remapped-Connection
X-Action
RequestUuid
X-Cache-Tag
X-RPM
X-RSL
X-Amzn-Remapped-Date
X-DW
X-DI
X-DSS
X-RPS
X-Correlation-ID
X-Cf-Powered-By
DataCenter
X-Protected-By
X-Fpc
X-Core-Value
X-Vct
X-Page-Impression-Id
X-Nananana
X-Zalando-Child-Request-Id
CDN
X-ServedByHost
X-WA
X-Fastly-Cache-Hits
Xkeypdq
X-Flow-Id
WebServer
X-Newrelic-App-Data
X-NGINX-Cache
X-Ecache
FNAC-ModuleRouting
X-TIME
X-VC
X-Cdn-Request-ID
Cneonction
X-ND-Cache
X-MID
Correlation-Id
X-Refresh
X-SB
X-Dw-Trace-Id
X-Via-NSCOPI
Cdncip
X-AK-Request-ID
Warning
X-Vdms-Version
Cdnsip
X-Request-Url
X-Swift-Error
X-Sucuri-Cache
X-Serial
Xet-Cookie
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Apw-Hits
X-ECache
Processtime
X-Unique-Id
HitType
X-ServerName
X-Bug-Bounty
X-Request-URL
Pragrma
X-Apw-Access-Token
X-Apw-Access-Object
V-Cache
X-Gdpr
X-Fe
X-MiniProfiler-Ids
X-Apw-Access-Action