Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
X-XSS-Protection
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Cacheable
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Xss-Protection
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Request-ID
X-Iinfo
Status
X-AspNetMvc-Version
Content-Encoding
X-Content-Security-Policy
X-Buckets
X-Kinja-Server-Push
Xkey
Upgrade
P3p
X-Via
X-Turbo-Charged-By
Access-Control-Expose-Headers
Keep-Alive
Access-Control-Max-Age
X-Cache-Group
X-Drupal-Dynamic-Cache
X-Pass-Why
X-Age
X-CDN
EagleId
X-Backend
X-Robots-Tag
X-Amz-Id-2
X-Amz-Request-Id
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Pingback
X-Ua-Compatible
X-Server-Powered-By
X-Proxy-Cache
X-AH-Environment
X-Hacker
X-Server
X-UA-Device
Request-Context
X-Nginx-Cache-Status
Grace
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Server-Id
Cf-Railgun
X-Amz-Version-Id
X-WebKit-CSP
Feature-Policy
X-Cdn
Server-Timing
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Rq
X-Cnection
X-Ac
Report-To
X-Cloud-Trace-Context
X-Host
X-Response-Time
X-Node
Content-Location
X-Backend-Server
EagleEye-TraceId
Request-Id
X-Origin-Cache
X-Readtime
X-Vhost
X-Application-Context
X-Cache-Lookup
X-Dns-Prefetch-Control
X-ORACLE-DMS-ECID
NEL
X-Dispatcher
Surrogate-Control
Allow
X-Rack-Cache
X-Ruxit-JS-Agent
X-Origin-Upstream-Status
X-Country
X-HW
X-Url
Rating
X-Country-Code
X-FTR-Request-ID
X-DataDome
X-TTL
X-ORACLE-DMS-RID
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-DynaTrace
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
Fusion-Content-Id
X-Instart-Request-ID
Fusion-Component-Id
X-Goog-Hash
X-Varnish-TTL
X-MS-InvokeApp
X-Vname
X-PC
X-TtlSet
X-CST
X-Px
Verso
RTSS
Edge-Control
X-Powered-By-Plesk
Public-Key-Pins
X-VARITI-CCR
X-Recruiting
X-Mod-Pagespeed
Service-Worker-Allowed
X-Kinja
X-Use-Magma
X-Cdn-Fetch
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Exp-Id
X-GoogleNews-Bot
X-D2id
X-Exp-Variant
Pinterest-Generated-By
Response
Display
X-Middleton-Display
X-Middleton-Response
X-Sol
X-Ah-Environment
X-Vcap-Request-Id
X-Version
SPRequestGuid
Accept-CH
X-SharePointHealthScore
MS-Author-Via
X-Akam-SW-Version
X-RateLimit-Remaining
TCN
X-GitHub-Request-Id
X-Navigation-Version
X-Abt-Application-Version
Accept-Ch-Lifetime
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Powered-CMS
X-TEC-API-VERSION
X-B3-TraceId
X-Upstream
X-Forwarded-Proto
X-Shard
X-Amz-Server-Side-Encryption
SPRequestDuration
SPIisLatency
X-XRDS-Location
AR-CACHE
AR-ATIME
Ar-Sid
AR-PoweredBy
Charset
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Fastly-Restarts
X-Amz-Rid
Realpath
Nginx-Cache
X-Trace
X-ESI
X-Debug
X-Aspnetmvc-Version
Front-End-Https
AR-Request-ID
X-Shield-Request-Id
X-Cached
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Server-Name
X-Ezoic-Cdn
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-MSEdge-Ref
Access-Control-Request-Method
Paypal-Debug-Id
X-NF-Request-ID
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Expires
Arr-Disable-Session-Affinity
DynaTrace
Pagespeed
ServerID
X-Vcache
Content-MD5
X-Id
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Realm
X-FTR-DC
X-Goog-Storage-Class
MicrosoftSharePointTeamServices
S
X-DynaTrace-JS-Agent
X-T
X-Fastly-Request-ID
X-Amz-Meta-S3cmd-Attrs
X-Client-IP
X-Content-Type
X-Via-JSL
X-Dw-Request-Base-Id
X-Varnish-Age
X-Hits
X-Amzn-Trace-Id
X-RateLimit-Limit
X-N
X-B3-Traceid
X-Grace
X-Forwarded-For
X-Correlation-Id
Fastcgi-Cache
X-Frontend
X-VCache
X-FTR-Cache-Host
X-Content-Digest
X-SERVER
Powered
PB-PID
X-Mobile-Rewrite
PB-RID
Arc-Version
Server-Name
X-Ser
X-Logged-In
X-Accel-Expires
X-DIS-Request-ID
X-FastCGI-Cache
AMP-Access-Control-Allow-Source-Origin
X-B3-Sampled
X-Esi
X-Fastcgi-Cache
X-GUploader-UploadID
Accept-Ch
X-HS-Content-Id
X-HS-Hub-Id
TP-Cache
X-Request-Handler-Origin-Region
X-Zen-Fury
TP-L2-Cache
X-Microsite
X-Kinsta-Cache
X-Request-Received
X-Request-Processing-Time
X-Cache-Age
X-LB-Cache
FilterID
X-Type
X-Rid
X-User-Agent
X-Revision
Backend-Timing
X-Analytics
X-Az
X-AppVersion
X-IPLB-Instance
X-Activity-Id
Healthy
X-Node-Name
Edge-Cache-Tag
X-F-Cache
X-Srv
X-Whom
X-Acc-Meta-Resource-Type
Retry-After
X-Time
X-Cache-2
X-Kong-Proxy-Latency
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Kong-Upstream-Latency
X-NWS-LOG-UUID
Accept-Charset
Alternate-Protocol
Pinterest-Version
X-Cache-Hit
X-Pinterest-Rid
X-AOL-HN
X-Cache-Rule
Cache-Status
Server-Node
X-Content-Options
Surrogate-Key
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Cluster
X-Content-Security-Policy-Report-Only
X-Content-Powered-By
X-Jobs
Access-Control-Allow-Method
X-Akamai-Edgescape
X-Forwarded-Host
Refresh
DC
X-FB-Debug
X-Debug-Info
X-FW-Hash
X-Page-Id
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-FW-Type
X-Instance
X-FW-Serve
X-FW-Server
X-FW-Static
X-Framework
X-Varnish-Grace
Source
X-PHP-Backend
X-Request-Guid
X-App-Environment
X-B
Fastcgi-Useragent
MS-CV
X-Hp-Webp
X-Hostname
X-App-Server
Host
Cleartype
Frame-Options
X-B-Cache
X-Signature
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
Tracecode
X-DataStream-Cache-Status
X-Ratelimit-Reset
X-Cache-Operation
X-BCube-Filmed-By
X-Cached-By
Actual-Object-TTL
X-PressLabs-Stats
X-Mobile-URL
X-Cache-Key
X-TA-CDN-Provider
Cache-Tag
X-Varnish-Backend
X-Geo-Country
X-TT
X-Cache-Control
Xserver
X-Amz-Replication-Status
Liferay-Portal
X-Pad
X-Seen-By
X-Mobile
X-Host-Name
NGB
X-Response-Served-From
X-ATG-Version
X-Git-Hash
X-Adobe-Content
Accept-CH-Lifetime
X-Adobe-Loc
Payment
X-TT-TIMESTAMP
X-WebKit-CSP-Report-Only
X-Status
X-WA-Info
Upgrade-Insecure-Requests
Eomportal-Instance
Filters
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
WPE-Backend
X-ProcessESI
X-RemovedCookies
X-FW-Dynamic
Cache-Tv-Group
X-Cacheable-TTL
Ms-Operation-Id
X-TX-ID
X-Drupal-Cache-Tags
X-RTag
X-Handled-By
X-GeoIP
From-Origin
X-RequestSource
X-UA-Device-Type
Webserver
X-Cache-TTL-Remaining
X-Content-Age
Datacenter
GEO-INFO
X-Cache-Remote
X-Oracle-Dms-Rid
Cache
X-Daa-Tunnel
X-Upstream-Proxy
X-Edge-Location
Viewport
X-Storage
X-Cache-Action
X-Cache-TTL
X-Webkit-CSP
X-Accel-Buffering
X-Varnish-Hostname
X-Origin-Server
X-Ua
X-EdgeConnect-Cache-Status
Version
X-Hyper-Cache
X-CF-Powered-By
X-Contextid
Host-Header
X-Region
X-Wix-Request-Id
SRV
X-Yottaa-Optimizations
X-Yottaa-Metrics
PageSpeed
X-Akamai-Transformed
X-Varnish-Server
NR-ENABLED
X-Akamai-Request-ID2
X-Path-Route
X-RN-RSRV
X-Cache-Var
Meta-Geo
X-ES-SERVER
Load-Balancing
X-Cache-Var-Map
X-JoinUs
X-Proxy-Build
Selected-Fe
X-From
S-Cnection
X-Timing-Wait
X-IP
Cache-Name
Cache-Tags
Now
X-Generated
X-TNCMS
X-Goog-Meta-Goog-Reserved-File-Mtime
Vix-Hermes-Req-Id
X-Loop
X-Proto
X-CS
X-Backend-Name
X-Proxy
X-Cache-Config
Decoy-Debug-Key
X-Hit
Decoy-Debug-Status
X-ApacheServer
X-Via-Fastly
Decoy-Debug-TTL
X-Section
X-Viewer-Country
Rt-Fastcgi-Cache
X-Rule
X-Cluster-Node
X-Tumblr-Pixel-3
X-Cache-Enabled
DB-Nickname
X-PERF
X-NCache
X-Origin-Response-Time
Cache-Hits
X-Origin
X-Time-Microsecs
X-Access
X-Upgrade-Enabled
X-Akamai-Request-ID
X-FC-Vary-Parameters
X-Labrador-Cache-Channel
Property-Id
X-Backend-TTL
Azure-Version
Azure-SlotName
Mn-Server-Ip
X-Upstream-HT
X-Varnish-Cache-Hits
X-Cache-Host
Country
X-Upstream-CT
X-Cache-Grace
Cache-Key
TWC-Locale-Group
X-R9-Blue-Green-Version
X-PCL
X-FireWall-Port
X-Format
Webcakes-App-Name
Webcakes-App-Version
X-OCL
Webcakes-Region
X-Origin-Hint
X-Trace-Id
X-Hosted-By
Ec-Rule-Version
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
X-Web-Node
TWC-GeoIP-LatLong
X-Xfnlog-Site
X-EIG-Tracking-Id
TWC-Privacy
X-CCM
X-FW-Version
X-UnsetCookies
S-Rt
Azure-InstanceId
Azure-SiteName
Azure-RegionName
X-Human
X-Drupal-Cache-Contexts
X-Device-Type
X-Locale
X-Varnish-Hits
X-Www-Served-By
X-Debug-Cache
X-S
X-Site-Version
OT-Force-Account-Verify
X-DataStream-MidMile-RTT
X-Cache-Time
DSUID
X-DataStream-Origin-MEX-Latency
X-NewRelic-App-Data
Server-Info
X-Cache-NE
Release
X-Rendered-As
X-Cache-Server
Time
Ohc-File-Size
X-VG-TLSProxy
X-VG-WebCache
Hostname
ServedBy
X-Vgn-Hpd-Reason
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShardId
X-ShopId
X-Sorting-Hat-ShopId
X-VCT
X-FB-TRIP-ID
X-Nginx-Cache
Accept-Language
Fastcgi-X-Cache-Version
X-Mode
X-Redis-Cache
X-OVcl-Cache
X-APP-VERSION
X-OVcl
X-Real-IP
X-Tb
Machine
Ohc-Cache-HIT
Cteonnt-Length
NtCoent-Length
Origin
Origin-Edge-Control
X-Pubstack
Origin-Cache-Control
X-NC
X-GEO
X-Presslabs-Stats
L5d-Success-Class
X-Environment-Context
X-B3-Spanid
X-CSRF-TOKEN
X-No-Session
X-L-Path
Access-Control-Request-Headers
X-HS-Cache-Config
X-Request-Time
X-App-Version
X-Load-Cache
Odigeo-Trace-Id
X-Generated-By
X-Magnolia-Registration
X-Cluster-Name
X-Tt-Trace-Tag
X-VWS-Id
Mime-Version
X-DC
X-LJ-Flow-ID
X-AWS-Id
X-CACHE-KEY
X-Endurance-Cache-Level
Fastly-SSL
X-Amzn-Remapped-Content-Length
X-Parent-Response-Time
IBM-Web2-Location
X-UUID
Akamai-GRN
Mail-Subject
We-Hiring
X-B3-Parentspanid
X-ServerID
Nel
X-Rocket-Nginx-Bypass
X-GoCache-CacheStatus
X-NGENIX-Cache
X-ECACHE
Request-Time
X-Urbn-Context-Path
Locale
X-XRDS-LOCATION
X-Urbn-Site-Id
X-ScT
X-Aed
X-Region-Sid
Server-ID
X-Trv-Group
X-Accel-Expires-Debug
Node
X-Vtex-Remote-Cache
X-A-Wwc
BehaviorPad-Version
X-AIR-PT
X-Application
Fly-Cache
Mobile-Detection-Method
X-B-Cookie
Uber-Trace-Id
X-Server-Time
X-PAYTM-SRV-ID
X-ARC
X-Transaction
Xc-Version
X-Twitter-Response-Tags
X-A-Dgt
X-Request-UUID
X-Worker
X-MServer
X-A
X-Rewrite-Enabled
X-Node-Id
Viewtype
VivaBuild
X-S-Cookie
X-Vtex-Processado-Em
Content-Style-Type
X-A-Dam
Fly-Request-Id
X-S-Maxage
X-A-Dcw
Proxy-Connection
X-A-Ccd
X-VG-WebServer
Cdn-Request-Time
Cdn-Host
Meta-Geo-Continent
Memcached
X-Soup
Arc-Country
Apple-News-Services-Request-Url
Content-Script-Type
Apple-News-Services-Host
X-Proxied
X-Developer
Apple-News-Services-Handled
X-SS-Set-Cookie
Cross-Origin-Window-Policy
X-ProxyCache-Key
X-External-Request-Id
X-ProxyCache-Status
Rendered-Blocks
X-G
X-Routing-Service
X-Edge-Server
Cache-Prefix
X-DPWN-IS-SECURE
X-BYPASS-REASON
X-Detected-As
X-Destination
Rt-Proxy-Cache
X-Origin-Expires
X-Origin-Date
X-Org
X-Zipkin-Id
MD5-Digest
A
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Connection-Hash
GEO-REGION-INFO
T-Server
X-SRCache-Key
X-D
X-Date
AsisCache
CF-IPCountry
X-Rojux
X-Is-Bot
X-Instart-Info
Apple-News-Services-Parsed-Url
X-Via-CDN
X-Element-Page-Cache
Backend-Name
X-Oneagent-Js-Injection
ServerName
Fastly-Soc-X-Request-Id
Countrycode
NGX
N-Cache
Gh-Request-Id
X-Distil-CS
X-Request-Start
X-SIPLIST1
X-Release
X-IN-APIGATEWAYSSL
X-Hl-Ver
X-IN-APIGATEWAY
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-VC-Cache
X-WebServer
X-Up
X-TrackingId
X-Thanos
X-Fastly-Cache
X-Distributor
X-Azure-Ref
X-Azure-Ref-OriginShield
X-Auto-Login
Section-Io-Cache
Request-EU
X-Bip
X-Cache-Bucket
X-Core-Mission
X-Developers
X-Cms-Context
X-Clientip
X-Cdn-Srv
Request-Country
IsBot
X-B3-SpanId
X-Origin-TTL
X-Origin-CC
X-ElasticPress-Search
User-Cache-Control
X-Level-Front-Cache
X-Irp-Debug
X-Li-Pop
X-Li-Fabric
X-ABtesting
X-Amz-Meta-Cache-Control
X-Geo-Header
X-GeoIP-City
X-Hash
X-Hnp-Log
X-Hello
X-LI-Proto
X-Location
True-Client-Country-4JS
X-Nginx-Cache-Key
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-MSEdge-Flight
V-Age
X-Matched-Rule
X-Generation-Time
W
X-Method
X-MSEdge-Features
X-LI-UUID
X-Generated-In
X-Cache-Id
X-Cache-Info
X-Cache-FS-Status
X-Debug-Cookies
X-Debug-Log
X-Debug-Cache-Store
X-Cdn-Origin
X-Clara-WADP
X-CUA
X-CGP
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Device-Os
X-C
X-Flog
X-Fetched-On
X-Gen-Mode
X-NX-Host
X-Generated-On
X-Eu-Site
X-Backend-Host
Content-Disposition
X-Block-Status
X-BBXSRF
X-Backend-Url
X-Epic-Correlation-Id
X-App-Name
X-Old-Content-Length
X-Compress-Hint
AKAMAI
X-Wikidot-Static-Cache
X-Unique-ID
X-Variation
Fastly-SWR
X-Wikidot-Backend
PFcat
X-Request-URI
X-Thinkindot-L3
Adler-Geo
Is-Eu
X-Sn-Servicetimems
HA-Ipaddr
X-We-Are-Hiring
X-Skip-Cache
Magicmarker
X-ServiceProvider
L
Ha-Gx-Prefs
Platform
X-Proxy-Cache-Status
RNT-Time
RNT-Machine
X-Proxy-Upstream
X-Platform-Server
X-PHP-Host
Server-Int
X-Owner
X-WADP-Cache
X-VServer
X-RateLimit-Limit-Second
X-Reboot
CDCHOST
Esi-Enabled
Fastly-SIE
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-RateLimit-Remaining-Second
X-Microcachable
X-Webstats-RespID
X-Swa-Ws
X-User
X-SayCDN-TTL
X-Internal-Host
X-HS-Combine-CSS
X-MP-GENERATED-AT
X-Key
X-Guploader-Uploadid
X-Qloud-Router
X-Reqid
X-Response-By
X-Server-IP
X-Servername
X-SD-PageType
X-Say-TTL
X-Say-Cacheable
X-Dispatch
X-Dispatcher-Server
Server-Host
X-Uri
Memory
Heartbleed
SS
X-Backend-State
Served-By
Pramga
SD-X-WS
Wxu-Next-Hostname
Pagetype
Web-Mar-Node
Kp-EeAlive
Wxu-Next-Commit
Wxu-Next-Region
Country-Code
Cache-Cookie-Set-Lfrom
X-Cdn-Forward
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-IPS-LoggedIn
X-GDPR
Resin-Trace
X-Policy
X-Page-Type
X-Wa
X-FPC
X-SERVER-NAME
UCS
ProcessTime
Powered-By-ChinaCache
REQUESTUUID
X-Servedbyhost
X-Service
X-Logtrace-Id
X-Var-Ttl
Ajk
X-HTML-Minification-Powered-By
Cache-Provider
X-JWT-State
X-Nc
Proxy-Firewall
X-Lb-Id
X-Is-Gdpr
X-Has-Esi
X-Geo
X-Ratelimit-Limit
X-Dc
X-Cache-Backend
X-VCL-Version
X-Datadome
X-NWS-UUID-VERIFY
X-Oss-Object-Type
Powered-By
X-Processor
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Tb-Optimization-Total-Bytes-Saved
X-Oss-Server-Time
X-Grey
X-Cache-Category-Id
Srv
X-Pjax-Url
X-Varnish-Beresp-Ttl
X-Cache-Ttl
X-ZONE
X-SRV
X-Be
X-Info
SN
GeoIP-City
X-TH-Server
GeoIP-Latitude
GeoIP-Country-Code
X-Svr
X-Server-ID
Fastly-Backend-Name
X-Cache-URL
X-Ruxit-Js-Agent
X-RateLimit-Reset
X-HS-Status
X-CDN-Forward
X-RCS-CacheZone
PICS-Label
X-Instart-Isnd
X-Webkit-Csp
X-Zone
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-Scheme
X-Ftr-Request-Id
X-SN
X-Newrelic-Synthetics
X-Varnish-Beresp-Status
X-Ttl
X-Varnish-Beresp-Grace
X-Dynatrace
Cdn
X-NodeID
GW-Server
X-Source
X-UA
Group
X-GRACE
X-Varnish-Url
CACHE
X-LAGOON
X-Pf-Uncompressing
CF-Cached-On
X-Check-Cacheable
X-Secret
X-Bc
X-EC-Lua
X-PF-Uncompressing
WZWS-RAY
X-Gannett-Site-Version
X-Varnish-Beresp-TTL
X-Sucuri-Id
Dynatrace
X-CDN-Cache
X-Varnish-Cacheable
On-Server
X-Dynatrace-Js-Agent
Cache-Host
LB
Ttl
X-LiteSpeed-Cache-Control
X-Server-W
X-NODE
X-GeoIP-Country-Code
X-Ftr-Cache-Host
User-Agent
X-APP
X-Tt-Trace-Host
Pics-Label
X-Ms-Version
X-Via-Ucdn
X-BC
Inserted-Into-Cache-At
X-Ratelimit-Remaining
X-Ms-Request-Id
Environment
X-Edge
X-BE
X-NU-AKA-ACS-Version
X-COUNTRY
XServer
GeoIp-Country-Code
Geoip-Latitude
Lfy
Geoip-City
X-Fastly-Country-Code
X-Cache-Debug
WWW
X-Session-Fingerprint
X-Aicache-OS
X-Crawler
X-Akamai-SSL-Client-Sid
X-URL
X-PJAX-URL
Who
MIME-Version
X-Trafficlayer-App-Name
X-Ftr-Realm
X-Ftr-Backend
X-Ftr-Balancer
X-Ftr-Backend-Server
X-Ftr-Dc
X-Trafficlayer-App-Scope
X-Agile-Id
Requestid
Ohc-Response-Time
X-Agile-Age
X-Fastly-Backend-Reqs
X-Render-Time
X-Agile
X-Mid
Cf-Ipcountry
X-FE
X-MCACHE
X-CSRF-Token
X-Vcl-Version
X-Varnish-Ttl
X-FORWARDED-FOR
M-TraceId
SID
X-LB-ID
Lb
Amp-Access-Control-Allow-Source-Origin
X-7Graus-Varnish-Cache-Control
X-Litespeed-Cache-Control
X-7Graus-Varnish-XKeys
URI
X-Micro-Cache
X-UPSTREAM-Address
X-Logging-Id
X-Served-From
X-Via-SSL
X-Via-Edge
X-Proxy-Cacherz
Xkeyrz
X-WR-MODIFICATION
X-Sedo-Request-Id
X-Cache-Miss-From
HostName
X-Cache-Tag
X-DSS
X-RSL
Host-ID
RequestUuid
X-DI
X-DW
X-RPS
X-Amzn-Remapped-Date
X-DB
X-Amzn-Remapped-Connection
X-Action
X-RPM
X-Cf-Powered-By
X-Correlation-ID
DataCenter
X-Core-Value
X-Protected-By
X-Fpc
X-Vct
X-Nananana
Xkeypdq
X-WA
X-ServedByHost
X-Flow-Id
X-Page-Impression-Id
X-Fastly-Cache-Hits
CDN
X-Zalando-Child-Request-Id
WebServer
X-Newrelic-App-Data
X-NGINX-Cache
X-Cdn-Request-ID
X-Ecache
X-Gdpr
FNAC-ModuleRouting
Cneonction
Correlation-Id
X-ND-Cache
X-SB
X-MID
X-TIME
X-VC
X-Dw-Trace-Id
Cdnsip
X-Vdms-Version
X-AK-Request-ID
X-Request-Url
Warning
X-Refresh
Cdncip
X-Via-NSCOPI
X-Swift-Error
X-Sucuri-Cache
X-Planisys-CDN-Cache
Xet-Cookie
X-Planisys-CDN-TTL
X-Serial
X-Planisys-CDN-Rules
X-Apw-Hits
X-ECache
Processtime
X-Unique-Id
HitType
X-ServerName
X-Bug-Bounty
X-Request-URL
Pragrma
X-Apw-Access-Token
X-Apw-Access-Object
V-Cache
X-MiniProfiler-Ids
X-Fe
X-Apw-Access-Action