Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
X-Drupal-Cache
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
P3p
X-Template
Status
X-Language
Timing-Allow-Origin
Content-Encoding
X-Content-Security-Policy
X-Iinfo
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-Turbo-Charged-By
X-CDN
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Amz-Id-2
X-Pingback
X-Amz-Request-Id
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
X-Server-Powered-By
EagleId
X-UA-Device
X-Varnish-Cache
X-Nginx-Cache-Status
Request-Context
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
X-WebKit-CSP
Ali-Swift-Global-Savetime
Feature-Policy
X-Device
Server-Timing
X-Server-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Host
Report-To
X-Ac
X-Rq
Content-Location
X-Node
X-OneAgent-JS-Injection
X-Backend-Server
X-Response-Time
X-Cnection
X-Origin-Cache
X-Cloud-Trace-Context
X-Application-Context
EagleEye-TraceId
Allow
Request-Id
X-Readtime
Surrogate-Control
X-Cache-Lookup
X-Country
X-ORACLE-DMS-ECID
X-Cdn
X-TTL
X-DynaTrace
X-Url
X-Vhost
Pinterest-Generated-By
X-Rack-Cache
X-Clacks-Overhead
X-Ua-Compatible
X-Origin-Upstream-Status
X-Ruxit-JS-Agent
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-CST
Rating
X-FTR-Request-ID
X-Country-Code
X-ORACLE-DMS-RID
NEL
X-HW
X-Goog-Hash
X-Dispatcher
X-Instart-Request-ID
Fusion-Source
Fusion-Content-Source
Fusion-Component-Id
Fusion-Content-Id
Fusion-Template-Id
X-DataStream-Cache-Status
Edge-Control
X-Vname
X-TtlSet
X-PC
X-Px
X-VARITI-CCR
Service-Worker-Allowed
X-DataDome
X-MS-InvokeApp
X-Mod-Pagespeed
X-Request-ID
X-Dns-Prefetch-Control
Verso
SPRequestGuid
X-Recruiting
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Server
X-Exp-Variant
X-Kinja
X-Cdn-Fetch
X-Use-Magma
X-Exp-Id
X-Kinja-Build
X-D2id
X-Varnish-TTL
X-Vcap-Request-Id
X-SharePointHealthScore
X-B3-TraceId
RTSS
X-Amz-Server-Side-Encryption
X-Abt-Application-Version
TCN
DynaTrace
X-ESI
X-Navigation-Version
X-GitHub-Request-Id
X-Powered-By-Plesk
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-RateLimit-Remaining
Response
Display
X-Sol
X-Middleton-Display
X-Middleton-Response
X-Akam-SW-Version
Accept-Ch-Lifetime
Content-MD5
Charset
MS-Author-Via
X-Server-Name
Ar-Sid
AR-CACHE
AR-ATIME
AR-PoweredBy
X-Trace
ServerID
X-Shield-Request-Id
X-Amz-Rid
Realpath
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Generation
X-Dw-Request-Base-Id
Accept-Ch
X-Powered-CMS
AR-Request-ID
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-DynaTrace-JS-Agent
X-TEC-API-VERSION
Nginx-Cache
X-Cached
X-Forwarded-Proto
X-Version
X-Upstream
X-Shard
Fastly-Restarts
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
MRF-Tech
Public-Key-Pins
Mrf-Cache-Status
SPRequestDuration
SPIisLatency
X-Goog-Storage-Class
Access-Control-Request-Method
Paypal-Debug-Id
X-MSEdge-Ref
X-Pinterest-Rid
X-Upstream-Proxy
Pinterest-Version
X-Client-IP
Pagespeed
S
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Debug
X-Amz-Meta-S3cmd-Attrs
X-Grace
X-Id
X-FTR-DC
X-Country-Code-Real
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-Ezoic-Cdn
X-FTR-Expires
X-N
X-T
X-DIS-Request-ID
X-Fastly-Request-ID
MicrosoftSharePointTeamServices
Arr-Disable-Session-Affinity
X-Amzn-Trace-Id
Accept-CH
Front-End-Https
X-NF-Request-ID
X-Content-Type
X-Ser
X-Hits
X-Varnish-Age
X-B3-Sampled
Arc-Version
PB-RID
X-Mobile-Rewrite
PB-PID
Nel
Alternate-Protocol
X-Server-ID
X-VCache
X-Acc-Meta-Resource-Type
Fastcgi-Cache
X-FTR-Cache-Host
X-Frontend
X-Logged-In
X-FastCGI-Cache
X-XRDS-Location
X-Content-Digest
X-Vcache
Server-Name
X-Srv
X-Pad
X-Correlation-Id
X-Forwarded-For
Host
Powered-By-ChinaCache
AMP-Access-Control-Allow-Source-Origin
X-Node-Name
X-Microsite
X-Request-Handler-Origin-Region
FilterID
Healthy
TP-Cache
TP-L2-Cache
X-Rid
X-Kinsta-Cache
Edge-Cache-Tag
X-XRDS-LOCATION
X-LB-Cache
X-Type
X-IPLB-Instance
X-Cache-Key
X-Request-Processing-Time
X-Request-Received
X-Debug-Info
X-User-Agent
X-AOL-HN
X-Cached-By
X-B3-Traceid
X-Fastcgi-Cache
X-GUploader-UploadID
X-Cache-2
X-Revision
X-F-Cache
X-Hostname
X-Amzn-RequestId
Powered
X-Zen-Fury
X-Amz-Apigw-Id
X-Cache-Rule
X-HS-Content-Id
X-HS-Hub-Id
Surrogate-Key
X-Cache-Age
X-Analytics
Backend-Timing
X-Accel-Expires
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Page-Id
VIX-Pulpo-Node
X-Varnish-Backend
X-AppVersion
X-Content-Security-Policy-Report-Only
X-Activity-Id
X-Az
VIX-Pulpo-Upstream-Status
X-BCube-Filmed-By
X-Content-Options
X-Instance
X-Varnish-Grace
X-Cluster
X-Jobs
X-Tumblr-Pixel-0
X-Via-JSL
Source
X-Tumblr-Pixel
X-FB-Debug
X-Tumblr-User
X-Content-Powered-By
Cache-Status
X-Akamai-Edgescape
X-Amz-Replication-Status
X-Request-Guid
X-PHP-Backend
X-App-Environment
X-TT
Cleartype
X-Framework
X-RateLimit-Limit
Server-Node
X-Varnish-Hostname
Refresh
X-Forwarded-Host
Tracecode
WPE-Backend
X-B-Cache
X-Signature
Host-Header
X-FW-Server
X-FW-Static
X-ATG-Version
X-FW-Type
X-FW-Serve
X-FW-Hash
Liferay-Portal
X-Mobile
X-Cache-Operation
X-Time
X-Cache-Control
DC
Accept-Charset
X-Edge-Location
X-NWS-LOG-UUID
X-Cache-Action
X-Drupal-Cache-Tags
Actual-Object-TTL
Access-Control-Allow-Method
X-Cache-TTL
Fastcgi-Useragent
X-Esi
X-Cache-Hit
X-Hp-Webp
X-Response-Served-From
X-Mobile-URL
X-Accel-Buffering
Upgrade-Insecure-Requests
X-App-Server
X-Storage
Payment
X-Whom
X-TX-ID
X-SS-Set-Cookie
X-WebKit-CSP-Report-Only
X-Content-Age
X-UA-Device-Type
X-B
X-TT-TIMESTAMP
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Handled-By
X-Erf-Bev-Bev-Is-Generated
X-GeoIP
X-Cacheable-TTL
Xserver
Filters
X-Erf-Bev-Bev
X-Git-Hash
X-RequestSource
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Adobe-Content
Eomportal-Instance
Cache-Tv-Group
X-VG-WebCache
X-Adobe-Loc
X-WA-Info
X-ProcessESI
Cache
Viewport
X-RemovedCookies
X-Status
X-Geo-Country
X-APP-VERSION
NGB
Cache-Tag
Server-Info
Accept-CH-Lifetime
Webserver
X-FB-TRIP-ID
X-Ratelimit-Limit
X-Presslabs-Stats
Datacenter
X-Cache-TTL-Remaining
X-Ratelimit-Reset
Retry-After
X-Cache-Enabled
X-TA-CDN-Provider
X-FW-Dynamic
X-Seen-By
X-Contextid
S-Cnection
X-Host-Name
X-Origin-Server
MS-CV
Country
From-Origin
X-Mode
X-Hyper-Cache
Frame-Options
Load-Balancing
X-Generated-By
X-Cache-Config
X-CF-Powered-By
X-Cache-Var
X-Cache-Var-Map
X-RN-RSRV
Meta-Geo
X-ES-SERVER
X-LJ-Flow-ID
X-VWS-Id
X-AWS-Id
X-Path-Route
Machine
X-Tumblr-Pixel-3
X-Upstream-HT
X-Magnolia-Registration
Release
X-Varnish-Hits
X-Routing-Service
X-Varnish-Cache-Hits
Mail-Subject
X-Backend-Name
X-Zipkin-Id
X-Proxied
X-Upstream-CT
X-Labrador-Cache-Channel
We-Hiring
DSUID
X-Human
X-RTag
Ms-Operation-Id
X-Hit
X-Cache-Host
X-Cache-Grace
Cache-Key
Vix-Hermes-Req-Id
X-Access
X-EIG-Tracking-Id
X-MP-GENERATED-AT
X-Viewer-Country
X-Debug-Cache
Uber-Trace-Id
X-Upgrade-Enabled
Decoy-Debug-TTL
Decoy-Debug-Key
Decoy-Debug-Status
ServedBy
X-TNCMS
Now
X-Section
X-Web-Node
X-Device-Type
X-Varnish-Server
Mn-Server-Ip
X-Guploader-Uploadid
X-Loop
X-Rendered-As
X-OCL
GEO-INFO
X-RCS-CacheZone
X-From
X-PCL
X-VG-TLSProxy
X-Origin-Response-Time
OT-Force-Account-Verify
X-Cluster-Node
X-Daa-Tunnel
X-L-Path
Akamai-GRN
X-ShardId
X-Shopify-Stage
Rt-Fastcgi-Cache
X-Rule
X-Proto
X-Sorting-Hat-ShopId
X-R9-Blue-Green-Version
X-Sorting-Hat-PodId
X-BYPASS-REASON
X-ProxyCache-Status
X-CCM
X-Environment-Context
X-ProxyCache-Key
X-ShopId
X-Akamai-Request-ID
X-Alternate-Cache-Key
X-Endurance-Cache-Level
X-Region
X-JoinUs
X-NCache
X-Proxy-Build
X-Timing-Wait
X-S
DB-Nickname
X-Hosted-By
X-Via-Fastly
X-Xfnlog-Site
X-Generated
X-Goog-Meta-Goog-Reserved-File-Mtime
Cache-Name
X-FC-Vary-Parameters
X-B3-Spanid
X-Redis-Cache
X-VCT
X-Trace-Id
X-Drupal-Cache-Contexts
X-PressLabs-Stats
NGX
X-Www-Served-By
X-UUID
X-Platform-Server
X-Cache-NE
X-Nginx-Cache
X-Locale
X-Load-Cache
X-Site-Version
Cteonnt-Length
X-NewRelic-App-Data
X-MServer
ProcessTime
X-EdgeConnect-Cache-Status
X-Hl-Ver
X-Vgn-Hpd-Reason
X-ECACHE
X-Oracle-Dms-Rid
X-Real-IP
X-Cache-Remote
SRV
X-Rocket-Nginx-Bypass
X-Request-Time
X-ServerID
X-Time-Microsecs
X-IP
Time
CACHE
X-Dc
Azure-SiteName
Azure-RegionName
Azure-InstanceId
X-Via-CDN
X-RateLimit-Reset
Azure-SlotName
X-Wix-Request-Id
X-Origin
X-FW-Version
S-Rt
X-GEO
Azure-Version
Version
X-IPS-LoggedIn
TWC-Privacy
TWC-GeoIP-Country
TWC-Device-Class
TWC-Locale-Group
Webcakes-App-Name
X-Origin-Hint
Webcakes-Region
Webcakes-App-Version
TWC-Connection-Speed
TWC-GeoIP-LatLong
Property-Id
X-Proxy
X-UA
Origin
NtCoent-Length
L5d-Success-Class
X-No-Session
X-Oneagent-Js-Injection
X-FireWall-Port
X-Cache-Backend
X-Distributor
Served-By
Fastly-SSL
X-Pubstack
X-Akamai-Transformed
Odigeo-Trace-Id
X-Unique-ID
X-Cache-Server
X-Microcachable
X-PERF
X-ApacheServer
Origin-Edge-Control
X-Akamai-Request-ID2
Origin-Cache-Control
X-Webkit-Csp
X-CS
Fastcgi-X-Cache-Version
X-Format
X-CDN-Forward
IBM-Web2-Location
X-Powered-By-Defense
X-Edge
X-Grey
X-Cache-Category-Id
Ec-Rule-Version
X-Compress-Hint
X-HTML-Minification-Powered-By
Proxy-Connection
X-UnsetCookies
Access-Control-Request-Headers
X-Is-Bot
X-Via-NSCOPI
X-Detected-As
Cache-Tags
X-BACKEND-TTL
Backend-Name
X-Varnish-Cacheable
Fastly-SWR
Fastly-SIE
Fly-Cache
HA-Ipaddr
Ha-Gx-Prefs
X-IN-APIGATEWAY
X-NU-AKA-ACS-Version
X-NX-Host
GEO-REGION-INFO
X-Org
Fly-Request-Id
Cache-Cookie-Set-Idcheck
X-PAYTM-SRV-ID
A
Arc-Country
X-Processor
X-Tb
X-Region-Sid
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
AsisCache
X-Debug-Log
Cdn-Request-Time
Content-Script-Type
Content-Style-Type
Cdn-Host
Cache-Prefix
Cache-Cookie-Set-From
MD5-Digest
Cache-Cookie-Set-Lfrom
Cross-Origin-Window-Policy
Request-Country
X-ARC
X-B-Cookie
X-Cache-Bucket
X-Internal-Host
X-Application
X-App-Name
X-Aed
X-Destination
X-AIR-PT
X-Cdn-Srv
X-CF-Lambda-Fn
X-D
X-Date
X-Debug-Cookies
X-Instart-Info
X-Connection-Hash
X-CF-Lambda-Version
X-CGP
X-Cluster-Name
X-Accel-Expires-Debug
X-A-Wwc
X-Request-UUID
Request-EU
Request-Time
Rendered-Blocks
Proxy-Firewall
Mobile-Detection-Method
Node
X-Developer
Rt-Proxy-Cache
Server-ID
X-A-Dam
X-A-Dcw
X-A-Dgt
X-A-Ccd
X-A
ServerName
Viewtype
VivaBuild
Meta-Geo-Continent
BehaviorPad-Version
X-G
X-SRCache-Key
X-Nc
Xc-Version
X-ScT
Hostname
X-Worker
X-External-Request-Id
X-Transaction
X-Server-Time
X-Trv-Group
PageSpeed
X-Twitter-Response-Tags
LB
X-Eu-Site
X-VG-WebServer
X-Edge-Server
X-Vtex-Processado-Em
X-Rewrite-Enabled
X-HS-Combine-CSS
X-HS-Cache-Config
X-Vtex-Remote-Cache
X-Rojux
X-S-Maxage
X-S-Cookie
X-DPWN-IS-SECURE
X-B3-Parentspanid
Mime-Version
X-ElasticPress-Search
X-Level-Front-Cache
Esi-Enabled
Server-Int
SS
True-Client-Country-4JS
X-TH-Server
RNT-Machine
X-Variation
X-Location
Memcached
X-Fastly-Cache
On-Server
Resin-Trace
Is-Eu
X-Nginx-Cache-Key
Gh-Request-Id
Server-Host
Section-Io-Cache
RNT-Time
X-We-Are-Hiring
Platform
X-Dispatcher-Server
X-PHP-Host
X-Cdn-Origin
X-Cache-Info
X-Cache-Id
Adler-Geo
X-Geo-Header
X-Clientip
X-Hash
X-Request-URI
X-Reqid
X-Core-Mission
X-Qloud-Router
X-GeoIP-Country-Code
Apple-News-Services-Handled
Apple-News-Services-Host
X-Dispatch
X-C
X-Skip-Cache
X-Key
Country-Code
X-Sn-Servicetimems
X-ServiceProvider
X-Backend-State
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Irp-Debug
X-Epic-Correlation-Id
X-Server-IP
X-Generated-On
Countrycode
Accept-Language
X-NC
Content-Disposition
X-Amz-Meta-Cache-Control
X-Developers
X-SIPLIST1
X-Gannett-Site-Version
X-Auto-Login
CDCHOST
W
X-SVT-ORM-RULES
X-Wikidot-Static-Cache
X-Li-Pop
Wxu-Next-Region
X-Swa-Ws
X-SVT-ORM-VERSION
X-Li-Fabric
Powered-By
X-Gen-Mode
X-Servername
X-Distil-CS
X-Reboot
X-SD-PageType
X-Crawler
X-Hnp-Log
X-Response-By
X-Request-Start
X-Protected-By
X-Secret
X-Generation-Time
X-Block-Status
X-BBXSRF
X-Cache-FS-Status
AKAMAI
X-Served-From
X-CDN-Cache
Wxu-Next-Hostname
X-FPC
X-Fetched-On
X-ND-Cache
IsBot
X-Method
REQUESTUUID
X-LI-UUID
X-Device-Os
Wxu-Next-Commit
X-WebServer
UCS
User-Cache-Control
Web-Mar-Node
PFcat
Who
X-LI-Proto
Pramga
X-Wikidot-Backend
V-Age
X-Webstats-RespID
SD-X-WS
X-Datadome
X-Varnish-Url
X-Matched-Rule
X-Release
X-CUA
X-Via-SSL
X-VServer
X-Via-Edge
X-GeoIP-City
X-Cms-Context
X-Clara-WADP
X-Bip
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Origin-Date
Thinkindot-Control
X-Thanos
Fastly-Soc-X-Request-Id
X-Origin-Expires
X-WADP-Cache
X-Azure-Ref
Heartbleed
X-Owner
X-Azure-Ref-OriginShield
GW-Server
X-Thinkindot-L3
X-Ua
X-Varnish-Ttl
CF-IPCountry
X-Parent-Response-Time
X-Fstrz
X-OVcl
X-CLOUD-TRACE-CONTEXT
X-VC-Cache
X-OVcl-Cache
L
Pragrma
X-Proxy-Cache-Status
X-Proxy-Upstream
N-Cache
X-Ratelimit-Remaining
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-LAGOON
X-Planisys-CDN-TTL
Kp-EeAlive
X-Amzn-Remapped-Content-Length
X-TrackingId
X-Cdn-Forward
Memory
X-FE
X-Origin-CC
X-Be
X-Origin-TTL
Selected-Fe
X-GRACE
X-IN-WAF
User-Agent
X-Pf-Uncompressing
X-Phone
X-Core-Value
X-B3-SpanId
Locale
X-SERVER-NAME
X-Urbn-Context-Path
X-Varnish-Beresp-Ttl
X-Urbn-Site-Id
Magicmarker
X-Birta-Cache-Post
X-Birta-Served
X-URL
X-Ttl
X-Geo
X-Page-Type
X-Zone
X-Varnish-IP
X-Info
X-Dynatrace-Js-Agent
X-DC
Pagetype
X-ABtesting
X-Hello
HitType
X-Flog
Selected-FE
X-User
X-Generated-In
Cdn
X-Backend-TTL
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Newrelic-Synthetics
X-Backend-Url
Geoip-City
X-Backend-Host
X-TT-LOGID
Geoip-Latitude
GeoIp-Country-Code
X-Litespeed-Cache
X-GoCache-CacheStatus
X-Debug-Cache-Store
X-Soup
X-Up
X-Debug-Cache-Expiry
SN
X-MSEdge-Flight
X-Tt-Trace-Tag
X-Debug-Cache-Fetch
X-MSEdge-Features
X-App-Version
X-Check-Cacheable
X-Source
X-MID
X-Mid
X-Real-Ip
X-Agile-Age
X-Agile
X-Servedbyhost
CF-Cached-On
X-Agile-Id
X-Cache-Debug
X-Refresh
X-Web-Server
X-HS-Status
X-Vcl-Version
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Oss-Request-Id
X-Aicache-OS
X-Oss-Object-Type
X-Oss-Server-Time
Amp-Access-Control-Allow-Source-Origin
X-Ruxit-Js-Agent
X-VCL-Version
X-ZONE
X-Tb-Optimization-Total-Bytes-Saved
X-ServedByHost
FSS-Cache
FSS-Proxy
HostName
X-Cache-Ttl
X-Say-Cacheable
X-Old-Content-Length
X-Amzn-Remapped-Connection
X-UPSTREAM-Address
X-Amzn-Remapped-Date
X-Say-TTL
X-SayCDN-TTL
X-Bc
X-CACHE-KEY
GeoIP-Country-Code
X-Contensis-Viewer-Groups
X-APP
Server-Surrogate-Control
Server-Cache-Control
X-Cache-ASPX
X-Varnish-Authentication
X-NWS-UUID-VERIFY
X-CSRF-Token
Ohc-File-Size
Cache-Hits
Ohc-Cache-HIT
X-EC-Lua
GeoIP-City
X-COUNTRY
RequestId
X-Via-Ucdn
Group
GeoIP-Latitude
WZWS-RAY
Srv
X-Akamai-SSL-Client-Sid
Inserted-Into-Cache-At
Fastly-Backend-Name
X-Varnish-Beresp-TTL
HTTPS
X-Node-Id
X-BC
X-Nananana
Backend
X-WR-MODIFICATION
X-IN-APIGATEWAYSSL
Www
X-Proxy-Cacherz
X-Logtrace-Id
URI
X-ECache
X-SN
Xkeyrz
Ajk
X-Cache-Time
XServer
WebServer
X-Dynatrace
X-PAGE-TYPE
X-Cache-Tag
Cf-Ipcountry
X-Instart-Isnd
X-CSRF-TOKEN
Get-Access-Time
X-TIME
Requestid
X-Cache-Expires
Is-Session-Tracking
Lb
Host-ID
X-RateLimit-Limit-Second
X-FORWARDED-FOR
X-Unique-Id
X-Tec-Api-Version
X-Tec-Api-Origin
Xkeynj
X-RateLimit-Remaining-Second
X-Fastly-Country-Code
X-Request-Url
X-Tec-Api-Root
X-MCACHE
X-LiteSpeed-Cache-Control
X-Wa
X-Requestid
X-Edge-IP
X-Cache-Miss-From
X-Sedo-Request-Id
X-BE
Dynatrace
X-NGENIX-Cache
Cneonction
X-Apw-Hits
X-Apw-Access-Action
X-Apw-Access-Object
X-Apw-Access-Token
X-Varnish-Action
X-PF-Uncompressing
T-Server
X-Fastly-Backend-Reqs
PICS-Label
X-Pjax-Url
Epwk-Cache
DataCenter
X-SRV
Xet-Cookie
Fastcgi-X-Cache
X-LB-ID
X-GDPR
X-Lb-Id
X-WA
X-Vct
Pics-Label
X-Swift-Error
X-PJAX-URL
CDN
X-Render-Time
X-Micro-Cache
X-Dw-Trace-Id
X-NGINX-Cache
X-Cf-Powered-By
Correlation-Id
X-Ecache
X-Svr
X-AssetVersion
X-Akamai-ERPolicy
X-Uri
X-Bug-Bounty
X-ServerName
SID
X-Flow-Id
Warning
X-Akamai-ERRuleID
FNAC-ModuleRouting
X-Serial
X-RSL
X-Var-Ttl
X-Fastly-Cache-Hits
X-Page-Impression-Id
X-Html-Edge-Cache
Ohc-Response-Time
X-WPE-Loopback-Upstream-Addr
X-Zalando-Child-Request-Id
X-LiteSpeed-Tag
Lfy
X-DB
X-RPS
RequestUuid
X-Sf
X-RPM
X-DW
X-DI
X-DSS
X-Fpc