Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Alt-Svc
X-Adblock-Key
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Age
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Id-2
X-Amz-Request-Id
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
EagleId
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
X-Request-ID
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Server-Id
X-WebKit-CSP
Feature-Policy
Server-Timing
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Host
X-Rq
Report-To
X-Ac
Content-Location
X-Node
X-Cnection
X-Backend-Server
X-OneAgent-JS-Injection
X-Response-Time
X-Cloud-Trace-Context
X-Origin-Cache
X-Application-Context
X-Readtime
Request-Id
Allow
EagleEye-TraceId
Surrogate-Control
X-Country
X-ORACLE-DMS-ECID
X-DynaTrace
X-Cdn
X-Cache-Lookup
X-Vhost
Pinterest-Generated-By
X-TTL
X-Url
X-Ua-Compatible
X-Rack-Cache
X-Clacks-Overhead
X-Origin-Upstream-Status
X-Dns-Prefetch-Control
X-FTR-Request-ID
Rating
NEL
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country-Code
X-Ruxit-JS-Agent
X-CST
X-ORACLE-DMS-RID
X-HW
X-Dispatcher
X-Goog-Hash
X-Instart-Request-ID
Fusion-Content-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Source
X-DataStream-Cache-Status
Edge-Control
X-TtlSet
X-Vname
X-PC
X-DataDome
X-Px
X-VARITI-CCR
Service-Worker-Allowed
Verso
X-Mod-Pagespeed
X-MS-InvokeApp
X-Recruiting
X-D2id
X-Varnish-TTL
SPRequestGuid
X-Cdn-Fetch
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-Use-Magma
X-GoogleNews-Bot
X-Exp-Id
X-Exp-Variant
X-Kinja-Server
RTSS
X-Vcap-Request-Id
DynaTrace
X-Amz-Server-Side-Encryption
TCN
X-SharePointHealthScore
X-Abt-Application-Version
X-Navigation-Version
X-GitHub-Request-Id
X-B3-TraceId
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Response
Display
X-Middleton-Response
X-Middleton-Display
X-Sol
X-Akam-SW-Version
X-Powered-By-Plesk
MS-Author-Via
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
Charset
Accept-Ch-Lifetime
X-RateLimit-Remaining
X-Shield-Request-Id
X-ESI
ServerID
Content-MD5
X-Amz-Rid
AR-ATIME
AR-CACHE
AR-PoweredBy
Ar-Sid
X-Forwarded-Proto
X-Trace
Realpath
X-Powered-CMS
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Generation
Nginx-Cache
X-DynaTrace-JS-Agent
X-Dw-Request-Base-Id
X-Version
X-Upstream
X-Cached
Fastly-Restarts
AR-Request-ID
Public-Key-Pins
X-Shard
X-Server-Name
Accept-Ch
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Mrf-Section-Lastmod
Access-Control-Request-Method
Pagespeed
Paypal-Debug-Id
X-MSEdge-Ref
X-Goog-Storage-Class
SPIisLatency
SPRequestDuration
X-Client-IP
X-Grace
S
X-Vcache
X-Debug
X-DataStream-MidMile-RTT
Accept-CH
X-DataStream-Origin-MEX-Latency
X-Id
X-FTR-Cache-Status
X-FTR-Expires
X-FTR-Balancer
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Backend
X-FTR-Realm
X-FTR-DC
X-Amz-Meta-S3cmd-Attrs
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Proxy
X-Ezoic-Cdn
X-N
X-Fastly-Request-ID
X-T
X-DIS-Request-ID
X-Amzn-Trace-Id
Arr-Disable-Session-Affinity
Front-End-Https
X-NF-Request-ID
X-Content-Type
MicrosoftSharePointTeamServices
X-Hits
X-FastCGI-Cache
X-B3-Sampled
X-FTR-Cache-Host
X-Ser
X-Varnish-Age
Arc-Version
Fastcgi-Cache
X-Mobile-Rewrite
X-Acc-Meta-Resource-Type
X-Frontend
PB-PID
PB-RID
Server-Name
Alternate-Protocol
X-Logged-In
X-Content-Digest
X-XRDS-Location
X-Correlation-Id
X-B3-Traceid
X-Srv
Nel
X-Pad
X-Cache-Key
X-Node-Name
X-Forwarded-For
X-Microsite
X-Request-Handler-Origin-Region
Host
Powered-By-ChinaCache
FilterID
X-Type
TP-L2-Cache
TP-Cache
X-Kinsta-Cache
Healthy
X-Rid
X-User-Agent
X-LB-Cache
AMP-Access-Control-Allow-Source-Origin
X-XRDS-LOCATION
X-Request-Processing-Time
X-Request-Received
X-IPLB-Instance
X-F-Cache
X-AOL-HN
Edge-Cache-Tag
X-Zen-Fury
X-Cached-By
X-Cache-2
X-VCache
X-Debug-Info
Powered
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Revision
Backend-Timing
X-Analytics
X-HS-Content-Id
X-Cache-Age
X-Esi
X-HS-Hub-Id
X-GUploader-UploadID
X-Cache-Rule
X-Hostname
X-Fastcgi-Cache
X-Kong-Upstream-Latency
X-Accel-Expires
X-Kong-Proxy-Latency
X-Via-JSL
X-Activity-Id
X-AppVersion
X-Az
Surrogate-Key
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Content-Security-Policy-Report-Only
X-Varnish-Backend
X-Instance
X-Page-Id
X-Amz-Replication-Status
X-Content-Options
X-Akamai-Edgescape
X-Cluster
X-FB-Debug
X-Request-Guid
X-Jobs
X-Tumblr-Pixel
X-Varnish-Grace
X-Content-Powered-By
X-Tumblr-User
X-Tumblr-Pixel-0
Cache-Status
X-PHP-Backend
X-BCube-Filmed-By
Source
Server-Node
X-TT
X-App-Environment
X-Framework
Refresh
Cleartype
X-Forwarded-Host
X-B-Cache
X-Signature
Liferay-Portal
X-FW-Hash
X-FW-Serve
X-FW-Server
X-FW-Type
X-Varnish-Hostname
X-FW-Static
X-RateLimit-Limit
X-ATG-Version
DC
Tracecode
Host-Header
WPE-Backend
Accept-Charset
X-Mobile
X-Cache-Action
X-Cache-Control
X-Cache-Operation
Accept-CH-Lifetime
X-Edge-Location
Access-Control-Allow-Method
X-Drupal-Cache-Tags
X-Time
Fastcgi-Useragent
X-Cache-Hit
X-APP-VERSION
Actual-Object-TTL
X-B
X-Accel-Buffering
X-Erf-Bev-Bev
X-Mobile-URL
X-Response-Served-From
X-Hp-Webp
X-Erf-Bev-Bev-Is-Generated
Payment
X-TX-ID
X-WA-Info
X-Whom
X-WebKit-CSP-Report-Only
X-Content-Age
X-Storage
X-NWS-LOG-UUID
X-Yottaa-Optimizations
X-Git-Hash
Upgrade-Insecure-Requests
X-Yottaa-Metrics
Filters
Cache-Tv-Group
NGB
X-UA-Device-Type
X-App-Server
X-TT-TIMESTAMP
X-SS-Set-Cookie
X-Tumblr-Pixel-1
X-Cacheable-TTL
X-Tumblr-Pixel-2
Eomportal-Instance
X-Adobe-Content
X-Status
X-Adobe-Loc
X-GeoIP
Cache
X-RequestSource
X-ProcessESI
X-Handled-By
X-RemovedCookies
Xserver
Viewport
X-VG-WebCache
Cache-Tag
X-Geo-Country
X-Cache-TTL
X-Ratelimit-Limit
Datacenter
Retry-After
X-Server-ID
Webserver
X-Cache-TTL-Remaining
X-Ratelimit-Reset
X-FW-Dynamic
X-TA-CDN-Provider
Server-Info
MS-CV
X-FB-TRIP-ID
X-Cache-Enabled
X-Seen-By
X-Presslabs-Stats
X-Oracle-Dms-Rid
X-Oneagent-Js-Injection
X-Host-Name
X-Webkit-Csp
X-Contextid
X-Guploader-Uploadid
Frame-Options
X-Generated-By
X-Origin-Server
X-RTag
X-Hyper-Cache
S-Cnection
Ms-Operation-Id
From-Origin
X-PressLabs-Stats
Country
X-Mode
X-ES-SERVER
X-B3-Spanid
X-Cache-Var-Map
Machine
Load-Balancing
X-Path-Route
X-Tumblr-Pixel-3
X-Cache-Var
X-RN-RSRV
Meta-Geo
X-Upstream-HT
X-Upstream-CT
X-Routing-Service
X-Cache-Grace
X-Section
X-Cache-Config
Vix-Hermes-Req-Id
X-Zipkin-Id
X-Proxied
X-Hit
X-Access
Cache-Key
X-CF-Powered-By
X-OCL
X-PCL
Decoy-Debug-TTL
X-From
Decoy-Debug-Key
Decoy-Debug-Status
X-Upgrade-Enabled
X-Varnish-Cache-Hits
X-RCS-CacheZone
Now
X-Viewer-Country
X-Cache-Host
X-MP-GENERATED-AT
X-Backend-Name
X-Labrador-Cache-Channel
X-Via-Fastly
X-CCM
X-Alternate-Cache-Key
Mn-Server-Ip
ServedBy
X-Debug-Cache
X-AWS-Id
X-ShopId
X-EIG-Tracking-Id
X-R9-Blue-Green-Version
X-Sorting-Hat-PodId
X-VWS-Id
X-Shopify-Stage
X-Loop
X-Magnolia-Registration
X-TNCMS
X-Region
X-ShardId
X-Rule
X-LJ-Flow-ID
X-Sorting-Hat-ShopId
X-Human
X-Endurance-Cache-Level
X-Varnish-Server
X-Environment-Context
X-L-Path
X-Web-Node
Mail-Subject
X-S
X-NCache
X-Origin-Response-Time
X-Rendered-As
X-Proto
GEO-INFO
X-Cluster-Node
X-VG-TLSProxy
We-Hiring
X-Akamai-Request-ID
X-Timing-Wait
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated
X-Proxy-Build
X-Xfnlog-Site
X-JoinUs
Rt-Fastcgi-Cache
X-Varnish-Hits
Cache-Name
Akamai-GRN
DSUID
DB-Nickname
X-Drupal-Cache-Contexts
Release
OT-Force-Account-Verify
X-FC-Vary-Parameters
X-Hosted-By
X-Trace-Id
Version
X-Device-Type
X-Locale
X-Site-Version
Uber-Trace-Id
X-Nginx-Cache
X-ProxyCache-Status
X-Www-Served-By
X-BYPASS-REASON
X-ProxyCache-Key
Cteonnt-Length
SRV
NGX
X-VCT
X-Request-Time
ProcessTime
X-Load-Cache
X-NewRelic-App-Data
X-Redis-Cache
X-IP
X-UUID
X-Dc
X-Time-Microsecs
X-Via-CDN
Time
Azure-InstanceId
X-Origin
Azure-Version
Azure-RegionName
Azure-SiteName
Azure-SlotName
X-Platform-Server
X-FW-Version
X-Cache-NE
S-Rt
X-EdgeConnect-Cache-Status
X-ECACHE
X-Daa-Tunnel
Webcakes-App-Version
X-Origin-Hint
Webcakes-Region
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-Connection-Speed
Property-Id
Webcakes-App-Name
TWC-GeoIP-Country
TWC-Locale-Group
TWC-Privacy
X-Akamai-Request-ID2
CACHE
X-Wix-Request-Id
X-Rocket-Nginx-Bypass
NtCoent-Length
X-Hl-Ver
X-MServer
X-No-Session
X-FireWall-Port
X-Proxy
X-IPS-LoggedIn
X-ServerID
X-Vgn-Hpd-Reason
X-Cache-Remote
Origin
X-CDN-Forward
X-GEO
X-UA
X-Distributor
X-PERF
X-ApacheServer
X-Akamai-Transformed
Odigeo-Trace-Id
X-Cache-Server
X-Format
X-RateLimit-Reset
X-CS
Fastly-SSL
X-HTML-Minification-Powered-By
X-Cache-Backend
Ec-Rule-Version
L5d-Success-Class
Cache-Tags
X-Compress-Hint
X-Real-IP
Access-Control-Request-Headers
X-Microcachable
X-UnsetCookies
LB
X-Pubstack
X-SERVER-NAME
X-Unique-ID
Hostname
Origin-Cache-Control
Accept-Language
Origin-Edge-Control
X-Tb
Fastcgi-X-Cache-Version
X-BACKEND-TTL
Served-By
X-B3-Parentspanid
X-Ratelimit-Remaining
X-Varnish-Cacheable
GEO-REGION-INFO
Meta-Geo-Continent
MD5-Digest
Cdn-Host
Arc-Country
AsisCache
Cdn-Request-Time
Cross-Origin-Window-Policy
Content-Style-Type
Mobile-Detection-Method
Content-Script-Type
Fly-Cache
Cache-Prefix
Cache-Cookie-Set-From
BehaviorPad-Version
A
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
ServerName
Fly-Request-Id
X-Cache-Bucket
X-NU-AKA-ACS-Version
X-Is-Bot
X-Org
X-PAYTM-SRV-ID
X-Request-UUID
X-Region-Sid
X-Instart-Info
X-IN-APIGATEWAY
X-DPWN-IS-SECURE
X-Developer
X-Edge-Server
X-External-Request-Id
X-G
X-Rewrite-Enabled
X-Rojux
X-Varnish-Url
X-Twitter-Response-Tags
X-VG-WebServer
X-Vtex-Processado-Em
Xc-Version
X-Vtex-Remote-Cache
X-Trv-Group
X-Transaction
X-S-Maxage
X-S-Cookie
X-ScT
X-Server-Time
X-SRCache-Key
X-Detected-As
X-Destination
VivaBuild
Viewtype
X-A
X-A-Ccd
X-A-Dgt
X-A-Dcw
Server-ID
Rt-Proxy-Cache
Rendered-Blocks
Proxy-Firewall
Request-Country
Request-EU
Request-Time
X-A-Wwc
X-Accel-Expires-Debug
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Cluster-Name
X-Connection-Hash
X-Date
X-D
X-Cdn-Srv
X-B-Cookie
X-AIR-PT
X-Aed
X-App-Name
X-Application
X-ARC
Node
X-A-Dam
X-Edge
Proxy-Connection
X-Nc
IBM-Web2-Location
X-Cache-Category-Id
X-Grey
X-ElasticPress-Search
HA-Ipaddr
X-Cache-Info
Memcached
X-Cache-Id
X-Backend-State
Gh-Request-Id
Fastly-SWR
Fastly-SIE
X-CGP
X-Internal-Host
X-Cdn-Origin
X-Sn-Servicetimems
Ha-Gx-Prefs
X-NX-Host
X-Eu-Site
RNT-Time
Server-Int
X-Request-URI
True-Client-Country-4JS
W
RNT-Machine
Resin-Trace
Esi-Enabled
X-Nginx-Cache-Key
X-PHP-Host
X-ServiceProvider
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Location
Backend-Name
X-Debug-Log
Apple-News-Services-Request-Url
X-Level-Front-Cache
X-Generated-On
REQUESTUUID
X-Debug-Cookies
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Fastly-Cache
X-Epic-Correlation-Id
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
Apple-News-Services-Handled
X-Developers
X-C
X-Geo-Header
X-Worker
X-Core-Mission
X-GeoIP-Country-Code
AKAMAI
X-Powered-By-Defense
X-NC
X-HS-Cache-Config
X-Clara-WADP
X-Dispatch
X-Reboot
X-Device-Os
X-Gen-Mode
X-Gannett-Site-Version
X-Cache-FS-Status
X-Dispatcher-Server
Web-Mar-Node
V-Age
User-Cache-Control
X-HS-Combine-CSS
X-Reqid
X-Cms-Context
X-Distil-CS
X-Fetched-On
X-Generation-Time
X-Qloud-Router
X-Key
X-LI-Proto
X-Clientip
X-BBXSRF
X-Li-Pop
X-Block-Status
X-CDN-Cache
X-Auto-Login
X-LI-UUID
X-GeoIP-City
X-Hnp-Log
X-Processor
X-Hash
X-Irp-Debug
X-Request-Start
X-Amz-Meta-Cache-Control
X-Li-Fabric
SD-X-WS
X-SIPLIST1
X-Amzn-Remapped-Content-Length
Platform
X-WADP-Cache
Content-Disposition
X-Variation
CDCHOST
Selected-Fe
PFcat
N-Cache
X-TH-Server
X-Via-NSCOPI
Countrycode
Country-Code
On-Server
X-Skip-Cache
UCS
X-Method
X-Response-By
X-Served-From
SS
Fastly-Soc-X-Request-Id
X-We-Are-Hiring
X-WebServer
Server-Host
X-Wikidot-Backend
X-Secret
Adler-Geo
X-SD-PageType
Section-Io-Cache
IsBot
X-Wikidot-Static-Cache
Is-Eu
X-Webstats-RespID
X-Crawler
X-Thanos
X-FPC
X-TrackingId
X-Swa-Ws
X-Proxy-Upstream
X-Bip
X-Owner
X-Proxy-Cache-Status
L
X-VC-Cache
X-Server-IP
X-Servername
Pramga
X-VServer
Wxu-Next-Region
Thinkindot-CacheControl-Type
X-Release
Who
Wxu-Next-Commit
Wxu-Next-Hostname
Thinkindot-Control
X-Origin-Expires
X-Via-Edge
X-Via-SSL
Heartbleed
GW-Server
X-Thinkindot-L3
X-Azure-Ref-OriginShield
X-Origin-Date
Powered-By
X-Matched-Rule
X-Azure-Ref
Thinkindot-CacheControl
X-Varnish-Ttl
Mime-Version
Kp-EeAlive
X-OVcl-Cache
X-FE
X-OVcl
X-CUA
X-CLOUD-TRACE-CONTEXT
X-Parent-Response-Time
Locale
X-Urbn-Context-Path
CF-IPCountry
X-Urbn-Site-Id
X-ND-Cache
PageSpeed
X-Pf-Uncompressing
Magicmarker
X-Ua
X-LAGOON
X-Protected-By
User-Agent
X-Varnish-Beresp-Ttl
X-Geo
X-Fstrz
X-ABtesting
Memory
Pragrma
X-Flog
X-Hello
X-Ruxit-Js-Agent
X-Origin-CC
X-Origin-TTL
X-Be
Pagetype
X-B3-SpanId
X-Zone
X-Page-Type
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-URL
X-Ttl
X-Generated-In
X-Backend-Host
X-Backend-Url
X-Cache-Ttl
X-Dynatrace-Js-Agent
X-User
X-Phone
X-MSEdge-Features
X-Core-Value
X-IN-WAF
X-Tt-Trace-Tag
X-MSEdge-Flight
X-GoCache-CacheStatus
X-Cdn-Forward
X-Debug-Cache-Fetch
X-Backend-TTL
X-Newrelic-Synthetics
X-Up
X-Debug-Cache-Expiry
X-Debug-Cache-Store
X-DC
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Soup
GeoIp-Country-Code
Geoip-Latitude
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Server-Time
Geoip-City
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-TT-LOGID
Amp-Access-Control-Allow-Source-Origin
X-Litespeed-Cache
X-Check-Cacheable
X-Birta-Served
X-Birta-Cache-Post
Cdn
SN
X-Info
Cache-Hits
X-Varnish-IP
X-Say-TTL
X-Say-Cacheable
X-Real-Ip
X-Servedbyhost
X-Old-Content-Length
X-SayCDN-TTL
X-MID
HitType
Selected-FE
X-Mid
X-HS-Status
X-Vcl-Version
X-Datadome
X-ZONE
X-GRACE
X-Akamai-SSL-Client-Sid
X-Aicache-OS
X-Tb-Optimization-Total-Bytes-Saved
FSS-Proxy
X-Bc
FSS-Cache
X-VCL-Version
X-Amzn-Remapped-Connection
CF-Cached-On
X-Agile
Srv
X-Refresh
X-Cache-Time
X-Cache-Debug
X-Amzn-Remapped-Date
Fastly-Backend-Name
X-ServedByHost
X-Agile-Age
Inserted-Into-Cache-At
X-Agile-Id
Server-Cache-Control
X-Cache-ASPX
Server-Surrogate-Control
X-Contensis-Viewer-Groups
X-App-Version
X-IN-APIGATEWAYSSL
X-Logtrace-Id
WZWS-RAY
Ajk
X-Varnish-Authentication
X-Node-Id
X-Source
HostName
X-CSRF-TOKEN
X-EC-Lua
X-CSRF-Token
RequestId
X-UPSTREAM-Address
XServer
GeoIP-Country-Code
X-COUNTRY
X-Via-Ucdn
X-Web-Server
X-FORWARDED-FOR
X-Nananana
GeoIP-Latitude
X-APP
X-RateLimit-Remaining-Second
GeoIP-City
X-RateLimit-Limit-Second
X-BC
Cf-Ipcountry
X-Wa
X-TIME
X-Proxy-Cacherz
X-WR-MODIFICATION
X-ECache
X-NWS-UUID-VERIFY
Xkeyrz
X-Varnish-Beresp-TTL
WebServer
Group
T-Server
Ohc-File-Size
Ohc-Cache-HIT
X-LiteSpeed-Cache-Control
X-Cache-Tag
X-CACHE-KEY
X-SRV
PICS-Label
X-LB-ID
Is-Session-Tracking
Get-Access-Time
URI
X-Unique-Id
Xkeynj
X-Fastly-Country-Code
X-BE
X-Micro-Cache
X-Render-Time
HTTPS
X-GDPR
X-PAGE-TYPE
X-PJAX-URL
X-Cache-Miss-From
Backend
Www
X-SN
X-Sedo-Request-Id
X-Edge-IP
X-Requestid
X-MCACHE
MIME-Version
X-Request-Url
SID
X-Pjax-Url
X-Instart-Isnd
CDN
Pics-Label
X-Policy
X-Fastly-Backend-Reqs
X-Uri
Xet-Cookie
DataCenter
Lb
Host-ID
X-Apw-Access-Token
Cneonction
X-Swift-Error
X-Vct
X-Lb-Id
X-Apw-Access-Action
X-Apw-Hits
X-Cache-Expires
X-Apw-Access-Object
Requestid
X-NGINX-Cache
X-Dw-Trace-Id
X-HostName
X-Ecache
X-ServerName
X-Cf-Powered-By
Correlation-Id
X-WA
Cache-Provider
X-Service
X-Cdn-Request-ID
X-Newrelic-App-Data
X-Flow-Id
X-Serial
X-Fastly-Cache-Hits
X-Varnish-Action
X-Page-Impression-Id
X-Akamai-ERPolicy
Epwk-Cache
X-Bug-Bounty
X-DI
X-DB
X-DSS
X-DW
X-RPS
X-RSL
X-Fpc
Lfy
X-RPM
X-Zalando-Child-Request-Id
X-PF-Uncompressing
Warning
X-Akamai-ERRuleID
X-WPE-Loopback-Upstream-Addr
X-Html-Edge-Cache