Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Alt-Svc
X-Adblock-Key
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
Content-Encoding
X-Iinfo
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-Turbo-Charged-By
X-CDN
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Age
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Request-Id
X-Amz-Id-2
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
EagleId
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
Feature-Policy
X-Server-Id
Server-Timing
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Host
X-Rq
Report-To
X-Ac
X-Node
Content-Location
X-OneAgent-JS-Injection
X-Backend-Server
X-Cnection
X-Response-Time
X-Request-ID
X-Cloud-Trace-Context
X-Origin-Cache
X-Application-Context
X-Readtime
Request-Id
Allow
EagleEye-TraceId
Surrogate-Control
X-Cdn
X-Country
X-ORACLE-DMS-ECID
X-Cache-Lookup
X-Vhost
X-TTL
X-DynaTrace
X-Url
Pinterest-Generated-By
X-Rack-Cache
X-Clacks-Overhead
X-Origin-Upstream-Status
X-Ua-Compatible
NEL
X-FTR-Request-ID
X-Ruxit-JS-Agent
Rating
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country-Code
X-CST
X-Dns-Prefetch-Control
X-HW
X-Dispatcher
X-ORACLE-DMS-RID
X-Goog-Hash
X-Instart-Request-ID
Fusion-Template-Id
Fusion-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
X-DataStream-Cache-Status
Edge-Control
X-Vname
X-PC
X-TtlSet
X-Px
X-DataDome
X-VARITI-CCR
Service-Worker-Allowed
Verso
X-Mod-Pagespeed
X-MS-InvokeApp
X-Recruiting
X-D2id
X-Cdn-Fetch
X-Exp-Variant
X-Kinja
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Revision
SPRequestGuid
X-Kinja-Server
X-Use-Magma
X-Exp-Id
X-Varnish-TTL
X-Vcap-Request-Id
RTSS
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
TCN
DynaTrace
X-SharePointHealthScore
X-Navigation-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-GitHub-Request-Id
X-RateLimit-Remaining
Response
X-Middleton-Response
X-Sol
Display
X-Middleton-Display
X-Powered-By-Plesk
X-Akam-SW-Version
X-B3-TraceId
MS-Author-Via
Accept-Ch-Lifetime
X-TEC-API-VERSION
Charset
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Shield-Request-Id
Content-MD5
X-Amz-Rid
Ar-Sid
AR-CACHE
AR-ATIME
ServerID
AR-PoweredBy
X-Trace
Realpath
X-Forwarded-Proto
X-Powered-CMS
X-ESI
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
Nginx-Cache
X-DynaTrace-JS-Agent
X-Dw-Request-Base-Id
X-Version
X-Upstream
X-Cached
Fastly-Restarts
AR-Request-ID
Public-Key-Pins
Accept-Ch
X-Server-Name
X-Shard
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Pagespeed
Access-Control-Request-Method
X-MSEdge-Ref
Paypal-Debug-Id
X-Goog-Storage-Class
X-Vcache
SPIisLatency
SPRequestDuration
X-Client-IP
S
X-Grace
X-Debug
X-FTR-Backend-Server
X-FTR-Realm
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-FTR-DC
X-FTR-Balancer
X-Id
X-FTR-Cache-Status
X-FTR-Backend
X-Country-Code-Real
X-FTR-Expires
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Proxy
X-Amz-Meta-S3cmd-Attrs
X-Ezoic-Cdn
X-FastCGI-Cache
Accept-CH
X-N
X-Fastly-Request-ID
X-T
X-DIS-Request-ID
Front-End-Https
X-Amzn-Trace-Id
Arr-Disable-Session-Affinity
X-NF-Request-ID
MicrosoftSharePointTeamServices
X-Content-Type
X-XRDS-Location
X-Hits
X-B3-Sampled
X-Varnish-Age
X-FTR-Cache-Host
X-Ser
Fastcgi-Cache
X-Frontend
Arc-Version
PB-PID
X-Mobile-Rewrite
PB-RID
Alternate-Protocol
X-Acc-Meta-Resource-Type
X-Logged-In
X-Content-Digest
Server-Name
X-B3-Traceid
X-Correlation-Id
X-Srv
X-Pad
X-Forwarded-For
X-Node-Name
Nel
X-Cache-Key
AMP-Access-Control-Allow-Source-Origin
X-Microsite
Host
X-Request-Handler-Origin-Region
Powered-By-ChinaCache
FilterID
TP-Cache
TP-L2-Cache
X-Type
X-Kinsta-Cache
Healthy
X-LB-Cache
X-Server-ID
X-User-Agent
X-Rid
Edge-Cache-Tag
X-AOL-HN
X-IPLB-Instance
X-Debug-Info
X-Request-Received
X-Request-Processing-Time
X-F-Cache
X-Cached-By
X-Esi
X-GUploader-UploadID
X-Cache-2
X-Zen-Fury
Powered
X-Revision
X-Amz-Apigw-Id
X-Amzn-RequestId
X-VCache
X-Hostname
Backend-Timing
X-Cache-Age
X-Analytics
X-Cache-Rule
X-HS-Content-Id
X-HS-Hub-Id
X-XRDS-LOCATION
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Accel-Expires
Surrogate-Key
X-Az
X-Via-JSL
X-AppVersion
X-Activity-Id
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Page-Id
X-Content-Security-Policy-Report-Only
X-BCube-Filmed-By
X-RateLimit-Limit
X-Varnish-Grace
X-Varnish-Backend
X-Content-Options
X-FB-Debug
X-Amz-Replication-Status
X-Cluster
X-Content-Powered-By
X-Jobs
X-Instance
X-Request-Guid
X-PHP-Backend
Source
Cache-Status
X-Akamai-Edgescape
X-TT
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel
X-App-Environment
Server-Node
X-Framework
Cleartype
Refresh
X-Forwarded-Host
X-B-Cache
X-Signature
X-Fastcgi-Cache
Liferay-Portal
X-Varnish-Hostname
X-FW-Server
X-FW-Static
X-FW-Type
X-FW-Serve
X-FW-Hash
Tracecode
DC
X-ATG-Version
Host-Header
WPE-Backend
X-Mobile
X-Cache-Operation
Accept-Charset
Access-Control-Allow-Method
X-Cache-Action
Fastcgi-Useragent
X-Cache-Control
X-Edge-Location
X-Drupal-Cache-Tags
X-Time
X-Cache-Hit
Actual-Object-TTL
X-B
Accept-CH-Lifetime
X-Mobile-URL
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Hp-Webp
X-Accel-Buffering
Payment
X-Response-Served-From
X-Whom
X-Storage
X-TX-ID
X-NWS-LOG-UUID
X-APP-VERSION
X-Content-Age
Upgrade-Insecure-Requests
X-App-Server
X-TT-TIMESTAMP
X-Yottaa-Metrics
X-WA-Info
X-WebKit-CSP-Report-Only
X-Git-Hash
X-Yottaa-Optimizations
X-SS-Set-Cookie
X-Cacheable-TTL
Filters
Cache-Tv-Group
X-Handled-By
X-UA-Device-Type
Cache
X-Adobe-Content
X-Adobe-Loc
X-Status
Eomportal-Instance
X-GeoIP
X-ProcessESI
X-RemovedCookies
X-RequestSource
NGB
X-Geo-Country
X-Tumblr-Pixel-2
Viewport
X-Tumblr-Pixel-1
Xserver
X-VG-WebCache
Cache-Tag
X-Cache-TTL
X-Ratelimit-Reset
Datacenter
Retry-After
X-Cache-TTL-Remaining
Webserver
Server-Info
X-FW-Dynamic
X-FB-TRIP-ID
X-Cache-Enabled
X-Seen-By
X-TA-CDN-Provider
MS-CV
X-Host-Name
X-Contextid
X-Ratelimit-Limit
X-Oracle-Dms-Rid
X-Presslabs-Stats
Frame-Options
S-Cnection
X-PressLabs-Stats
From-Origin
X-Generated-By
Country
X-RTag
X-Origin-Server
Ms-Operation-Id
X-Hyper-Cache
X-B3-Spanid
X-Mode
Meta-Geo
X-Cache-Var
X-Cache-Var-Map
X-Path-Route
X-ES-SERVER
Machine
X-CF-Powered-By
X-Cache-Config
X-RN-RSRV
Load-Balancing
X-Upstream-HT
X-Section
Vix-Hermes-Req-Id
X-Labrador-Cache-Channel
X-Cache-Grace
Cache-Key
X-Upstream-CT
X-Hit
X-Access
X-Cache-Host
X-From
X-Human
X-Routing-Service
X-Viewer-Country
Decoy-Debug-Status
X-Varnish-Server
X-Loop
Decoy-Debug-TTL
X-TNCMS
X-Web-Node
X-RCS-CacheZone
Decoy-Debug-Key
X-OCL
X-MP-GENERATED-AT
X-PCL
X-Upgrade-Enabled
X-Zipkin-Id
X-Proxied
X-CCM
Now
X-Alternate-Cache-Key
X-AWS-Id
X-Backend-Name
X-Akamai-Request-ID
ServedBy
Mn-Server-Ip
Rt-Fastcgi-Cache
X-Debug-Cache
X-Sorting-Hat-ShopId
X-ShardId
X-ShopId
X-Rule
X-R9-Blue-Green-Version
X-Origin-Response-Time
X-Shopify-Stage
X-Sorting-Hat-PodId
X-VWS-Id
X-VG-TLSProxy
X-Varnish-Cache-Hits
X-Tumblr-Pixel-3
X-Magnolia-Registration
X-Region
X-LJ-Flow-ID
X-EIG-Tracking-Id
GEO-INFO
X-Generated
X-FC-Vary-Parameters
X-Timing-Wait
OT-Force-Account-Verify
Mail-Subject
X-Xfnlog-Site
DSUID
X-Endurance-Cache-Level
X-Environment-Context
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hosted-By
X-Varnish-Hits
X-Proxy-Build
X-Proto
X-L-Path
X-Rendered-As
X-S
We-Hiring
X-JoinUs
X-NCache
X-Via-Fastly
X-Device-Type
Uber-Trace-Id
X-Cluster-Node
Release
Cache-Name
X-Drupal-Cache-Contexts
X-Guploader-Uploadid
Akamai-GRN
X-Trace-Id
X-Nginx-Cache
DB-Nickname
X-Locale
X-Site-Version
Cteonnt-Length
X-Redis-Cache
X-BYPASS-REASON
X-ProxyCache-Status
X-ProxyCache-Key
X-Www-Served-By
SRV
X-VCT
Version
NGX
X-Load-Cache
ProcessTime
X-UUID
X-Platform-Server
X-Request-Time
X-Cache-NE
Time
X-IP
X-Time-Microsecs
X-NewRelic-App-Data
X-EdgeConnect-Cache-Status
X-ECACHE
X-Via-CDN
X-Daa-Tunnel
S-Rt
X-Wix-Request-Id
X-MServer
X-Origin
X-Rocket-Nginx-Bypass
X-Hl-Ver
TWC-Device-Class
TWC-GeoIP-Country
Azure-SlotName
Azure-RegionName
Azure-InstanceId
Azure-SiteName
Azure-Version
Property-Id
TWC-Connection-Speed
Webcakes-Region
X-Origin-Hint
TWC-GeoIP-LatLong
X-Cache-Remote
Webcakes-App-Version
X-FW-Version
TWC-Privacy
Webcakes-App-Name
TWC-Locale-Group
X-No-Session
X-Vgn-Hpd-Reason
X-Proxy
X-Dc
X-ServerID
NtCoent-Length
X-GEO
X-IPS-LoggedIn
X-Akamai-Request-ID2
X-FireWall-Port
CACHE
Origin
X-HTML-Minification-Powered-By
Odigeo-Trace-Id
X-Distributor
X-Real-IP
X-CDN-Forward
X-PERF
X-Oneagent-Js-Injection
Fastly-SSL
X-Akamai-Transformed
X-ApacheServer
X-Cache-Server
X-Cache-Backend
X-Format
X-CS
L5d-Success-Class
Ec-Rule-Version
X-RateLimit-Reset
X-Microcachable
Access-Control-Request-Headers
X-UA
X-Unique-ID
X-Compress-Hint
Hostname
Served-By
Cache-Tags
Origin-Cache-Control
Origin-Edge-Control
Fastcgi-X-Cache-Version
X-Tb
X-Webkit-Csp
X-UnsetCookies
X-Pubstack
X-SERVER-NAME
X-Cache-Category-Id
LB
X-Grey
IBM-Web2-Location
X-B3-Parentspanid
X-Varnish-Cacheable
Accept-Language
Backend-Name
X-ScT
X-S-Maxage
X-S-Cookie
A
X-Server-Time
Fastly-SWR
Fly-Cache
Arc-Country
X-Worker
Fly-Request-Id
Xc-Version
X-Rebelmouse-Cache-Control
X-PAYTM-SRV-ID
X-Rebelmouse-Surrogate-Control
X-Region-Sid
X-Rojux
X-Rewrite-Enabled
X-Request-UUID
Fastly-SIE
X-SRCache-Key
X-VG-WebServer
X-Twitter-Response-Tags
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
AsisCache
X-Vtex-Processado-Em
BehaviorPad-Version
Cache-Prefix
Cdn-Host
Cross-Origin-Window-Policy
X-Trv-Group
X-Transaction
X-Org
Content-Style-Type
Cdn-Request-Time
Content-Script-Type
X-Vtex-Remote-Cache
X-Is-Bot
X-Cache-Bucket
ServerName
Viewtype
VivaBuild
Server-ID
X-CF-Lambda-Fn
Request-Time
Rt-Proxy-Cache
X-Cluster-Name
X-CF-Lambda-Version
X-B-Cookie
X-A-Ccd
X-A-Wwc
X-Accel-Expires-Debug
X-Aed
X-AIR-PT
X-A-Dgt
X-A-Dcw
X-ARC
X-A-Dam
X-Application
Request-EU
X-Connection-Hash
X-Edge-Server
GEO-REGION-INFO
X-DPWN-IS-SECURE
MD5-Digest
X-External-Request-Id
X-G
X-App-Name
X-Internal-Host
X-Instart-Info
X-IN-APIGATEWAY
X-Developer
X-Detected-As
Proxy-Firewall
X-D
Rendered-Blocks
Request-Country
Node
Mobile-Detection-Method
X-Destination
Meta-Geo-Continent
X-Date
X-NU-AKA-ACS-Version
X-A
X-BACKEND-TTL
Proxy-Connection
X-Edge
X-NC
Resin-Trace
RNT-Machine
Server-Int
W
True-Client-Country-4JS
X-PHP-Host
Section-Io-Cache
X-Request-URI
HA-Ipaddr
Ha-Gx-Prefs
X-ServiceProvider
X-Sn-Servicetimems
Is-Eu
Memcached
X-NX-Host
Platform
On-Server
X-Processor
X-Level-Front-Cache
X-Powered-By-Defense
X-Fastly-Cache
X-Core-Mission
X-Clientip
X-Eu-Site
X-Debug-Cookies
X-Developers
X-Epic-Correlation-Id
X-Debug-Log
X-CGP
X-Cdn-Srv
X-GeoIP-Country-Code
X-Backend-State
X-HS-Cache-Config
X-Geo-Header
X-Generated-On
X-Cdn-Origin
X-Cache-Info
X-Cache-Id
X-HS-Combine-CSS
RNT-Time
X-SVT-ORM-RULES
Apple-News-Services-Request-Url
X-C
Content-Disposition
X-Variation
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Varnish-Url
Adler-Geo
AKAMAI
Apple-News-Services-Handled
Countrycode
X-We-Are-Hiring
X-SVT-ORM-VERSION
X-Ua
X-Nc
X-ElasticPress-Search
Fastly-Soc-X-Request-Id
Web-Mar-Node
X-Block-Status
X-WebServer
IsBot
X-Nginx-Cache-Key
X-WADP-Cache
V-Age
X-SIPLIST1
X-Skip-Cache
CDCHOST
UCS
User-Cache-Control
Gh-Request-Id
X-Method
Esi-Enabled
X-Amz-Meta-Cache-Control
X-Irp-Debug
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Hnp-Log
X-Hash
X-Key
X-BBXSRF
X-LI-UUID
X-Location
X-LI-Proto
X-Li-Pop
X-Li-Fabric
X-Gen-Mode
X-CDN-Cache
REQUESTUUID
Country-Code
X-Request-Start
X-Reqid
X-Qloud-Router
X-Reboot
X-Distil-CS
PFcat
X-TH-Server
X-SD-PageType
X-Via-NSCOPI
X-Secret
X-Device-Os
X-Response-By
X-Gannett-Site-Version
X-Served-From
X-Clara-WADP
Server-Host
X-Cms-Context
SD-X-WS
X-Dispatcher-Server
X-Fetched-On
X-Servername
X-Server-IP
X-FPC
X-Azure-Ref-OriginShield
X-Azure-Ref
X-GeoIP-City
X-Dispatch
L
X-Crawler
X-Generation-Time
GW-Server
X-Cache-FS-Status
X-Bip
Selected-Fe
X-Matched-Rule
X-Owner
X-Via-SSL
X-Auto-Login
SS
Thinkindot-CacheControl
Heartbleed
X-Via-Edge
X-Swa-Ws
X-Thanos
Powered-By
X-Release
X-Thinkindot-L3
Thinkindot-CacheControl-Type
X-VServer
Who
Wxu-Next-Hostname
X-Webstats-RespID
X-Origin-Date
Wxu-Next-Region
Thinkindot-Control
X-Origin-Expires
Wxu-Next-Commit
Mime-Version
X-Proxy-Upstream
X-TrackingId
X-Parent-Response-Time
CF-IPCountry
X-Proxy-Cache-Status
X-VC-Cache
Pramga
N-Cache
X-Amzn-Remapped-Content-Length
X-CUA
X-Varnish-Ttl
X-OVcl
X-OVcl-Cache
X-FE
Kp-EeAlive
X-ND-Cache
X-CLOUD-TRACE-CONTEXT
X-Urbn-Context-Path
X-Urbn-Site-Id
Locale
X-Protected-By
X-LAGOON
PageSpeed
X-Ratelimit-Remaining
User-Agent
X-Pf-Uncompressing
X-Varnish-Beresp-Ttl
X-Fstrz
Memory
Pragrma
Magicmarker
X-Origin-CC
X-Origin-TTL
X-ABtesting
X-Hello
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Page-Type
X-Flog
X-Be
X-Geo
X-DC
Pagetype
X-B3-SpanId
X-Cdn-Forward
X-URL
X-User
X-Ttl
X-Generated-In
X-Backend-Host
X-Backend-Url
X-IN-WAF
X-Phone
X-Core-Value
X-Cache-Ttl
X-Zone
X-Dynatrace-Js-Agent
X-Newrelic-Synthetics
X-Up
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-GoCache-CacheStatus
X-Tt-Trace-Tag
X-Soup
X-MSEdge-Flight
X-MSEdge-Features
X-Backend-TTL
X-Birta-Served
X-Birta-Cache-Post
X-Oss-Hash-Crc64ecma
X-Debug-Cache-Fetch
Cdn
X-Debug-Cache-Store
X-Servedbyhost
X-GRACE
X-Debug-Cache-Expiry
X-TT-LOGID
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Object-Type
X-Info
X-Litespeed-Cache
X-Varnish-IP
X-Check-Cacheable
Geoip-City
SN
X-ZONE
GeoIp-Country-Code
HitType
Selected-FE
Geoip-Latitude
X-MID
X-SayCDN-TTL
X-HS-Status
X-VCL-Version
X-Say-TTL
X-Say-Cacheable
X-Real-Ip
X-Mid
Cache-Hits
X-Old-Content-Length
X-Aicache-OS
X-Tb-Optimization-Total-Bytes-Saved
X-Datadome
X-Ruxit-Js-Agent
CF-Cached-On
X-Akamai-SSL-Client-Sid
Amp-Access-Control-Allow-Source-Origin
X-Agile-Age
X-Cache-Debug
FSS-Cache
X-Refresh
X-Agile-Id
X-Vcl-Version
X-Agile
X-App-Version
FSS-Proxy
X-CSRF-TOKEN
X-Source
X-Node-Id
X-Amzn-Remapped-Date
Inserted-Into-Cache-At
X-ServedByHost
Fastly-Backend-Name
GeoIP-Country-Code
X-Amzn-Remapped-Connection
X-Cache-Time
X-BC
Srv
X-Bc
X-Web-Server
Server-Surrogate-Control
Server-Cache-Control
GeoIP-City
GeoIP-Latitude
HostName
X-Varnish-Authentication
X-Cache-ASPX
WZWS-RAY
X-Contensis-Viewer-Groups
X-IN-APIGATEWAYSSL
X-Logtrace-Id
Ajk
X-EC-Lua
RequestId
X-UPSTREAM-Address
XServer
X-APP
X-COUNTRY
X-Via-Ucdn
X-FORWARDED-FOR
X-CACHE-KEY
X-CSRF-Token
X-Nananana
X-Wa
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
Group
X-NWS-UUID-VERIFY
X-TIME
Cf-Ipcountry
Ohc-File-Size
Ohc-Cache-HIT
Xkeyrz
X-WR-MODIFICATION
X-Proxy-Cacherz
X-Varnish-Beresp-TTL
X-ECache
X-Dynatrace
WebServer
T-Server
X-BE
HTTPS
X-LiteSpeed-Cache-Control
URI
Xkeynj
X-SRV
X-LB-ID
Backend
X-PJAX-URL
X-Cache-Tag
X-GDPR
Www
Is-Session-Tracking
X-Micro-Cache
X-Fastly-Country-Code
X-SN
X-PAGE-TYPE
Get-Access-Time
PICS-Label
X-Unique-Id
X-Cache-Miss-From
X-Request-Url
X-Requestid
X-Render-Time
X-Sedo-Request-Id
Lb
X-Edge-IP
X-Instart-Isnd
X-MCACHE
MIME-Version
Dynatrace
Host-ID
X-Pjax-Url
X-Fastly-Backend-Reqs
CDN
X-Policy
Pics-Label
Requestid
X-Cache-Expires
Cneonction
DataCenter
Xet-Cookie
X-PF-Uncompressing
SID
X-Apw-Access-Token
X-Lb-Id
X-Vct
X-Apw-Hits
X-Apw-Access-Action
X-Apw-Access-Object
X-Uri
X-Swift-Error
X-Dw-Trace-Id
X-NGINX-Cache
X-WA
X-Service
X-Ecache
X-Cdn-Request-ID
Correlation-Id
X-Cf-Powered-By
Epwk-Cache
X-Varnish-Action
Cache-Provider
X-Newrelic-App-Data
X-NGENIX-Cache
X-Serial
Warning
X-Bug-Bounty
Lfy
X-Akamai-ERPolicy
X-WPE-Loopback-Upstream-Addr
Sid
RequestUuid
Fastcgi-X-Cache
X-Akamai-ERRuleID
X-Html-Edge-Cache
X-Fastly-Cache-Hits
X-ServerName
X-DW
X-RPM
X-RPS
X-RSL
X-DSS
X-DI
X-Flow-Id
X-Page-Impression-Id
X-Zalando-Child-Request-Id
X-DB
X-Fpc