Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
X-XSS-Protection
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Cacheable
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Xss-Protection
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Request-ID
X-Iinfo
Status
Content-Encoding
X-Content-Security-Policy
X-AspNetMvc-Version
X-Buckets
X-Kinja-Server-Push
Xkey
Upgrade
X-Via
X-Turbo-Charged-By
Access-Control-Expose-Headers
Keep-Alive
Access-Control-Max-Age
X-Cache-Group
X-Drupal-Dynamic-Cache
X-Pass-Why
P3p
X-Age
EagleId
X-Backend
X-CDN
X-Robots-Tag
X-Amz-Id-2
X-Amz-Request-Id
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Pingback
X-Ua-Compatible
X-Server-Powered-By
X-Proxy-Cache
X-Hacker
X-UA-Device
X-AH-Environment
Request-Context
X-Nginx-Cache-Status
Grace
X-Server
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Server-Id
Cf-Railgun
X-Cdn
X-Amz-Version-Id
X-WebKit-CSP
Feature-Policy
Server-Timing
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Rq
X-Cnection
X-Ac
Report-To
X-Cloud-Trace-Context
X-Host
X-Response-Time
X-Node
Content-Location
X-Backend-Server
EagleEye-TraceId
Request-Id
X-Origin-Cache
X-Readtime
X-Vhost
X-Application-Context
X-Cache-Lookup
X-Dns-Prefetch-Control
X-ORACLE-DMS-ECID
NEL
X-Dispatcher
Surrogate-Control
Allow
X-Rack-Cache
X-Ruxit-JS-Agent
X-Origin-Upstream-Status
X-Country
X-HW
X-Url
Rating
X-Country-Code
X-FTR-Request-ID
X-DataDome
X-TTL
X-ORACLE-DMS-RID
X-Clacks-Overhead
X-DynaTrace
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Fusion-Source
Fusion-Template-Id
X-Instart-Request-ID
Fusion-Component-Id
Fusion-Content-Source
Fusion-Content-Id
X-Goog-Hash
X-Varnish-TTL
X-MS-InvokeApp
X-PC
X-TtlSet
X-Vname
X-CST
X-Ah-Environment
X-Px
Verso
RTSS
X-Aspnetmvc-Version
Edge-Control
X-Powered-By-Plesk
Public-Key-Pins
X-VARITI-CCR
X-Recruiting
X-Mod-Pagespeed
Service-Worker-Allowed
X-Cdn-Fetch
X-Use-Magma
X-Kinja-Revision
X-Kinja-Server
X-D2id
X-Exp-Id
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja
X-Exp-Variant
Pinterest-Generated-By
Response
Display
X-Sol
X-Middleton-Response
X-Middleton-Display
X-Vcap-Request-Id
X-Version
SPRequestGuid
Accept-Ch-Lifetime
X-SharePointHealthScore
MS-Author-Via
X-Akam-SW-Version
X-RateLimit-Remaining
TCN
X-GitHub-Request-Id
X-Abt-Application-Version
X-Navigation-Version
Accept-CH
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Powered-CMS
X-B3-TraceId
X-Upstream
X-Forwarded-Proto
X-Shard
X-Amz-Server-Side-Encryption
SPIisLatency
X-XRDS-Location
SPRequestDuration
AR-CACHE
Ar-Sid
AR-ATIME
AR-PoweredBy
Charset
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Fastly-Restarts
X-Amz-Rid
Realpath
Nginx-Cache
X-Trace
X-Debug
Front-End-Https
AR-Request-ID
X-Shield-Request-Id
X-Cached
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Server-Name
X-ESI
X-Ezoic-Cdn
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
X-MSEdge-Ref
Access-Control-Request-Method
Paypal-Debug-Id
X-NF-Request-ID
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Expires
Arr-Disable-Session-Affinity
X-SERVER
DynaTrace
ServerID
Content-MD5
X-Id
X-FTR-Backend
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Balancer
Pagespeed
X-Goog-Storage-Class
MicrosoftSharePointTeamServices
S
X-DynaTrace-JS-Agent
X-T
X-Fastly-Request-ID
X-Amz-Meta-S3cmd-Attrs
X-Client-IP
X-Vcache
X-Via-JSL
X-Content-Type
X-Dw-Request-Base-Id
X-Varnish-Age
X-Hits
X-VCache
X-Amzn-Trace-Id
X-RateLimit-Limit
X-N
X-FastCGI-Cache
X-B3-Traceid
X-Grace
X-Correlation-Id
X-Forwarded-For
Fastcgi-Cache
X-FTR-Cache-Host
X-Frontend
X-Content-Digest
PB-RID
X-Mobile-Rewrite
Powered
PB-PID
Arc-Version
X-Esi
Accept-Ch
Server-Name
X-Logged-In
X-Ser
X-Accel-Expires
X-DIS-Request-ID
X-B3-Sampled
AMP-Access-Control-Allow-Source-Origin
X-GUploader-UploadID
X-HS-Hub-Id
X-HS-Content-Id
X-Microsite
X-Request-Handler-Origin-Region
X-Zen-Fury
TP-L2-Cache
TP-Cache
X-Request-Processing-Time
X-Cache-Age
X-Request-Received
X-Kinsta-Cache
X-Type
X-LB-Cache
FilterID
X-User-Agent
X-Rid
Backend-Timing
X-Analytics
X-Activity-Id
X-Az
X-AppVersion
X-Revision
X-IPLB-Instance
X-Fastcgi-Cache
Healthy
X-Node-Name
Edge-Cache-Tag
X-F-Cache
X-Srv
X-Acc-Meta-Resource-Type
X-Whom
Retry-After
X-Time
X-Cache-2
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Kong-Upstream-Latency
X-NWS-LOG-UUID
X-Kong-Proxy-Latency
Accept-Charset
Alternate-Protocol
X-Pinterest-Rid
X-Cache-Hit
Pinterest-Version
X-AOL-HN
X-Cache-Rule
Server-Node
Cache-Status
X-Content-Options
VIX-Pulpo-Node
Surrogate-Key
VIX-Pulpo-Upstream-Status
Refresh
X-Akamai-Edgescape
DC
X-Content-Security-Policy-Report-Only
X-Jobs
X-Forwarded-Host
X-Content-Powered-By
X-Cluster
Access-Control-Allow-Method
X-Tumblr-Pixel
X-FW-Server
X-FW-Static
X-Instance
X-FW-Serve
X-FW-Hash
X-Debug-Info
X-FB-Debug
X-Page-Id
X-FW-Type
X-Tumblr-User
X-Tumblr-Pixel-0
X-Framework
Source
X-PHP-Backend
X-Varnish-Grace
X-App-Environment
X-Request-Guid
X-B
X-Hp-Webp
MS-CV
Fastcgi-Useragent
X-Hostname
X-App-Server
Host
Cleartype
Frame-Options
X-Cache-Key
X-B-Cache
X-Signature
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
Tracecode
X-Ratelimit-Reset
X-DataStream-Cache-Status
X-Cache-Operation
X-BCube-Filmed-By
Actual-Object-TTL
X-Cached-By
X-PressLabs-Stats
X-Mobile-URL
X-TA-CDN-Provider
Cache-Tag
X-Varnish-Backend
X-Geo-Country
Xserver
X-Cache-Control
X-Amz-Replication-Status
X-TT
Liferay-Portal
X-Pad
X-Seen-By
X-Host-Name
X-Mobile
NGB
X-Response-Served-From
X-ATG-Version
X-Git-Hash
X-Adobe-Loc
X-Adobe-Content
Payment
X-TT-TIMESTAMP
X-Status
X-WA-Info
X-WebKit-CSP-Report-Only
Eomportal-Instance
Upgrade-Insecure-Requests
X-Tumblr-Pixel-2
X-ProcessESI
X-RemovedCookies
Filters
X-FW-Dynamic
Cache-Tv-Group
WPE-Backend
X-Tumblr-Pixel-1
X-TX-ID
Ms-Operation-Id
X-RTag
X-Handled-By
X-Cacheable-TTL
X-Drupal-Cache-Tags
X-GeoIP
From-Origin
X-UA-Device-Type
X-RequestSource
Webserver
X-Content-Age
X-Cache-TTL-Remaining
Datacenter
GEO-INFO
X-Cache-Remote
X-Oracle-Dms-Rid
Cache
X-Daa-Tunnel
X-Upstream-Proxy
X-Edge-Location
Viewport
X-Storage
X-Cache-Action
X-Cache-TTL
X-Accel-Buffering
X-Webkit-CSP
X-Varnish-Hostname
X-Origin-Server
PageSpeed
Accept-CH-Lifetime
X-Ua
X-EdgeConnect-Cache-Status
Version
X-Hyper-Cache
X-Contextid
X-CF-Powered-By
Host-Header
X-Region
SRV
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Wix-Request-Id
X-Varnish-Server
X-Akamai-Transformed
X-Akamai-Request-ID2
NR-ENABLED
X-Path-Route
Meta-Geo
X-Cache-Var
X-Cache-Var-Map
X-ES-SERVER
X-RN-RSRV
Load-Balancing
X-Timing-Wait
X-JoinUs
X-Proxy-Build
Selected-Fe
S-Cnection
X-IP
X-From
Cache-Tags
Cache-Name
Now
X-TNCMS
X-Generated
X-Goog-Meta-Goog-Reserved-File-Mtime
Vix-Hermes-Req-Id
X-Loop
X-CS
X-Cache-Config
X-Proxy
X-Backend-Name
X-Proto
X-Hit
X-ApacheServer
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
X-Cache-Enabled
Rt-Fastcgi-Cache
X-Viewer-Country
X-Tumblr-Pixel-3
X-Rule
X-PERF
X-Cluster-Node
X-Via-Fastly
DB-Nickname
X-Access
X-Origin-Response-Time
X-NCache
X-Time-Microsecs
X-Upgrade-Enabled
X-Labrador-Cache-Channel
Cache-Hits
X-Origin
X-Section
X-Akamai-Request-ID
X-FC-Vary-Parameters
X-Backend-TTL
Mn-Server-Ip
X-Trace-Id
Azure-Version
X-Cache-Host
X-Varnish-Cache-Hits
X-Web-Node
Azure-SlotName
Country
X-Cache-Grace
X-R9-Blue-Green-Version
X-Upstream-CT
Cache-Key
TWC-Locale-Group
X-PCL
X-FireWall-Port
X-Format
X-Hosted-By
X-Upstream-HT
X-CCM
X-OCL
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
Ec-Rule-Version
X-EIG-Tracking-Id
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
X-Origin-Hint
X-UnsetCookies
TWC-Privacy
X-FW-Version
X-Xfnlog-Site
Property-Id
S-Rt
Azure-InstanceId
Azure-SiteName
Azure-RegionName
X-Human
X-Drupal-Cache-Contexts
X-Device-Type
X-Locale
X-Varnish-Hits
X-Www-Served-By
X-Debug-Cache
X-S
X-Site-Version
OT-Force-Account-Verify
X-DataStream-MidMile-RTT
X-Cache-Time
DSUID
X-DataStream-Origin-MEX-Latency
X-NewRelic-App-Data
Server-Info
X-Cache-NE
Release
X-Rendered-As
X-Cache-Server
Time
Ohc-File-Size
X-VG-TLSProxy
X-VG-WebCache
Hostname
ServedBy
X-Vgn-Hpd-Reason
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShardId
X-ShopId
X-Sorting-Hat-ShopId
X-VCT
X-FB-TRIP-ID
X-Nginx-Cache
Accept-Language
Fastcgi-X-Cache-Version
X-Mode
X-Redis-Cache
X-OVcl-Cache
X-APP-VERSION
X-OVcl
X-Real-IP
X-Tb
Machine
Ohc-Cache-HIT
Cteonnt-Length
NtCoent-Length
Origin
Origin-Edge-Control
X-Pubstack
Origin-Cache-Control
X-NC
X-GEO
X-Presslabs-Stats
L5d-Success-Class
X-Environment-Context
X-B3-Spanid
X-CSRF-TOKEN
X-No-Session
X-L-Path
Access-Control-Request-Headers
X-HS-Cache-Config
X-Request-Time
X-Load-Cache
X-App-Version
X-Generated-By
Odigeo-Trace-Id
X-Cluster-Name
X-Magnolia-Registration
X-Tt-Trace-Tag
X-VWS-Id
X-DC
X-AWS-Id
X-Endurance-Cache-Level
X-LJ-Flow-ID
Fastly-SSL
Mime-Version
X-Amzn-Remapped-Content-Length
IBM-Web2-Location
X-Parent-Response-Time
X-UUID
We-Hiring
Akamai-GRN
Mail-Subject
X-B3-Parentspanid
X-NGENIX-Cache
X-Rocket-Nginx-Bypass
X-ServerID
Nel
X-GoCache-CacheStatus
X-ECACHE
Request-Time
X-Urbn-Context-Path
Locale
X-XRDS-LOCATION
X-Urbn-Site-Id
X-CACHE-KEY
X-Aed
X-ScT
Server-ID
BehaviorPad-Version
X-Trv-Group
Node
X-A-Wwc
X-Vtex-Remote-Cache
X-Accel-Expires-Debug
X-AIR-PT
X-ARC
X-Server-Time
Mobile-Detection-Method
X-B-Cookie
Uber-Trace-Id
X-PAYTM-SRV-ID
Xc-Version
X-S-Maxage
X-Transaction
X-Region-Sid
X-Application
X-A-Dgt
X-Request-UUID
X-MServer
X-A
X-Vtex-Processado-Em
X-Rewrite-Enabled
X-Node-Id
Viewtype
VivaBuild
X-S-Cookie
Content-Style-Type
X-VG-WebServer
X-Worker
Fly-Request-Id
X-A-Dcw
Meta-Geo-Continent
X-A-Dam
Proxy-Connection
Cdn-Request-Time
Cdn-Host
X-A-Ccd
X-Twitter-Response-Tags
Memcached
X-Proxied
Arc-Country
Content-Script-Type
Cross-Origin-Window-Policy
X-Soup
Apple-News-Services-Host
X-Developer
Apple-News-Services-Handled
X-SRCache-Key
X-SS-Set-Cookie
Apple-News-Services-Request-Url
Cache-Prefix
X-ProxyCache-Key
Rendered-Blocks
X-ProxyCache-Status
Apple-News-Services-Parsed-Url
X-External-Request-Id
X-Routing-Service
X-DPWN-IS-SECURE
X-BYPASS-REASON
X-Edge-Server
X-Detected-As
X-Destination
Rt-Proxy-Cache
Fly-Cache
X-Origin-Expires
X-Origin-Date
X-Zipkin-Id
MD5-Digest
A
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Connection-Hash
GEO-REGION-INFO
T-Server
AsisCache
X-D
X-Date
X-Instart-Info
CF-IPCountry
X-Rojux
X-Org
X-Is-Bot
X-G
X-Via-CDN
X-Element-Page-Cache
Backend-Name
X-Oneagent-Js-Injection
ServerName
Fastly-Soc-X-Request-Id
Countrycode
NGX
N-Cache
Gh-Request-Id
X-Distil-CS
X-Request-Start
X-SIPLIST1
X-Release
X-IN-APIGATEWAYSSL
X-Hl-Ver
X-IN-APIGATEWAY
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-VC-Cache
X-WebServer
X-Up
X-TrackingId
X-Thanos
X-Fastly-Cache
X-Distributor
X-Azure-Ref
X-Azure-Ref-OriginShield
X-Auto-Login
Section-Io-Cache
Request-EU
X-Bip
X-Cache-Bucket
X-Core-Mission
X-Developers
X-Cms-Context
X-Clientip
X-Cdn-Srv
Request-Country
IsBot
X-Origin-TTL
X-B3-SpanId
X-Origin-CC
X-ElasticPress-Search
User-Cache-Control
X-Irp-Debug
X-Li-Pop
X-Li-Fabric
X-Level-Front-Cache
X-ABtesting
X-GeoIP-City
X-Geo-Header
X-Amz-Meta-Cache-Control
X-Hash
X-Hnp-Log
X-Hello
X-LI-Proto
X-Location
X-NX-Host
X-Nginx-Cache-Key
True-Client-Country-4JS
Thinkindot-Control
Thinkindot-CacheControl-Type
V-Age
X-MSEdge-Flight
X-Matched-Rule
X-App-Name
X-Method
W
X-MSEdge-Features
X-LI-UUID
X-Generated-In
X-Cache-Info
X-Debug-Cookies
X-Cache-Id
X-Cache-FS-Status
X-Debug-Log
X-Cdn-Origin
X-Debug-Cache-Store
X-Debug-Cache-Expiry
X-CUA
X-Clara-WADP
X-CGP
X-Debug-Cache-Fetch
X-Device-Os
X-C
X-Flog
X-Fetched-On
X-Gen-Mode
Thinkindot-CacheControl
X-Generated-On
X-Backend-Host
X-Eu-Site
Content-Disposition
X-Block-Status
X-Epic-Correlation-Id
X-BBXSRF
X-Backend-Url
X-Generation-Time
X-Old-Content-Length
X-Compress-Hint
X-Unique-ID
X-Wikidot-Static-Cache
X-Thinkindot-L3
AKAMAI
X-Variation
Fastly-SWR
PFcat
X-Request-URI
Adler-Geo
Magicmarker
X-Sn-Servicetimems
HA-Ipaddr
Ha-Gx-Prefs
Is-Eu
X-We-Are-Hiring
X-ServiceProvider
L
X-Skip-Cache
X-Wikidot-Backend
Platform
X-Platform-Server
X-Proxy-Cache-Status
RNT-Time
RNT-Machine
X-VServer
X-PHP-Host
X-Owner
Server-Int
X-WADP-Cache
X-Proxy-Upstream
CDCHOST
X-Reboot
Esi-Enabled
Fastly-SIE
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Microcachable
X-Swa-Ws
X-Webstats-RespID
X-User
X-Dispatch
X-SayCDN-TTL
X-MP-GENERATED-AT
X-Internal-Host
X-Key
X-Qloud-Router
X-Guploader-Uploadid
X-GDPR
X-HS-Combine-CSS
X-Reqid
X-SD-PageType
X-Server-IP
X-Say-TTL
X-Say-Cacheable
X-Response-By
X-Servername
X-Dispatcher-Server
Server-Host
X-Uri
Memory
Heartbleed
SS
X-Backend-State
Served-By
Pramga
SD-X-WS
Wxu-Next-Region
Pagetype
Web-Mar-Node
Kp-EeAlive
Country-Code
X-Cdn-Forward
Wxu-Next-Commit
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Wxu-Next-Hostname
Cache-Cookie-Set-From
X-IPS-LoggedIn
Resin-Trace
X-Policy
X-Page-Type
X-Wa
X-FPC
UCS
X-SERVER-NAME
ProcessTime
X-Servedbyhost
Powered-By-ChinaCache
Ajk
X-Var-Ttl
X-Logtrace-Id
REQUESTUUID
X-Service
X-HTML-Minification-Powered-By
Cache-Provider
X-JWT-State
Proxy-Firewall
X-Nc
X-Lb-Id
X-Is-Gdpr
X-Has-Esi
X-Geo
X-Ratelimit-Limit
X-Cache-Backend
X-VCL-Version
X-Dc
X-Datadome
X-NWS-UUID-VERIFY
X-Oss-Request-Id
X-Processor
Powered-By
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Tb-Optimization-Total-Bytes-Saved
X-Oss-Server-Time
X-Grey
X-Cache-Category-Id
Srv
X-Pjax-Url
X-ZONE
X-Varnish-Beresp-Ttl
X-Cache-Ttl
X-Info
X-SRV
GeoIP-Latitude
X-TH-Server
PICS-Label
GeoIP-City
X-Svr
X-Cache-URL
GeoIP-Country-Code
Fastly-Backend-Name
X-Server-ID
SN
X-Be
X-Ruxit-Js-Agent
X-RateLimit-Reset
X-RCS-CacheZone
X-Instart-Isnd
X-CDN-Forward
X-HS-Status
X-Webkit-Csp
X-Zone
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-Scheme
X-Ftr-Request-Id
X-SN
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Dynatrace
X-Ttl
X-Newrelic-Synthetics
Cdn
X-NodeID
GW-Server
X-UA
X-GRACE
X-Source
Group
X-Varnish-Url
CACHE
X-LAGOON
X-Pf-Uncompressing
CF-Cached-On
X-Check-Cacheable
X-Secret
X-Bc
X-EC-Lua
X-PF-Uncompressing
WZWS-RAY
X-Gannett-Site-Version
X-Sucuri-Id
X-Varnish-Beresp-TTL
Dynatrace
X-CDN-Cache
X-Varnish-Cacheable
On-Server
X-LiteSpeed-Cache-Control
Ttl
Cache-Host
X-Dynatrace-Js-Agent
LB
X-Server-W
X-NODE
User-Agent
X-GeoIP-Country-Code
X-Ftr-Cache-Host
X-Ratelimit-Remaining
X-BE
Inserted-Into-Cache-At
X-Tt-Trace-Host
X-Via-Ucdn
X-Ms-Version
X-BC
Environment
X-APP
X-Ms-Request-Id
X-NU-AKA-ACS-Version
X-Edge
Pics-Label
X-COUNTRY
XServer
GeoIp-Country-Code
Geoip-Latitude
Lfy
Geoip-City
X-Fastly-Country-Code
X-Cache-Debug
WWW
X-Session-Fingerprint
X-Aicache-OS
X-Trafficlayer-App-Scope
X-Crawler
X-Trafficlayer-App-Name
X-Akamai-SSL-Client-Sid
X-URL
X-PJAX-URL
Who
X-Ftr-Backend
X-Ftr-Dc
MIME-Version
X-Ftr-Backend-Server
X-Ftr-Realm
X-Ftr-Balancer
Requestid
X-Agile-Age
X-Agile
Ohc-Response-Time
X-Mid
X-Render-Time
X-Fastly-Backend-Reqs
X-Agile-Id
Cf-Ipcountry
X-Vcl-Version
X-FE
M-TraceId
X-Varnish-Ttl
X-MCACHE
X-FORWARDED-FOR
X-CSRF-Token
SID
X-LB-ID
Amp-Access-Control-Allow-Source-Origin
Lb
X-Via-Edge
X-Litespeed-Cache-Control
X-Via-SSL
X-Served-From
X-Logging-Id
X-Micro-Cache
X-UPSTREAM-Address
X-7Graus-Varnish-Cache-Control
X-7Graus-Varnish-XKeys
URI
X-Cache-Miss-From
X-WR-MODIFICATION
X-Sedo-Request-Id
RequestUuid
X-Proxy-Cacherz
Xkeyrz
HostName
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-RPM
X-RSL
X-Action
X-RPS
Host-ID
X-DI
X-DSS
X-DW
X-Cache-Tag
X-DB
X-Correlation-ID
DataCenter
X-Cf-Powered-By
X-Protected-By
X-Fpc
X-Core-Value
X-Vct
X-Page-Impression-Id
X-Nananana
X-Zalando-Child-Request-Id
CDN
X-ServedByHost
X-WA
X-Fastly-Cache-Hits
Xkeypdq
X-Flow-Id
WebServer
X-Newrelic-App-Data
X-NGINX-Cache
X-Ecache
FNAC-ModuleRouting
X-TIME
X-VC
X-Cdn-Request-ID
Cneonction
X-ND-Cache
X-MID
Correlation-Id
X-Refresh
X-SB
X-Dw-Trace-Id
X-Via-NSCOPI
Cdncip
X-AK-Request-ID
Warning
X-Vdms-Version
Cdnsip
X-Request-Url
X-Swift-Error
X-Sucuri-Cache
X-Serial
Xet-Cookie
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Apw-Hits
X-ECache
Processtime
X-Unique-Id
HitType
X-ServerName
X-Bug-Bounty
X-Request-URL
Pragrma
X-Apw-Access-Token
X-Apw-Access-Object
V-Cache
X-Gdpr
X-Fe
X-MiniProfiler-Ids
X-Apw-Access-Action