Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
CF-Cache-Status
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Request-Id
X-Varnish
X-Xss-Protection
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Alt-Svc
X-Adblock-Key
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Age
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Id-2
X-Amz-Request-Id
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
EagleId
Grace
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
Cf-Railgun
X-Ua-Compatible
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Server-Id
X-WebKit-CSP
Server-Timing
Feature-Policy
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Host
Report-To
X-Rq
X-Ac
X-Node
X-Request-ID
Content-Location
X-OneAgent-JS-Injection
X-Cnection
X-Response-Time
X-Backend-Server
X-Cloud-Trace-Context
X-Origin-Cache
X-Application-Context
X-Readtime
Request-Id
Allow
Surrogate-Control
EagleEye-TraceId
X-ORACLE-DMS-ECID
X-Country
X-Vhost
X-DynaTrace
X-Cdn
X-TTL
X-Cache-Lookup
X-Rack-Cache
X-Origin-Upstream-Status
X-Url
X-Clacks-Overhead
Pinterest-Generated-By
X-FTR-Request-ID
Rating
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country-Code
X-Dispatcher
X-Ruxit-JS-Agent
NEL
X-CST
X-ORACLE-DMS-RID
X-HW
X-Instart-Request-ID
X-Goog-Hash
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
X-DataStream-Cache-Status
X-TtlSet
X-DataDome
X-PC
X-Vname
Edge-Control
X-Px
X-VARITI-CCR
Service-Worker-Allowed
Verso
X-Mod-Pagespeed
X-MS-InvokeApp
RTSS
X-Recruiting
X-Dns-Prefetch-Control
X-Cdn-Fetch
X-Use-Magma
X-Exp-Id
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Server
X-Kinja-Revision
X-Kinja
X-Kinja-Build
X-D2id
X-Varnish-TTL
SPRequestGuid
X-Vcap-Request-Id
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
TCN
X-ESI
X-GitHub-Request-Id
X-SharePointHealthScore
X-Navigation-Version
X-Akam-SW-Version
X-Sol
X-Middleton-Response
X-Middleton-Display
X-SRCache-Store-Status
Response
Display
X-SRCache-Fetch-Status
X-Powered-By-Plesk
MS-Author-Via
X-RateLimit-Remaining
DynaTrace
Charset
X-Forwarded-Proto
Realpath
X-Powered-CMS
X-Shield-Request-Id
X-Amz-Rid
X-Upstream
Public-Key-Pins
Fastly-Restarts
ServerID
X-Version
X-TEC-API-ROOT
X-Trace
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Server-Name
Nginx-Cache
X-Cached
Ar-Sid
AR-PoweredBy
AR-CACHE
AR-ATIME
X-B3-TraceId
X-Shard
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Generation
Content-MD5
X-Dw-Request-Base-Id
X-Grace
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
AR-Request-ID
Access-Control-Request-Method
Accept-CH
Paypal-Debug-Id
X-MSEdge-Ref
SPRequestDuration
SPIisLatency
X-Client-IP
Pagespeed
Accept-Ch-Lifetime
Accept-Ch
X-Goog-Storage-Class
S
X-Debug
X-DynaTrace-JS-Agent
X-FTR-Expires
X-FTR-Realm
X-Id
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Backend
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-DC
X-Ezoic-Cdn
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-B3-Traceid
X-Amz-Meta-S3cmd-Attrs
Front-End-Https
X-Fastly-Request-ID
X-T
X-N
X-Amzn-Trace-Id
X-NF-Request-ID
Arr-Disable-Session-Affinity
X-DIS-Request-ID
MicrosoftSharePointTeamServices
X-Content-Type
X-Hits
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Proxy
X-FastCGI-Cache
X-VCache
X-B3-Sampled
X-FTR-Cache-Host
Nel
X-Acc-Meta-Resource-Type
X-Frontend
PB-PID
X-Vcache
PB-RID
Arc-Version
X-Mobile-Rewrite
Fastcgi-Cache
X-Logged-In
X-Ser
X-XRDS-Location
X-Content-Digest
X-Varnish-Age
Server-Name
X-Correlation-Id
X-Srv
Alternate-Protocol
X-Cache-Key
X-Node-Name
X-Forwarded-For
X-Pad
X-Request-Handler-Origin-Region
X-Microsite
FilterID
AMP-Access-Control-Allow-Source-Origin
X-User-Agent
X-Rid
X-XRDS-LOCATION
TP-L2-Cache
TP-Cache
X-Type
Powered
X-IPLB-Instance
X-F-Cache
X-LB-Cache
Healthy
X-Kinsta-Cache
X-Request-Processing-Time
X-Request-Received
X-Zen-Fury
X-Cache-2
X-Amz-Apigw-Id
Host
X-Amzn-RequestId
Accept-CH-Lifetime
X-Revision
Edge-Cache-Tag
Powered-By-ChinaCache
X-Debug-Info
X-AOL-HN
X-Via-JSL
Backend-Timing
X-Analytics
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Cache-Age
X-Activity-Id
X-Az
X-AppVersion
X-Cached-By
X-HS-Hub-Id
X-HS-Content-Id
X-Hostname
X-Fastcgi-Cache
X-Accel-Expires
X-Cache-Rule
X-GUploader-UploadID
Surrogate-Key
VIX-Pulpo-Node
X-Varnish-Backend
X-Content-Security-Policy-Report-Only
VIX-Pulpo-Upstream-Status
Server-Node
X-Instance
X-Content-Options
X-BCube-Filmed-By
X-Tumblr-Pixel
X-Amz-Replication-Status
X-PHP-Backend
X-Tumblr-Pixel-0
X-Varnish-Grace
X-Signature
Cache-Status
X-Page-Id
X-B-Cache
X-Tumblr-User
Source
X-Forwarded-Host
X-Jobs
X-Akamai-Edgescape
X-Content-Powered-By
X-App-Environment
X-Request-Guid
X-Cluster
Refresh
X-TT
Cleartype
X-Framework
X-FB-Debug
Liferay-Portal
X-FW-Static
X-FW-Serve
X-FW-Type
X-FW-Hash
X-FW-Server
DC
X-Time
X-RateLimit-Limit
X-ATG-Version
Tracecode
Accept-Charset
Access-Control-Allow-Method
Fastcgi-Useragent
X-Varnish-Hostname
X-Presslabs-Stats
X-Esi
Host-Header
X-APP-VERSION
X-Mobile
X-Cache-Action
X-Drupal-Cache-Tags
WPE-Backend
X-Whom
X-Cache-Operation
X-Edge-Location
X-Cache-Control
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-B
X-WA-Info
X-App-Server
NGB
X-Response-Served-From
X-Accel-Buffering
Payment
X-Cache-TTL
X-Mobile-URL
X-Hp-Webp
X-Storage
Actual-Object-TTL
Filters
X-Git-Hash
Cache-Tag
X-Content-Age
X-WebKit-CSP-Report-Only
X-TX-ID
X-Cache-Hit
X-TT-TIMESTAMP
Cache-Tv-Group
Retry-After
X-Handled-By
X-RequestSource
X-Cacheable-TTL
Upgrade-Insecure-Requests
Viewport
X-Yottaa-Optimizations
Eomportal-Instance
X-Yottaa-Metrics
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-GeoIP
X-UA-Device-Type
X-NWS-LOG-UUID
X-ProcessESI
X-Adobe-Loc
X-Adobe-Content
X-Status
X-RemovedCookies
MS-CV
X-SS-Set-Cookie
X-Geo-Country
X-Ratelimit-Limit
X-FW-Dynamic
X-VG-WebCache
Webserver
Xserver
X-Server-ID
X-Seen-By
X-TA-CDN-Provider
X-Cache-TTL-Remaining
X-RTag
Ms-Operation-Id
X-Host-Name
X-FB-TRIP-ID
X-Oracle-Dms-Rid
Frame-Options
X-Cache-Enabled
Datacenter
X-B3-Spanid
From-Origin
X-Guploader-Uploadid
X-Hyper-Cache
X-Origin-Server
X-Contextid
Cache
X-Generated-By
Server-Info
X-Mode
X-RateLimit-Reset
Country
SRV
CACHE
X-CF-Powered-By
GEO-INFO
S-Cnection
X-Cache-Config
X-RN-RSRV
Load-Balancing
X-Path-Route
Meta-Geo
X-Tumblr-Pixel-3
Machine
X-ES-SERVER
X-Cache-Var
X-Cache-Var-Map
X-Drupal-Cache-Contexts
Vix-Hermes-Req-Id
X-Section
X-Upstream-CT
X-Proxied
X-Access
X-MP-GENERATED-AT
Cache-Key
X-Cache-Grace
X-Upstream-HT
X-Routing-Service
X-Zipkin-Id
Decoy-Debug-TTL
Mn-Server-Ip
X-Labrador-Cache-Channel
Rt-Fastcgi-Cache
X-Web-Node
X-R9-Blue-Green-Version
X-Backend-Name
X-TNCMS
ServedBy
Decoy-Debug-Key
X-Hit
X-Varnish-Cache-Hits
X-Varnish-Server
X-Human
X-Loop
Decoy-Debug-Status
X-From
Cache-Name
X-Upgrade-Enabled
X-Viewer-Country
X-Rule
Akamai-GRN
X-Trace-Id
X-VG-TLSProxy
X-Akamai-Request-ID
X-VWS-Id
X-Proxy-Build
X-Cache-Host
X-EIG-Tracking-Id
X-LJ-Flow-ID
X-Timing-Wait
X-OCL
X-Region
X-Origin-Response-Time
X-Cluster-Node
Now
X-AWS-Id
X-PCL
X-Locale
X-L-Path
Release
X-Device-Type
X-Proto
X-NCache
X-Debug-Cache
X-Environment-Context
X-Via-Fastly
X-Www-Served-By
DSUID
X-Generated
X-Magnolia-Registration
X-Dc
X-Site-Version
X-FC-Vary-Parameters
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
We-Hiring
X-Hosted-By
X-Shopify-Stage
X-Sorting-Hat-PodId
X-ShopId
X-ShardId
X-Endurance-Cache-Level
X-JoinUs
X-Goog-Meta-Goog-Reserved-File-Mtime
OT-Force-Account-Verify
Mail-Subject
DB-Nickname
X-Rendered-As
X-CCM
X-Akamai-Request-ID2
X-NewRelic-App-Data
ProcessTime
X-Xfnlog-Site
X-Time-Microsecs
X-Request-Time
X-IP
Version
X-S
NtCoent-Length
X-RCS-CacheZone
X-Load-Cache
Uber-Trace-Id
Time
Azure-Version
Azure-SiteName
Azure-InstanceId
Property-Id
S-Rt
Azure-RegionName
TWC-Device-Class
Webcakes-Region
X-Origin-Hint
Azure-SlotName
X-Wix-Request-Id
X-VCT
X-FW-Version
Webcakes-App-Version
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Privacy
Webcakes-App-Name
TWC-GeoIP-Country
TWC-Connection-Speed
X-Ratelimit-Reset
X-Varnish-Hits
X-Origin
X-No-Session
Cteonnt-Length
X-UA
NGX
X-EdgeConnect-Cache-Status
X-Via-CDN
X-ProxyCache-Status
X-Nginx-Cache
X-UUID
X-Redis-Cache
X-Proxy
X-BYPASS-REASON
X-ProxyCache-Key
X-FireWall-Port
X-CDN-Forward
X-Platform-Server
X-Vgn-Hpd-Reason
X-ECACHE
X-PERF
X-Daa-Tunnel
X-MServer
X-ApacheServer
X-HTML-Minification-Powered-By
X-Format
X-Hl-Ver
Accept-Language
X-CS
Odigeo-Trace-Id
X-Rocket-Nginx-Bypass
X-Akamai-Transformed
X-Cache-NE
X-Oneagent-Js-Injection
X-GEO
Origin
X-IPS-LoggedIn
X-Cache-Server
Ec-Rule-Version
X-Cache-Remote
X-PressLabs-Stats
Access-Control-Request-Headers
Cache-Tags
X-UnsetCookies
LB
X-ServerID
X-Dynatrace-Js-Agent
X-Distributor
X-Real-IP
X-Tb
Selected-Fe
X-Amzn-Remapped-Content-Length
X-Webkit-Csp
Fastly-SSL
Proxy-Connection
X-BACKEND-TTL
L5d-Success-Class
PageSpeed
X-B3-Parentspanid
X-Unique-ID
X-URL
X-Microcachable
X-Compress-Hint
X-Pubstack
Fastly-SIE
X-Rewrite-Enabled
X-Request-UUID
X-Cache-Bucket
X-Transaction
X-DPWN-IS-SECURE
X-Edge-Server
X-Cdn-Srv
Fastcgi-X-Cache-Version
X-Region-Sid
Fly-Request-Id
X-External-Request-Id
Fly-Cache
X-Server-Time
GEO-REGION-INFO
Fastly-SWR
Cdn-Request-Time
BehaviorPad-Version
X-SRCache-Key
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Destination
AsisCache
Arc-Country
X-Date
X-D
X-Cluster-Name
A
AKAMAI
X-Detected-As
Cache-Cookie-Set-From
Cdn-Host
X-CF-Lambda-Fn
X-G
Content-Script-Type
Content-Style-Type
X-Rebelmouse-Cache-Control
X-CF-Lambda-Version
X-Developer
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Cache-Prefix
Cross-Origin-Window-Policy
X-Generated-On
X-Is-Bot
X-A-Dgt
Rt-Proxy-Cache
X-Level-Front-Cache
X-A-Dcw
X-Twitter-Response-Tags
X-A-Wwc
X-Instart-Info
REQUESTUUID
X-Internal-Host
X-Accel-Expires-Debug
X-A-Dam
Server-ID
Viewtype
X-PAYTM-SRV-ID
X-Rebelmouse-Surrogate-Control
VivaBuild
X-S-Cookie
X-Org
X-A
X-NU-AKA-ACS-Version
X-VG-WebServer
X-Nc
X-A-Ccd
X-S-Maxage
X-Trv-Group
X-Varnish-Cacheable
X-Rojux
X-Geo-Header
Mobile-Detection-Method
X-Application
Meta-Geo-Continent
X-Connection-Hash
MD5-Digest
X-ARC
Xc-Version
X-Worker
Node
X-App-Name
X-Aed
X-Varnish-Url
X-ScT
X-IN-APIGATEWAY
Request-Time
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-AIR-PT
Proxy-Firewall
Rendered-Blocks
X-B-Cookie
X-ElasticPress-Search
Hostname
ServerName
Served-By
Kp-EeAlive
X-Backend-State
X-We-Are-Hiring
On-Server
X-BBXSRF
Memcached
X-Server-IP
Gh-Request-Id
X-Cache-Info
Ha-Gx-Prefs
HA-Ipaddr
X-HS-Cache-Config
Countrycode
X-ServiceProvider
X-TrackingId
Server-Int
X-Nginx-Cache-Key
X-Core-Mission
X-NX-Host
W
UCS
X-Method
Section-Io-Cache
X-Cdn-Origin
Request-EU
X-HS-Combine-CSS
X-Clientip
X-Location
Request-Country
IBM-Web2-Location
X-Sn-Servicetimems
X-Distil-CS
Content-Disposition
X-Skip-Cache
Apple-News-Services-Request-Url
Backend-Name
X-Debug-Log
Origin-Edge-Control
X-Developers
X-Qloud-Router
Origin-Cache-Control
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Eu-Site
X-CGP
X-Debug-Cookies
X-Fastly-Cache
X-C
Apple-News-Services-Handled
Esi-Enabled
X-Urbn-Context-Path
X-SERVER
X-Urbn-Site-Id
Locale
X-Reqid
X-PHP-Host
Wxu-Next-Region
X-Irp-Debug
Wxu-Next-Hostname
Who
Wxu-Next-Commit
X-Key
X-Secret
X-Thanos
X-Epic-Correlation-Id
X-Block-Status
X-Proxy-Upstream
X-Gannett-Site-Version
X-Cache-Category-Id
Web-Mar-Node
X-Reboot
X-Proxy-Cache-Status
X-Cache-Id
X-Release
X-Gen-Mode
X-FPC
X-Dispatch
X-Device-Os
X-Hnp-Log
X-Request-URI
X-Generation-Time
X-GeoIP-Country-Code
X-Grey
X-Hash
Fastly-Soc-X-Request-Id
GW-Server
X-Webstats-RespID
X-Wikidot-Backend
Heartbleed
Is-Eu
X-NC
X-TH-Server
IsBot
X-Wikidot-Static-Cache
CDCHOST
X-Servername
X-SIPLIST1
X-Swa-Ws
X-Auto-Login
Country-Code
Adler-Geo
X-Bip
N-Cache
L
RNT-Machine
Pramga
SS
Platform
X-Variation
Resin-Trace
Powered-By
User-Cache-Control
Server-Host
True-Client-Country-4JS
RNT-Time
X-Crawler
X-Cache-Backend
X-Fetched-On
X-Thinkindot-L3
X-Dispatcher-Server
X-Origin-Date
V-Age
X-Response-By
X-GeoIP-City
X-SERVER-NAME
X-LI-Proto
X-LI-UUID
X-VC-Cache
X-Matched-Rule
X-Owner
X-Li-Pop
X-VServer
X-Li-Fabric
X-Pf-Uncompressing
X-WADP-Cache
PFcat
X-Azure-Ref-OriginShield
X-Azure-Ref
X-Cache-FS-Status
X-CDN-Cache
X-Clara-WADP
X-Amz-Meta-Cache-Control
X-Request-Start
Thinkindot-CacheControl-Type
Thinkindot-Control
Thinkindot-CacheControl
SD-X-WS
X-WebServer
X-Cms-Context
X-Origin-Expires
X-CUA
X-SD-PageType
X-Varnish-Ttl
X-Edge
X-CLOUD-TRACE-CONTEXT
X-Hello
CF-IPCountry
X-Flog
X-OVcl
X-FE
X-OVcl-Cache
X-ABtesting
X-Parent-Response-Time
X-Ratelimit-Remaining
Pagetype
Magicmarker
X-Served-From
X-Processor
X-Via-NSCOPI
User-Agent
X-Be
X-User
X-Backend-Host
X-Via-SSL
X-Backend-Url
X-Powered-By-Defense
X-Generated-In
X-Via-Edge
X-LAGOON
Mime-Version
X-Tt-Trace-Tag
X-Geo
X-MSEdge-Features
X-MSEdge-Flight
X-GoCache-CacheStatus
Memory
X-Up
X-Soup
X-Varnish-Beresp-Ttl
X-Protected-By
X-ND-Cache
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-Debug-Cache-Store
X-Newrelic-Synthetics
Geoip-Latitude
X-Ttl
GeoIp-Country-Code
Geoip-City
X-Page-Type
X-Ua
Cache-Hits
X-Fstrz
X-Check-Cacheable
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Oss-Server-Time
X-Planisys-CDN-TTL
Pragrma
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Akamai-SSL-Client-Sid
X-Origin-CC
X-Origin-TTL
X-Zone
X-Say-Cacheable
X-Say-TTL
X-B3-SpanId
X-SayCDN-TTL
X-ZONE
X-Backend-TTL
X-Old-Content-Length
X-Litespeed-Cache
X-Cache-Time
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-IN-WAF
X-Core-Value
X-Phone
X-Cdn-Forward
WZWS-RAY
X-CSRF-TOKEN
XServer
X-TT-LOGID
Fastly-Backend-Name
Cdn
X-Cache-Ttl
X-Node-Id
Inserted-Into-Cache-At
X-IN-APIGATEWAYSSL
X-Logtrace-Id
X-Datadome
X-HS-Status
Ajk
X-Servedbyhost
X-Vcl-Version
X-DC
Dynatrace
Amp-Access-Control-Allow-Source-Origin
X-Ruxit-Js-Agent
X-MID
X-BC
X-Aicache-OS
X-Tb-Optimization-Total-Bytes-Saved
FSS-Proxy
X-ServedByHost
FSS-Cache
HostName
X-Amzn-Remapped-Connection
SN
X-RateLimit-Remaining-Second
X-Amzn-Remapped-Date
X-RateLimit-Limit-Second
X-Birta-Cache-Post
X-Birta-Served
X-VCL-Version
X-Mid
X-Tec-Api-Version
X-UPSTREAM-Address
X-Tec-Api-Root
X-Tec-Api-Origin
X-EC-Lua
Server-Surrogate-Control
Server-Cache-Control
CF-Cached-On
X-Cache-ASPX
X-CSRF-Token
X-APP
X-Proxy-Cacherz
X-Wa
X-Varnish-Authentication
X-Contensis-Viewer-Groups
Xkeyrz
X-Refresh
X-Varnish-IP
Selected-FE
X-Info
X-COUNTRY
T-Server
PICS-Label
RequestId
X-Source
Srv
X-Bc
X-FORWARDED-FOR
X-PJAX-URL
X-Render-Time
X-Agile-Id
X-WR-MODIFICATION
X-Real-Ip
X-GDPR
HitType
X-Cache-Debug
X-Agile
X-Agile-Age
X-NWS-UUID-VERIFY
X-LiteSpeed-Cache-Control
X-App-Version
MIME-Version
X-ECache
X-Varnish-Beresp-TTL
Ohc-File-Size
WebServer
X-Nananana
GeoIP-City
DataCenter
GeoIP-Country-Code
GeoIP-Latitude
X-Via-Ucdn
X-Fastly-Country-Code
X-LB-ID
Ohc-Cache-HIT
Cf-Ipcountry
URI
X-Policy
SID
X-Uri
X-PAGE-TYPE
X-TIME
X-CACHE-KEY
Is-Session-Tracking
Get-Access-Time
Xkeynj
X-Web-Server
X-Unique-Id
X-Micro-Cache
X-NGINX-Cache
X-Cache-Miss-From
X-Cache-Tag
X-Lb-Id
X-BE
X-Requestid
X-Sedo-Request-Id
Cache-Provider
X-Fastly-Backend-Reqs
X-Service
Group
CDN
X-Pjax-Url
X-Var-Ttl
X-Request-Url
X-MCACHE
Xet-Cookie
Pics-Label
Lb
Ohc-Response-Time
X-WA
X-Has-Esi
X-Is-Gdpr
X-JWT-State
X-Apw-Hits
X-Apw-Access-Action
X-Apw-Access-Object
X-Apw-Access-Token
Cneonction
X-Vct
HTTPS
X-NGENIX-Cache
X-SRV
X-Dw-Trace-Id
X-SN
X-Ecache
X-Swift-Error
Correlation-Id
X-Cdn-Request-ID
Www
FNAC-ModuleRouting
Backend
X-Edge-IP
Warning
X-Cf-Powered-By
X-Newrelic-App-Data
X-DB
X-Fe
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-ServerName
X-RSL
X-Litespeed-Cache-Control
X-Request-URL
X-Fpc
X-RPS
Host-ID
X-DI
X-Fastly-Cache-Hits
X-RPM
X-Flow-Id
X-Page-Impression-Id
Lfy
X-Zalando-Child-Request-Id
X-Instart-Isnd
X-DSS
X-PF-Uncompressing
X-Serial
X-Cache-Expires
X-Bug-Bounty
X-DW