Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Alt-Svc
X-Adblock-Key
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Age
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Id-2
X-Amz-Request-Id
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
EagleId
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
X-Request-ID
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Server-Id
X-WebKit-CSP
Server-Timing
Feature-Policy
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Rq
X-Host
Report-To
X-Ac
X-Node
Content-Location
X-OneAgent-JS-Injection
X-Cnection
X-Response-Time
X-Backend-Server
X-Cloud-Trace-Context
X-Origin-Cache
X-Application-Context
X-Readtime
Request-Id
Allow
Surrogate-Control
EagleEye-TraceId
X-ORACLE-DMS-ECID
X-Country
X-Vhost
X-DynaTrace
X-Cache-Lookup
X-TTL
X-Cdn
Pinterest-Generated-By
X-Rack-Cache
X-Origin-Upstream-Status
X-Clacks-Overhead
X-Url
NEL
X-Ua-Compatible
X-FTR-Request-ID
Rating
X-Ruxit-JS-Agent
X-Country-Code
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Dispatcher
X-Dns-Prefetch-Control
X-HW
X-CST
X-Goog-Hash
X-ORACLE-DMS-RID
X-Instart-Request-ID
Fusion-Component-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
X-DataStream-Cache-Status
X-DataDome
X-PC
X-TtlSet
X-Vname
Edge-Control
X-Px
X-VARITI-CCR
Service-Worker-Allowed
Verso
X-Mod-Pagespeed
X-MS-InvokeApp
X-Recruiting
X-Varnish-TTL
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Build
X-Use-Magma
X-Kinja-Server
X-Kinja
RTSS
X-Kinja-Revision
X-Cdn-Fetch
X-Exp-Id
X-D2id
SPRequestGuid
X-Vcap-Request-Id
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
TCN
X-SharePointHealthScore
X-Navigation-Version
X-GitHub-Request-Id
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Middleton-Display
X-Sol
Response
X-Middleton-Response
Display
X-Akam-SW-Version
X-Powered-By-Plesk
X-RateLimit-Remaining
MS-Author-Via
DynaTrace
Charset
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Shield-Request-Id
X-Forwarded-Proto
Realpath
X-Amz-Rid
ServerID
X-Powered-CMS
X-B3-TraceId
X-Upstream
Content-MD5
AR-CACHE
AR-ATIME
Ar-Sid
AR-PoweredBy
X-Trace
X-Version
Public-Key-Pins
Nginx-Cache
X-ESI
Fastly-Restarts
X-Goog-Metageneration
X-Goog-Generation
X-Cached
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Shard
X-Dw-Request-Base-Id
Accept-Ch-Lifetime
AR-Request-ID
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Mrf-Section-Lastmod
Pagespeed
X-Server-Name
Access-Control-Request-Method
Paypal-Debug-Id
X-DynaTrace-JS-Agent
X-Grace
X-MSEdge-Ref
Accept-Ch
Accept-CH
X-Goog-Storage-Class
X-Client-IP
SPRequestDuration
SPIisLatency
S
X-Debug
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-Backend
X-FTR-Expires
X-Country-Code-Real
X-FTR-Balancer
X-FTR-DC
X-FTR-Cache-Status
X-Vcache
X-Id
X-Ezoic-Cdn
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-FastCGI-Cache
X-Amz-Meta-S3cmd-Attrs
X-Fastly-Request-ID
Front-End-Https
X-N
Pinterest-Version
X-Pinterest-Rid
X-T
X-Amzn-Trace-Id
X-Upstream-Proxy
X-NF-Request-ID
X-B3-Traceid
Arr-Disable-Session-Affinity
X-DIS-Request-ID
X-Content-Type
MicrosoftSharePointTeamServices
X-XRDS-Location
X-Hits
X-B3-Sampled
X-FTR-Cache-Host
X-Varnish-Age
X-Acc-Meta-Resource-Type
X-Ser
X-Frontend
X-Mobile-Rewrite
Fastcgi-Cache
PB-RID
PB-PID
Arc-Version
X-Logged-In
X-Content-Digest
Server-Name
X-Correlation-Id
Alternate-Protocol
X-Srv
X-Cache-Key
X-Node-Name
X-Pad
Nel
AMP-Access-Control-Allow-Source-Origin
X-Microsite
X-Request-Handler-Origin-Region
X-VCache
FilterID
TP-L2-Cache
TP-Cache
X-Forwarded-For
X-User-Agent
X-Type
X-Kinsta-Cache
X-Rid
Healthy
Host
X-LB-Cache
X-F-Cache
X-Request-Processing-Time
X-IPLB-Instance
X-Request-Received
Powered
X-Zen-Fury
X-Esi
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Cache-2
Powered-By-ChinaCache
X-Debug-Info
X-Revision
X-AOL-HN
Edge-Cache-Tag
X-GUploader-UploadID
X-Cached-By
X-Cache-Age
X-Analytics
Backend-Timing
X-Via-JSL
X-HS-Hub-Id
X-Hostname
X-Kong-Proxy-Latency
X-HS-Content-Id
X-Kong-Upstream-Latency
X-AppVersion
X-Az
X-Activity-Id
X-Cache-Rule
X-Accel-Expires
X-XRDS-LOCATION
Surrogate-Key
Accept-CH-Lifetime
X-Varnish-Backend
X-Content-Security-Policy-Report-Only
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Page-Id
X-RateLimit-Limit
X-Content-Options
X-BCube-Filmed-By
X-Instance
X-PHP-Backend
X-Content-Powered-By
X-FB-Debug
X-Varnish-Grace
X-Amz-Replication-Status
X-Cluster
X-Tumblr-User
Server-Node
X-Akamai-Edgescape
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Request-Guid
X-Jobs
X-Signature
X-B-Cache
Refresh
Cleartype
Source
Cache-Status
X-Forwarded-Host
X-TT
X-App-Environment
X-Framework
Liferay-Portal
X-FW-Server
X-FW-Serve
X-Fastcgi-Cache
X-FW-Static
X-FW-Hash
X-FW-Type
DC
X-Varnish-Hostname
X-ATG-Version
Tracecode
Accept-Charset
Host-Header
Fastcgi-Useragent
Access-Control-Allow-Method
X-APP-VERSION
X-Mobile
WPE-Backend
X-Cache-Action
X-Cache-Operation
X-Drupal-Cache-Tags
X-Edge-Location
X-Cache-Control
X-Time
X-B
X-Whom
X-Cache-Hit
Actual-Object-TTL
X-Hp-Webp
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
Payment
X-Response-Served-From
X-App-Server
X-Accel-Buffering
X-Mobile-URL
X-TX-ID
X-WA-Info
X-Storage
X-Git-Hash
X-Content-Age
X-WebKit-CSP-Report-Only
X-NWS-LOG-UUID
X-Oracle-Dms-Rid
NGB
X-TT-TIMESTAMP
Upgrade-Insecure-Requests
X-Yottaa-Metrics
X-TA-CDN-Provider
X-Yottaa-Optimizations
X-Cacheable-TTL
Cache-Tv-Group
X-UA-Device-Type
Filters
X-Handled-By
Cache-Tag
X-SS-Set-Cookie
Viewport
X-Tumblr-Pixel-1
X-ProcessESI
X-Tumblr-Pixel-2
X-Status
X-Adobe-Loc
X-RemovedCookies
Eomportal-Instance
X-Adobe-Content
X-GeoIP
X-RequestSource
X-Geo-Country
Retry-After
X-Presslabs-Stats
X-VG-WebCache
X-FW-Dynamic
Webserver
X-Cache-TTL-Remaining
MS-CV
Xserver
X-Cache-TTL
X-Seen-By
Datacenter
Cache
X-Server-ID
X-FB-TRIP-ID
X-Host-Name
Server-Info
X-Cache-Enabled
Frame-Options
X-B3-Spanid
X-Ratelimit-Limit
Ms-Operation-Id
X-RTag
X-Contextid
X-Ratelimit-Reset
X-Hyper-Cache
From-Origin
X-Origin-Server
X-Generated-By
X-Mode
Country
S-Cnection
X-CF-Powered-By
X-Path-Route
X-Cache-Var-Map
X-RN-RSRV
X-Cache-Config
X-Cache-Var
X-Tumblr-Pixel-3
Meta-Geo
X-ES-SERVER
SRV
Load-Balancing
Machine
X-MP-GENERATED-AT
X-Cache-Grace
X-Proxied
X-Upstream-CT
Vix-Hermes-Req-Id
Cache-Key
GEO-INFO
X-Zipkin-Id
X-Upstream-HT
X-Routing-Service
X-Section
X-Labrador-Cache-Channel
X-Access
X-Drupal-Cache-Contexts
X-Cache-Host
X-From
X-Hit
X-Varnish-Cache-Hits
X-Human
X-Web-Node
X-Backend-Name
Decoy-Debug-Status
Decoy-Debug-TTL
Decoy-Debug-Key
Now
X-Varnish-Server
X-Upgrade-Enabled
X-Viewer-Country
X-OCL
X-PCL
X-TNCMS
X-Loop
X-Sorting-Hat-PodId
X-Rule
X-Region
X-VWS-Id
X-Alternate-Cache-Key
X-Origin-Response-Time
Mn-Server-Ip
X-Shopify-Stage
X-ShopId
Rt-Fastcgi-Cache
X-Akamai-Request-ID
X-Via-Fastly
X-AWS-Id
ServedBy
X-CCM
X-R9-Blue-Green-Version
X-Sorting-Hat-ShopId
X-EIG-Tracking-Id
X-Trace-Id
X-Magnolia-Registration
X-ShardId
X-L-Path
X-Environment-Context
X-Debug-Cache
X-VG-TLSProxy
X-LJ-Flow-ID
X-Endurance-Cache-Level
X-Rendered-As
X-Proto
DB-Nickname
X-Cluster-Node
DSUID
X-Proxy-Build
Cache-Name
X-NCache
X-FC-Vary-Parameters
X-Generated
X-Goog-Meta-Goog-Reserved-File-Mtime
X-JoinUs
X-Hosted-By
X-Site-Version
X-Xfnlog-Site
Mail-Subject
X-S
OT-Force-Account-Verify
We-Hiring
Akamai-GRN
X-Locale
X-Timing-Wait
Release
Version
X-RCS-CacheZone
X-Device-Type
X-Guploader-Uploadid
X-Www-Served-By
X-PressLabs-Stats
X-Varnish-Hits
Uber-Trace-Id
CACHE
X-Request-Time
ProcessTime
X-Load-Cache
X-Dc
X-VCT
X-IP
X-Time-Microsecs
X-NewRelic-App-Data
X-ProxyCache-Key
X-Nginx-Cache
X-ProxyCache-Status
X-BYPASS-REASON
NtCoent-Length
Time
X-Redis-Cache
X-Wix-Request-Id
X-Origin
X-FW-Version
Cteonnt-Length
Azure-Version
Azure-RegionName
Azure-InstanceId
NGX
Azure-SiteName
Azure-SlotName
S-Rt
X-RateLimit-Reset
X-Platform-Server
X-UUID
X-Akamai-Request-ID2
X-CDN-Forward
X-Origin-Hint
X-No-Session
X-EdgeConnect-Cache-Status
TWC-Connection-Speed
Property-Id
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Device-Class
TWC-Locale-Group
X-Via-CDN
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
TWC-Privacy
X-GEO
X-Proxy
X-FireWall-Port
X-ECACHE
X-Daa-Tunnel
X-Cache-NE
X-MServer
X-SERVER-NAME
X-Hl-Ver
X-Rocket-Nginx-Bypass
X-UA
X-HTML-Minification-Powered-By
X-Vgn-Hpd-Reason
X-IPS-LoggedIn
Origin
Odigeo-Trace-Id
X-Akamai-Transformed
X-ServerID
X-Cache-Remote
X-ApacheServer
X-PERF
X-CS
X-Format
X-Cache-Server
X-Distributor
Ec-Rule-Version
LB
X-Oneagent-Js-Injection
Cache-Tags
Access-Control-Request-Headers
Fastly-SSL
X-UnsetCookies
Accept-Language
X-Tb
Hostname
L5d-Success-Class
X-Pubstack
X-NC
X-Unique-ID
X-Microcachable
X-Webkit-Csp
Origin-Cache-Control
X-Real-IP
Origin-Edge-Control
Served-By
Fastcgi-X-Cache-Version
X-Varnish-Cacheable
X-Amzn-Remapped-Content-Length
Cdn-Host
Fly-Cache
Fly-Request-Id
GEO-REGION-INFO
Cache-Prefix
X-External-Request-Id
Cdn-Request-Time
Cache-Cookie-Set-Lfrom
Cross-Origin-Window-Policy
X-Edge-Server
Content-Style-Type
Fastly-SWR
Content-Script-Type
Fastly-SIE
BehaviorPad-Version
X-Rewrite-Enabled
X-IN-APIGATEWAY
X-Request-UUID
X-Instart-Info
X-Internal-Host
X-Rojux
X-Is-Bot
X-Geo-Header
X-G
X-DPWN-IS-SECURE
Cache-Cookie-Set-From
AsisCache
Arc-Country
A
AKAMAI
Cache-Cookie-Set-Idcheck
X-Destination
X-A-Ccd
X-A-Dam
X-A-Dcw
X-A
VivaBuild
X-CF-Lambda-Fn
X-Cdn-Srv
Viewtype
X-A-Dgt
X-A-Wwc
X-App-Name
X-Application
X-ARC
X-AIR-PT
X-Cache-Bucket
X-Accel-Expires-Debug
X-Aed
X-CF-Lambda-Version
Server-ID
Mobile-Detection-Method
X-D
Node
X-Date
Meta-Geo-Continent
X-Detected-As
X-Level-Front-Cache
MD5-Digest
X-Connection-Hash
Proxy-Firewall
REQUESTUUID
Rt-Proxy-Cache
X-Cluster-Name
Request-Time
Request-EU
Rendered-Blocks
Request-Country
X-Developer
X-Generated-On
X-Vtex-Remote-Cache
X-SVT-ORM-VERSION
X-NU-AKA-ACS-Version
X-SVT-ORM-RULES
X-Trv-Group
X-BACKEND-TTL
X-B3-Parentspanid
X-Vtex-Processado-Em
X-B-Cookie
X-Region-Sid
Xc-Version
X-Transaction
X-Worker
X-Org
X-S-Cookie
X-ScT
X-PAYTM-SRV-ID
IBM-Web2-Location
X-Grey
X-Rebelmouse-Cache-Control
X-VG-WebServer
Proxy-Connection
X-Rebelmouse-Surrogate-Control
X-Server-Time
X-Cache-Category-Id
X-S-Maxage
X-Twitter-Response-Tags
X-SRCache-Key
Selected-Fe
X-Varnish-Url
ServerName
X-Cache-Backend
Backend-Name
X-URL
X-ElasticPress-Search
X-Compress-Hint
Ha-Gx-Prefs
HA-Ipaddr
X-NX-Host
X-Nginx-Cache-Key
X-Debug-Log
Memcached
X-Debug-Cookies
Is-Eu
RNT-Machine
X-Cache-Id
X-Cache-Info
W
X-Cdn-Origin
X-Sn-Servicetimems
X-Dynatrace-Js-Agent
X-ServiceProvider
X-Backend-State
X-Skip-Cache
True-Client-Country-4JS
X-CGP
Resin-Trace
X-PHP-Host
Platform
X-Core-Mission
X-Developers
RNT-Time
X-Clientip
Server-Int
Section-Io-Cache
On-Server
Gh-Request-Id
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-GeoIP-Country-Code
X-Fastly-Cache
X-Method
Apple-News-Services-Handled
X-Request-URI
X-HS-Cache-Config
X-Location
X-HS-Combine-CSS
Adler-Geo
X-Eu-Site
Apple-News-Services-Request-Url
X-C
Countrycode
Esi-Enabled
X-Variation
Content-Disposition
X-Epic-Correlation-Id
X-We-Are-Hiring
X-Qloud-Router
X-Hnp-Log
X-Response-By
X-Request-Start
X-Hash
X-Servername
X-Server-IP
X-CDN-Cache
X-Key
X-Proxy-Upstream
X-SD-PageType
X-Reboot
X-Li-Pop
X-Block-Status
X-Cache-FS-Status
X-Irp-Debug
X-Bip
X-SIPLIST1
X-LI-Proto
X-LI-UUID
X-Distil-CS
UCS
X-Wikidot-Static-Cache
X-Thanos
X-TH-Server
X-Cms-Context
X-Owner
X-Wikidot-Backend
X-Dispatcher-Server
X-Dispatch
X-Reqid
X-WADP-Cache
X-WebServer
X-Swa-Ws
X-BBXSRF
X-Secret
X-Gen-Mode
X-Clara-WADP
X-Generation-Time
X-GeoIP-City
X-Gannett-Site-Version
X-Li-Fabric
X-Device-Os
X-Fetched-On
X-TrackingId
X-FPC
X-Proxy-Cache-Status
SD-X-WS
L
IsBot
User-Cache-Control
SS
Country-Code
PFcat
N-Cache
Server-Host
Web-Mar-Node
V-Age
X-Amz-Meta-Cache-Control
CDCHOST
X-Auto-Login
X-Edge
Fastly-Soc-X-Request-Id
X-SERVER
X-Thinkindot-L3
CF-IPCountry
X-VC-Cache
X-Pf-Uncompressing
X-Origin-Expires
X-Origin-Date
X-Matched-Rule
GW-Server
X-Crawler
Wxu-Next-Region
X-Release
X-Webstats-RespID
Kp-EeAlive
Wxu-Next-Hostname
Wxu-Next-Commit
Heartbleed
X-Azure-Ref
Powered-By
Pramga
Who
X-VServer
X-Nc
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Azure-Ref-OriginShield
Locale
X-Parent-Response-Time
X-Urbn-Context-Path
X-Urbn-Site-Id
X-CUA
X-FE
X-Served-From
X-OVcl-Cache
X-Processor
X-OVcl
X-Powered-By-Defense
X-Via-NSCOPI
X-Varnish-Ttl
X-CLOUD-TRACE-CONTEXT
Magicmarker
X-Via-Edge
X-Via-SSL
User-Agent
X-ABtesting
X-Flog
X-Hello
PageSpeed
X-Ratelimit-Remaining
X-LAGOON
X-Ua
X-ND-Cache
X-Protected-By
Memory
Mime-Version
X-Varnish-Beresp-Ttl
Pagetype
X-Be
X-Page-Type
X-Generated-In
X-Backend-Url
X-Cache-Ttl
X-User
X-Backend-Host
X-Newrelic-Synthetics
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-MSEdge-Features
X-MSEdge-Flight
X-Tt-Trace-Tag
X-GoCache-CacheStatus
X-Planisys-CDN-Cache
X-Fstrz
Pragrma
X-Up
X-Origin-TTL
X-Origin-CC
X-COUNTRY
X-Soup
X-Geo
X-Ttl
X-Debug-Cache-Store
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Backend-TTL
X-Check-Cacheable
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Zone
Cache-Hits
X-Core-Value
X-IN-WAF
X-Phone
GeoIp-Country-Code
X-B3-SpanId
Geoip-City
Geoip-Latitude
X-ZONE
X-DC
X-Varnish-Beresp-Grace
X-Old-Content-Length
X-TT-LOGID
X-Varnish-Beresp-Status
X-SayCDN-TTL
X-Say-Cacheable
X-Servedbyhost
X-Say-TTL
X-Akamai-SSL-Client-Sid
X-Litespeed-Cache
X-CSRF-TOKEN
X-Cdn-Forward
X-Birta-Served
Cdn
X-Birta-Cache-Post
X-Aicache-OS
XServer
X-Cache-Time
X-Real-Ip
X-VCL-Version
X-Mid
X-Node-Id
Fastly-Backend-Name
X-HS-Status
WZWS-RAY
Dynatrace
SN
X-Datadome
Inserted-Into-Cache-At
X-MID
X-BC
X-Ruxit-Js-Agent
X-Info
X-Varnish-IP
Amp-Access-Control-Allow-Source-Origin
HitType
FSS-Cache
Selected-FE
X-FORWARDED-FOR
X-Logtrace-Id
Ajk
FSS-Proxy
X-IN-APIGATEWAYSSL
X-Vcl-Version
X-EC-Lua
X-Amzn-Remapped-Date
X-Refresh
X-UPSTREAM-Address
X-ServedByHost
X-Tb-Optimization-Total-Bytes-Saved
X-Amzn-Remapped-Connection
X-Source
X-Agile
X-Cache-Debug
X-APP
X-Contensis-Viewer-Groups
X-RateLimit-Limit-Second
X-Varnish-Authentication
X-Wa
HostName
X-RateLimit-Remaining-Second
CF-Cached-On
X-Agile-Age
X-Cache-ASPX
Server-Cache-Control
Server-Surrogate-Control
X-Agile-Id
X-Bc
GeoIP-Country-Code
Xkeyrz
RequestId
X-Proxy-Cacherz
X-CSRF-Token
Srv
X-Nananana
X-GRACE
PICS-Label
X-Via-Ucdn
T-Server
X-NWS-UUID-VERIFY
GeoIP-City
X-PJAX-URL
GeoIP-Latitude
MIME-Version
X-App-Version
X-Web-Server
X-LiteSpeed-Cache-Control
Ohc-File-Size
X-LB-ID
X-Render-Time
X-WR-MODIFICATION
X-GDPR
X-TIME
X-Varnish-Beresp-TTL
X-ECache
WebServer
Ohc-Cache-HIT
Cf-Ipcountry
X-Fastly-Country-Code
CDN
X-Cache-Tag
X-Tec-Api-Root
Xkeynj
X-SRV
X-Tec-Api-Version
Is-Session-Tracking
Get-Access-Time
Group
X-PAGE-TYPE
SID
X-Policy
X-Uri
URI
X-Micro-Cache
X-Tec-Api-Origin
X-CACHE-KEY
X-Unique-Id
X-BE
DataCenter
X-Requestid
HTTPS
X-Cache-Miss-From
X-Sedo-Request-Id
X-MCACHE
X-Fastly-Backend-Reqs
X-Request-Url
X-Service
Backend
X-Edge-IP
Www
Cache-Provider
X-NGINX-Cache
X-SN
Xet-Cookie
X-Lb-Id
X-Pjax-Url
Pics-Label
X-Apw-Access-Action
X-Apw-Hits
X-Vct
X-Apw-Access-Object
X-Instart-Isnd
X-Apw-Access-Token
Lb
X-Swift-Error
X-Var-Ttl
Warning
Cneonction
X-Dw-Trace-Id
X-Ecache
Ohc-Response-Time
X-Has-Esi
X-Is-Gdpr
Host-ID
X-JWT-State
X-Cache-Expires
X-Cf-Powered-By
Requestid
FNAC-ModuleRouting
X-WA
Correlation-Id
X-Cdn-Request-ID
X-Newrelic-App-Data
X-Zalando-Child-Request-Id
X-Akamai-ERRuleID
X-Serial
X-Fe
X-Akamai-ERPolicy
X-PF-Uncompressing
X-DB
X-DI
X-DSS
X-Fastly-Cache-Hits
Lfy
X-Page-Impression-Id
X-Html-Edge-Cache
X-DW
X-RPM
X-Bug-Bounty
X-Flow-Id
X-ServerName
X-Fpc
X-RPS
X-RSL
X-Varnish-Action