Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Request-Id
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
X-Drupal-Cache
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
P3p
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
X-Template
Status
X-Language
Timing-Allow-Origin
Content-Encoding
X-Content-Security-Policy
X-Iinfo
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-Turbo-Charged-By
X-CDN
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Amz-Request-Id
X-Amz-Id-2
X-Pingback
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
X-Server-Powered-By
EagleId
X-Varnish-Cache
X-UA-Device
X-Nginx-Cache-Status
Request-Context
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
X-WebKit-CSP
X-Ua-Compatible
Ali-Swift-Global-Savetime
Feature-Policy
X-Device
Server-Timing
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Host
X-Ac
Report-To
X-Rq
Content-Location
X-OneAgent-JS-Injection
X-Node
X-Server-Id
X-Backend-Server
X-Response-Time
X-Cnection
X-Origin-Cache
X-Cloud-Trace-Context
X-Application-Context
EagleEye-TraceId
Allow
Request-Id
X-Readtime
Surrogate-Control
X-Cdn
X-Cache-Lookup
X-Country
X-ORACLE-DMS-ECID
X-Url
X-DynaTrace
X-Vhost
X-TTL
X-Ruxit-JS-Agent
Pinterest-Generated-By
X-Clacks-Overhead
X-Rack-Cache
NEL
X-Origin-Upstream-Status
X-CST
X-ORACLE-DMS-RID
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Rating
X-FTR-Request-ID
X-Country-Code
X-HW
X-Goog-Hash
X-Instart-Request-ID
X-Dispatcher
X-DataStream-Cache-Status
Edge-Control
Fusion-Content-Id
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Source
X-Vname
X-PC
X-TtlSet
X-Px
X-VARITI-CCR
Service-Worker-Allowed
X-Mod-Pagespeed
X-MS-InvokeApp
SPRequestGuid
Verso
X-Recruiting
X-Request-ID
X-Cdn-Fetch
X-Kinja-Build
X-Exp-Variant
X-Use-Magma
X-GoogleNews-Bot
X-Exp-Id
X-Kinja-Server
X-Dns-Prefetch-Control
X-Kinja
X-Kinja-Revision
X-D2id
X-B3-TraceId
X-Varnish-TTL
X-ESI
X-DataDome
X-Vcap-Request-Id
X-SharePointHealthScore
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
DynaTrace
TCN
X-Powered-By-Plesk
X-RateLimit-Remaining
X-Navigation-Version
X-GitHub-Request-Id
RTSS
X-SRCache-Store-Status
X-Sol
X-Middleton-Display
X-Middleton-Response
Response
X-SRCache-Fetch-Status
Display
X-Server-ID
X-Server-Name
Content-MD5
Charset
X-Akam-SW-Version
MS-Author-Via
AR-PoweredBy
Ar-Sid
AR-CACHE
AR-ATIME
X-Amz-Rid
X-Shield-Request-Id
ServerID
Realpath
X-Trace
AR-Request-ID
X-Dw-Request-Base-Id
Accept-Ch-Lifetime
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Powered-CMS
X-Goog-Stored-Content-Encoding
X-Cached
X-DynaTrace-JS-Agent
X-Version
Nginx-Cache
X-Forwarded-Proto
X-Shard
X-Upstream
SPRequestDuration
SPIisLatency
Accept-CH
MRF-Tech
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
Public-Key-Pins
Fastly-Restarts
X-Goog-Storage-Class
Pagespeed
Paypal-Debug-Id
X-Client-IP
X-MSEdge-Ref
Access-Control-Request-Method
X-Upstream-Proxy
Pinterest-Version
X-Pinterest-Rid
S
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Amz-Meta-S3cmd-Attrs
X-Debug
Accept-Ch
X-Id
X-Ezoic-Cdn
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Realm
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend
X-FTR-Expires
X-DIS-Request-ID
X-N
X-Fastly-Request-ID
X-T
MicrosoftSharePointTeamServices
X-XRDS-Location
X-Grace
X-VCache
Arr-Disable-Session-Affinity
X-Ser
X-Varnish-Age
Alternate-Protocol
Arc-Version
PB-RID
PB-PID
X-Mobile-Rewrite
X-Amzn-Trace-Id
X-Hits
X-NF-Request-ID
Front-End-Https
X-B3-Sampled
X-Content-Type
Fastcgi-Cache
X-Acc-Meta-Resource-Type
X-FTR-Cache-Host
X-Frontend
X-Logged-In
Server-Name
X-Content-Digest
X-Pad
X-Srv
X-Vcache
X-Forwarded-For
X-Correlation-Id
Host
X-Fastcgi-Cache
AMP-Access-Control-Allow-Source-Origin
Nel
X-Node-Name
X-FastCGI-Cache
X-Request-Handler-Origin-Region
Powered-By-ChinaCache
X-Microsite
FilterID
Healthy
TP-Cache
TP-L2-Cache
X-Kinsta-Cache
X-LB-Cache
X-Rid
X-Type
X-Debug-Info
Edge-Cache-Tag
X-IPLB-Instance
X-AOL-HN
X-User-Agent
X-Request-Received
X-GUploader-UploadID
X-Request-Processing-Time
X-Cached-By
X-Cache-2
X-Hostname
X-Revision
X-HS-Hub-Id
X-HS-Content-Id
X-Cache-Rule
X-F-Cache
Powered
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Zen-Fury
X-XRDS-LOCATION
Surrogate-Key
X-Analytics
X-Accel-Expires
X-Cache-Key
Backend-Timing
X-Cache-Age
X-RateLimit-Limit
X-Page-Id
X-Content-Security-Policy-Report-Only
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Varnish-Backend
X-Kong-Upstream-Latency
X-Content-Options
X-Kong-Proxy-Latency
X-BCube-Filmed-By
X-Varnish-Grace
X-FB-Debug
X-Jobs
Source
X-Cluster
X-PHP-Backend
X-Request-Guid
X-Az
X-Activity-Id
X-AppVersion
Cache-Status
X-Amz-Replication-Status
X-Instance
X-Content-Powered-By
X-Tumblr-User
X-App-Environment
X-B3-Traceid
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-TT
X-Akamai-Edgescape
Cleartype
X-Framework
X-Via-JSL
Server-Node
Tracecode
X-Varnish-Hostname
WPE-Backend
Refresh
X-Forwarded-Host
Host-Header
X-Mobile
X-ATG-Version
X-FW-Hash
X-FW-Serve
X-Signature
X-Cache-Operation
X-NWS-LOG-UUID
X-FW-Server
X-B-Cache
X-FW-Static
X-FW-Type
X-Cache-Control
X-Cache-TTL
X-Time
Accept-Charset
Liferay-Portal
DC
X-Drupal-Cache-Tags
Actual-Object-TTL
X-Edge-Location
X-Cache-Action
Access-Control-Allow-Method
X-Cache-Hit
Upgrade-Insecure-Requests
Accept-CH-Lifetime
X-App-Server
X-Hp-Webp
X-Accel-Buffering
X-Whom
Fastcgi-Useragent
X-Mobile-URL
X-Response-Served-From
Payment
X-TX-ID
X-Storage
X-UA-Device-Type
X-Content-Age
X-WebKit-CSP-Report-Only
Cache
X-VG-WebCache
X-Handled-By
X-B
X-TT-TIMESTAMP
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Cacheable-TTL
X-RequestSource
X-SS-Set-Cookie
Filters
X-GeoIP
Eomportal-Instance
X-Adobe-Content
Xserver
X-Git-Hash
X-Adobe-Loc
X-Ratelimit-Reset
X-RemovedCookies
X-Tumblr-Pixel-2
X-ProcessESI
Cache-Tv-Group
X-Tumblr-Pixel-1
Viewport
X-Geo-Country
X-WA-Info
X-TA-CDN-Provider
Server-Info
X-FB-TRIP-ID
Cache-Tag
Webserver
X-Status
Datacenter
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Cache-Enabled
X-Cache-TTL-Remaining
Retry-After
NGB
X-Esi
X-Contextid
X-FW-Dynamic
X-Seen-By
S-Cnection
X-CF-Powered-By
X-APP-VERSION
X-Presslabs-Stats
X-Ratelimit-Limit
X-Origin-Server
X-Host-Name
X-Mode
X-PressLabs-Stats
MS-CV
Country
X-Daa-Tunnel
From-Origin
X-Magnolia-Registration
X-Rendered-As
X-Cache-Var
X-Cache-Var-Map
X-Varnish-Hits
X-Cache-Config
X-AWS-Id
Machine
Meta-Geo
Load-Balancing
X-LJ-Flow-ID
X-VWS-Id
X-Path-Route
X-RN-RSRV
Frame-Options
X-ES-SERVER
X-Routing-Service
Mail-Subject
X-Cache-Grace
X-Proxied
X-Hit
X-Cache-Host
X-Upstream-HT
X-Upstream-CT
GEO-INFO
X-Zipkin-Id
We-Hiring
X-Hyper-Cache
X-Labrador-Cache-Channel
X-Human
Cache-Key
Vix-Hermes-Req-Id
DSUID
Release
Uber-Trace-Id
X-Backend-Name
X-Access
X-RCS-CacheZone
X-Varnish-Cache-Hits
X-Web-Node
X-Viewer-Country
X-OCL
X-Section
X-Loop
X-Device-Type
X-From
X-EIG-Tracking-Id
X-TNCMS
X-Varnish-Server
ServedBy
Mn-Server-Ip
X-PCL
X-Debug-Cache
OT-Force-Account-Verify
X-ProxyCache-Key
Rt-Fastcgi-Cache
X-ProxyCache-Status
X-VG-TLSProxy
X-MP-GENERATED-AT
X-Shopify-Stage
X-Rule
X-Proto
X-ShopId
X-ShardId
X-R9-Blue-Green-Version
X-Origin-Response-Time
X-Sorting-Hat-PodId
X-Cluster-Node
Now
X-BYPASS-REASON
X-Upgrade-Enabled
X-CCM
X-Sorting-Hat-ShopId
X-Tumblr-Pixel-3
X-Alternate-Cache-Key
X-Akamai-Request-ID
X-Generated-By
X-RTag
X-S
X-Timing-Wait
X-Goog-Meta-Goog-Reserved-File-Mtime
Ms-Operation-Id
X-Region
X-Hosted-By
X-Cache-NE
X-JoinUs
X-Proxy-Build
X-Generated
X-L-Path
X-Xfnlog-Site
Decoy-Debug-Key
X-Environment-Context
Decoy-Debug-Status
Akamai-GRN
X-FC-Vary-Parameters
Decoy-Debug-TTL
X-Real-IP
X-NCache
X-Redis-Cache
Cache-Name
X-Guploader-Uploadid
X-Via-Fastly
NGX
X-Trace-Id
X-Endurance-Cache-Level
X-VCT
X-Platform-Server
X-UUID
X-Www-Served-By
DB-Nickname
X-Locale
X-NewRelic-App-Data
X-Site-Version
X-EdgeConnect-Cache-Status
X-Nginx-Cache
X-Drupal-Cache-Contexts
X-MServer
X-Datadome
X-Load-Cache
Cteonnt-Length
X-Hl-Ver
X-Vgn-Hpd-Reason
ProcessTime
X-ServerID
X-Rocket-Nginx-Bypass
X-Cache-Remote
X-ECACHE
X-Request-Time
X-Time-Microsecs
Time
X-IP
NtCoent-Length
X-IPS-LoggedIn
X-Origin
Version
S-Rt
X-Via-CDN
X-Wix-Request-Id
X-Origin-Hint
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-LatLong
L5d-Success-Class
TWC-Locale-Group
TWC-Privacy
Property-Id
Webcakes-App-Name
Webcakes-App-Version
TWC-GeoIP-Country
X-GEO
Webcakes-Region
SRV
Azure-InstanceId
X-Cache-Backend
X-FW-Version
Azure-SlotName
Azure-Version
Azure-RegionName
Azure-SiteName
X-Proxy
X-B3-Spanid
Origin
Served-By
X-Unique-ID
X-Microcachable
X-No-Session
X-Dc
X-FireWall-Port
X-Distributor
X-Pubstack
X-Oneagent-Js-Injection
Fastly-SSL
Origin-Cache-Control
Origin-Edge-Control
Fastcgi-X-Cache-Version
CACHE
X-Cache-Server
X-Via-NSCOPI
X-Grey
X-Cache-Category-Id
X-RateLimit-Reset
X-UA
X-PERF
Odigeo-Trace-Id
X-ApacheServer
Access-Control-Request-Headers
X-Is-Bot
IBM-Web2-Location
X-GRACE
Hostname
X-CS
X-Detected-As
Cache-Tags
X-Akamai-Transformed
X-HTML-Minification-Powered-By
X-Format
X-Webkit-Csp
X-Powered-By-Defense
X-Edge
Proxy-Connection
Ec-Rule-Version
X-BACKEND-TTL
X-Ua
X-Akamai-Request-ID2
Backend-Name
X-Varnish-Cacheable
Rendered-Blocks
Request-EU
Content-Style-Type
Cross-Origin-Window-Policy
Request-Country
Fastly-SIE
Fly-Cache
Fastly-SWR
BehaviorPad-Version
Cdn-Host
Mobile-Detection-Method
Meta-Geo-Continent
Node
Cache-Prefix
Proxy-Firewall
Content-Script-Type
MD5-Digest
Cache-Cookie-Set-Lfrom
Ha-Gx-Prefs
GEO-REGION-INFO
AsisCache
HA-Ipaddr
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Cdn-Request-Time
Fly-Request-Id
X-CGP
X-PAYTM-SRV-ID
X-Org
X-NX-Host
X-Processor
X-Rebelmouse-Cache-Control
X-Region-Sid
X-Rebelmouse-Surrogate-Control
X-NU-AKA-ACS-Version
X-Internal-Host
X-G
X-External-Request-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-Instart-Info
X-IN-APIGATEWAY
X-Request-UUID
X-Rewrite-Enabled
X-VG-WebServer
X-Twitter-Response-Tags
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-Worker
X-Trv-Group
X-Transaction
X-S-Cookie
X-Rojux
X-S-Maxage
X-ScT
X-SRCache-Key
X-Server-Time
X-Eu-Site
X-Edge-Server
X-A-Wwc
X-A-Dgt
X-Accel-Expires-Debug
X-Aed
X-App-Name
X-AIR-PT
X-A-Dcw
X-A-Dam
Server-ID
Rt-Proxy-Cache
ServerName
Viewtype
X-A
VivaBuild
X-Application
X-ARC
X-Debug-Cookies
X-Date
X-Debug-Log
X-Destination
X-DPWN-IS-SECURE
X-Developer
X-D
X-Connection-Hash
X-Cache-Bucket
X-B-Cookie
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Cluster-Name
Arc-Country
Request-Time
X-A-Ccd
A
X-NC
X-Compress-Hint
X-Tb
X-UnsetCookies
X-Backend-State
True-Client-Country-4JS
X-Ttl
X-Cache-Info
X-Core-Mission
X-Clientip
X-Cdn-Origin
PageSpeed
X-Cache-Id
Server-Host
Platform
On-Server
X-B3-Parentspanid
Mime-Version
Resin-Trace
RNT-Machine
X-Dispatcher-Server
Section-Io-Cache
RNT-Time
Server-Int
X-Generated-On
X-ServiceProvider
X-Server-IP
X-Request-URI
Adler-Geo
X-Sn-Servicetimems
X-TH-Server
X-Cdn-Srv
X-We-Are-Hiring
X-Variation
X-Qloud-Router
X-PHP-Host
X-GeoIP-Country-Code
X-Geo-Header
Memcached
X-Fastly-Cache
X-Hash
X-Irp-Debug
X-ND-Cache
X-Level-Front-Cache
X-Key
X-Epic-Correlation-Id
X-Reqid
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Request-Url
Country-Code
X-C
Countrycode
Apple-News-Services-Handled
X-ElasticPress-Search
Is-Eu
X-Cdn-Forward
X-B3-SpanId
X-Oracle-Dms-Rid
X-Nc
X-Location
X-Hnp-Log
Content-Disposition
X-Nginx-Cache-Key
X-LI-UUID
X-LI-Proto
X-Li-Pop
X-Li-Fabric
X-Gannett-Site-Version
X-Skip-Cache
X-CDN-Cache
X-Block-Status
X-BBXSRF
X-Crawler
X-Developers
X-Method
X-Fetched-On
X-Distil-CS
X-Device-Os
X-Gen-Mode
X-Protected-By
AKAMAI
X-Swa-Ws
X-SVT-ORM-VERSION
X-Dispatch
SS
X-WebServer
Esi-Enabled
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Webstats-RespID
X-SIPLIST1
X-Servername
X-Request-Start
X-Reboot
X-CDN-Forward
Gh-Request-Id
X-Amz-Meta-Cache-Control
X-Response-By
X-Served-From
X-Secret
X-SD-PageType
CDCHOST
X-SVT-ORM-RULES
Pramga
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
PFcat
Who
Web-Mar-Node
REQUESTUUID
SD-X-WS
UCS
User-Cache-Control
V-Age
IsBot
Powered-By
X-Thanos
X-Generation-Time
X-Origin-Expires
X-Origin-Date
Heartbleed
X-FPC
X-Bip
X-Auto-Login
X-Fstrz
X-Owner
X-Cache-FS-Status
X-Thinkindot-L3
X-GeoIP-City
Fastly-Soc-X-Request-Id
X-Cms-Context
Pragrma
Thinkindot-CacheControl-Type
X-Via-SSL
Thinkindot-CacheControl
X-Via-Edge
X-Matched-Rule
Thinkindot-Control
GW-Server
X-VServer
X-Release
LB
X-OVcl
X-Parent-Response-Time
X-VC-Cache
X-OVcl-Cache
X-CUA
X-Azure-Ref
X-Azure-Ref-OriginShield
W
X-Varnish-Ttl
Accept-Language
X-Origin-CC
X-Origin-TTL
CF-IPCountry
X-Planisys-CDN-Cache
X-Varnish-Url
X-CLOUD-TRACE-CONTEXT
X-Planisys-CDN-Rules
X-WADP-Cache
X-Clara-WADP
X-Planisys-CDN-TTL
X-Be
Memory
X-Phone
X-LAGOON
X-IN-WAF
X-Core-Value
X-Ratelimit-Remaining
X-Varnish-Beresp-Ttl
L
X-DC
X-Birta-Served
X-Birta-Cache-Post
N-Cache
X-App-Version
X-Proxy-Cache-Status
X-Proxy-Upstream
X-Varnish-IP
X-TrackingId
X-Page-Type
X-FE
HitType
Kp-EeAlive
Selected-FE
X-Amzn-Remapped-Content-Length
X-Geo
X-Info
Selected-Fe
X-CACHE-KEY
User-Agent
X-URL
X-Urbn-Context-Path
Locale
X-Urbn-Site-Id
Magicmarker
X-Pf-Uncompressing
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Dynatrace-Js-Agent
Cdn
X-Source
X-Zone
Pagetype
X-Hello
X-Flog
X-ABtesting
X-Backend-TTL
X-Web-Server
X-TT-LOGID
X-Cache-Debug
X-Agile-Id
X-Agile-Age
X-Generated-In
X-Agile
X-Servedbyhost
X-User
X-Newrelic-Synthetics
X-Litespeed-Cache
CF-Cached-On
X-SERVER-NAME
X-Refresh
X-HS-Status
Geoip-City
X-Backend-Url
X-Backend-Host
Geoip-Latitude
GeoIp-Country-Code
X-Check-Cacheable
X-Mid
X-MID
X-Debug-Cache-Store
SN
X-Up
X-Soup
X-Tt-Trace-Tag
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Real-Ip
X-VCL-Version
X-ZONE
X-MSEdge-Flight
X-MSEdge-Features
X-GoCache-CacheStatus
X-Tb-Optimization-Total-Bytes-Saved
X-Aicache-OS
Amp-Access-Control-Allow-Source-Origin
X-Ruxit-Js-Agent
X-Vcl-Version
X-Oss-Storage-Class
FSS-Cache
GeoIP-Country-Code
FSS-Proxy
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-NWS-UUID-VERIFY
X-APP
X-Oss-Request-Id
Ohc-File-Size
Ohc-Cache-HIT
GeoIP-City
Group
GeoIP-Latitude
X-ServedByHost
X-EC-Lua
X-Say-TTL
X-Say-Cacheable
X-Amzn-Remapped-Date
X-Contensis-Viewer-Groups
X-Amzn-Remapped-Connection
X-Old-Content-Length
X-Varnish-Authentication
X-Bc
Server-Cache-Control
Server-Surrogate-Control
WZWS-RAY
X-Cache-ASPX
HTTPS
X-SayCDN-TTL
X-UPSTREAM-Address
HostName
RequestId
Www
X-COUNTRY
Backend
X-Cache-Ttl
X-SN
X-Via-Ucdn
Srv
X-CSRF-Token
X-Akamai-SSL-Client-Sid
X-BC
Lb
X-Instart-Isnd
Cache-Hits
X-Nananana
Xkeyrz
X-WR-MODIFICATION
Fastly-Backend-Name
X-Cache-Expires
X-Node-Id
X-Request-Url
Host-ID
X-ECache
X-Varnish-Beresp-TTL
Inserted-Into-Cache-At
X-Proxy-Cacherz
Cf-Ipcountry
X-Dynatrace
X-NGENIX-Cache
WebServer
XServer
X-Logtrace-Id
X-PF-Uncompressing
Requestid
X-CSRF-TOKEN
X-IN-APIGATEWAYSSL
X-Cache-Tag
Ajk
X-Cache-Time
Epwk-Cache
Get-Access-Time
Is-Session-Tracking
X-Unique-Id
X-Varnish-Action
X-FORWARDED-FOR
URI
X-Fastly-Country-Code
Xkeynj
X-PAGE-TYPE
X-TIME
X-MCACHE
X-RateLimit-Remaining-Second
X-Cache-Miss-From
X-RateLimit-Limit-Second
X-Sedo-Request-Id
X-Requestid
Fastcgi-X-Cache
X-Edge-IP
X-Fastly-Backend-Reqs
X-Wa
X-LiteSpeed-Cache-Control
Dynatrace
X-AssetVersion
X-BE
Pics-Label
X-Pjax-Url
Cneonction
X-Svr
DataCenter
X-SRV
Xet-Cookie
FNAC-ModuleRouting
X-Swift-Error
X-Sf
X-Lb-Id
X-Var-Ttl
Correlation-Id
X-Vct
CDN
T-Server
X-NGINX-Cache
X-Dw-Trace-Id
X-Apw-Access-Action
X-LB-ID
X-Ecache
X-PJAX-URL
Cache-Provider
X-Fastly-Cache-Hits
X-Serial
X-Apw-Access-Token
X-Apw-Hits
X-Micro-Cache
PICS-Label
X-Apw-Access-Object
X-Render-Time
X-WA
X-Litespeed-Cache-Control
X-Gdpr
X-GDPR
X-ServerName
X-Fpc
X-Alicdn-Da-Ups-Status
Lfy
Warning
X-Bug-Bounty
X-Akamai-ERPolicy
X-Html-Edge-Cache
X-WPE-Loopback-Upstream-Addr
Ohc-Response-Time
X-LiteSpeed-Tag
RequestUuid
X-Akamai-ERRuleID
X-Flow-Id
X-DW
X-RPM
X-RPS
X-DSS
X-DI
X-Page-Impression-Id
X-Zalando-Child-Request-Id
X-DB
X-RSL