Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Request-Id
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
X-Drupal-Cache
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
P3p
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
X-Template
Status
X-Language
Timing-Allow-Origin
Content-Encoding
X-FRAME-OPTIONS
X-Content-Security-Policy
X-Iinfo
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Amz-Request-Id
X-Amz-Id-2
X-Pingback
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
X-Server-Powered-By
EagleId
X-Varnish-Cache
X-UA-Device
X-Nginx-Cache-Status
Request-Context
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-SaveTime
X-Swift-CacheTime
X-WebKit-CSP
X-Ua-Compatible
Ali-Swift-Global-Savetime
Feature-Policy
X-Device
Server-Timing
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Host
Report-To
X-Ac
X-Rq
X-Server-Id
X-OneAgent-JS-Injection
Content-Location
X-Node
X-Backend-Server
X-Response-Time
X-Cnection
X-Origin-Cache
EagleEye-TraceId
X-Cloud-Trace-Context
X-Application-Context
Allow
Request-Id
X-Readtime
Surrogate-Control
X-Cache-Lookup
X-Country
X-ORACLE-DMS-ECID
X-DynaTrace
X-Cdn
X-Ruxit-JS-Agent
X-Vhost
X-Rack-Cache
X-Clacks-Overhead
X-ORACLE-DMS-RID
Pinterest-Generated-By
X-Url
X-Origin-Upstream-Status
NEL
X-CST
X-TTL
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Rating
X-FTR-Request-ID
X-Country-Code
X-HW
X-Dns-Prefetch-Control
X-Goog-Hash
X-Instart-Request-ID
X-Dispatcher
X-DataStream-Cache-Status
Edge-Control
X-Px
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
X-Vname
X-TtlSet
X-PC
X-VARITI-CCR
Service-Worker-Allowed
X-Mod-Pagespeed
X-MS-InvokeApp
X-B3-TraceId
SPRequestGuid
Verso
X-ESI
X-Recruiting
X-DataDome
X-Request-ID
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja-Revision
X-Kinja-Build
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Server
X-Kinja
X-Use-Magma
X-D2id
X-Varnish-TTL
X-Vcap-Request-Id
X-SharePointHealthScore
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
X-Server-Name
X-RateLimit-Remaining
TCN
X-Powered-By-Plesk
DynaTrace
X-Navigation-Version
X-Sol
X-Middleton-Display
Display
X-Middleton-Response
Response
X-GitHub-Request-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
RTSS
Accept-Ch-Lifetime
Content-MD5
Charset
X-Akam-SW-Version
AR-ATIME
AR-PoweredBy
AR-CACHE
Ar-Sid
MS-Author-Via
X-Amz-Rid
X-Shield-Request-Id
ServerID
Realpath
AR-Request-ID
X-Trace
X-Dw-Request-Base-Id
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Powered-CMS
X-Cached
X-TEC-API-ORIGIN
X-DynaTrace-JS-Agent
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Version
Nginx-Cache
X-Server-ID
X-Shard
X-Forwarded-Proto
X-Upstream
SPRequestDuration
SPIisLatency
Pagespeed
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Proxy
X-Goog-Storage-Class
Public-Key-Pins
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
Accept-CH
Paypal-Debug-Id
X-MSEdge-Ref
X-Client-IP
Fastly-Restarts
Access-Control-Request-Method
S
X-VCache
X-Amz-Meta-S3cmd-Attrs
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Ezoic-Cdn
X-Debug
Accept-Ch
X-FTR-Backend-Server
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Realm
X-Id
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Expires
X-DIS-Request-ID
X-T
X-Fastly-Request-ID
X-N
MicrosoftSharePointTeamServices
X-XRDS-Location
X-Ser
Arr-Disable-Session-Affinity
Alternate-Protocol
PB-PID
PB-RID
Arc-Version
X-Mobile-Rewrite
X-Varnish-Age
X-NF-Request-ID
X-Amzn-Trace-Id
Front-End-Https
X-Content-Type
X-Hits
X-B3-Sampled
X-Acc-Meta-Resource-Type
Fastcgi-Cache
X-Frontend
X-FTR-Cache-Host
X-Grace
X-Logged-In
Server-Name
X-Content-Digest
X-Pad
X-Srv
Host
X-Forwarded-For
X-FastCGI-Cache
AMP-Access-Control-Allow-Source-Origin
Nel
X-Node-Name
X-Microsite
X-Request-Handler-Origin-Region
FilterID
Powered-By-ChinaCache
X-Correlation-Id
TP-Cache
Healthy
TP-L2-Cache
X-Debug-Info
X-LB-Cache
X-Type
Edge-Cache-Tag
X-Fastcgi-Cache
X-Kinsta-Cache
X-Rid
X-IPLB-Instance
X-AOL-HN
X-Request-Received
X-Request-Processing-Time
X-User-Agent
X-Vcache
X-Cached-By
X-Cache-2
X-HS-Hub-Id
X-HS-Content-Id
X-Hostname
X-GUploader-UploadID
X-Revision
X-Cache-Rule
X-F-Cache
Surrogate-Key
Powered
X-XRDS-LOCATION
X-Accel-Expires
X-RateLimit-Limit
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Zen-Fury
X-Cache-Age
X-Analytics
Backend-Timing
X-Page-Id
X-Content-Security-Policy-Report-Only
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Cache-Key
X-Varnish-Grace
X-BCube-Filmed-By
X-Varnish-Backend
Source
X-Jobs
X-Content-Options
X-FB-Debug
X-Cluster
X-PHP-Backend
X-Instance
X-Amz-Replication-Status
Cache-Status
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-TT
X-App-Environment
X-Content-Powered-By
X-Request-Guid
X-Framework
Cleartype
X-AppVersion
X-Akamai-Edgescape
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Az
X-Activity-Id
Tracecode
WPE-Backend
X-Varnish-Hostname
Server-Node
X-Via-JSL
X-Forwarded-Host
Refresh
Host-Header
X-Cache-TTL
X-Mobile
X-NWS-LOG-UUID
X-ATG-Version
X-Cache-Operation
X-FW-Serve
X-FW-Hash
X-FW-Server
X-FW-Static
X-FW-Type
X-Signature
X-Cache-Control
X-B-Cache
Accept-Charset
Actual-Object-TTL
X-Drupal-Cache-Tags
X-Time
DC
X-Cache-Action
X-Edge-Location
X-B3-Traceid
Liferay-Portal
Access-Control-Allow-Method
Upgrade-Insecure-Requests
X-Whom
X-Accel-Buffering
X-App-Server
X-Cache-Hit
X-TA-CDN-Provider
X-Response-Served-From
X-Mobile-URL
X-Storage
Payment
X-TX-ID
X-Hp-Webp
X-WebKit-CSP-Report-Only
X-Content-Age
X-UA-Device-Type
X-TT-TIMESTAMP
X-Handled-By
Fastcgi-Useragent
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-VG-WebCache
X-SS-Set-Cookie
X-GeoIP
Filters
X-Cacheable-TTL
Cache
X-RequestSource
X-Adobe-Content
X-Adobe-Loc
Server-Info
X-Git-Hash
X-B
Eomportal-Instance
Xserver
Viewport
Cache-Tv-Group
X-ProcessESI
X-RemovedCookies
X-Geo-Country
X-Ratelimit-Reset
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-WA-Info
X-FB-TRIP-ID
Webserver
Cache-Tag
X-Cache-TTL-Remaining
X-Status
Datacenter
X-Cache-Enabled
Retry-After
X-Erf-Bev-Bev-Is-Generated
NGB
X-Erf-Bev-Bev
X-Contextid
X-FW-Dynamic
X-Seen-By
S-Cnection
X-Presslabs-Stats
X-CF-Powered-By
X-Ratelimit-Limit
X-Origin-Server
X-Host-Name
X-Mode
X-APP-VERSION
X-Magnolia-Registration
X-Guploader-Uploadid
Accept-CH-Lifetime
X-Daa-Tunnel
Country
X-Rendered-As
X-PressLabs-Stats
X-Varnish-Hits
X-VWS-Id
X-VCT
X-RN-RSRV
X-Cache-Config
X-AWS-Id
Meta-Geo
Load-Balancing
X-Cache-Var
X-Path-Route
MS-CV
Machine
X-Cache-Var-Map
X-ES-SERVER
X-LJ-Flow-ID
X-Real-IP
GEO-INFO
X-Routing-Service
X-Proxied
We-Hiring
X-Labrador-Cache-Channel
X-Upstream-CT
X-Upstream-HT
Vix-Hermes-Req-Id
X-Cache-Host
Release
DSUID
From-Origin
X-Zipkin-Id
X-Human
Mail-Subject
X-Cache-Grace
Cache-Key
X-Access
Frame-Options
X-Section
Uber-Trace-Id
ServedBy
X-Hit
Mn-Server-Ip
X-Hyper-Cache
X-RCS-CacheZone
X-Viewer-Country
X-Device-Type
X-From
X-Web-Node
X-EIG-Tracking-Id
X-Cache-NE
X-Varnish-Cache-Hits
X-Varnish-Server
X-Backend-Name
X-Loop
X-Debug-Cache
X-TNCMS
X-R9-Blue-Green-Version
X-ProxyCache-Status
X-CCM
X-PCL
X-Cluster-Node
X-ProxyCache-Key
OT-Force-Account-Verify
X-Upgrade-Enabled
X-MP-GENERATED-AT
X-BYPASS-REASON
X-VG-TLSProxy
X-Proto
X-OCL
Now
X-Akamai-Request-ID
X-Origin-Response-Time
Rt-Fastcgi-Cache
X-Esi
X-ShardId
X-Alternate-Cache-Key
X-Xfnlog-Site
X-Hosted-By
X-Environment-Context
X-ShopId
X-Shopify-Stage
X-Proxy-Build
X-Sorting-Hat-ShopId
NGX
X-Sorting-Hat-PodId
X-Redis-Cache
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Timing-Wait
X-S
X-Region
X-Tumblr-Pixel-3
X-L-Path
Akamai-GRN
X-JoinUs
X-UUID
X-Platform-Server
X-Cache-Remote
Cache-Name
X-FC-Vary-Parameters
X-Via-Fastly
X-Generated-By
X-Generated
Decoy-Debug-Status
Decoy-Debug-Key
X-Trace-Id
X-Endurance-Cache-Level
X-NCache
X-Rule
Decoy-Debug-TTL
Ms-Operation-Id
X-RTag
X-Site-Version
X-Locale
DB-Nickname
X-Www-Served-By
X-Nginx-Cache
X-ECACHE
X-MServer
X-Hl-Ver
X-Drupal-Cache-Contexts
X-Vgn-Hpd-Reason
X-GRACE
X-NewRelic-App-Data
X-EdgeConnect-Cache-Status
Cteonnt-Length
X-ServerID
X-Rocket-Nginx-Bypass
X-Load-Cache
ProcessTime
X-Ttl
X-Request-Time
X-Dc
X-IP
X-Time-Microsecs
X-Wix-Request-Id
X-IPS-LoggedIn
Time
L5d-Success-Class
X-Litespeed-Cache
X-Origin
X-Cache-Backend
X-GEO
S-Rt
Version
X-Via-CDN
Webcakes-Region
TWC-Connection-Speed
X-Origin-Hint
Served-By
Webcakes-App-Version
TWC-Locale-Group
Property-Id
TWC-Privacy
Webcakes-App-Name
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-GeoIP-Country
Azure-InstanceId
Origin
X-Unique-ID
Azure-SlotName
X-FW-Version
Azure-SiteName
Azure-Version
Azure-RegionName
X-Microcachable
NtCoent-Length
X-Pubstack
X-Distributor
X-Oneagent-Js-Injection
Fastcgi-X-Cache-Version
X-B3-Spanid
X-FireWall-Port
X-Proxy
Fastly-SSL
X-No-Session
X-Datadome
CACHE
X-Grey
Origin-Cache-Control
X-Cache-Server
X-Cache-Category-Id
Origin-Edge-Control
X-RateLimit-Reset
Access-Control-Request-Headers
X-Via-NSCOPI
X-UA
X-Nc
X-Detected-As
X-Is-Bot
X-BACKEND-TTL
IBM-Web2-Location
SRV
X-ApacheServer
Hostname
X-PERF
Cache-Tags
X-Format
X-Ua
Odigeo-Trace-Id
X-HTML-Minification-Powered-By
X-CS
X-Webkit-Csp
X-Powered-By-Defense
Proxy-Connection
X-Akamai-Transformed
X-Edge
Backend-Name
X-Varnish-Cacheable
X-Cdn-Forward
Xc-Version
Cache-Prefix
X-HS-Cache-Config
Cdn-Host
X-NU-AKA-ACS-Version
Cache-Cookie-Set-Lfrom
X-ND-Cache
X-Eu-Site
Rt-Proxy-Cache
Cdn-Request-Time
X-Worker
Fly-Cache
Cross-Origin-Window-Policy
Ec-Rule-Version
Fastly-SWR
Fly-Request-Id
Content-Style-Type
GEO-REGION-INFO
Server-ID
Content-Script-Type
Request-Time
Cache-Cookie-Set-Idcheck
X-IN-APIGATEWAY
A
MD5-Digest
Proxy-Firewall
Node
Mobile-Detection-Method
X-External-Request-Id
Meta-Geo-Continent
X-Instart-Info
Rendered-Blocks
Request-Country
AsisCache
X-HS-Combine-CSS
BehaviorPad-Version
Cache-Cookie-Set-From
Arc-Country
Ha-Gx-Prefs
Request-EU
X-G
HA-Ipaddr
ServerName
X-NX-Host
X-Aed
X-Transaction
X-Developer
X-Destination
X-Debug-Log
X-Accel-Expires-Debug
X-Trv-Group
X-Cache-Bucket
X-B-Cookie
X-Connection-Hash
X-A-Wwc
X-Twitter-Response-Tags
X-AIR-PT
X-Debug-Cookies
X-S-Maxage
X-S-Cookie
X-ARC
X-D
X-ScT
X-Rojux
X-Rewrite-Enabled
X-Date
X-Request-UUID
X-SRCache-Key
X-App-Name
X-Application
X-Region-Sid
X-VG-WebServer
Viewtype
X-CF-Lambda-Version
X-A-Dgt
VivaBuild
X-Vtex-Processado-Em
X-Server-Time
Fastly-SIE
X-Edge-Server
X-DPWN-IS-SECURE
X-Org
X-CGP
X-Vtex-Remote-Cache
X-A-Dam
X-A-Dcw
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-A-Ccd
X-Processor
X-Cluster-Name
X-PAYTM-SRV-ID
X-A
X-CF-Lambda-Fn
X-GeoIP-Country-Code
X-Cache-Id
X-Core-Mission
X-Clientip
X-Geo-Header
X-Cdn-Origin
X-Backend-State
Mime-Version
Section-Io-Cache
RNT-Time
X-Dispatcher-Server
True-Client-Country-4JS
Server-Int
Server-Host
RNT-Machine
Resin-Trace
Memcached
Is-Eu
X-Epic-Correlation-Id
On-Server
Platform
X-Generated-On
X-Tb
X-Sn-Servicetimems
X-Qloud-Router
X-TH-Server
Apple-News-Services-Handled
X-PHP-Host
X-C
Adler-Geo
X-Request-URI
X-Level-Front-Cache
X-Key
X-UnsetCookies
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Country-Code
PageSpeed
Countrycode
X-Variation
X-B3-Parentspanid
X-Internal-Host
X-Server-IP
Apple-News-Services-Request-Url
X-ServiceProvider
X-We-Are-Hiring
X-Hash
X-URL
X-Akamai-Request-ID2
X-B3-SpanId
X-Compress-Hint
X-ElasticPress-Search
X-Protected-By
X-Developers
V-Age
X-Dispatch
X-Device-Os
Who
Wxu-Next-Hostname
Wxu-Next-Commit
Wxu-Next-Region
X-SVT-ORM-VERSION
X-Served-From
X-SIPLIST1
X-Skip-Cache
X-Cache-Info
X-CDN-Cache
X-Servername
X-Cdn-Srv
X-Crawler
X-SD-PageType
X-Request-Start
X-Reqid
X-Swa-Ws
X-Response-By
X-SVT-ORM-RULES
UCS
X-Reboot
SS
X-Li-Fabric
X-Irp-Debug
X-Fastly-Cache
X-Li-Pop
PFcat
Pramga
X-LI-Proto
IsBot
AKAMAI
Content-Disposition
Esi-Enabled
CDCHOST
Gh-Request-Id
X-Fetched-On
X-Fstrz
X-Location
X-LI-UUID
X-Distil-CS
X-Nginx-Cache-Key
REQUESTUUID
SD-X-WS
X-Method
X-Webstats-RespID
X-WebServer
X-Gen-Mode
X-VServer
X-Gannett-Site-Version
X-Via-SSL
X-Hnp-Log
X-Origin-Date
X-GeoIP-City
X-Cms-Context
X-Generation-Time
X-Owner
X-Wikidot-Backend
X-Origin-Expires
X-Matched-Rule
X-Thanos
X-Thinkindot-L3
Pragrma
X-Via-Edge
X-Release
X-Wikidot-Static-Cache
Powered-By
X-Secret
Web-Mar-Node
GW-Server
User-Cache-Control
X-Parent-Response-Time
Thinkindot-Control
Thinkindot-CacheControl-Type
Heartbleed
Thinkindot-CacheControl
X-Auto-Login
X-Amz-Meta-Cache-Control
X-BBXSRF
X-Bip
X-Block-Status
Fastly-Soc-X-Request-Id
X-Cache-FS-Status
X-CDN-Forward
LB
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-VC-Cache
X-Planisys-CDN-TTL
X-NC
X-Be
X-Varnish-Ttl
X-App-Version
X-Azure-Ref-OriginShield
X-CUA
X-IN-WAF
X-Azure-Ref
W
X-OVcl-Cache
X-Phone
X-Core-Value
X-Birta-Served
X-OVcl
X-FPC
X-Birta-Cache-Post
X-CLOUD-TRACE-CONTEXT
X-Origin-CC
X-Origin-TTL
Memory
Accept-Language
X-Ratelimit-Remaining
X-Varnish-IP
X-Clara-WADP
X-WADP-Cache
X-Varnish-Url
X-CACHE-KEY
Selected-FE
CF-IPCountry
HitType
L
X-LAGOON
X-Info
X-Proxy-Cache-Status
N-Cache
X-Varnish-Beresp-Ttl
X-Proxy-Upstream
X-Page-Type
X-Geo
X-FE
Kp-EeAlive
X-TrackingId
User-Agent
X-Amzn-Remapped-Content-Length
X-Source
Cdn
X-Dynatrace-Js-Agent
X-DC
Selected-Fe
Magicmarker
X-Oracle-Dms-Rid
X-Varnish-Beresp-Status
X-Web-Server
X-Urbn-Context-Path
X-Urbn-Site-Id
Locale
X-Pf-Uncompressing
X-Varnish-Beresp-Grace
X-Zone
X-Agile-Age
X-Cache-Debug
X-Agile
X-Agile-Id
X-Flog
X-Hello
X-TT-LOGID
X-HS-Status
Pagetype
X-ABtesting
X-Servedbyhost
X-Refresh
X-Backend-TTL
X-Newrelic-Synthetics
X-User
Geoip-City
Geoip-Latitude
GeoIp-Country-Code
X-Generated-In
X-Mid
X-MID
X-Vcl-Version
X-Backend-Url
X-Real-Ip
X-Backend-Host
X-Aicache-OS
X-Check-Cacheable
X-NWS-UUID-VERIFY
CF-Cached-On
X-MSEdge-Flight
X-MSEdge-Features
SN
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Debug-Cache-Expiry
X-GoCache-CacheStatus
X-Tt-Trace-Tag
X-Up
X-Soup
Amp-Access-Control-Allow-Source-Origin
Ohc-File-Size
Ohc-Cache-HIT
X-Ruxit-Js-Agent
X-ZONE
X-APP
Group
X-VCL-Version
GeoIP-Country-Code
FSS-Proxy
FSS-Cache
X-Tb-Optimization-Total-Bytes-Saved
GeoIP-City
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-ServedByHost
X-UPSTREAM-Address
Srv
HTTPS
GeoIP-Latitude
X-Oss-Object-Type
X-Oss-Request-Id
WZWS-RAY
X-EC-Lua
X-SN
Server-Cache-Control
HostName
X-Varnish-Authentication
RequestId
Www
Server-Surrogate-Control
Cf-Ipcountry
X-Contensis-Viewer-Groups
Backend
X-Cache-ASPX
X-SERVER-NAME
X-BC
X-Say-TTL
X-Via-Ucdn
X-SayCDN-TTL
X-COUNTRY
Lb
X-Amzn-Remapped-Connection
X-Old-Content-Length
X-Amzn-Remapped-Date
X-Say-Cacheable
X-Instart-Isnd
X-CSRF-Token
X-NGENIX-Cache
X-Varnish-Beresp-TTL
X-Bc
X-Cache-Expires
X-Akamai-SSL-Client-Sid
Host-ID
X-Nananana
Xkeyrz
X-Proxy-Cacherz
X-ECache
X-PF-Uncompressing
XServer
Cache-Hits
X-Cache-Ttl
X-Dynatrace
WebServer
X-Node-Id
Requestid
Epwk-Cache
Inserted-Into-Cache-At
X-Varnish-Action
X-Request-Url
X-Cache-Tag
URI
X-Fastly-Backend-Reqs
Fastcgi-X-Cache
Xkeynj
X-Correlation-ID
X-TIME
X-Unique-Id
X-WR-MODIFICATION
Get-Access-Time
X-FORWARDED-FOR
Is-Session-Tracking
X-CSRF-TOKEN
Ajk
X-PAGE-TYPE
X-IN-APIGATEWAYSSL
X-Fastly-Country-Code
X-Logtrace-Id
Fastly-Backend-Name
X-AssetVersion
X-MCACHE
X-Cache-Time
X-Edge-IP
X-Cache-Miss-From
X-Sedo-Request-Id
X-Requestid
X-LiteSpeed-Cache-Control
Dynatrace
X-RateLimit-Remaining-Second
X-Wa
X-RateLimit-Limit-Second
X-Pjax-Url
X-Sf
Pics-Label
X-Var-Ttl
Cneonction
FNAC-ModuleRouting
X-Svr
DataCenter
X-SRV
Xet-Cookie
Cache-Provider
X-BE
X-Fpc
CDN
X-Swift-Error
X-Lb-Id
Correlation-Id
X-Fastly-Cache-Hits
X-NGINX-Cache
X-Dw-Trace-Id
X-Apw-Hits
T-Server
X-Apw-Access-Action
X-Apw-Access-Object
X-WA
X-Apw-Access-Token
X-WPE-Loopback-Upstream-Addr
Warning
Lfy
RequestUuid
Sid
X-LB-ID
PICS-Label
X-PJAX-URL
X-Html-Edge-Cache
X-GDPR
X-ServerName
X-Bug-Bounty
X-Akamai-ERRuleID
X-Akamai-ERPolicy
Ohc-Response-Time
X-Alicdn-Da-Ups-Status
X-Flow-Id
X-Zalando-Child-Request-Id
X-Policy
X-LiteSpeed-Tag
X-App
X-DW
X-RPM
X-RPS
X-DSS
X-DI
X-Page-Impression-Id
X-DB
X-RSL