Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Xss-Protection
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
Alt-Svc
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
Content-Encoding
X-Iinfo
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Request-Id
X-Amz-Id-2
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
EagleId
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Server-Id
Feature-Policy
Server-Timing
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Host
Report-To
X-Rq
X-Ac
Content-Location
X-Node
X-OneAgent-JS-Injection
X-Backend-Server
X-Cnection
X-Response-Time
X-Origin-Cache
X-Cloud-Trace-Context
X-Application-Context
Request-Id
X-Readtime
Allow
EagleEye-TraceId
Surrogate-Control
X-Country
X-ORACLE-DMS-ECID
X-Cache-Lookup
X-Cdn
X-Vhost
X-DynaTrace
X-TTL
X-Url
Pinterest-Generated-By
X-Rack-Cache
X-Ua-Compatible
X-Clacks-Overhead
X-Origin-Upstream-Status
X-Ruxit-JS-Agent
X-FTR-Request-ID
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Rating
X-Country-Code
X-CST
NEL
X-HW
X-ORACLE-DMS-RID
X-Goog-Hash
X-Dispatcher
X-Instart-Request-ID
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
X-DataStream-Cache-Status
Edge-Control
X-Vname
X-PC
X-TtlSet
X-Px
X-DataDome
X-VARITI-CCR
Service-Worker-Allowed
X-Request-ID
X-MS-InvokeApp
Verso
X-Mod-Pagespeed
X-Dns-Prefetch-Control
X-Recruiting
SPRequestGuid
X-D2id
X-Kinja-Build
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Exp-Id
X-Exp-Variant
X-Varnish-TTL
X-Vcap-Request-Id
RTSS
X-Amz-Server-Side-Encryption
X-Abt-Application-Version
X-SharePointHealthScore
TCN
DynaTrace
X-Navigation-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-GitHub-Request-Id
X-RateLimit-Remaining
Display
Response
X-Sol
X-Middleton-Display
X-Middleton-Response
X-Akam-SW-Version
X-Powered-By-Plesk
Accept-Ch
MS-Author-Via
Charset
X-B3-TraceId
Content-MD5
Accept-Ch-Lifetime
ServerID
X-ESI
X-Shield-Request-Id
AR-PoweredBy
AR-ATIME
AR-CACHE
Ar-Sid
X-Amz-Rid
X-Trace
X-TEC-API-ROOT
X-TEC-API-VERSION
Realpath
X-TEC-API-ORIGIN
X-Forwarded-Proto
X-Powered-CMS
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Dw-Request-Base-Id
Nginx-Cache
X-DynaTrace-JS-Agent
AR-Request-ID
X-Version
X-Upstream
X-Cached
Fastly-Restarts
X-Server-Name
X-Shard
Public-Key-Pins
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Pagespeed
Access-Control-Request-Method
Paypal-Debug-Id
X-MSEdge-Ref
SPIisLatency
X-Grace
SPRequestDuration
X-Goog-Storage-Class
X-Client-IP
S
Pinterest-Version
X-Debug
X-Pinterest-Rid
X-Upstream-Proxy
X-FTR-Realm
X-FTR-Backend
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Expires
X-Amz-Meta-S3cmd-Attrs
X-Id
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Ezoic-Cdn
X-N
X-Vcache
X-FastCGI-Cache
X-Fastly-Request-ID
X-T
X-DIS-Request-ID
X-Amzn-Trace-Id
MicrosoftSharePointTeamServices
Arr-Disable-Session-Affinity
Front-End-Https
X-NF-Request-ID
X-Content-Type
X-Hits
X-B3-Sampled
Nel
X-Varnish-Age
X-Ser
X-FTR-Cache-Host
PB-RID
X-Mobile-Rewrite
PB-PID
Arc-Version
Fastcgi-Cache
Alternate-Protocol
X-B3-Traceid
X-Frontend
Accept-CH
X-Acc-Meta-Resource-Type
X-Logged-In
X-XRDS-Location
Server-Name
X-Content-Digest
X-Correlation-Id
X-Srv
X-Pad
X-Forwarded-For
X-Cache-Key
X-Node-Name
X-VCache
Host
Powered-By-ChinaCache
AMP-Access-Control-Allow-Source-Origin
X-Request-Handler-Origin-Region
X-Microsite
FilterID
TP-Cache
TP-L2-Cache
Healthy
X-Rid
X-Type
X-Kinsta-Cache
X-XRDS-LOCATION
X-User-Agent
X-LB-Cache
X-IPLB-Instance
Edge-Cache-Tag
X-Request-Processing-Time
X-Request-Received
X-AOL-HN
X-Debug-Info
X-Cached-By
X-F-Cache
X-Zen-Fury
X-Cache-2
X-Revision
X-GUploader-UploadID
X-Amzn-RequestId
X-Amz-Apigw-Id
Powered
X-Hostname
X-HS-Content-Id
X-Cache-Rule
X-HS-Hub-Id
X-Analytics
X-Cache-Age
Backend-Timing
X-Esi
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Accel-Expires
Surrogate-Key
X-Activity-Id
X-AppVersion
X-Az
X-Via-JSL
X-Varnish-Backend
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Content-Security-Policy-Report-Only
X-Instance
X-BCube-Filmed-By
X-Page-Id
X-Varnish-Grace
X-Content-Options
X-Tumblr-User
X-Jobs
X-Tumblr-Pixel-0
X-Cluster
Source
X-Akamai-Edgescape
X-Amz-Replication-Status
X-Tumblr-Pixel
X-FB-Debug
X-Content-Powered-By
X-App-Environment
X-Request-Guid
X-PHP-Backend
Cache-Status
Cleartype
X-Fastcgi-Cache
X-Framework
X-TT
Server-Node
X-Server-ID
X-Forwarded-Host
Refresh
X-B-Cache
X-Signature
X-RateLimit-Limit
X-Varnish-Hostname
X-FW-Serve
X-FW-Server
X-FW-Hash
X-FW-Type
Liferay-Portal
X-FW-Static
Tracecode
X-ATG-Version
DC
Host-Header
WPE-Backend
X-Mobile
X-Time
X-Cache-Operation
X-Edge-Location
X-Cache-Control
Access-Control-Allow-Method
Accept-Charset
X-Cache-Action
X-Drupal-Cache-Tags
Accept-CH-Lifetime
Fastcgi-Useragent
Actual-Object-TTL
X-Cache-Hit
X-APP-VERSION
X-Erf-Bev-Bev-Is-Generated
X-NWS-LOG-UUID
X-Response-Served-From
X-Hp-Webp
Payment
X-Accel-Buffering
X-Mobile-URL
X-B
X-Erf-Bev-Bev
X-Storage
X-TX-ID
X-SS-Set-Cookie
X-Content-Age
X-App-Server
X-UA-Device-Type
X-WebKit-CSP-Report-Only
Xserver
X-Whom
Upgrade-Insecure-Requests
X-Git-Hash
X-TT-TIMESTAMP
X-GeoIP
Cache-Tv-Group
X-WA-Info
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Cacheable-TTL
X-Handled-By
X-Tumblr-Pixel-1
Filters
X-Tumblr-Pixel-2
X-RequestSource
X-Status
X-Adobe-Loc
X-Adobe-Content
Eomportal-Instance
Cache
X-RemovedCookies
X-Cache-TTL
X-ProcessESI
Viewport
NGB
X-Geo-Country
X-VG-WebCache
Cache-Tag
X-Ratelimit-Limit
Webserver
X-Presslabs-Stats
Datacenter
Retry-After
X-Cache-TTL-Remaining
X-FB-TRIP-ID
Server-Info
X-FW-Dynamic
X-Ratelimit-Reset
X-TA-CDN-Provider
X-Cache-Enabled
X-Seen-By
MS-CV
X-Oracle-Dms-Rid
X-Host-Name
X-Contextid
X-Origin-Server
S-Cnection
X-B3-Spanid
Country
X-Generated-By
X-Hyper-Cache
Frame-Options
From-Origin
X-RTag
Ms-Operation-Id
X-Mode
X-CF-Powered-By
X-ES-SERVER
X-Cache-Var
Load-Balancing
Machine
X-Tumblr-Pixel-3
X-Cache-Config
X-AWS-Id
Meta-Geo
X-RN-RSRV
X-VWS-Id
X-LJ-Flow-ID
X-Cache-Var-Map
X-Path-Route
Vix-Hermes-Req-Id
X-Varnish-Cache-Hits
X-Upstream-HT
Cache-Key
X-Zipkin-Id
We-Hiring
DSUID
X-Hit
Mail-Subject
X-Backend-Name
X-MP-GENERATED-AT
X-Access
X-Labrador-Cache-Channel
X-Proxied
X-Cache-Host
X-Section
X-Routing-Service
X-Upstream-CT
X-Cache-Grace
X-Web-Node
X-Loop
X-TNCMS
X-Viewer-Country
X-PCL
X-OCL
X-RCS-CacheZone
X-Human
Mn-Server-Ip
Now
Release
X-Upgrade-Enabled
X-Debug-Cache
X-Device-Type
Decoy-Debug-TTL
X-From
X-Varnish-Server
X-EIG-Tracking-Id
Decoy-Debug-Key
Decoy-Debug-Status
X-Guploader-Uploadid
X-ShopId
X-ShardId
ServedBy
X-Region
X-Magnolia-Registration
X-Shopify-Stage
Rt-Fastcgi-Cache
OT-Force-Account-Verify
GEO-INFO
X-VG-TLSProxy
X-Rule
X-Varnish-Hits
X-L-Path
X-Alternate-Cache-Key
X-Akamai-Request-ID
X-Proto
X-R9-Blue-Green-Version
X-Endurance-Cache-Level
X-Environment-Context
X-Sorting-Hat-PodId
X-CCM
X-Origin-Response-Time
X-Sorting-Hat-ShopId
X-Generated
X-Goog-Meta-Goog-Reserved-File-Mtime
X-FC-Vary-Parameters
X-Proxy-Build
X-JoinUs
X-Hosted-By
X-Rendered-As
X-Cluster-Node
X-PressLabs-Stats
Uber-Trace-Id
X-S
X-Via-Fastly
Akamai-GRN
Cache-Name
X-Timing-Wait
X-Xfnlog-Site
X-Drupal-Cache-Contexts
X-NCache
DB-Nickname
X-BYPASS-REASON
X-ProxyCache-Status
X-ProxyCache-Key
X-VCT
X-Trace-Id
X-Site-Version
SRV
X-Nginx-Cache
ProcessTime
X-Locale
X-Load-Cache
X-Redis-Cache
X-Www-Served-By
NGX
Cteonnt-Length
X-Platform-Server
X-UUID
Version
X-Request-Time
X-Time-Microsecs
X-Cache-NE
X-MServer
X-Daa-Tunnel
X-IP
X-Via-CDN
Time
X-EdgeConnect-Cache-Status
X-ECACHE
X-NewRelic-App-Data
X-Hl-Ver
Azure-RegionName
X-Origin
Azure-InstanceId
X-Wix-Request-Id
Azure-SlotName
Azure-SiteName
S-Rt
X-FW-Version
Azure-Version
TWC-GeoIP-Country
TWC-Device-Class
TWC-GeoIP-LatLong
X-Rocket-Nginx-Bypass
TWC-Locale-Group
Webcakes-Region
Property-Id
X-ServerID
X-Dc
CACHE
X-Origin-Hint
Webcakes-App-Version
TWC-Privacy
TWC-Connection-Speed
Webcakes-App-Name
X-GEO
X-RateLimit-Reset
X-IPS-LoggedIn
NtCoent-Length
X-Cache-Remote
X-Vgn-Hpd-Reason
X-Proxy
Origin
X-FireWall-Port
X-No-Session
X-Akamai-Request-ID2
X-UA
X-Akamai-Transformed
X-Oneagent-Js-Injection
X-CDN-Forward
X-Real-IP
X-HTML-Minification-Powered-By
X-Distributor
Odigeo-Trace-Id
X-PERF
Fastly-SSL
L5d-Success-Class
X-ApacheServer
X-CS
X-Format
X-Cache-Backend
Served-By
X-Cache-Server
X-Webkit-Csp
X-Compress-Hint
Ec-Rule-Version
X-Unique-ID
X-Microcachable
X-Pubstack
Access-Control-Request-Headers
Cache-Tags
X-UnsetCookies
Origin-Edge-Control
X-SERVER-NAME
LB
Origin-Cache-Control
Fastcgi-X-Cache-Version
IBM-Web2-Location
X-BACKEND-TTL
X-Tb
X-Edge
X-Grey
X-Cache-Category-Id
Backend-Name
X-Varnish-Cacheable
X-Developer
Cross-Origin-Window-Policy
Content-Script-Type
Content-Style-Type
Cdn-Request-Time
X-Detected-As
X-Destination
X-Debug-Log
X-Debug-Cookies
GEO-REGION-INFO
Fly-Request-Id
Cdn-Host
Fastly-SWR
Fly-Cache
Fastly-SIE
BehaviorPad-Version
X-G
X-External-Request-Id
X-A-Dcw
X-HS-Cache-Config
X-HS-Combine-CSS
X-Internal-Host
X-Instart-Info
X-IN-APIGATEWAY
X-Edge-Server
X-DPWN-IS-SECURE
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-Date
AsisCache
A
Arc-Country
Cache-Prefix
MD5-Digest
X-Application
X-App-Name
Viewtype
X-ARC
X-B-Cookie
X-Cache-Bucket
Server-ID
VivaBuild
X-AIR-PT
X-A
X-A-Ccd
X-A-Dam
X-A-Dgt
X-A-Wwc
X-Aed
X-Accel-Expires-Debug
Rt-Proxy-Cache
Request-Time
X-Is-Bot
X-CGP
Meta-Geo-Continent
X-Cluster-Name
X-Connection-Hash
Ha-Gx-Prefs
HA-Ipaddr
Mobile-Detection-Method
Node
Rendered-Blocks
Request-Country
Request-EU
Proxy-Firewall
X-Cdn-Srv
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-D
X-Eu-Site
X-Nc
Hostname
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-PAYTM-SRV-ID
X-SRCache-Key
X-NX-Host
X-B3-Parentspanid
X-Rojux
X-Region-Sid
X-Server-Time
X-S-Maxage
X-S-Cookie
X-Rewrite-Enabled
X-ScT
X-Request-UUID
X-Vtex-Remote-Cache
Proxy-Connection
X-Vtex-Processado-Em
X-NU-AKA-ACS-Version
X-Org
Accept-Language
X-Twitter-Response-Tags
X-Worker
Xc-Version
X-VG-WebServer
X-Powered-By-Defense
X-Transaction
X-Trv-Group
ServerName
X-ElasticPress-Search
X-SVT-ORM-RULES
Gh-Request-Id
Platform
X-Cache-Id
X-Backend-State
X-Key
RNT-Time
X-SVT-ORM-VERSION
RNT-Machine
X-TH-Server
Section-Io-Cache
Resin-Trace
SS
X-Core-Mission
Memcached
Server-Int
X-Via-NSCOPI
X-Skip-Cache
X-Sn-Servicetimems
X-Cache-Info
X-Clientip
X-Variation
X-ServiceProvider
On-Server
Is-Eu
X-Cdn-Origin
Server-Host
Country-Code
X-Nginx-Cache-Key
X-Fastly-Cache
W
X-Epic-Correlation-Id
Adler-Geo
True-Client-Country-4JS
Apple-News-Services-Handled
AKAMAI
X-Location
X-Generated-On
X-Level-Front-Cache
X-Irp-Debug
X-C
X-Varnish-Url
X-Hash
X-Geo-Header
X-GeoIP-Country-Code
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Reqid
X-Dispatch
Countrycode
X-Request-URI
Content-Disposition
X-Developers
X-Dispatcher-Server
Apple-News-Services-Request-Url
X-Processor
X-PHP-Host
Esi-Enabled
X-We-Are-Hiring
X-NC
REQUESTUUID
X-Auto-Login
X-Via-Edge
X-Webstats-RespID
X-WebServer
X-WADP-Cache
X-Block-Status
X-Amz-Meta-Cache-Control
X-Via-SSL
X-Wikidot-Backend
X-BBXSRF
X-Wikidot-Static-Cache
X-Secret
X-Method
X-Gannett-Site-Version
X-FPC
X-Fetched-On
X-Distil-CS
X-Gen-Mode
X-Generation-Time
X-Li-Pop
X-Li-Fabric
X-LI-Proto
X-LI-UUID
X-Hnp-Log
X-Qloud-Router
X-Reboot
X-Cms-Context
X-Servername
X-Clara-WADP
X-SIPLIST1
X-CDN-Cache
X-Server-IP
X-Served-From
X-Device-Os
X-Request-Start
X-Response-By
X-SD-PageType
X-Cache-FS-Status
X-Crawler
Wxu-Next-Region
User-Cache-Control
V-Age
UCS
PFcat
SD-X-WS
CDCHOST
Fastly-Soc-X-Request-Id
Web-Mar-Node
Wxu-Next-Hostname
Wxu-Next-Commit
IsBot
Who
Mime-Version
X-Matched-Rule
GW-Server
L
Heartbleed
X-Amzn-Remapped-Content-Length
X-CUA
X-Swa-Ws
N-Cache
X-GeoIP-City
X-Proxy-Cache-Status
X-Proxy-Upstream
X-VServer
X-Thinkindot-L3
X-Origin-Expires
X-Owner
X-Release
X-Origin-Date
X-Thanos
Pramga
X-Azure-Ref
X-Bip
X-Azure-Ref-OriginShield
Thinkindot-Control
Thinkindot-CacheControl-Type
Powered-By
Thinkindot-CacheControl
CF-IPCountry
Selected-Fe
X-Varnish-Ttl
X-OVcl-Cache
X-OVcl
X-ND-Cache
X-Parent-Response-Time
X-TrackingId
Kp-EeAlive
X-FE
X-VC-Cache
X-CLOUD-TRACE-CONTEXT
X-Ua
X-Ratelimit-Remaining
X-Protected-By
PageSpeed
X-Pf-Uncompressing
X-Urbn-Site-Id
Locale
X-Urbn-Context-Path
X-Varnish-Beresp-Ttl
X-LAGOON
Pragrma
X-Fstrz
Magicmarker
User-Agent
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
Memory
X-Be
X-Hello
X-ABtesting
X-Origin-CC
Pagetype
X-Origin-TTL
X-Flog
X-URL
X-Varnish-Beresp-Status
X-Generated-In
X-Ttl
X-User
X-Page-Type
X-IN-WAF
X-Core-Value
X-Geo
X-Phone
X-Varnish-Beresp-Grace
X-Dynatrace-Js-Agent
X-DC
X-Zone
X-Backend-Url
X-Cdn-Forward
X-Backend-Host
X-Debug-Cache-Store
X-Newrelic-Synthetics
X-GoCache-CacheStatus
X-B3-SpanId
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Soup
X-Backend-TTL
X-Up
X-MSEdge-Features
X-MSEdge-Flight
X-Tt-Trace-Tag
X-Birta-Served
X-Cache-Ttl
X-Birta-Cache-Post
GeoIp-Country-Code
Cdn
X-TT-LOGID
Geoip-Latitude
Geoip-City
X-Info
X-Litespeed-Cache
X-Varnish-IP
X-Oss-Request-Id
Selected-FE
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Storage-Class
HitType
X-MID
X-Check-Cacheable
X-Servedbyhost
SN
X-Real-Ip
X-HS-Status
X-ZONE
CF-Cached-On
X-Mid
X-Say-Cacheable
X-Old-Content-Length
X-SayCDN-TTL
X-Say-TTL
X-Vcl-Version
X-Datadome
X-Aicache-OS
X-GRACE
Amp-Access-Control-Allow-Source-Origin
Cache-Hits
X-Ruxit-Js-Agent
X-Refresh
X-Cache-Debug
X-Agile-Age
X-Agile-Id
X-Agile
X-Tb-Optimization-Total-Bytes-Saved
FSS-Cache
X-ServedByHost
FSS-Proxy
X-VCL-Version
HostName
X-Source
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Akamai-SSL-Client-Sid
X-Bc
X-Web-Server
Server-Surrogate-Control
X-CSRF-Token
X-Cache-ASPX
Fastly-Backend-Name
GeoIP-Country-Code
X-Varnish-Authentication
Server-Cache-Control
X-Contensis-Viewer-Groups
X-Node-Id
Inserted-Into-Cache-At
X-EC-Lua
X-App-Version
X-Cache-Time
X-BC
GeoIP-City
X-CSRF-TOKEN
RequestId
X-COUNTRY
X-Logtrace-Id
WZWS-RAY
Ajk
GeoIP-Latitude
X-IN-APIGATEWAYSSL
X-UPSTREAM-Address
X-APP
X-Via-Ucdn
Srv
X-Nananana
X-ECache
Ohc-Cache-HIT
X-NWS-UUID-VERIFY
Ohc-File-Size
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
Group
Xkeyrz
X-WR-MODIFICATION
X-Proxy-Cacherz
WebServer
XServer
X-Dynatrace
X-BE
X-Varnish-Beresp-TTL
Cf-Ipcountry
X-PAGE-TYPE
X-Wa
HTTPS
X-Tec-Api-Origin
T-Server
X-CACHE-KEY
Www
X-Tec-Api-Root
X-FORWARDED-FOR
X-Cache-Tag
Get-Access-Time
X-TIME
X-Fastly-Country-Code
X-Unique-Id
X-Tec-Api-Version
PICS-Label
URI
X-SN
Backend
Is-Session-Tracking
Xkeynj
X-Render-Time
X-Instart-Isnd
X-Requestid
X-Request-Url
X-LB-ID
X-Sedo-Request-Id
X-Cache-Miss-From
X-Edge-IP
X-Fastly-Backend-Reqs
X-PJAX-URL
X-Micro-Cache
X-GDPR
Xet-Cookie
Dynatrace
X-LiteSpeed-Cache-Control
X-MCACHE
Cneonction
X-Cache-Expires
Host-ID
Lb
Requestid
X-SRV
DataCenter
X-Policy
X-Uri
X-Pjax-Url
Pics-Label
SID
X-Lb-Id
CDN
X-Swift-Error
X-Apw-Hits
MIME-Version
X-Vct
X-Apw-Access-Action
X-Apw-Access-Object
X-Apw-Access-Token
X-Dw-Trace-Id
X-NGINX-Cache
X-PF-Uncompressing
X-Ecache
X-Cf-Powered-By
X-Varnish-Action
X-WA
Correlation-Id
Epwk-Cache
X-Newrelic-App-Data
X-NGENIX-Cache
X-WPE-Loopback-Upstream-Addr
Fastcgi-X-Cache
X-Service
X-Cdn-Request-ID
Cache-Provider
X-Serial
RequestUuid
Warning
X-DI
X-DSS
X-DW
X-DB
X-Fastly-Cache-Hits
X-Zalando-Child-Request-Id
X-Page-Impression-Id
X-Flow-Id
X-RPM
X-RPS
X-Fpc
Lfy
X-ServerName
X-Bug-Bounty
X-Akamai-ERPolicy
X-RSL
X-Akamai-ERRuleID
X-Html-Edge-Cache