Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
CF-Cache-Status
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Alt-Svc
X-Adblock-Key
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Age
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Id-2
X-Amz-Request-Id
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
EagleId
Grace
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Server-Id
X-WebKit-CSP
Server-Timing
Feature-Policy
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Host
Report-To
X-Rq
X-Ac
X-Node
Content-Location
X-OneAgent-JS-Injection
X-Request-ID
X-Cnection
X-Response-Time
X-Backend-Server
X-Cloud-Trace-Context
X-Origin-Cache
X-Application-Context
X-Readtime
Request-Id
Allow
Surrogate-Control
EagleEye-TraceId
X-ORACLE-DMS-ECID
X-Vhost
X-Country
X-DynaTrace
X-TTL
X-Cache-Lookup
X-Cdn
X-Rack-Cache
Pinterest-Generated-By
X-Origin-Upstream-Status
X-Url
X-Clacks-Overhead
NEL
X-Ua-Compatible
X-FTR-Request-ID
Rating
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country-Code
X-Ruxit-JS-Agent
X-Dispatcher
X-ORACLE-DMS-RID
X-Dns-Prefetch-Control
X-CST
X-HW
X-Instart-Request-ID
X-Goog-Hash
Fusion-Content-Source
Fusion-Content-Id
Fusion-Template-Id
Fusion-Component-Id
Fusion-Source
X-DataStream-Cache-Status
Edge-Control
X-Vname
X-TtlSet
X-PC
X-Px
X-VARITI-CCR
X-DataDome
Service-Worker-Allowed
Verso
X-Mod-Pagespeed
X-MS-InvokeApp
X-Recruiting
RTSS
X-Kinja-Server
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-Use-Magma
X-Varnish-TTL
SPRequestGuid
X-D2id
X-Vcap-Request-Id
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
TCN
X-SharePointHealthScore
X-GitHub-Request-Id
X-SRCache-Fetch-Status
X-Akam-SW-Version
X-SRCache-Store-Status
Display
Response
X-Sol
X-ESI
X-Middleton-Display
X-Middleton-Response
X-Powered-By-Plesk
X-Navigation-Version
MS-Author-Via
X-RateLimit-Remaining
X-B3-TraceId
DynaTrace
Charset
X-Forwarded-Proto
Realpath
X-Powered-CMS
X-Shield-Request-Id
X-Amz-Rid
X-Upstream
ServerID
Public-Key-Pins
X-TEC-API-ORIGIN
X-Version
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Trace
Nginx-Cache
Fastly-Restarts
X-Server-Name
X-Cached
AR-ATIME
AR-PoweredBy
Ar-Sid
AR-CACHE
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
Accept-CH
Content-MD5
X-Shard
X-Dw-Request-Base-Id
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Grace
AR-Request-ID
Access-Control-Request-Method
Paypal-Debug-Id
X-MSEdge-Ref
Pagespeed
X-Client-IP
SPIisLatency
SPRequestDuration
X-Goog-Storage-Class
S
X-DynaTrace-JS-Agent
X-Id
X-Debug
X-Country-Code-Real
X-FTR-Backend
X-FTR-Expires
X-FTR-Realm
Accept-Ch-Lifetime
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Balancer
X-FTR-Backend-Server
X-Ezoic-Cdn
X-Amz-Meta-S3cmd-Attrs
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
Front-End-Https
X-Fastly-Request-ID
X-T
X-Amzn-Trace-Id
X-NF-Request-ID
X-N
Arr-Disable-Session-Affinity
X-FastCGI-Cache
X-DIS-Request-ID
MicrosoftSharePointTeamServices
Pinterest-Version
X-Pinterest-Rid
Accept-Ch
X-Content-Type
X-Upstream-Proxy
X-Hits
X-XRDS-Location
X-B3-Sampled
X-B3-Traceid
X-Vcache
X-FTR-Cache-Host
X-VCache
X-Acc-Meta-Resource-Type
X-Frontend
Arc-Version
X-Ser
X-Mobile-Rewrite
PB-PID
PB-RID
Fastcgi-Cache
X-Varnish-Age
X-Logged-In
Server-Name
X-Correlation-Id
X-Content-Digest
Alternate-Protocol
X-Srv
X-Node-Name
X-Cache-Key
Nel
X-Microsite
X-Pad
AMP-Access-Control-Allow-Source-Origin
X-Request-Handler-Origin-Region
FilterID
X-User-Agent
X-Rid
X-Forwarded-For
X-Type
TP-Cache
Powered
X-LB-Cache
TP-L2-Cache
X-F-Cache
X-Kinsta-Cache
Healthy
Host
X-Cache-2
X-IPLB-Instance
X-Request-Received
X-Zen-Fury
X-Request-Processing-Time
X-Amz-Apigw-Id
X-Amzn-RequestId
Accept-CH-Lifetime
X-Revision
Edge-Cache-Tag
Powered-By-ChinaCache
X-Debug-Info
X-AOL-HN
X-GUploader-UploadID
X-Via-JSL
X-Cache-Age
X-Cached-By
Backend-Timing
X-Analytics
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-HS-Content-Id
X-HS-Hub-Id
X-Hostname
X-XRDS-LOCATION
X-AppVersion
X-Activity-Id
X-Az
X-Accel-Expires
X-Cache-Rule
Surrogate-Key
X-Fastcgi-Cache
X-Varnish-Backend
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Instance
X-Content-Security-Policy-Report-Only
X-Page-Id
X-Tumblr-User
X-RateLimit-Limit
X-Varnish-Grace
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Content-Options
X-App-Environment
X-Akamai-Edgescape
X-BCube-Filmed-By
X-Jobs
X-B-Cache
X-Request-Guid
X-Signature
X-PHP-Backend
Server-Node
X-Content-Powered-By
X-Cluster
Source
X-TT
X-Framework
Cache-Status
X-Amz-Replication-Status
X-Forwarded-Host
Refresh
Cleartype
X-FB-Debug
Liferay-Portal
X-FW-Server
X-FW-Static
X-FW-Type
X-FW-Serve
X-FW-Hash
X-Esi
DC
X-ATG-Version
Tracecode
Accept-Charset
Access-Control-Allow-Method
X-Varnish-Hostname
Fastcgi-Useragent
X-Time
Host-Header
X-Cache-Operation
WPE-Backend
X-Cache-Action
X-Mobile
X-Whom
X-Drupal-Cache-Tags
X-Edge-Location
X-Cache-Control
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-APP-VERSION
NGB
X-WA-Info
X-App-Server
X-B
X-Response-Served-From
Payment
X-Accel-Buffering
X-Hp-Webp
X-Mobile-URL
Actual-Object-TTL
X-Storage
X-Cache-Hit
X-Presslabs-Stats
X-Content-Age
X-TX-ID
X-Git-Hash
X-Handled-By
X-WebKit-CSP-Report-Only
Cache-Tag
X-TT-TIMESTAMP
X-Cacheable-TTL
X-RequestSource
Retry-After
Upgrade-Insecure-Requests
Filters
X-NWS-LOG-UUID
X-UA-Device-Type
Cache-Tv-Group
X-Yottaa-Optimizations
X-Tumblr-Pixel-1
X-Yottaa-Metrics
X-Tumblr-Pixel-2
Viewport
Eomportal-Instance
X-Adobe-Loc
X-GeoIP
X-Cache-TTL
X-Status
X-Adobe-Content
X-SS-Set-Cookie
X-ProcessESI
X-Geo-Country
X-RemovedCookies
MS-CV
X-TA-CDN-Provider
X-VG-WebCache
X-FW-Dynamic
Webserver
X-Cache-TTL-Remaining
X-Seen-By
Xserver
X-Server-ID
X-Host-Name
X-FB-TRIP-ID
X-RTag
Datacenter
X-Cache-Enabled
Ms-Operation-Id
Frame-Options
Cache
Server-Info
X-Ratelimit-Limit
X-Hyper-Cache
X-Oracle-Dms-Rid
From-Origin
X-Contextid
X-Origin-Server
X-B3-Spanid
X-Generated-By
X-Mode
SRV
S-Cnection
Country
X-CF-Powered-By
GEO-INFO
X-ES-SERVER
Meta-Geo
X-Ratelimit-Reset
X-Cache-Config
X-Cache-Var-Map
X-Cache-Var
Machine
X-Tumblr-Pixel-3
Load-Balancing
X-RN-RSRV
X-Path-Route
X-Zipkin-Id
Cache-Key
X-Section
X-Routing-Service
X-Access
X-MP-GENERATED-AT
X-Drupal-Cache-Contexts
X-Proxied
Vix-Hermes-Req-Id
CACHE
X-Upstream-CT
X-From
X-TNCMS
X-Cache-Grace
X-Varnish-Cache-Hits
X-Web-Node
ServedBy
X-Backend-Name
X-Varnish-Server
X-Hit
X-Upstream-HT
X-Human
X-Labrador-Cache-Channel
X-Loop
X-VWS-Id
X-R9-Blue-Green-Version
Rt-Fastcgi-Cache
Akamai-GRN
X-Viewer-Country
X-Rule
Mn-Server-Ip
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
X-Proxy-Build
Cache-Name
X-PCL
X-Cluster-Node
X-LJ-Flow-ID
X-EIG-Tracking-Id
X-Trace-Id
X-Timing-Wait
X-Cache-Host
X-Magnolia-Registration
X-AWS-Id
X-VG-TLSProxy
X-Origin-Response-Time
X-OCL
X-Akamai-Request-ID
Now
X-Environment-Context
X-FC-Vary-Parameters
DSUID
X-Endurance-Cache-Level
X-Upgrade-Enabled
Release
X-Debug-Cache
X-Device-Type
X-L-Path
X-Generated
X-Proto
X-Region
We-Hiring
X-ShopId
X-Shopify-Stage
X-NCache
Mail-Subject
X-Guploader-Uploadid
X-Rendered-As
X-Alternate-Cache-Key
X-Via-Fastly
X-ShardId
X-Sorting-Hat-PodId
X-JoinUs
X-Hosted-By
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Sorting-Hat-ShopId
DB-Nickname
X-RateLimit-Reset
OT-Force-Account-Verify
X-NewRelic-App-Data
X-CCM
X-Site-Version
X-S
Version
X-Dc
ProcessTime
X-Locale
X-Xfnlog-Site
X-Www-Served-By
X-Request-Time
X-RCS-CacheZone
Uber-Trace-Id
X-IP
X-Time-Microsecs
X-VCT
X-Varnish-Hits
Time
X-Load-Cache
Azure-InstanceId
S-Rt
Webcakes-App-Version
Cteonnt-Length
Webcakes-App-Name
TWC-Privacy
X-Akamai-Request-ID2
X-Origin-Hint
Property-Id
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Connection-Speed
Azure-Version
TWC-GeoIP-Country
Azure-SiteName
X-FW-Version
X-Wix-Request-Id
Webcakes-Region
Azure-SlotName
TWC-Device-Class
Azure-RegionName
NtCoent-Length
X-Origin
X-EdgeConnect-Cache-Status
NGX
X-PressLabs-Stats
X-Via-CDN
X-UUID
X-UA
X-BYPASS-REASON
X-No-Session
X-Nginx-Cache
X-ProxyCache-Status
X-ProxyCache-Key
X-Proxy
X-Redis-Cache
X-GEO
X-FireWall-Port
X-Platform-Server
X-ECACHE
X-Vgn-Hpd-Reason
X-CDN-Forward
X-MServer
X-Daa-Tunnel
X-Hl-Ver
X-PERF
X-ApacheServer
X-Cache-NE
X-HTML-Minification-Powered-By
X-Format
X-CS
Origin
Odigeo-Trace-Id
X-IPS-LoggedIn
X-Akamai-Transformed
X-Rocket-Nginx-Bypass
Ec-Rule-Version
Access-Control-Request-Headers
X-UnsetCookies
Cache-Tags
X-ServerID
X-Cache-Server
X-Oneagent-Js-Injection
X-Cache-Remote
Accept-Language
X-Distributor
LB
X-Tb
X-Dynatrace-Js-Agent
Fastly-SSL
X-Real-IP
X-Amzn-Remapped-Content-Length
Selected-Fe
Proxy-Connection
L5d-Success-Class
X-Webkit-Csp
Hostname
X-Unique-ID
X-NC
X-Pubstack
X-B3-Parentspanid
X-Compress-Hint
Served-By
X-Accel-Expires-Debug
X-A-Wwc
X-A-Dgt
X-Worker
Xc-Version
X-Application
X-Cdn-Srv
X-Cache-Bucket
X-Varnish-Url
X-Varnish-Cacheable
Fly-Request-Id
X-Twitter-Response-Tags
X-B-Cookie
X-ARC
X-AIR-PT
X-Vtex-Remote-Cache
X-App-Name
X-A-Dcw
X-VG-WebServer
X-Vtex-Processado-Em
X-Aed
X-A
Cdn-Host
Cdn-Request-Time
MD5-Digest
Meta-Geo-Continent
Cache-Prefix
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Content-Script-Type
Content-Style-Type
Fastly-SWR
Fly-Cache
GEO-REGION-INFO
Fastly-SIE
Cross-Origin-Window-Policy
Fastcgi-X-Cache-Version
Cache-Cookie-Set-From
BehaviorPad-Version
Rt-Proxy-Cache
REQUESTUUID
Request-Time
Server-ID
Viewtype
X-A-Ccd
VivaBuild
A
AKAMAI
Node
Mobile-Detection-Method
AsisCache
Arc-Country
Rendered-Blocks
Proxy-Firewall
X-A-Dam
X-CF-Lambda-Fn
X-IN-APIGATEWAY
X-Destination
X-PAYTM-SRV-ID
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Request-UUID
X-Region-Sid
X-Geo-Header
X-Instart-Info
X-Cluster-Name
X-Date
X-NU-AKA-ACS-Version
X-Org
X-D
X-Is-Bot
X-Internal-Host
X-Connection-Hash
X-Trv-Group
X-Rewrite-Enabled
X-DPWN-IS-SECURE
X-SRCache-Key
X-Rojux
X-CF-Lambda-Version
X-Developer
X-BACKEND-TTL
X-Transaction
X-Microcachable
X-Edge-Server
X-ScT
X-S-Maxage
X-S-Cookie
X-Detected-As
X-G
X-External-Request-Id
X-Server-Time
Origin-Cache-Control
Origin-Edge-Control
X-URL
ServerName
X-ElasticPress-Search
IBM-Web2-Location
X-Backend-State
X-BBXSRF
X-Skip-Cache
X-Fastly-Cache
X-Generated-On
X-Server-IP
Memcached
X-Eu-Site
Ha-Gx-Prefs
X-SVT-ORM-VERSION
X-TrackingId
X-Developers
X-Distil-CS
X-SVT-ORM-RULES
X-We-Are-Hiring
X-Cache-Info
Gh-Request-Id
HA-Ipaddr
X-HS-Combine-CSS
W
Request-EU
X-Nginx-Cache-Key
X-Debug-Cookies
X-NX-Host
Section-Io-Cache
X-Debug-Log
Request-Country
X-Location
X-CGP
X-Qloud-Router
Server-Int
X-Clientip
X-Core-Mission
X-Level-Front-Cache
On-Server
X-HS-Cache-Config
Resin-Trace
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
PageSpeed
Apple-News-Services-Host
Countrycode
Apple-News-Services-Handled
Backend-Name
Esi-Enabled
X-Cache-Category-Id
X-Grey
X-Epic-Correlation-Id
X-Wikidot-Static-Cache
X-FPC
X-Gannett-Site-Version
X-Webstats-RespID
X-Wikidot-Backend
X-Device-Os
X-Auto-Login
X-C
Wxu-Next-Region
Wxu-Next-Hostname
Who
Wxu-Next-Commit
X-Bip
X-Block-Status
Kp-EeAlive
X-Gen-Mode
X-Swa-Ws
X-Cdn-Origin
X-Cache-Id
X-Dispatch
X-Hash
X-Servername
X-Secret
X-Variation
X-Request-URI
X-ServiceProvider
X-SIPLIST1
X-TH-Server
X-Thanos
X-Sn-Servicetimems
X-Reqid
X-Release
X-Irp-Debug
X-Cache-Backend
X-Hnp-Log
Web-Mar-Node
X-Key
X-Method
X-Proxy-Upstream
X-Proxy-Cache-Status
X-PHP-Host
X-GeoIP-Country-Code
X-Crawler
IsBot
RNT-Machine
Is-Eu
RNT-Time
CDCHOST
Content-Disposition
True-Client-Country-4JS
Powered-By
Platform
Adler-Geo
GW-Server
SS
User-Cache-Control
Pramga
UCS
Country-Code
X-SERVER
X-LI-UUID
X-CUA
X-Clara-WADP
X-LI-Proto
X-Origin-Expires
X-CDN-Cache
N-Cache
X-VServer
X-WADP-Cache
X-WebServer
X-Edge
X-Generation-Time
X-Cache-FS-Status
SD-X-WS
X-Li-Fabric
Server-Host
X-Dispatcher-Server
X-Li-Pop
X-Origin-Date
L
X-Reboot
Fastly-Soc-X-Request-Id
X-Azure-Ref
X-Request-Start
X-Response-By
V-Age
X-Nc
Heartbleed
X-SD-PageType
X-Azure-Ref-OriginShield
X-Amz-Meta-Cache-Control
X-Owner
X-Urbn-Context-Path
X-Urbn-Site-Id
Locale
CF-IPCountry
X-GeoIP-City
X-FE
X-SERVER-NAME
X-Fetched-On
X-OVcl
PFcat
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-VC-Cache
X-Thinkindot-L3
X-Matched-Rule
X-Pf-Uncompressing
X-OVcl-Cache
X-Cms-Context
Thinkindot-Control
X-Varnish-Ttl
Magicmarker
X-CLOUD-TRACE-CONTEXT
X-Via-NSCOPI
X-Served-From
X-Processor
X-Powered-By-Defense
User-Agent
X-Ratelimit-Remaining
X-Flog
X-Via-Edge
Pagetype
X-LAGOON
X-ABtesting
X-Parent-Response-Time
X-Via-SSL
X-Hello
Mime-Version
X-Be
X-Generated-In
X-User
X-Backend-Host
X-Backend-Url
Memory
X-GoCache-CacheStatus
X-Up
X-Protected-By
X-MSEdge-Features
X-MSEdge-Flight
X-ND-Cache
X-Varnish-Beresp-Ttl
X-Datadome
X-Tt-Trace-Tag
X-Newrelic-Synthetics
X-Ua
X-Debug-Cache-Expiry
X-Page-Type
X-Debug-Cache-Fetch
X-Soup
X-Debug-Cache-Store
Pragrma
X-Fstrz
X-Geo
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-B3-SpanId
X-Planisys-CDN-TTL
X-COUNTRY
X-Ttl
X-Origin-TTL
X-Origin-CC
Cache-Hits
X-ZONE
X-Check-Cacheable
GeoIp-Country-Code
Geoip-City
X-Backend-TTL
Geoip-Latitude
X-Oss-Server-Time
X-Say-TTL
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Akamai-SSL-Client-Sid
X-Oss-Request-Id
X-SayCDN-TTL
X-Oss-Object-Type
X-Say-Cacheable
X-Zone
X-IN-WAF
X-Old-Content-Length
X-Cache-Ttl
X-Core-Value
XServer
X-Phone
X-CSRF-TOKEN
X-Cdn-Forward
X-Litespeed-Cache
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Servedbyhost
X-TT-LOGID
X-DC
X-Cache-Time
WZWS-RAY
X-HS-Status
Fastly-Backend-Name
Cdn
X-IN-APIGATEWAYSSL
X-Logtrace-Id
Inserted-Into-Cache-At
X-BC
X-Aicache-OS
Ajk
X-Node-Id
X-VCL-Version
Dynatrace
X-Mid
Amp-Access-Control-Allow-Source-Origin
X-MID
X-Birta-Cache-Post
X-Birta-Served
X-Ruxit-Js-Agent
FSS-Cache
SN
X-Vcl-Version
FSS-Proxy
X-FORWARDED-FOR
X-EC-Lua
X-Tb-Optimization-Total-Bytes-Saved
X-Info
X-ServedByHost
X-RateLimit-Limit-Second
X-UPSTREAM-Address
X-Varnish-IP
X-APP
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
Selected-FE
X-Tec-Api-Version
X-Real-Ip
X-Tec-Api-Root
X-Wa
X-Tec-Api-Origin
X-RateLimit-Remaining-Second
Server-Surrogate-Control
X-Varnish-Authentication
X-Proxy-Cacherz
CF-Cached-On
HostName
X-Cache-ASPX
Server-Cache-Control
X-Refresh
X-Contensis-Viewer-Groups
HitType
Xkeyrz
X-Source
X-App-Version
T-Server
X-Agile-Id
RequestId
X-Cache-Debug
X-Agile
X-Agile-Age
X-Bc
X-CSRF-Token
Srv
Ohc-File-Size
X-Render-Time
X-CACHE-KEY
PICS-Label
X-GDPR
GeoIP-Country-Code
X-PJAX-URL
MIME-Version
X-LiteSpeed-Cache-Control
X-Nananana
X-ECache
GeoIP-Latitude
GeoIP-City
X-Via-Ucdn
X-Varnish-Beresp-TTL
Ohc-Cache-HIT
X-WR-MODIFICATION
X-TIME
X-NWS-UUID-VERIFY
WebServer
X-LB-ID
DataCenter
X-Fastly-Country-Code
URI
Cf-Ipcountry
X-Policy
X-Web-Server
SID
X-Cache-Tag
X-Unique-Id
Is-Session-Tracking
Get-Access-Time
X-SRV
X-Micro-Cache
X-BE
X-PAGE-TYPE
X-Uri
Xkeynj
Cache-Provider
X-Lb-Id
X-Request-Url
Group
X-Requestid
CDN
X-Sedo-Request-Id
X-NGINX-Cache
X-Fastly-Backend-Reqs
X-Cache-Miss-From
X-GRACE
X-MCACHE
X-Service
HTTPS
Lb
X-Pjax-Url
X-Var-Ttl
Xet-Cookie
X-Apw-Access-Action
X-Vct
Pics-Label
X-Swift-Error
Www
Ohc-Response-Time
X-Apw-Access-Token
X-Apw-Hits
X-SN
Cneonction
X-JWT-State
X-Apw-Access-Object
Backend
X-Has-Esi
X-Is-Gdpr
X-Edge-IP
X-NGENIX-Cache
X-Dw-Trace-Id
X-Cf-Powered-By
X-Cache-Expires
X-Ecache
X-WA
Host-ID
Correlation-Id
FNAC-ModuleRouting
Warning
X-Cdn-Request-ID
X-Instart-Isnd
X-Newrelic-App-Data
X-Litespeed-Cache-Control
X-Fe
X-Fastly-Cache-Hits
X-Serial
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Bug-Bounty
X-DB
X-DI
X-DSS
Lfy
X-Zalando-Child-Request-Id
X-Html-Edge-Cache
Requestid
X-DW
X-RPM
X-Page-Impression-Id
X-PF-Uncompressing
X-ServerName
X-Fpc
X-RPS
X-RSL
X-Flow-Id