Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
Link
X-Powered-By
ETag
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Xss-Protection
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
Alt-Svc
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
Content-Encoding
X-Iinfo
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
X-POWERED-BY
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Id-2
X-Amz-Request-Id
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
EagleId
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Server-Id
Feature-Policy
Server-Timing
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Host
Report-To
X-Rq
X-Ac
Content-Location
X-Node
X-OneAgent-JS-Injection
X-Backend-Server
X-Cnection
X-Response-Time
X-Origin-Cache
X-Cloud-Trace-Context
X-Application-Context
Request-Id
X-Readtime
Allow
EagleEye-TraceId
Surrogate-Control
X-Country
X-ORACLE-DMS-ECID
X-Cache-Lookup
X-Cdn
X-Vhost
X-DynaTrace
X-TTL
X-Url
Pinterest-Generated-By
X-Ua-Compatible
X-Rack-Cache
X-Clacks-Overhead
X-Origin-Upstream-Status
X-Ruxit-JS-Agent
X-EdgeConnect-Origin-MEX-Latency
X-FTR-Request-ID
X-EdgeConnect-MidMile-RTT
Rating
X-Country-Code
X-CST
NEL
X-HW
X-ORACLE-DMS-RID
X-Dispatcher
X-Goog-Hash
X-Instart-Request-ID
Fusion-Template-Id
Fusion-Content-Id
Fusion-Source
Fusion-Content-Source
Fusion-Component-Id
X-DataStream-Cache-Status
Edge-Control
X-PC
X-Vname
X-TtlSet
X-Px
X-DataDome
X-VARITI-CCR
Service-Worker-Allowed
X-MS-InvokeApp
Verso
X-Request-ID
X-Mod-Pagespeed
X-Dns-Prefetch-Control
X-Recruiting
SPRequestGuid
X-D2id
X-Kinja
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja-Build
X-Kinja-Revision
X-Cdn-Fetch
X-Use-Magma
X-Kinja-Server
X-Exp-Id
X-Varnish-TTL
X-Vcap-Request-Id
RTSS
X-Amz-Server-Side-Encryption
X-Abt-Application-Version
X-SharePointHealthScore
DynaTrace
TCN
X-Navigation-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-GitHub-Request-Id
X-RateLimit-Remaining
X-Middleton-Response
Display
Response
X-Middleton-Display
X-Sol
X-Akam-SW-Version
X-Powered-By-Plesk
Accept-Ch
MS-Author-Via
X-B3-TraceId
Charset
Content-MD5
Accept-Ch-Lifetime
X-ESI
X-Shield-Request-Id
ServerID
Ar-Sid
AR-CACHE
AR-ATIME
AR-PoweredBy
X-Amz-Rid
X-Trace
Realpath
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Forwarded-Proto
X-Powered-CMS
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Dw-Request-Base-Id
X-DynaTrace-JS-Agent
Nginx-Cache
AR-Request-ID
X-Version
Fastly-Restarts
X-Cached
X-Upstream
X-Server-Name
Public-Key-Pins
X-Shard
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
MRF-Tech
Pagespeed
Access-Control-Request-Method
Paypal-Debug-Id
X-MSEdge-Ref
SPRequestDuration
X-Goog-Storage-Class
X-Grace
SPIisLatency
X-Client-IP
S
X-Debug
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Proxy
X-FTR-Cache-Status
X-FTR-DC
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-Expires
X-Amz-Meta-S3cmd-Attrs
X-Id
X-Ezoic-Cdn
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-N
X-Vcache
X-FastCGI-Cache
X-T
X-Fastly-Request-ID
X-DIS-Request-ID
MicrosoftSharePointTeamServices
X-Amzn-Trace-Id
Arr-Disable-Session-Affinity
Front-End-Https
X-NF-Request-ID
X-Content-Type
X-Hits
X-B3-Sampled
Nel
X-Varnish-Age
X-Ser
X-FTR-Cache-Host
X-Mobile-Rewrite
PB-PID
PB-RID
Arc-Version
Fastcgi-Cache
Alternate-Protocol
X-B3-Traceid
X-Frontend
X-Acc-Meta-Resource-Type
Accept-CH
X-Logged-In
Server-Name
X-XRDS-Location
X-Content-Digest
X-Correlation-Id
X-Srv
X-Pad
X-Forwarded-For
X-Cache-Key
X-Node-Name
X-VCache
Host
Powered-By-ChinaCache
AMP-Access-Control-Allow-Source-Origin
X-Microsite
X-Request-Handler-Origin-Region
FilterID
Healthy
TP-L2-Cache
TP-Cache
X-Type
X-Rid
X-User-Agent
X-Kinsta-Cache
X-LB-Cache
X-XRDS-LOCATION
X-IPLB-Instance
Edge-Cache-Tag
X-Request-Processing-Time
X-Request-Received
X-AOL-HN
X-Debug-Info
X-Cached-By
X-F-Cache
X-Cache-2
X-Zen-Fury
X-Amz-Apigw-Id
X-Amzn-RequestId
X-GUploader-UploadID
Powered
X-Revision
X-Hostname
X-HS-Content-Id
X-Cache-Rule
X-HS-Hub-Id
Backend-Timing
X-Cache-Age
X-Analytics
X-Esi
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Accel-Expires
Surrogate-Key
X-AppVersion
X-Az
X-Activity-Id
X-Via-JSL
X-Varnish-Backend
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Content-Security-Policy-Report-Only
X-Instance
X-Content-Options
X-Page-Id
X-BCube-Filmed-By
X-Varnish-Grace
X-Tumblr-Pixel-0
X-Tumblr-User
Source
X-Akamai-Edgescape
X-Jobs
X-FB-Debug
X-Amz-Replication-Status
X-Cluster
X-Tumblr-Pixel
X-PHP-Backend
X-App-Environment
X-Content-Powered-By
X-Request-Guid
Cache-Status
X-Fastcgi-Cache
X-TT
Cleartype
X-Framework
Server-Node
X-Server-ID
X-Forwarded-Host
Refresh
X-Signature
X-B-Cache
X-RateLimit-Limit
X-Varnish-Hostname
X-FW-Static
X-FW-Type
X-FW-Server
X-FW-Serve
X-FW-Hash
Liferay-Portal
Tracecode
X-ATG-Version
DC
Host-Header
WPE-Backend
X-Mobile
X-Cache-Operation
Accept-Charset
X-Time
X-Edge-Location
Access-Control-Allow-Method
X-Cache-Control
X-Drupal-Cache-Tags
X-Cache-Action
Accept-CH-Lifetime
Fastcgi-Useragent
Actual-Object-TTL
X-Cache-Hit
X-APP-VERSION
X-Erf-Bev-Bev
X-Hp-Webp
X-NWS-LOG-UUID
X-Erf-Bev-Bev-Is-Generated
X-B
Payment
X-Accel-Buffering
X-Response-Served-From
X-Mobile-URL
X-TX-ID
X-Storage
Xserver
X-SS-Set-Cookie
X-WebKit-CSP-Report-Only
X-UA-Device-Type
X-Whom
X-Content-Age
Upgrade-Insecure-Requests
X-App-Server
X-TT-TIMESTAMP
X-GeoIP
X-Yottaa-Metrics
Cache-Tv-Group
X-Git-Hash
X-WA-Info
X-Yottaa-Optimizations
X-Handled-By
X-Tumblr-Pixel-2
Filters
X-Tumblr-Pixel-1
X-RequestSource
X-Cacheable-TTL
X-Adobe-Content
Cache
X-Status
X-Adobe-Loc
Eomportal-Instance
Viewport
X-Cache-TTL
X-RemovedCookies
NGB
X-ProcessESI
X-Geo-Country
X-VG-WebCache
Cache-Tag
X-Ratelimit-Limit
Webserver
Retry-After
Datacenter
X-Presslabs-Stats
X-FB-TRIP-ID
X-Cache-TTL-Remaining
Server-Info
X-Ratelimit-Reset
X-FW-Dynamic
X-TA-CDN-Provider
X-Cache-Enabled
X-Seen-By
X-Oracle-Dms-Rid
MS-CV
X-Contextid
X-Host-Name
X-Origin-Server
S-Cnection
X-B3-Spanid
Frame-Options
X-Generated-By
Country
From-Origin
X-Hyper-Cache
Ms-Operation-Id
X-RTag
X-CF-Powered-By
X-Mode
X-Tumblr-Pixel-3
X-LJ-Flow-ID
X-Path-Route
X-RN-RSRV
Meta-Geo
X-ES-SERVER
Machine
X-Cache-Var
X-Cache-Var-Map
X-AWS-Id
Load-Balancing
X-Cache-Config
X-VWS-Id
X-Hit
X-Zipkin-Id
X-Cache-Host
X-Cache-Grace
X-Varnish-Cache-Hits
X-Backend-Name
X-MP-GENERATED-AT
X-Upstream-HT
X-Proxied
Vix-Hermes-Req-Id
We-Hiring
X-Access
Mail-Subject
X-Routing-Service
Cache-Key
X-Labrador-Cache-Channel
X-Section
X-Upstream-CT
DSUID
Now
X-Debug-Cache
X-Varnish-Server
X-Loop
X-TNCMS
Mn-Server-Ip
X-PCL
X-OCL
X-Viewer-Country
X-EIG-Tracking-Id
X-Web-Node
Decoy-Debug-Key
Decoy-Debug-Status
Release
Decoy-Debug-TTL
X-Device-Type
X-RCS-CacheZone
X-Human
X-Upgrade-Enabled
X-From
X-Guploader-Uploadid
X-Varnish-Hits
X-Magnolia-Registration
X-Origin-Response-Time
X-Environment-Context
X-Alternate-Cache-Key
OT-Force-Account-Verify
X-Rule
X-ShardId
X-L-Path
X-Sorting-Hat-PodId
GEO-INFO
X-Shopify-Stage
X-ShopId
X-VG-TLSProxy
Rt-Fastcgi-Cache
X-Akamai-Request-ID
X-CCM
X-Proto
X-R9-Blue-Green-Version
X-Endurance-Cache-Level
ServedBy
X-Sorting-Hat-ShopId
X-Region
X-Drupal-Cache-Contexts
X-PressLabs-Stats
X-JoinUs
X-FC-Vary-Parameters
X-Proxy-Build
X-NCache
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated
X-Xfnlog-Site
X-Timing-Wait
Akamai-GRN
X-Hosted-By
Uber-Trace-Id
DB-Nickname
X-Rendered-As
X-S
X-Cluster-Node
X-Via-Fastly
Cache-Name
X-ProxyCache-Key
X-BYPASS-REASON
X-ProxyCache-Status
SRV
X-Trace-Id
X-VCT
ProcessTime
X-Locale
X-Site-Version
X-Nginx-Cache
Cteonnt-Length
NGX
X-Www-Served-By
X-Load-Cache
X-Redis-Cache
Version
X-Platform-Server
X-UUID
X-Request-Time
X-IP
X-Time-Microsecs
X-MServer
X-Via-CDN
X-Daa-Tunnel
X-Cache-NE
X-Hl-Ver
X-NewRelic-App-Data
X-EdgeConnect-Cache-Status
X-ECACHE
Time
X-Origin
X-FW-Version
Azure-RegionName
Azure-SlotName
Azure-Version
Azure-SiteName
Azure-InstanceId
S-Rt
X-Wix-Request-Id
X-Rocket-Nginx-Bypass
X-ServerID
Webcakes-Region
CACHE
TWC-Device-Class
Property-Id
TWC-Connection-Speed
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Privacy
Webcakes-App-Name
X-Dc
TWC-GeoIP-Country
Webcakes-App-Version
X-Origin-Hint
X-RateLimit-Reset
X-GEO
NtCoent-Length
X-IPS-LoggedIn
X-Proxy
X-Cache-Remote
X-Vgn-Hpd-Reason
X-FireWall-Port
X-Akamai-Request-ID2
X-No-Session
Origin
X-UA
X-Akamai-Transformed
X-CDN-Forward
X-Oneagent-Js-Injection
Odigeo-Trace-Id
X-Real-IP
X-Distributor
X-HTML-Minification-Powered-By
X-PERF
L5d-Success-Class
Fastly-SSL
X-ApacheServer
X-Cache-Backend
X-CS
X-Format
X-Cache-Server
Served-By
X-Pubstack
X-Webkit-Csp
Ec-Rule-Version
X-Microcachable
X-Compress-Hint
X-Unique-ID
Cache-Tags
X-UnsetCookies
Access-Control-Request-Headers
Origin-Edge-Control
X-SERVER-NAME
LB
Origin-Cache-Control
Fastcgi-X-Cache-Version
IBM-Web2-Location
X-BACKEND-TTL
X-Tb
X-Edge
X-Grey
X-Cache-Category-Id
Backend-Name
X-Varnish-Cacheable
X-Developer
Cross-Origin-Window-Policy
Content-Script-Type
Content-Style-Type
Cdn-Request-Time
X-Detected-As
X-Destination
X-Debug-Log
X-Debug-Cookies
GEO-REGION-INFO
Fly-Request-Id
Cdn-Host
Fastly-SWR
Fly-Cache
Fastly-SIE
BehaviorPad-Version
X-G
X-External-Request-Id
X-A-Dcw
X-HS-Cache-Config
X-HS-Combine-CSS
X-Internal-Host
X-Instart-Info
X-IN-APIGATEWAY
X-Edge-Server
X-DPWN-IS-SECURE
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-Date
AsisCache
A
Arc-Country
Cache-Prefix
MD5-Digest
X-Application
X-App-Name
Viewtype
X-ARC
X-B-Cookie
X-Cache-Bucket
Server-ID
VivaBuild
X-AIR-PT
X-A
X-A-Ccd
X-A-Dam
X-A-Dgt
X-A-Wwc
X-Aed
X-Accel-Expires-Debug
Rt-Proxy-Cache
Request-Time
X-Is-Bot
X-CGP
Meta-Geo-Continent
X-Cluster-Name
X-Connection-Hash
Ha-Gx-Prefs
HA-Ipaddr
Mobile-Detection-Method
Node
Rendered-Blocks
Request-Country
Request-EU
Proxy-Firewall
X-Cdn-Srv
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-D
X-Eu-Site
X-Nc
Hostname
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-PAYTM-SRV-ID
X-SRCache-Key
X-NX-Host
X-B3-Parentspanid
X-Rojux
X-Region-Sid
X-Server-Time
X-S-Maxage
X-S-Cookie
X-Rewrite-Enabled
X-ScT
X-Request-UUID
X-Vtex-Remote-Cache
Proxy-Connection
X-Vtex-Processado-Em
X-NU-AKA-ACS-Version
X-Org
Accept-Language
X-Twitter-Response-Tags
X-Worker
Xc-Version
X-VG-WebServer
X-Powered-By-Defense
X-Transaction
X-Trv-Group
ServerName
X-ElasticPress-Search
X-SVT-ORM-RULES
Gh-Request-Id
Platform
X-Cache-Id
X-Backend-State
X-Key
RNT-Time
X-SVT-ORM-VERSION
RNT-Machine
X-TH-Server
Section-Io-Cache
Resin-Trace
SS
X-Core-Mission
Memcached
Server-Int
X-Via-NSCOPI
X-Skip-Cache
X-Sn-Servicetimems
X-Cache-Info
X-Clientip
X-Variation
X-ServiceProvider
On-Server
Is-Eu
X-Cdn-Origin
Server-Host
Country-Code
X-Nginx-Cache-Key
X-Fastly-Cache
W
X-Epic-Correlation-Id
Adler-Geo
True-Client-Country-4JS
Apple-News-Services-Handled
AKAMAI
X-Location
X-Generated-On
X-Level-Front-Cache
X-Irp-Debug
X-C
X-Varnish-Url
X-Hash
X-Geo-Header
X-GeoIP-Country-Code
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Reqid
X-Dispatch
Countrycode
X-Request-URI
Content-Disposition
X-Developers
X-Dispatcher-Server
Apple-News-Services-Request-Url
X-Processor
X-PHP-Host
Esi-Enabled
X-We-Are-Hiring
X-NC
REQUESTUUID
X-Auto-Login
X-Via-Edge
X-Webstats-RespID
X-WebServer
X-WADP-Cache
X-Block-Status
X-Amz-Meta-Cache-Control
X-Via-SSL
X-Wikidot-Backend
X-BBXSRF
X-Wikidot-Static-Cache
X-Secret
X-Method
X-Gannett-Site-Version
X-FPC
X-Fetched-On
X-Distil-CS
X-Gen-Mode
X-Generation-Time
X-Li-Pop
X-Li-Fabric
X-LI-Proto
X-LI-UUID
X-Hnp-Log
X-Qloud-Router
X-Reboot
X-Cms-Context
X-Servername
X-Clara-WADP
X-SIPLIST1
X-CDN-Cache
X-Server-IP
X-Served-From
X-Device-Os
X-Request-Start
X-Response-By
X-SD-PageType
X-Cache-FS-Status
X-Crawler
Wxu-Next-Region
User-Cache-Control
V-Age
UCS
PFcat
SD-X-WS
CDCHOST
Fastly-Soc-X-Request-Id
Web-Mar-Node
Wxu-Next-Hostname
Wxu-Next-Commit
IsBot
Who
Mime-Version
X-Matched-Rule
GW-Server
L
Heartbleed
X-Amzn-Remapped-Content-Length
X-CUA
X-Swa-Ws
N-Cache
X-GeoIP-City
X-Proxy-Cache-Status
X-Proxy-Upstream
X-VServer
X-Thinkindot-L3
X-Origin-Expires
X-Owner
X-Release
X-Origin-Date
X-Thanos
Pramga
X-Azure-Ref
X-Bip
X-Azure-Ref-OriginShield
Thinkindot-Control
Thinkindot-CacheControl-Type
Powered-By
Thinkindot-CacheControl
CF-IPCountry
Selected-Fe
X-Varnish-Ttl
X-OVcl-Cache
X-OVcl
X-ND-Cache
X-Parent-Response-Time
X-TrackingId
Kp-EeAlive
X-FE
X-VC-Cache
X-CLOUD-TRACE-CONTEXT
X-Ua
X-Ratelimit-Remaining
X-Protected-By
PageSpeed
X-Pf-Uncompressing
X-Urbn-Site-Id
Locale
X-Urbn-Context-Path
X-Varnish-Beresp-Ttl
X-LAGOON
User-Agent
X-Fstrz
Pragrma
Magicmarker
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
Memory
X-Planisys-CDN-Cache
X-Be
X-Flog
Pagetype
X-Hello
X-ABtesting
X-Origin-CC
X-Origin-TTL
X-URL
X-Geo
X-Page-Type
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Phone
X-Ttl
X-User
X-IN-WAF
X-Core-Value
X-Generated-In
X-Dynatrace-Js-Agent
X-DC
X-Zone
X-Backend-Host
X-Cdn-Forward
X-Backend-Url
X-MSEdge-Flight
X-Soup
X-Up
X-MSEdge-Features
X-Tt-Trace-Tag
X-GoCache-CacheStatus
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Newrelic-Synthetics
X-B3-SpanId
X-Backend-TTL
X-Cache-Ttl
X-Birta-Cache-Post
X-Birta-Served
Geoip-City
Geoip-Latitude
Cdn
X-TT-LOGID
GeoIp-Country-Code
X-Varnish-IP
X-Info
X-Litespeed-Cache
X-Oss-Server-Time
HitType
X-Oss-Request-Id
Selected-FE
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-MID
X-Check-Cacheable
X-Servedbyhost
X-Real-Ip
SN
X-HS-Status
X-Mid
X-ZONE
CF-Cached-On
X-Old-Content-Length
X-Vcl-Version
X-SayCDN-TTL
X-Aicache-OS
X-Say-Cacheable
X-Datadome
X-Say-TTL
X-Ruxit-Js-Agent
Cache-Hits
X-GRACE
Amp-Access-Control-Allow-Source-Origin
X-Refresh
X-VCL-Version
X-Agile-Id
FSS-Cache
X-Agile
X-ServedByHost
X-Agile-Age
X-Cache-Debug
FSS-Proxy
X-Tb-Optimization-Total-Bytes-Saved
HostName
X-Source
X-Amzn-Remapped-Date
X-Akamai-SSL-Client-Sid
X-Amzn-Remapped-Connection
X-Web-Server
X-Bc
GeoIP-Country-Code
Server-Surrogate-Control
X-CSRF-Token
Inserted-Into-Cache-At
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-Node-Id
X-Varnish-Authentication
Fastly-Backend-Name
Server-Cache-Control
X-EC-Lua
X-App-Version
X-Cache-Time
X-APP
X-Logtrace-Id
X-UPSTREAM-Address
GeoIP-City
GeoIP-Latitude
WZWS-RAY
RequestId
X-IN-APIGATEWAYSSL
X-Via-Ucdn
Ajk
X-COUNTRY
X-CSRF-TOKEN
X-BC
X-Nananana
Srv
X-WR-MODIFICATION
Ohc-Cache-HIT
Xkeyrz
X-Proxy-Cacherz
X-RateLimit-Remaining-Second
X-ECache
Ohc-File-Size
X-NWS-UUID-VERIFY
X-RateLimit-Limit-Second
Group
XServer
X-Dynatrace
WebServer
X-Wa
X-Varnish-Beresp-TTL
Cf-Ipcountry
X-PAGE-TYPE
HTTPS
X-BE
X-Tec-Api-Origin
X-Unique-Id
Backend
X-Tec-Api-Root
X-Cache-Tag
X-SN
Www
X-TIME
T-Server
PICS-Label
X-FORWARDED-FOR
Get-Access-Time
Is-Session-Tracking
URI
X-Fastly-Country-Code
X-Tec-Api-Version
X-CACHE-KEY
Xkeynj
X-Request-Url
X-Instart-Isnd
X-GDPR
X-Requestid
X-Render-Time
X-PJAX-URL
X-Cache-Miss-From
X-Micro-Cache
X-LB-ID
X-Sedo-Request-Id
X-Edge-IP
X-Fastly-Backend-Reqs
Dynatrace
X-MCACHE
Xet-Cookie
X-LiteSpeed-Cache-Control
X-Cache-Expires
Host-ID
Requestid
Lb
Cneonction
X-Pjax-Url
X-SRV
DataCenter
X-Policy
SID
X-Lb-Id
Pics-Label
X-Uri
X-WA
CDN
X-Swift-Error
X-Apw-Hits
MIME-Version
X-Vct
X-Apw-Access-Action
X-Apw-Access-Token
X-Apw-Access-Object
X-Dw-Trace-Id
X-NGINX-Cache
X-Ecache
X-PF-Uncompressing
X-Cf-Powered-By
Epwk-Cache
Correlation-Id
X-Varnish-Action
X-Newrelic-App-Data
X-NGENIX-Cache
X-WPE-Loopback-Upstream-Addr
Fastcgi-X-Cache
X-Service
X-Cdn-Request-ID
Cache-Provider
X-Serial
RequestUuid
Lfy
X-DI
X-DSS
X-DW
X-DB
X-Fastly-Cache-Hits
X-Zalando-Child-Request-Id
X-Page-Impression-Id
X-Flow-Id
X-RPM
X-RPS
X-Fpc
Warning
X-ServerName
X-Bug-Bounty
X-Akamai-ERPolicy
X-RSL
X-Akamai-ERRuleID
X-Html-Edge-Cache