Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
CF-Cache-Status
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Alt-Svc
X-Adblock-Key
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-CDN
X-Via
X-Turbo-Charged-By
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Age
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Request-Id
X-Amz-Id-2
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
EagleId
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-SaveTime
X-Swift-CacheTime
X-Ua-Compatible
X-Server-Id
Ali-Swift-Global-Savetime
X-WebKit-CSP
Server-Timing
Feature-Policy
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Host
X-Rq
Report-To
X-Ac
X-Request-ID
X-Node
Content-Location
X-OneAgent-JS-Injection
X-Response-Time
X-Cnection
X-Backend-Server
X-Cloud-Trace-Context
X-Origin-Cache
X-Application-Context
X-Readtime
Request-Id
Allow
Surrogate-Control
EagleEye-TraceId
X-ORACLE-DMS-ECID
X-Country
X-Vhost
X-DynaTrace
X-TTL
X-Cache-Lookup
X-Rack-Cache
X-Origin-Upstream-Status
X-Url
X-Clacks-Overhead
X-FTR-Request-ID
Pinterest-Generated-By
NEL
Rating
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country-Code
X-Dispatcher
X-Ruxit-JS-Agent
X-CST
X-ORACLE-DMS-RID
X-HW
X-Cdn
X-Instart-Request-ID
X-Goog-Hash
Fusion-Source
Fusion-Content-Source
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Id
X-DataStream-Cache-Status
X-TtlSet
X-PC
X-Vname
Edge-Control
X-DataDome
X-Px
X-VARITI-CCR
Service-Worker-Allowed
Verso
X-Mod-Pagespeed
X-MS-InvokeApp
X-Dns-Prefetch-Control
RTSS
X-Recruiting
X-Kinja-Build
X-Kinja
X-GoogleNews-Bot
X-Exp-Variant
X-Cdn-Fetch
X-Kinja-Revision
X-Use-Magma
X-Exp-Id
X-Kinja-Server
X-Varnish-TTL
X-D2id
SPRequestGuid
X-Vcap-Request-Id
X-Abt-Application-Version
TCN
X-ESI
X-Amz-Server-Side-Encryption
X-GitHub-Request-Id
X-SharePointHealthScore
X-Navigation-Version
X-Akam-SW-Version
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Sol
X-Middleton-Response
Display
Response
X-Middleton-Display
X-Powered-By-Plesk
MS-Author-Via
X-RateLimit-Remaining
X-B3-TraceId
DynaTrace
X-Forwarded-Proto
Realpath
Charset
X-Powered-CMS
X-Shield-Request-Id
X-Amz-Rid
ServerID
X-Version
X-Upstream
Fastly-Restarts
X-Server-Name
X-Trace
Public-Key-Pins
Nginx-Cache
X-Cached
Ar-Sid
AR-PoweredBy
AR-CACHE
AR-ATIME
X-Shard
X-Goog-Metageneration
X-Goog-Generation
X-Dw-Request-Base-Id
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Grace
Content-MD5
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
AR-Request-ID
Pagespeed
Paypal-Debug-Id
Accept-CH
Access-Control-Request-Method
X-MSEdge-Ref
X-Client-IP
SPIisLatency
SPRequestDuration
Accept-Ch-Lifetime
Accept-Ch
X-Goog-Storage-Class
S
X-DynaTrace-JS-Agent
X-Debug
X-FTR-Cache-Status
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-DC
X-Id
X-FTR-Realm
X-FTR-Expires
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Ezoic-Cdn
X-Amz-Meta-S3cmd-Attrs
X-Fastly-Request-ID
Front-End-Https
X-T
X-FastCGI-Cache
X-N
X-Amzn-Trace-Id
X-NF-Request-ID
Arr-Disable-Session-Affinity
MicrosoftSharePointTeamServices
X-DIS-Request-ID
X-Content-Type
Pinterest-Version
X-B3-Traceid
X-Hits
X-Pinterest-Rid
X-Upstream-Proxy
X-B3-Sampled
X-VCache
X-FTR-Cache-Host
X-Frontend
X-Acc-Meta-Resource-Type
X-Vcache
Arc-Version
X-Mobile-Rewrite
Fastcgi-Cache
PB-RID
PB-PID
X-Logged-In
X-Varnish-Age
X-Content-Digest
X-XRDS-Location
X-Ser
Server-Name
X-Correlation-Id
X-Srv
Alternate-Protocol
X-Cache-Key
X-Node-Name
Nel
X-Pad
X-Forwarded-For
X-Request-Handler-Origin-Region
X-Microsite
AMP-Access-Control-Allow-Source-Origin
FilterID
X-Rid
X-User-Agent
X-XRDS-LOCATION
Powered
TP-L2-Cache
X-Type
TP-Cache
Healthy
X-LB-Cache
X-IPLB-Instance
X-Request-Received
X-Request-Processing-Time
Host
X-Zen-Fury
X-F-Cache
X-Cache-2
X-Kinsta-Cache
X-Amzn-RequestId
Accept-CH-Lifetime
X-Amz-Apigw-Id
X-Revision
Edge-Cache-Tag
Powered-By-ChinaCache
X-Debug-Info
X-AOL-HN
X-Via-JSL
X-Analytics
Backend-Timing
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Cached-By
X-Cache-Age
X-Az
X-Activity-Id
X-AppVersion
X-GUploader-UploadID
X-Hostname
X-HS-Hub-Id
X-HS-Content-Id
X-Accel-Expires
X-Cache-Rule
Surrogate-Key
X-Varnish-Backend
X-Content-Options
X-BCube-Filmed-By
X-PHP-Backend
Server-Node
X-Tumblr-Pixel
X-Content-Security-Policy-Report-Only
X-Varnish-Grace
X-Tumblr-Pixel-0
X-Tumblr-User
X-Instance
VIX-Pulpo-Node
Cache-Status
X-Page-Id
VIX-Pulpo-Upstream-Status
X-Jobs
X-Akamai-Edgescape
X-Request-Guid
X-Content-Powered-By
X-Amz-Replication-Status
X-App-Environment
X-B-Cache
X-Forwarded-Host
X-Cluster
X-TT
Cleartype
X-Signature
X-Fastcgi-Cache
Refresh
Source
X-FB-Debug
X-Framework
X-FW-Hash
Liferay-Portal
X-FW-Server
X-FW-Type
X-FW-Serve
X-FW-Static
DC
X-Time
X-RateLimit-Limit
Tracecode
X-ATG-Version
Fastcgi-Useragent
X-Varnish-Hostname
Accept-Charset
X-Presslabs-Stats
Access-Control-Allow-Method
X-Esi
Host-Header
X-Mobile
X-APP-VERSION
X-Cache-Action
X-Cache-Operation
X-Drupal-Cache-Tags
WPE-Backend
X-Whom
X-Cache-Control
X-Edge-Location
X-B
Payment
NGB
X-App-Server
X-Accel-Buffering
X-Cache-TTL
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Response-Served-From
X-Hp-Webp
X-Mobile-URL
X-WA-Info
X-Content-Age
Filters
X-Git-Hash
Actual-Object-TTL
X-Storage
X-Handled-By
X-Cache-Hit
X-WebKit-CSP-Report-Only
Retry-After
Cache-Tv-Group
Cache-Tag
X-TT-TIMESTAMP
X-TX-ID
X-Cacheable-TTL
X-RequestSource
Viewport
Upgrade-Insecure-Requests
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
Eomportal-Instance
X-GeoIP
X-Adobe-Content
X-Adobe-Loc
X-Yottaa-Optimizations
X-UA-Device-Type
X-RemovedCookies
X-Yottaa-Metrics
X-ProcessESI
X-NWS-LOG-UUID
X-Status
MS-CV
X-SS-Set-Cookie
X-FW-Dynamic
X-Ratelimit-Limit
X-Geo-Country
X-VG-WebCache
Webserver
X-Server-ID
Xserver
X-Seen-By
X-TA-CDN-Provider
X-Cache-TTL-Remaining
X-RTag
Ms-Operation-Id
X-FB-TRIP-ID
X-Host-Name
X-Oracle-Dms-Rid
X-Cache-Enabled
Datacenter
X-B3-Spanid
Frame-Options
From-Origin
X-Origin-Server
CACHE
X-Hyper-Cache
X-Generated-By
Server-Info
X-Contextid
X-Mode
X-RateLimit-Reset
Country
GEO-INFO
X-CF-Powered-By
X-Drupal-Cache-Contexts
X-RN-RSRV
Cache
X-Path-Route
S-Cnection
X-Cache-Var
X-ES-SERVER
Load-Balancing
Machine
Meta-Geo
X-Cache-Var-Map
X-Tumblr-Pixel-3
SRV
X-Access
X-Cache-Config
X-Zipkin-Id
X-Proxied
X-Upstream-HT
X-Upstream-CT
X-Section
X-Routing-Service
X-MP-GENERATED-AT
Rt-Fastcgi-Cache
X-Varnish-Server
Mn-Server-Ip
X-Human
X-Backend-Name
X-From
X-TNCMS
X-Guploader-Uploadid
X-Loop
X-Varnish-Cache-Hits
X-R9-Blue-Green-Version
Vix-Hermes-Req-Id
X-Hit
X-Web-Node
X-AWS-Id
X-Proxy-Build
X-Labrador-Cache-Channel
X-Upgrade-Enabled
X-EIG-Tracking-Id
X-VWS-Id
X-VG-TLSProxy
X-Timing-Wait
X-LJ-Flow-ID
X-Rule
Decoy-Debug-Status
Decoy-Debug-TTL
X-Cluster-Node
X-Origin-Response-Time
Cache-Name
Decoy-Debug-Key
Akamai-GRN
X-Akamai-Request-ID
Now
X-Cache-Host
X-FC-Vary-Parameters
X-Viewer-Country
X-Generated
X-Cache-Grace
X-Www-Served-By
Cache-Key
X-Debug-Cache
Release
DSUID
X-Via-Fastly
X-Locale
X-Site-Version
X-Magnolia-Registration
X-OCL
X-NCache
X-Device-Type
X-Region
X-PCL
X-Trace-Id
X-Proto
X-Dc
ServedBy
Mail-Subject
We-Hiring
DB-Nickname
OT-Force-Account-Verify
X-Hosted-By
X-Environment-Context
X-Endurance-Cache-Level
X-L-Path
X-JoinUs
X-Rendered-As
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-ShardId
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Alternate-Cache-Key
X-Shopify-Stage
ProcessTime
X-ShopId
X-CCM
X-Xfnlog-Site
X-S
X-Request-Time
X-NewRelic-App-Data
X-IP
X-Akamai-Request-ID2
X-RCS-CacheZone
X-Time-Microsecs
Version
X-Load-Cache
Time
Uber-Trace-Id
X-Ratelimit-Reset
Property-Id
S-Rt
Azure-Version
Azure-SlotName
Azure-InstanceId
Azure-RegionName
TWC-Device-Class
Azure-SiteName
NtCoent-Length
TWC-Connection-Speed
X-VCT
X-Wix-Request-Id
TWC-GeoIP-Country
X-FW-Version
X-Origin-Hint
Webcakes-App-Version
Webcakes-Region
TWC-GeoIP-LatLong
Webcakes-App-Name
TWC-Locale-Group
TWC-Privacy
X-Varnish-Hits
X-Origin
Cteonnt-Length
X-No-Session
X-Via-CDN
X-EdgeConnect-Cache-Status
X-ProxyCache-Status
X-ProxyCache-Key
X-UUID
X-Nginx-Cache
X-Proxy
X-Redis-Cache
X-BYPASS-REASON
X-UA
X-FireWall-Port
NGX
X-CDN-Forward
X-Platform-Server
X-GEO
X-Vgn-Hpd-Reason
X-HTML-Minification-Powered-By
X-MServer
X-ECACHE
X-Akamai-Transformed
X-Hl-Ver
X-Daa-Tunnel
Odigeo-Trace-Id
X-PERF
X-CS
X-Rocket-Nginx-Bypass
X-Format
X-ApacheServer
X-Cache-Server
X-Cache-NE
Accept-Language
X-Oneagent-Js-Injection
X-IPS-LoggedIn
Ec-Rule-Version
Origin
X-PressLabs-Stats
X-Cache-Remote
Access-Control-Request-Headers
X-UnsetCookies
LB
X-Dynatrace-Js-Agent
Cache-Tags
X-ServerID
X-Distributor
X-Tb
X-Real-IP
X-Amzn-Remapped-Content-Length
X-Webkit-Csp
Selected-Fe
Fastly-SSL
L5d-Success-Class
Proxy-Connection
X-BACKEND-TTL
X-Compress-Hint
X-Microcachable
X-URL
X-B3-Parentspanid
X-Unique-ID
X-A-Dgt
AKAMAI
A
X-Developer
X-Region-Sid
Arc-Country
AsisCache
X-A-Dcw
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
BehaviorPad-Version
X-A-Wwc
X-Cdn-Srv
X-S-Maxage
X-Application
X-ARC
X-ScT
X-Cache-Bucket
X-B-Cookie
X-S-Cookie
X-App-Name
X-Rewrite-Enabled
X-Aed
X-Rojux
Cache-Cookie-Set-Lfrom
X-AIR-PT
X-Accel-Expires-Debug
X-A-Dam
MD5-Digest
X-CF-Lambda-Version
Meta-Geo-Continent
X-Org
X-D
X-PAYTM-SRV-ID
X-Date
Mobile-Detection-Method
Node
Rt-Proxy-Cache
Server-ID
X-Connection-Hash
REQUESTUUID
Request-Time
X-NU-AKA-ACS-Version
Rendered-Blocks
Viewtype
GEO-REGION-INFO
Cdn-Host
Cdn-Request-Time
X-A
X-Destination
X-A-Ccd
X-Cluster-Name
X-Detected-As
Content-Script-Type
Content-Style-Type
Fly-Cache
X-DPWN-IS-SECURE
Fly-Request-Id
Fastcgi-X-Cache-Version
VivaBuild
X-CF-Lambda-Fn
Cross-Origin-Window-Policy
Cache-Prefix
X-Request-UUID
X-Twitter-Response-Tags
X-SRCache-Key
X-Edge-Server
X-SVT-ORM-RULES
X-Nc
X-IN-APIGATEWAY
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Is-Bot
X-Worker
X-SVT-ORM-VERSION
X-Geo-Header
X-Internal-Host
X-Transaction
X-Generated-On
X-G
Xc-Version
X-External-Request-Id
X-Level-Front-Cache
X-Instart-Info
X-Trv-Group
X-Server-Time
X-Varnish-Url
X-VG-WebServer
ServerName
X-Pubstack
Served-By
Hostname
Fastly-SIE
UCS
Fastly-SWR
X-CGP
X-Nginx-Cache-Key
Esi-Enabled
Content-Disposition
Memcached
Section-Io-Cache
X-Core-Mission
X-Eu-Site
X-Method
W
X-C
X-TrackingId
IBM-Web2-Location
HA-Ipaddr
Ha-Gx-Prefs
Gh-Request-Id
X-Fastly-Cache
X-Distil-CS
Origin-Edge-Control
X-Clientip
Apple-News-Services-Host
X-Rebelmouse-Surrogate-Control
X-Backend-State
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
X-Server-IP
X-Developers
Request-Country
Countrycode
X-HS-Combine-CSS
X-Rebelmouse-Cache-Control
Apple-News-Services-Request-Url
X-Qloud-Router
X-Skip-Cache
X-HS-Cache-Config
Origin-Cache-Control
X-Varnish-Cacheable
Proxy-Firewall
X-We-Are-Hiring
X-BBXSRF
Backend-Name
X-Location
Request-EU
X-ElasticPress-Search
X-SERVER
SS
RNT-Time
RNT-Machine
Resin-Trace
Server-Host
Server-Int
X-Thanos
X-GeoIP-Country-Code
X-NC
X-Grey
X-Cdn-Origin
Country-Code
X-Cache-Category-Id
X-Cache-Info
Powered-By
X-Auto-Login
Who
X-Key
Wxu-Next-Commit
Wxu-Next-Hostname
X-Generation-Time
Wxu-Next-Region
X-Bip
X-NX-Host
X-ServiceProvider
X-Irp-Debug
X-Sn-Servicetimems
X-Wikidot-Static-Cache
Fastly-Soc-X-Request-Id
X-Servername
X-Debug-Cookies
X-Debug-Log
X-Crawler
X-Wikidot-Backend
X-Webstats-RespID
X-Release
X-Reqid
X-Dispatch
X-Reboot
X-Device-Os
X-Variation
Adler-Geo
X-SIPLIST1
GW-Server
X-Epic-Correlation-Id
Platform
L
On-Server
N-Cache
X-TH-Server
X-FPC
Kp-EeAlive
Is-Eu
X-Hash
Heartbleed
Pramga
IsBot
X-Urbn-Context-Path
X-Cache-Backend
X-Urbn-Site-Id
Locale
X-Gen-Mode
X-Hnp-Log
X-Cache-FS-Status
X-Dispatcher-Server
X-Gannett-Site-Version
X-Cache-Id
X-Li-Pop
X-Fetched-On
X-CUA
X-CDN-Cache
X-Li-Fabric
X-LI-Proto
X-Clara-WADP
X-Cms-Context
X-Response-By
X-SD-PageType
X-Block-Status
X-GeoIP-City
X-Request-URI
X-Proxy-Upstream
X-PHP-Host
CDCHOST
X-Proxy-Cache-Status
X-Swa-Ws
X-SERVER-NAME
PFcat
X-WADP-Cache
X-VC-Cache
X-WebServer
X-Request-Start
X-Origin-Date
X-Origin-Expires
X-Pf-Uncompressing
X-Secret
X-LI-UUID
Web-Mar-Node
True-Client-Country-4JS
User-Cache-Control
X-Owner
X-Amz-Meta-Cache-Control
X-Azure-Ref-OriginShield
X-Azure-Ref
SD-X-WS
X-Varnish-Ttl
X-Edge
X-VServer
X-Thinkindot-L3
X-CLOUD-TRACE-CONTEXT
X-Matched-Rule
V-Age
X-OVcl
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
CF-IPCountry
Thinkindot-Control
X-FE
X-OVcl-Cache
X-Parent-Response-Time
X-Hello
Magicmarker
X-Processor
X-ABtesting
X-Via-NSCOPI
X-Ratelimit-Remaining
X-Served-From
Pagetype
PageSpeed
X-Flog
X-Be
X-User
X-Backend-Url
X-Powered-By-Defense
User-Agent
X-Backend-Host
X-Via-Edge
X-Via-SSL
Mime-Version
X-MSEdge-Flight
X-GoCache-CacheStatus
X-MSEdge-Features
X-Generated-In
X-Up
X-LAGOON
Memory
X-Debug-Cache-Expiry
X-Varnish-Beresp-Ttl
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Protected-By
X-ND-Cache
X-Tt-Trace-Tag
X-Soup
X-Newrelic-Synthetics
X-Geo
X-Ttl
Geoip-City
GeoIp-Country-Code
Geoip-Latitude
X-Ua
X-Page-Type
Cache-Hits
X-Planisys-CDN-Rules
X-Check-Cacheable
X-Fstrz
X-Planisys-CDN-TTL
X-Oss-Object-Type
X-Planisys-CDN-Cache
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
Pragrma
X-Origin-CC
X-B3-SpanId
X-Backend-TTL
X-Origin-TTL
X-Akamai-SSL-Client-Sid
X-ZONE
X-Tec-Api-Root
X-Zone
X-Tec-Api-Origin
X-Tec-Api-Version
X-Say-TTL
X-Say-Cacheable
X-Old-Content-Length
X-SayCDN-TTL
X-Litespeed-Cache
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Core-Value
X-Cache-Time
X-IN-WAF
X-Phone
WZWS-RAY
X-Cdn-Forward
X-CSRF-TOKEN
XServer
X-TT-LOGID
Cdn
X-Cache-Ttl
X-HS-Status
X-Logtrace-Id
X-Datadome
X-Servedbyhost
X-DC
Fastly-Backend-Name
X-Node-Id
X-Vcl-Version
Ajk
Inserted-Into-Cache-At
X-IN-APIGATEWAYSSL
X-MID
Amp-Access-Control-Allow-Source-Origin
Dynatrace
X-Ruxit-Js-Agent
FSS-Cache
X-Aicache-OS
X-BC
X-Tb-Optimization-Total-Bytes-Saved
FSS-Proxy
X-NODE
HostName
X-Amzn-Remapped-Date
X-Birta-Cache-Post
X-Birta-Served
X-UPSTREAM-Address
X-Mid
X-VCL-Version
X-Amzn-Remapped-Connection
X-ServedByHost
SN
X-EC-Lua
X-Varnish-Authentication
X-APP
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Cache-ASPX
Server-Surrogate-Control
X-Refresh
CF-Cached-On
Server-Cache-Control
X-Wa
X-Contensis-Viewer-Groups
X-CSRF-Token
X-Varnish-IP
X-Info
Selected-FE
X-Proxy-Cacherz
RequestId
X-COUNTRY
PICS-Label
Xkeyrz
T-Server
Srv
X-FORWARDED-FOR
X-Bc
X-NWS-UUID-VERIFY
X-PJAX-URL
X-Agile-Age
X-WR-MODIFICATION
X-Agile-Id
HitType
X-Agile
X-GDPR
X-Cache-Debug
X-Real-Ip
X-App-Version
X-Source
MIME-Version
X-LiteSpeed-Cache-Control
X-ECache
Ohc-File-Size
X-Varnish-Beresp-TTL
X-Render-Time
X-Nananana
WebServer
X-LB-ID
X-Fastly-Country-Code
GeoIP-Latitude
GeoIP-City
URI
X-Via-Ucdn
Cf-Ipcountry
GeoIP-Country-Code
SID
DataCenter
Ohc-Cache-HIT
X-Web-Server
X-Unique-Id
X-Policy
X-CACHE-KEY
Xkeynj
X-PAGE-TYPE
X-TIME
Is-Session-Tracking
Get-Access-Time
X-Uri
X-Micro-Cache
X-Cache-Tag
X-Sedo-Request-Id
Cache-Provider
X-Lb-Id
X-NGINX-Cache
X-Cache-Miss-From
X-BE
X-Service
X-Fastly-Backend-Reqs
X-Requestid
X-Var-Ttl
CDN
X-Request-Url
Group
Xet-Cookie
X-MCACHE
Pics-Label
Lb
Ohc-Response-Time
X-JWT-State
X-Is-Gdpr
X-Has-Esi
X-Pjax-Url
X-Apw-Access-Token
X-Apw-Hits
X-Apw-Access-Action
X-NGENIX-Cache
HTTPS
Cneonction
X-Vct
X-Apw-Access-Object
X-Dw-Trace-Id
X-SRV
X-Swift-Error
Backend
FNAC-ModuleRouting
Correlation-Id
X-Cdn-Request-ID
Warning
X-Ecache
Www
X-Edge-IP
X-Cf-Powered-By
X-WA
X-SN
X-Newrelic-App-Data
X-Fe
X-DSS
X-RSL
X-RPS
X-Akamai-ERPolicy
X-Litespeed-Cache-Control
X-Request-URL
X-RPM
X-Instart-Isnd
X-Fastly-Cache-Hits
X-Bug-Bounty
X-Akamai-ERRuleID
X-Serial
X-Page-Impression-Id
X-DW
X-Zalando-Child-Request-Id
X-ServerName
X-PF-Uncompressing
Host-ID
X-Flow-Id
X-Cache-Expires
Lfy
X-DB
X-Fpc
X-DI