Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Alt-Svc
X-Adblock-Key
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
X-Template
X-Language
Status
Timing-Allow-Origin
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Buckets
P3p
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Age
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Request-Id
X-Amz-Id-2
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
EagleId
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
X-Request-ID
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Server-Id
X-WebKit-CSP
Feature-Policy
Server-Timing
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Host
X-Rq
Report-To
X-Ac
X-Node
Content-Location
X-OneAgent-JS-Injection
X-Cnection
X-Backend-Server
X-Response-Time
X-Cloud-Trace-Context
X-Origin-Cache
X-Application-Context
X-Readtime
Request-Id
Allow
EagleEye-TraceId
Surrogate-Control
X-ORACLE-DMS-ECID
X-Country
X-DynaTrace
X-Cdn
X-Cache-Lookup
X-Vhost
X-TTL
Pinterest-Generated-By
X-Ua-Compatible
X-Rack-Cache
X-Clacks-Overhead
X-Url
X-Origin-Upstream-Status
NEL
X-FTR-Request-ID
X-Dns-Prefetch-Control
X-Ruxit-JS-Agent
Rating
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country-Code
X-CST
X-HW
X-ORACLE-DMS-RID
X-Dispatcher
X-Goog-Hash
X-Instart-Request-ID
Fusion-Content-Source
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Id
Fusion-Source
X-DataStream-Cache-Status
Edge-Control
X-TtlSet
X-DataDome
X-PC
X-Vname
X-Px
X-VARITI-CCR
Service-Worker-Allowed
X-Mod-Pagespeed
Verso
X-MS-InvokeApp
X-Recruiting
X-D2id
X-Varnish-TTL
SPRequestGuid
X-Kinja
X-Kinja-Build
X-Exp-Variant
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
RTSS
X-Vcap-Request-Id
X-Amz-Server-Side-Encryption
X-Abt-Application-Version
DynaTrace
TCN
X-SharePointHealthScore
X-Navigation-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-GitHub-Request-Id
X-Middleton-Display
Response
Display
X-Middleton-Response
X-Sol
X-Akam-SW-Version
X-Powered-By-Plesk
X-RateLimit-Remaining
MS-Author-Via
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-B3-TraceId
Charset
X-Shield-Request-Id
Content-MD5
X-Amz-Rid
ServerID
X-Trace
AR-ATIME
AR-PoweredBy
Ar-Sid
AR-CACHE
Realpath
X-Forwarded-Proto
X-Powered-CMS
Nginx-Cache
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Metageneration
Accept-Ch-Lifetime
Fastly-Restarts
X-Dw-Request-Base-Id
X-Version
X-Cached
X-ESI
X-Upstream
AR-Request-ID
Public-Key-Pins
X-Shard
X-Server-Name
X-DynaTrace-JS-Agent
X-Mrf-Item-Lastmod
Accept-Ch
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
Pagespeed
Access-Control-Request-Method
X-MSEdge-Ref
Paypal-Debug-Id
X-Goog-Storage-Class
SPRequestDuration
X-Client-IP
SPIisLatency
X-Grace
X-Vcache
X-Debug
S
Accept-CH
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Backend
X-FTR-Realm
X-Country-Code-Real
X-FTR-Expires
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Id
X-Amz-Meta-S3cmd-Attrs
X-Ezoic-Cdn
Pinterest-Version
X-Pinterest-Rid
X-N
X-Upstream-Proxy
X-FastCGI-Cache
X-Fastly-Request-ID
X-T
X-DIS-Request-ID
X-Amzn-Trace-Id
Front-End-Https
Arr-Disable-Session-Affinity
X-NF-Request-ID
X-Content-Type
MicrosoftSharePointTeamServices
X-Hits
X-B3-Sampled
X-XRDS-Location
X-FTR-Cache-Host
X-Varnish-Age
X-Ser
X-B3-Traceid
X-Mobile-Rewrite
Arc-Version
PB-RID
Fastcgi-Cache
PB-PID
X-Acc-Meta-Resource-Type
X-Frontend
X-Content-Digest
Server-Name
Alternate-Protocol
X-Logged-In
X-Correlation-Id
X-Srv
Nel
X-Pad
X-Cache-Key
X-Node-Name
AMP-Access-Control-Allow-Source-Origin
X-Request-Handler-Origin-Region
X-Microsite
Host
Powered-By-ChinaCache
TP-Cache
TP-L2-Cache
X-Forwarded-For
X-Type
FilterID
X-Rid
Healthy
X-User-Agent
X-Request-Processing-Time
X-Request-Received
X-IPLB-Instance
X-LB-Cache
X-Kinsta-Cache
Edge-Cache-Tag
X-Esi
X-F-Cache
X-AOL-HN
X-Debug-Info
X-VCache
X-Cache-2
X-Zen-Fury
X-Amzn-RequestId
X-Cached-By
X-Amz-Apigw-Id
Powered
X-Revision
X-GUploader-UploadID
X-XRDS-LOCATION
X-Hostname
Backend-Timing
X-Analytics
X-HS-Content-Id
X-HS-Hub-Id
X-Cache-Rule
X-Kong-Proxy-Latency
X-Cache-Age
X-Kong-Upstream-Latency
X-Accel-Expires
X-Activity-Id
X-AppVersion
X-Az
Surrogate-Key
X-Via-JSL
X-Content-Security-Policy-Report-Only
X-Instance
X-Content-Options
X-Varnish-Backend
X-BCube-Filmed-By
X-Amz-Replication-Status
X-Varnish-Grace
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-FB-Debug
X-Request-Guid
X-Tumblr-User
X-PHP-Backend
X-Page-Id
X-Cluster
X-Tumblr-Pixel
X-Akamai-Edgescape
X-Tumblr-Pixel-0
X-Content-Powered-By
Source
Cache-Status
X-Jobs
Server-Node
X-App-Environment
X-Fastcgi-Cache
X-RateLimit-Limit
X-TT
X-Framework
Refresh
X-Forwarded-Host
Accept-CH-Lifetime
X-Signature
X-B-Cache
Cleartype
X-FW-Server
X-FW-Serve
X-FW-Hash
X-FW-Static
X-FW-Type
Liferay-Portal
X-Varnish-Hostname
DC
X-ATG-Version
Tracecode
Host-Header
WPE-Backend
X-Cache-Operation
X-APP-VERSION
X-Mobile
Fastcgi-Useragent
Accept-Charset
Access-Control-Allow-Method
X-Edge-Location
X-Cache-Control
X-Cache-Action
X-Drupal-Cache-Tags
X-Time
X-Cache-Hit
Actual-Object-TTL
X-B
X-Mobile-URL
X-Hp-Webp
X-Erf-Bev-Bev
X-Accel-Buffering
X-Erf-Bev-Bev-Is-Generated
X-Response-Served-From
X-Storage
X-TX-ID
Payment
X-Whom
X-SS-Set-Cookie
X-NWS-LOG-UUID
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-WebKit-CSP-Report-Only
X-Content-Age
X-App-Server
X-Git-Hash
Cache-Tv-Group
X-WA-Info
Upgrade-Insecure-Requests
X-TT-TIMESTAMP
Filters
X-Handled-By
NGB
X-Cacheable-TTL
X-UA-Device-Type
X-Tumblr-Pixel-2
X-Adobe-Content
Eomportal-Instance
X-Adobe-Loc
X-Status
X-GeoIP
X-Tumblr-Pixel-1
X-RequestSource
X-RemovedCookies
X-ProcessESI
Cache-Tag
X-Geo-Country
X-VG-WebCache
Viewport
Xserver
Cache
X-Presslabs-Stats
X-Cache-TTL
Retry-After
X-FW-Dynamic
X-Server-ID
Datacenter
X-Cache-TTL-Remaining
Webserver
X-TA-CDN-Provider
X-Seen-By
Server-Info
MS-CV
X-FB-TRIP-ID
X-Cache-Enabled
X-Oracle-Dms-Rid
X-Ratelimit-Limit
X-Ratelimit-Reset
X-Host-Name
X-Contextid
X-Generated-By
Frame-Options
X-B3-Spanid
X-Origin-Server
From-Origin
X-RTag
Ms-Operation-Id
S-Cnection
Country
X-Hyper-Cache
X-Mode
X-CF-Powered-By
Meta-Geo
X-Cache-Var-Map
X-RN-RSRV
Machine
Load-Balancing
X-Cache-Var
X-Path-Route
X-Tumblr-Pixel-3
X-ES-SERVER
X-Upstream-HT
X-Routing-Service
X-MP-GENERATED-AT
X-Access
X-Cache-Config
X-Cache-Grace
Cache-Key
X-Section
X-Labrador-Cache-Channel
X-Zipkin-Id
X-Upstream-CT
X-Proxied
X-Upgrade-Enabled
Vix-Hermes-Req-Id
X-Cache-Host
X-OCL
Decoy-Debug-TTL
X-Viewer-Country
X-Web-Node
X-From
X-Human
Decoy-Debug-Key
Decoy-Debug-Status
X-Hit
X-Guploader-Uploadid
X-Varnish-Cache-Hits
X-Varnish-Server
X-PCL
GEO-INFO
Now
Mn-Server-Ip
ServedBy
X-Loop
X-EIG-Tracking-Id
X-ShopId
X-Debug-Cache
X-VG-TLSProxy
X-Endurance-Cache-Level
X-Via-Fastly
X-L-Path
X-RCS-CacheZone
X-VWS-Id
X-Environment-Context
X-CCM
X-LJ-Flow-ID
X-TNCMS
X-Backend-Name
X-AWS-Id
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Origin-Response-Time
X-R9-Blue-Green-Version
X-ShardId
X-Shopify-Stage
X-Akamai-Request-ID
Rt-Fastcgi-Cache
X-Drupal-Cache-Contexts
Cache-Name
X-Hosted-By
DB-Nickname
X-Varnish-Hits
Mail-Subject
OT-Force-Account-Verify
We-Hiring
Akamai-GRN
SRV
X-Magnolia-Registration
X-S
X-PressLabs-Stats
X-Rule
X-Xfnlog-Site
X-Rendered-As
X-NCache
X-Proto
X-Region
Release
X-FC-Vary-Parameters
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Device-Type
Uber-Trace-Id
X-Cluster-Node
DSUID
Version
X-Trace-Id
X-Timing-Wait
X-JoinUs
X-Proxy-Build
X-Generated
X-Site-Version
X-Locale
X-Nginx-Cache
X-ProxyCache-Key
Cteonnt-Length
X-BYPASS-REASON
X-Www-Served-By
X-ProxyCache-Status
CACHE
X-NewRelic-App-Data
NGX
X-VCT
X-Load-Cache
X-Request-Time
ProcessTime
X-Platform-Server
X-IP
X-UUID
X-Redis-Cache
X-Time-Microsecs
X-Dc
Time
Azure-Version
Azure-InstanceId
Azure-SlotName
X-Origin
Azure-RegionName
Azure-SiteName
X-Via-CDN
X-Wix-Request-Id
X-FW-Version
S-Rt
X-ECACHE
X-EdgeConnect-Cache-Status
X-Cache-NE
X-MServer
Property-Id
TWC-Privacy
TWC-Locale-Group
Webcakes-App-Name
Webcakes-App-Version
X-Origin-Hint
Webcakes-Region
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-Connection-Speed
NtCoent-Length
X-GEO
X-Akamai-Request-ID2
X-Daa-Tunnel
X-RateLimit-Reset
X-No-Session
X-Proxy
X-FireWall-Port
X-CDN-Forward
X-ServerID
X-Rocket-Nginx-Bypass
X-Hl-Ver
X-IPS-LoggedIn
X-Cache-Remote
Origin
X-UA
X-HTML-Minification-Powered-By
X-Vgn-Hpd-Reason
X-Oneagent-Js-Injection
X-Akamai-Transformed
X-ApacheServer
Odigeo-Trace-Id
X-Cache-Server
X-Distributor
X-PERF
X-Format
X-CS
Fastly-SSL
Ec-Rule-Version
LB
Access-Control-Request-Headers
Cache-Tags
X-Webkit-Csp
L5d-Success-Class
X-Cache-Backend
X-Pubstack
X-UnsetCookies
X-Microcachable
X-Unique-ID
X-SERVER-NAME
X-Compress-Hint
Origin-Edge-Control
X-Tb
X-Real-IP
Accept-Language
Origin-Cache-Control
Served-By
Fastcgi-X-Cache-Version
Hostname
X-BACKEND-TTL
X-Grey
X-Varnish-Cacheable
X-NC
IBM-Web2-Location
X-Cache-Category-Id
Xc-Version
X-Cluster-Name
X-Aed
X-Accel-Expires-Debug
X-A-Dgt
X-D
X-A-Wwc
X-AIR-PT
X-CF-Lambda-Version
Backend-Name
X-B-Cookie
X-A-Dcw
X-Cdn-Srv
X-ARC
X-Cache-Bucket
X-CF-Lambda-Fn
X-Application
X-App-Name
A
Fastly-SWR
Fly-Cache
Fly-Request-Id
Request-Time
Fastly-SIE
Rt-Proxy-Cache
Cross-Origin-Window-Policy
GEO-REGION-INFO
Request-EU
Mobile-Detection-Method
Meta-Geo-Continent
MD5-Digest
Node
Proxy-Firewall
Request-Country
Rendered-Blocks
Content-Style-Type
Content-Script-Type
Viewtype
Arc-Country
AsisCache
VivaBuild
X-A
X-Date
X-A-Ccd
BehaviorPad-Version
Cache-Cookie-Set-From
Cdn-Request-Time
Server-ID
Cdn-Host
Cache-Prefix
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-A-Dam
X-Connection-Hash
X-S-Maxage
X-Edge
X-S-Cookie
X-Rojux
X-Rewrite-Enabled
X-B3-Parentspanid
X-Edge-Server
X-Server-Time
X-Detected-As
X-Developer
X-DPWN-IS-SECURE
X-Request-UUID
X-External-Request-Id
X-Is-Bot
X-Internal-Host
X-NU-AKA-ACS-Version
X-Org
X-PAYTM-SRV-ID
X-Instart-Info
X-Rebelmouse-Cache-Control
X-G
X-Region-Sid
X-Rebelmouse-Surrogate-Control
X-IN-APIGATEWAY
X-Destination
X-ScT
X-Vtex-Processado-Em
X-SRCache-Key
X-Vtex-Remote-Cache
X-Transaction
X-Trv-Group
X-VG-WebServer
Proxy-Connection
X-Varnish-Url
X-Twitter-Response-Tags
X-Worker
X-URL
X-ElasticPress-Search
ServerName
X-CGP
REQUESTUUID
Resin-Trace
RNT-Time
X-HS-Combine-CSS
RNT-Machine
X-We-Are-Hiring
X-NX-Host
X-Debug-Cookies
Memcached
X-PHP-Host
On-Server
Platform
X-Location
X-Nginx-Cache-Key
X-HS-Cache-Config
AKAMAI
X-Cdn-Origin
X-Level-Front-Cache
X-Epic-Correlation-Id
X-Eu-Site
X-Geo-Header
X-Developers
X-Sn-Servicetimems
X-Debug-Log
X-Skip-Cache
X-ServiceProvider
X-SVT-ORM-RULES
X-Backend-State
True-Client-Country-4JS
X-SVT-ORM-VERSION
Is-Eu
X-Request-URI
Section-Io-Cache
Server-Int
X-Fastly-Cache
X-Cache-Id
X-Generated-On
X-Variation
X-Cache-Info
X-GeoIP-Country-Code
W
HA-Ipaddr
X-C
Ha-Gx-Prefs
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Content-Disposition
Adler-Geo
Apple-News-Services-Handled
Esi-Enabled
Apple-News-Services-Host
X-Amzn-Remapped-Content-Length
X-Powered-By-Defense
X-BBXSRF
X-Fetched-On
X-Dispatcher-Server
X-FPC
X-Gannett-Site-Version
X-Generation-Time
X-Gen-Mode
X-Dispatch
X-Device-Os
X-Clientip
X-Cache-FS-Status
X-CDN-Cache
X-Cms-Context
X-Block-Status
X-Via-NSCOPI
X-Core-Mission
X-Clara-WADP
X-Irp-Debug
IsBot
X-SIPLIST1
X-Server-IP
X-Secret
X-SD-PageType
X-TH-Server
X-WADP-Cache
X-Method
X-Nc
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Response-By
X-Reqid
X-Li-Fabric
X-Key
X-Amz-Meta-Cache-Control
X-Hnp-Log
X-Li-Pop
X-LI-Proto
X-Reboot
X-Qloud-Router
X-Processor
X-LI-UUID
X-GeoIP-City
X-Servername
CDCHOST
UCS
SD-X-WS
Web-Mar-Node
V-Age
PFcat
N-Cache
Fastly-Soc-X-Request-Id
Countrycode
SS
Server-Host
Gh-Request-Id
User-Cache-Control
X-VC-Cache
X-Via-SSL
X-Via-Edge
Who
X-Request-Start
Thinkindot-CacheControl
X-Distil-CS
X-Matched-Rule
Thinkindot-CacheControl-Type
Thinkindot-Control
X-VServer
X-Release
Pramga
GW-Server
X-Thinkindot-L3
X-Owner
X-Hash
X-Azure-Ref
X-Azure-Ref-OriginShield
X-Proxy-Cache-Status
X-Proxy-Upstream
Country-Code
X-Swa-Ws
X-Served-From
L
X-Auto-Login
X-Webstats-RespID
Heartbleed
Wxu-Next-Commit
X-WebServer
Wxu-Next-Hostname
Wxu-Next-Region
Selected-Fe
CF-IPCountry
X-Varnish-Ttl
X-OVcl-Cache
X-Thanos
X-Origin-Expires
X-Origin-Date
X-Crawler
X-OVcl
X-CUA
X-Bip
Powered-By
X-CLOUD-TRACE-CONTEXT
X-TrackingId
X-Pf-Uncompressing
Kp-EeAlive
X-Urbn-Site-Id
Locale
X-Parent-Response-Time
X-Urbn-Context-Path
Mime-Version
Magicmarker
X-FE
X-Ua
X-Dynatrace-Js-Agent
X-Ratelimit-Remaining
X-ND-Cache
PageSpeed
X-Varnish-Beresp-Ttl
User-Agent
X-LAGOON
X-Protected-By
X-Flog
X-Fstrz
X-ABtesting
Memory
Pragrma
X-Hello
X-Origin-TTL
X-Origin-CC
X-Be
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
Pagetype
X-Planisys-CDN-Rules
X-Page-Type
X-User
X-Ttl
X-Backend-Host
X-Generated-In
X-Backend-Url
X-Geo
X-Zone
X-Cache-Ttl
X-Up
X-Core-Value
X-MSEdge-Flight
X-Tt-Trace-Tag
X-COUNTRY
X-GoCache-CacheStatus
X-IN-WAF
X-MSEdge-Features
X-Phone
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Newrelic-Synthetics
X-Debug-Cache-Store
X-Debug-Cache-Expiry
X-B3-SpanId
X-Backend-TTL
X-Soup
X-Debug-Cache-Fetch
X-DC
X-Cdn-Forward
X-Check-Cacheable
X-TT-LOGID
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
GeoIp-Country-Code
Geoip-Latitude
Geoip-City
X-Oss-Request-Id
X-Litespeed-Cache
X-Servedbyhost
X-Birta-Served
X-Birta-Cache-Post
SN
Cdn
X-Varnish-IP
X-ZONE
X-Say-TTL
X-Say-Cacheable
X-Real-Ip
Cache-Hits
X-Old-Content-Length
X-Info
X-SayCDN-TTL
Selected-FE
X-MID
X-Mid
HitType
X-HS-Status
X-VCL-Version
X-Datadome
X-Akamai-SSL-Client-Sid
X-Ruxit-Js-Agent
X-GRACE
Amp-Access-Control-Allow-Source-Origin
X-Aicache-OS
FSS-Cache
X-Vcl-Version
FSS-Proxy
X-FORWARDED-FOR
X-CSRF-TOKEN
XServer
X-Agile-Age
X-Refresh
X-Agile-Id
X-Cache-Debug
X-Tb-Optimization-Total-Bytes-Saved
X-ServedByHost
Fastly-Backend-Name
X-Cache-Time
CF-Cached-On
X-Agile
Inserted-Into-Cache-At
X-Node-Id
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-Bc
Ajk
X-Source
X-IN-APIGATEWAYSSL
X-Logtrace-Id
Server-Surrogate-Control
HostName
X-Cache-ASPX
X-Varnish-Authentication
X-Contensis-Viewer-Groups
Server-Cache-Control
X-BC
X-EC-Lua
RequestId
X-UPSTREAM-Address
WZWS-RAY
GeoIP-Country-Code
X-Via-Ucdn
X-Web-Server
X-Nananana
Srv
X-CSRF-Token
GeoIP-City
X-Wa
X-APP
X-RateLimit-Remaining-Second
GeoIP-Latitude
X-RateLimit-Limit-Second
X-App-Version
X-Proxy-Cacherz
Xkeyrz
X-ECache
X-TIME
X-WR-MODIFICATION
X-NWS-UUID-VERIFY
WebServer
Ohc-Cache-HIT
Cf-Ipcountry
X-PJAX-URL
T-Server
X-Varnish-Beresp-TTL
PICS-Label
Group
Ohc-File-Size
X-LiteSpeed-Cache-Control
X-GDPR
X-Render-Time
X-Micro-Cache
X-Unique-Id
Get-Access-Time
MIME-Version
Is-Session-Tracking
X-BE
Xkeynj
URI
X-SRV
X-LB-ID
X-Cache-Tag
X-PAGE-TYPE
X-CACHE-KEY
HTTPS
X-Fastly-Country-Code
CDN
X-Requestid
X-Cache-Miss-From
X-Sedo-Request-Id
Dynatrace
Www
X-SN
X-Edge-IP
Backend
X-MCACHE
X-Uri
X-Fastly-Backend-Reqs
X-Request-Url
X-Instart-Isnd
SID
Xet-Cookie
DataCenter
X-Policy
Pics-Label
Lb
X-Pjax-Url
Host-ID
X-Apw-Hits
X-Cache-Expires
X-Swift-Error
Requestid
X-Vct
X-Apw-Access-Action
X-Apw-Access-Token
Cneonction
X-Apw-Access-Object
X-NGINX-Cache
X-Dw-Trace-Id
X-Lb-Id
Correlation-Id
X-Ecache
X-WA
X-Cdn-Request-ID
X-Cf-Powered-By
X-Service
Cache-Provider
X-Newrelic-App-Data
X-Html-Edge-Cache
X-Varnish-Action
X-Serial
X-Var-Ttl
Epwk-Cache
X-WPE-Loopback-Upstream-Addr
Warning
X-RPM
X-RPS
X-RSL
X-DW
X-DSS
X-Zalando-Child-Request-Id
X-DB
X-DI
X-Page-Impression-Id
X-Flow-Id
X-Bug-Bounty
X-ServerName
X-PF-Uncompressing
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Fastly-Cache-Hits
X-Fpc
Lfy