Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
X-Drupal-Cache
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
P3p
X-Template
Status
X-Language
Timing-Allow-Origin
Content-Encoding
X-Content-Security-Policy
X-Iinfo
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-Turbo-Charged-By
X-CDN
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Age
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Amz-Request-Id
X-Amz-Id-2
X-Pingback
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
X-Server-Powered-By
EagleId
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
X-WebKit-CSP
Ali-Swift-Global-Savetime
Feature-Policy
X-Device
Server-Timing
X-Server-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Host
Report-To
X-Ac
X-Rq
Content-Location
X-Node
X-OneAgent-JS-Injection
X-Backend-Server
X-Cnection
X-Response-Time
X-Origin-Cache
X-Cloud-Trace-Context
X-Application-Context
EagleEye-TraceId
Allow
Request-Id
X-Readtime
Surrogate-Control
X-Cache-Lookup
X-ORACLE-DMS-ECID
X-Country
X-Cdn
X-TTL
X-DynaTrace
X-Vhost
Pinterest-Generated-By
X-Ua-Compatible
X-Rack-Cache
X-Clacks-Overhead
X-Url
X-Origin-Upstream-Status
X-Ruxit-JS-Agent
NEL
X-CST
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Rating
X-FTR-Request-ID
X-ORACLE-DMS-RID
X-Country-Code
X-HW
X-Goog-Hash
X-Instart-Request-ID
X-Dispatcher
Fusion-Content-Id
Fusion-Component-Id
Fusion-Source
Fusion-Content-Source
Fusion-Template-Id
X-DataStream-Cache-Status
Edge-Control
X-PC
X-Vname
X-Px
X-TtlSet
X-VARITI-CCR
Service-Worker-Allowed
X-DataDome
X-MS-InvokeApp
X-Mod-Pagespeed
X-Request-ID
X-Dns-Prefetch-Control
SPRequestGuid
Verso
X-Recruiting
X-Cdn-Fetch
X-Exp-Variant
X-GoogleNews-Bot
X-D2id
X-Exp-Id
X-Kinja
X-Kinja-Server
X-Kinja-Build
X-Use-Magma
X-Kinja-Revision
X-Varnish-TTL
X-Vcap-Request-Id
X-SharePointHealthScore
RTSS
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
TCN
DynaTrace
X-Navigation-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Powered-By-Plesk
X-GitHub-Request-Id
X-RateLimit-Remaining
Display
X-Middleton-Response
X-Sol
Response
X-Middleton-Display
X-B3-TraceId
X-ESI
X-Akam-SW-Version
Content-MD5
Charset
X-Server-Name
MS-Author-Via
AR-PoweredBy
Ar-Sid
AR-CACHE
AR-ATIME
X-Trace
X-Shield-Request-Id
ServerID
X-Amz-Rid
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
Accept-Ch-Lifetime
Realpath
X-Dw-Request-Base-Id
X-Powered-CMS
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Generation
AR-Request-ID
X-Cached
Nginx-Cache
X-Forwarded-Proto
X-Version
X-DynaTrace-JS-Agent
X-Shard
Fastly-Restarts
X-Upstream
Accept-Ch
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Public-Key-Pins
SPRequestDuration
SPIisLatency
Paypal-Debug-Id
X-Goog-Storage-Class
X-MSEdge-Ref
Access-Control-Request-Method
X-Client-IP
X-Upstream-Proxy
Pinterest-Version
X-Pinterest-Rid
Pagespeed
S
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Debug
X-Amz-Meta-S3cmd-Attrs
Accept-CH
X-Id
X-Ezoic-Cdn
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-DC
X-Grace
X-FTR-Realm
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-Expires
X-N
X-T
X-DIS-Request-ID
X-Fastly-Request-ID
MicrosoftSharePointTeamServices
Arr-Disable-Session-Affinity
X-Amzn-Trace-Id
Front-End-Https
X-NF-Request-ID
X-Content-Type
X-Hits
X-Vcache
X-Ser
X-XRDS-Location
X-Varnish-Age
X-B3-Sampled
X-Mobile-Rewrite
Arc-Version
PB-PID
PB-RID
Alternate-Protocol
X-Server-ID
X-Acc-Meta-Resource-Type
Fastcgi-Cache
X-FTR-Cache-Host
X-Frontend
X-FastCGI-Cache
Server-Name
X-Logged-In
X-Content-Digest
X-Srv
X-VCache
X-Pad
X-Correlation-Id
Nel
Host
X-B3-Traceid
X-Forwarded-For
Powered-By-ChinaCache
AMP-Access-Control-Allow-Source-Origin
X-Node-Name
X-Microsite
X-Request-Handler-Origin-Region
FilterID
Healthy
TP-Cache
TP-L2-Cache
X-Rid
X-Type
Edge-Cache-Tag
X-IPLB-Instance
X-Debug-Info
X-Request-Received
X-Cache-Key
X-LB-Cache
X-Request-Processing-Time
X-AOL-HN
X-Kinsta-Cache
X-User-Agent
X-Cached-By
X-Fastcgi-Cache
X-Cache-2
X-GUploader-UploadID
X-F-Cache
X-Revision
X-Hostname
X-XRDS-LOCATION
X-Zen-Fury
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Cache-Rule
X-HS-Content-Id
X-HS-Hub-Id
Powered
Surrogate-Key
Backend-Timing
X-Analytics
X-Accel-Expires
X-Cache-Age
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-AppVersion
X-Az
X-Activity-Id
X-RateLimit-Limit
X-Varnish-Backend
X-Content-Security-Policy-Report-Only
X-BCube-Filmed-By
X-Varnish-Grace
X-Instance
X-Content-Options
X-Page-Id
X-FB-Debug
X-Tumblr-Pixel-0
X-Tumblr-Pixel
VIX-Pulpo-Upstream-Status
X-Tumblr-User
VIX-Pulpo-Node
Source
X-Via-JSL
X-Cluster
X-Amz-Replication-Status
X-App-Environment
X-PHP-Backend
X-Akamai-Edgescape
Cache-Status
X-Request-Guid
X-Content-Powered-By
X-Jobs
X-TT
X-Framework
Cleartype
Server-Node
Refresh
X-Varnish-Hostname
Tracecode
X-Forwarded-Host
X-Esi
WPE-Backend
X-Signature
X-B-Cache
X-FW-Server
X-FW-Hash
X-ATG-Version
X-FW-Static
X-FW-Serve
X-FW-Type
Host-Header
X-Mobile
Liferay-Portal
X-Cache-Operation
DC
X-Cache-Control
X-Time
Accept-Charset
X-Edge-Location
X-NWS-LOG-UUID
Actual-Object-TTL
X-Cache-Action
X-Drupal-Cache-Tags
Accept-CH-Lifetime
Access-Control-Allow-Method
X-Cache-TTL
Fastcgi-Useragent
X-Cache-Hit
Upgrade-Insecure-Requests
X-Response-Served-From
X-Hp-Webp
X-Accel-Buffering
X-Mobile-URL
X-Storage
X-App-Server
X-TX-ID
X-Whom
X-UA-Device-Type
Payment
X-SS-Set-Cookie
X-B
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-WebKit-CSP-Report-Only
X-Handled-By
X-Content-Age
X-TT-TIMESTAMP
X-Erf-Bev-Bev-Is-Generated
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-RequestSource
Filters
X-GeoIP
X-Git-Hash
X-Erf-Bev-Bev
X-Cacheable-TTL
Cache-Tv-Group
Eomportal-Instance
X-VG-WebCache
X-Adobe-Content
X-Adobe-Loc
X-WA-Info
X-ProcessESI
Cache
X-RemovedCookies
Viewport
X-Geo-Country
X-Status
X-APP-VERSION
Xserver
Server-Info
NGB
Cache-Tag
X-FB-TRIP-ID
Webserver
X-Presslabs-Stats
X-Cache-TTL-Remaining
Datacenter
X-Ratelimit-Reset
X-Cache-Enabled
Retry-After
X-TA-CDN-Provider
X-FW-Dynamic
X-Ratelimit-Limit
X-Seen-By
X-Contextid
S-Cnection
X-Host-Name
X-Origin-Server
MS-CV
Country
X-Mode
From-Origin
Frame-Options
X-Tumblr-Pixel-3
X-VWS-Id
X-AWS-Id
Load-Balancing
X-Hyper-Cache
X-Generated-By
X-LJ-Flow-ID
X-ES-SERVER
Meta-Geo
Machine
X-Cache-Var
X-Cache-Var-Map
X-Path-Route
X-CF-Powered-By
X-RN-RSRV
X-Cache-Host
X-Varnish-Hits
X-Zipkin-Id
X-Varnish-Cache-Hits
X-Proxied
Cache-Key
Ms-Operation-Id
X-Routing-Service
Mail-Subject
X-Upstream-HT
X-Upstream-CT
X-Human
We-Hiring
X-Cache-Grace
X-Labrador-Cache-Channel
X-Cache-Config
X-RTag
Release
X-From
X-Guploader-Uploadid
X-Backend-Name
X-Upgrade-Enabled
X-Varnish-Server
DSUID
Decoy-Debug-TTL
X-Device-Type
X-EIG-Tracking-Id
X-Debug-Cache
Decoy-Debug-Key
Decoy-Debug-Status
X-Hit
Mn-Server-Ip
X-PCL
X-MP-GENERATED-AT
X-Access
X-Section
X-Magnolia-Registration
ServedBy
X-Rendered-As
X-OCL
Uber-Trace-Id
X-Viewer-Country
X-Web-Node
GEO-INFO
Vix-Hermes-Req-Id
X-Loop
X-Endurance-Cache-Level
X-L-Path
X-Environment-Context
X-Alternate-Cache-Key
Now
OT-Force-Account-Verify
X-Akamai-Request-ID
Rt-Fastcgi-Cache
X-CCM
X-BYPASS-REASON
Akamai-GRN
X-Origin-Response-Time
X-ProxyCache-Status
X-Shopify-Stage
X-RCS-CacheZone
X-ShopId
X-Proto
X-ShardId
X-ProxyCache-Key
X-Sorting-Hat-PodId
X-Daa-Tunnel
X-R9-Blue-Green-Version
X-TNCMS
X-VG-TLSProxy
X-Sorting-Hat-ShopId
X-Cluster-Node
X-Xfnlog-Site
X-S
X-Via-Fastly
DB-Nickname
X-NCache
X-Rule
Cache-Name
X-Hosted-By
X-Goog-Meta-Goog-Reserved-File-Mtime
X-FC-Vary-Parameters
X-Region
X-PressLabs-Stats
X-VCT
NGX
X-Trace-Id
X-Drupal-Cache-Contexts
X-Redis-Cache
X-B3-Spanid
X-Locale
X-Www-Served-By
X-JoinUs
X-Site-Version
X-Generated
X-Timing-Wait
X-Proxy-Build
X-Platform-Server
X-UUID
X-Load-Cache
X-Cache-NE
Cteonnt-Length
X-Nginx-Cache
X-MServer
ProcessTime
X-EdgeConnect-Cache-Status
X-NewRelic-App-Data
X-ECACHE
X-Oracle-Dms-Rid
X-Cache-Remote
X-Hl-Ver
SRV
X-ServerID
X-Request-Time
X-IP
Time
X-Time-Microsecs
X-Vgn-Hpd-Reason
CACHE
X-Real-IP
X-Dc
X-Rocket-Nginx-Bypass
X-IPS-LoggedIn
X-Via-CDN
Azure-InstanceId
X-GEO
Version
Azure-RegionName
S-Rt
X-Origin
X-FW-Version
Azure-Version
Azure-SlotName
X-RateLimit-Reset
Azure-SiteName
X-Wix-Request-Id
Webcakes-App-Name
Webcakes-App-Version
X-Origin-Hint
TWC-Privacy
Webcakes-Region
TWC-Locale-Group
TWC-Connection-Speed
Property-Id
TWC-GeoIP-Country
TWC-Device-Class
TWC-GeoIP-LatLong
X-UA
X-Proxy
Origin
NtCoent-Length
L5d-Success-Class
X-No-Session
X-FireWall-Port
X-Oneagent-Js-Injection
X-Distributor
Served-By
X-Cache-Backend
Fastly-SSL
X-Unique-ID
X-Akamai-Transformed
X-Microcachable
X-Cache-Server
Odigeo-Trace-Id
X-Pubstack
X-ApacheServer
Origin-Edge-Control
Origin-Cache-Control
X-PERF
X-Akamai-Request-ID2
X-Format
X-Webkit-Csp
Fastcgi-X-Cache-Version
IBM-Web2-Location
X-Edge
X-Powered-By-Defense
X-Cache-Category-Id
X-Grey
X-CDN-Forward
X-CS
X-HTML-Minification-Powered-By
X-Compress-Hint
Ec-Rule-Version
X-Detected-As
X-Via-NSCOPI
Hostname
Proxy-Connection
X-BACKEND-TTL
Access-Control-Request-Headers
X-Is-Bot
Cache-Tags
X-UnsetCookies
X-NC
Backend-Name
X-Varnish-Cacheable
Cache-Cookie-Set-Idcheck
X-DPWN-IS-SECURE
Content-Style-Type
Cache-Cookie-Set-From
Request-Country
Cross-Origin-Window-Policy
Arc-Country
X-Developer
X-Debug-Log
X-Debug-Cookies
Cdn-Host
X-Instart-Info
X-Destination
X-Edge-Server
Content-Script-Type
Cdn-Request-Time
Cache-Prefix
X-IN-APIGATEWAY
BehaviorPad-Version
Fly-Request-Id
Fly-Cache
AsisCache
Meta-Geo-Continent
GEO-REGION-INFO
HA-Ipaddr
MD5-Digest
X-HS-Cache-Config
Mobile-Detection-Method
Cache-Cookie-Set-Lfrom
X-HS-Combine-CSS
Fastly-SIE
Ha-Gx-Prefs
X-External-Request-Id
Rendered-Blocks
Node
Fastly-SWR
Proxy-Firewall
X-Eu-Site
Request-EU
X-Rebelmouse-Surrogate-Control
X-AIR-PT
X-App-Name
X-Application
X-Twitter-Response-Tags
X-VG-WebServer
X-Vtex-Processado-Em
X-CGP
X-Accel-Expires-Debug
X-Aed
X-Vtex-Remote-Cache
X-Rebelmouse-Cache-Control
A
X-ARC
X-CF-Lambda-Fn
X-Request-UUID
X-Server-Time
X-Rewrite-Enabled
X-ScT
X-CF-Lambda-Version
X-SRCache-Key
X-Region-Sid
X-Cache-Bucket
X-Trv-Group
X-B-Cookie
X-Transaction
X-G
X-Cluster-Name
Server-ID
Rt-Proxy-Cache
X-D
ServerName
Viewtype
X-S-Cookie
X-PAYTM-SRV-ID
X-NX-Host
X-NU-AKA-ACS-Version
X-Date
X-Org
X-S-Maxage
X-Rojux
VivaBuild
X-Worker
Xc-Version
X-Processor
X-A-Dgt
X-A-Wwc
X-Cdn-Srv
X-A-Dcw
X-A
X-Connection-Hash
X-A-Ccd
X-A-Dam
X-Internal-Host
Request-Time
LB
X-URL
X-Tb
PageSpeed
X-ElasticPress-Search
X-B3-Parentspanid
Section-Io-Cache
X-Dispatch
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
X-ServiceProvider
Is-Eu
X-C
Server-Host
Server-Int
X-Fastly-Cache
X-Epic-Correlation-Id
X-Dispatcher-Server
RNT-Time
RNT-Machine
Platform
X-Cache-Id
X-Server-IP
X-Backend-State
X-We-Are-Hiring
On-Server
X-Cache-Info
X-Generated-On
Resin-Trace
X-Cdn-Origin
X-Qloud-Router
Memcached
X-Skip-Cache
Apple-News-Services-Host
True-Client-Country-4JS
X-TH-Server
X-Key
X-Location
X-Variation
Apple-News-Services-Request-Url
X-PHP-Host
Adler-Geo
X-Nginx-Cache-Key
X-Irp-Debug
X-Level-Front-Cache
X-Geo-Header
SS
X-GeoIP-Country-Code
Esi-Enabled
X-Reqid
X-Request-URI
X-Sn-Servicetimems
Accept-Language
Who
X-SIPLIST1
X-Servername
X-SVT-ORM-RULES
Wxu-Next-Region
X-BBXSRF
X-Swa-Ws
Wxu-Next-Hostname
X-Amz-Meta-Cache-Control
Wxu-Next-Commit
X-Core-Mission
X-Response-By
X-Li-Fabric
X-Hnp-Log
X-Hash
X-Generation-Time
X-Li-Pop
X-LI-Proto
X-Reboot
X-ND-Cache
X-Method
X-LI-UUID
X-Gen-Mode
X-Gannett-Site-Version
X-Served-From
X-Secret
X-CDN-Cache
X-Cache-FS-Status
X-Nc
X-SD-PageType
X-Clientip
X-FPC
X-Fetched-On
X-Device-Os
Web-Mar-Node
X-Block-Status
X-SVT-ORM-VERSION
Mime-Version
IsBot
PFcat
X-Wikidot-Static-Cache
X-Wikidot-Backend
SD-X-WS
Content-Disposition
REQUESTUUID
CDCHOST
X-Developers
Country-Code
UCS
User-Cache-Control
V-Age
Pramga
Gh-Request-Id
Countrycode
X-Webstats-RespID
AKAMAI
W
X-Datadome
X-Varnish-Url
X-Request-Start
Fastly-Soc-X-Request-Id
X-Ua
X-Distil-CS
GW-Server
X-CUA
X-Crawler
Powered-By
X-Cms-Context
X-GeoIP-City
X-Clara-WADP
X-WebServer
X-Thinkindot-L3
X-Release
X-Via-Edge
X-Owner
Thinkindot-CacheControl
X-Protected-By
Thinkindot-Control
X-Matched-Rule
X-Via-SSL
X-WADP-Cache
Heartbleed
X-VServer
X-Azure-Ref-OriginShield
X-Auto-Login
X-Azure-Ref
Thinkindot-CacheControl-Type
X-Parent-Response-Time
X-Varnish-Ttl
CF-IPCountry
X-Origin-Date
X-Origin-Expires
X-OVcl-Cache
X-OVcl
X-Fstrz
L
X-Bip
X-CLOUD-TRACE-CONTEXT
X-VC-Cache
X-Thanos
X-Dynatrace-Js-Agent
Pragrma
N-Cache
X-Proxy-Upstream
X-Ratelimit-Remaining
X-Proxy-Cache-Status
Memory
Kp-EeAlive
X-Planisys-CDN-TTL
X-Amzn-Remapped-Content-Length
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-LAGOON
X-Cdn-Forward
X-GRACE
X-Origin-CC
X-Varnish-Beresp-Ttl
X-Be
X-Origin-TTL
User-Agent
X-TrackingId
X-Core-Value
X-Pf-Uncompressing
X-FE
X-Phone
X-B3-SpanId
X-IN-WAF
X-Urbn-Site-Id
X-SERVER-NAME
Locale
X-Urbn-Context-Path
Magicmarker
X-Page-Type
Selected-Fe
X-Birta-Cache-Post
X-Birta-Served
X-Zone
X-Geo
X-Ttl
X-Info
X-DC
X-Varnish-IP
Pagetype
Selected-FE
X-Hello
X-Varnish-Beresp-Status
X-ABtesting
X-Flog
HitType
X-Varnish-Beresp-Grace
X-COUNTRY
X-Generated-In
X-User
X-Backend-TTL
GeoIp-Country-Code
Geoip-Latitude
Geoip-City
Cdn
X-Newrelic-Synthetics
X-TT-LOGID
X-Backend-Url
X-Backend-Host
X-Litespeed-Cache
X-MSEdge-Features
X-Servedbyhost
X-Up
SN
X-Soup
X-Tt-Trace-Tag
X-MSEdge-Flight
X-Debug-Cache-Store
X-GoCache-CacheStatus
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-App-Version
X-Source
X-MID
X-Mid
X-Agile-Age
X-Agile
X-Real-Ip
CF-Cached-On
X-Agile-Id
X-Refresh
X-Cache-Debug
X-Web-Server
X-Check-Cacheable
X-VCL-Version
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-HS-Status
X-Oss-Storage-Class
X-Oss-Server-Time
X-Aicache-OS
Amp-Access-Control-Allow-Source-Origin
X-Ruxit-Js-Agent
X-Tb-Optimization-Total-Bytes-Saved
X-Vcl-Version
FSS-Cache
FSS-Proxy
X-ZONE
X-Cache-Ttl
X-Amzn-Remapped-Connection
X-UPSTREAM-Address
X-Amzn-Remapped-Date
X-SayCDN-TTL
X-Say-Cacheable
X-Old-Content-Length
X-Say-TTL
X-ServedByHost
X-CACHE-KEY
X-Bc
Server-Cache-Control
GeoIP-Country-Code
HostName
X-APP
X-Varnish-Authentication
X-Contensis-Viewer-Groups
Server-Surrogate-Control
X-Cache-ASPX
X-EC-Lua
X-NWS-UUID-VERIFY
Cache-Hits
Ohc-File-Size
Ohc-Cache-HIT
GeoIP-City
RequestId
X-Via-Ucdn
XServer
Group
GeoIP-Latitude
Srv
X-CSRF-Token
X-Akamai-SSL-Client-Sid
X-FORWARDED-FOR
X-Node-Id
WZWS-RAY
Inserted-Into-Cache-At
Fastly-Backend-Name
HTTPS
X-BC
X-Nananana
X-ECache
Ajk
X-CSRF-TOKEN
X-IN-APIGATEWAYSSL
Backend
URI
X-Logtrace-Id
X-Varnish-Beresp-TTL
Xkeyrz
X-WR-MODIFICATION
Www
X-Proxy-Cacherz
X-SN
WebServer
X-Cache-Time
X-Dynatrace
X-Instart-Isnd
Cf-Ipcountry
X-Cache-Tag
Lb
Xkeynj
X-RateLimit-Remaining-Second
X-Request-Url
X-Wa
Is-Session-Tracking
Requestid
X-RateLimit-Limit-Second
Get-Access-Time
X-Unique-Id
X-PAGE-TYPE
X-Fastly-Country-Code
X-TIME
X-Cache-Expires
Host-ID
X-LiteSpeed-Cache-Control
X-MCACHE
X-BE
X-Edge-IP
X-Sedo-Request-Id
X-Requestid
X-Cache-Miss-From
X-NGENIX-Cache
Dynatrace
X-Varnish-Action
PICS-Label
X-Fastly-Backend-Reqs
T-Server
Epwk-Cache
Cneonction
X-PJAX-URL
X-PF-Uncompressing
CDN
X-SRV
DataCenter
Xet-Cookie
X-Render-Time
X-Apw-Hits
X-GDPR
X-Pjax-Url
X-Apw-Access-Token
X-Vct
X-Apw-Access-Action
Fastcgi-X-Cache
X-Micro-Cache
Pics-Label
X-LB-ID
X-Swift-Error
X-Apw-Access-Object
X-NGINX-Cache
X-Dw-Trace-Id
X-Lb-Id
X-WA
X-Ecache
Correlation-Id
X-Cf-Powered-By
X-Svr
X-AssetVersion
MIME-Version
X-Html-Edge-Cache
Lfy
Warning
X-WPE-Loopback-Upstream-Addr
X-Bug-Bounty
RequestUuid
X-Serial
SID
X-Uri
X-Var-Ttl
X-Sf
X-LiteSpeed-Tag
Ohc-Response-Time
FNAC-ModuleRouting
X-Akamai-ERPolicy
X-DW
X-RPM
X-DSS
X-DI
X-Zalando-Child-Request-Id
X-DB
X-RPS
X-RSL
X-Fpc
X-Akamai-ERRuleID
X-Fastly-Cache-Hits
X-Flow-Id
X-Page-Impression-Id
X-ServerName