Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
X-Drupal-Cache
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
P3p
X-Template
Status
X-Language
Timing-Allow-Origin
Content-Encoding
X-Content-Security-Policy
X-Iinfo
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Id-2
X-Amz-Request-Id
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
X-Server-Powered-By
EagleId
X-UA-Device
X-Varnish-Cache
X-Nginx-Cache-Status
Request-Context
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
X-WebKit-CSP
Ali-Swift-Global-Savetime
Feature-Policy
X-Device
Server-Timing
X-Server-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Host
Report-To
X-Ac
X-Rq
Content-Location
X-Node
X-OneAgent-JS-Injection
X-Backend-Server
X-Response-Time
X-Cnection
X-Origin-Cache
X-Cloud-Trace-Context
X-Application-Context
EagleEye-TraceId
Allow
Request-Id
X-Readtime
Surrogate-Control
X-Cache-Lookup
X-Country
X-ORACLE-DMS-ECID
X-Cdn
X-TTL
X-DynaTrace
X-Url
X-Vhost
Pinterest-Generated-By
X-Ua-Compatible
X-Rack-Cache
X-Clacks-Overhead
X-Origin-Upstream-Status
X-Ruxit-JS-Agent
X-CST
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Rating
X-FTR-Request-ID
X-ORACLE-DMS-RID
X-Country-Code
NEL
X-HW
X-Goog-Hash
X-Instart-Request-ID
X-Dispatcher
Fusion-Content-Source
Fusion-Source
Fusion-Content-Id
Fusion-Template-Id
Fusion-Component-Id
X-DataStream-Cache-Status
Edge-Control
X-Vname
X-TtlSet
X-PC
X-Px
X-VARITI-CCR
Service-Worker-Allowed
X-DataDome
X-MS-InvokeApp
X-Mod-Pagespeed
X-Request-ID
X-Dns-Prefetch-Control
SPRequestGuid
Verso
X-Recruiting
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Revision
X-Use-Magma
X-Kinja-Build
X-Kinja
X-GoogleNews-Bot
X-Exp-Id
X-Kinja-Server
X-D2id
X-Varnish-TTL
X-Vcap-Request-Id
X-SharePointHealthScore
X-Abt-Application-Version
X-B3-TraceId
RTSS
TCN
X-Amz-Server-Side-Encryption
X-ESI
DynaTrace
X-Navigation-Version
X-GitHub-Request-Id
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-RateLimit-Remaining
X-Powered-By-Plesk
X-Middleton-Display
Display
X-Middleton-Response
Response
X-Sol
X-Akam-SW-Version
Accept-Ch-Lifetime
Content-MD5
X-Server-Name
Charset
AR-PoweredBy
Ar-Sid
AR-CACHE
MS-Author-Via
AR-ATIME
ServerID
X-Trace
X-Amz-Rid
X-Shield-Request-Id
Realpath
X-Dw-Request-Base-Id
Accept-Ch
AR-Request-ID
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Metageneration
X-Powered-CMS
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-DynaTrace-JS-Agent
X-TEC-API-VERSION
Nginx-Cache
X-Cached
X-Version
X-Forwarded-Proto
X-Upstream
Fastly-Restarts
X-Shard
X-Mrf-Section-Lastmod
Mrf-Cache-Status
MRF-Tech
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
Public-Key-Pins
SPRequestDuration
SPIisLatency
Paypal-Debug-Id
Access-Control-Request-Method
X-MSEdge-Ref
X-Goog-Storage-Class
X-Pinterest-Rid
X-Upstream-Proxy
Pinterest-Version
X-Client-IP
Pagespeed
S
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Debug
X-Grace
X-Id
X-FTR-Realm
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-FTR-Expires
X-Amz-Meta-S3cmd-Attrs
X-Ezoic-Cdn
X-N
X-T
X-DIS-Request-ID
X-Fastly-Request-ID
MicrosoftSharePointTeamServices
Arr-Disable-Session-Affinity
Accept-CH
X-Amzn-Trace-Id
X-Content-Type
X-Ser
Front-End-Https
X-NF-Request-ID
X-Hits
X-Varnish-Age
PB-RID
X-B3-Sampled
PB-PID
Arc-Version
X-Mobile-Rewrite
Nel
Alternate-Protocol
X-Server-ID
Fastcgi-Cache
X-VCache
X-FTR-Cache-Host
X-Acc-Meta-Resource-Type
X-Frontend
X-XRDS-Location
X-Logged-In
X-Content-Digest
X-Vcache
Server-Name
X-FastCGI-Cache
X-Srv
X-Correlation-Id
X-Pad
X-Forwarded-For
Host
AMP-Access-Control-Allow-Source-Origin
Powered-By-ChinaCache
X-Node-Name
X-Request-Handler-Origin-Region
X-Microsite
FilterID
Healthy
TP-L2-Cache
TP-Cache
X-Rid
X-Type
X-Kinsta-Cache
X-LB-Cache
X-XRDS-LOCATION
Edge-Cache-Tag
X-IPLB-Instance
X-Cache-Key
X-Request-Received
X-Request-Processing-Time
X-AOL-HN
X-Debug-Info
X-User-Agent
X-B3-Traceid
X-Cached-By
X-Fastcgi-Cache
X-GUploader-UploadID
X-F-Cache
X-Revision
X-Cache-2
Powered
X-Hostname
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Cache-Rule
X-HS-Content-Id
X-HS-Hub-Id
X-Zen-Fury
Backend-Timing
X-Analytics
Surrogate-Key
X-Accel-Expires
X-Cache-Age
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Page-Id
X-AppVersion
X-Az
X-Activity-Id
X-Varnish-Backend
X-Content-Options
X-BCube-Filmed-By
X-Varnish-Grace
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Via-JSL
X-Content-Security-Policy-Report-Only
X-FB-Debug
X-Instance
VIX-Pulpo-Node
X-Jobs
X-Tumblr-User
X-Cluster
VIX-Pulpo-Upstream-Status
X-Akamai-Edgescape
X-Request-Guid
X-PHP-Backend
X-Content-Powered-By
Cache-Status
X-App-Environment
X-Amz-Replication-Status
X-TT
Source
Cleartype
X-Framework
X-RateLimit-Limit
X-Varnish-Hostname
Tracecode
Server-Node
Refresh
X-Forwarded-Host
WPE-Backend
X-Signature
X-B-Cache
X-FW-Static
Host-Header
X-FW-Type
X-FW-Server
X-FW-Serve
X-FW-Hash
X-ATG-Version
Liferay-Portal
X-Mobile
X-Cache-Operation
DC
X-Cache-Control
X-Time
Accept-Charset
X-NWS-LOG-UUID
X-Cache-Action
Actual-Object-TTL
X-Drupal-Cache-Tags
X-Edge-Location
Access-Control-Allow-Method
X-Cache-TTL
Fastcgi-Useragent
X-Esi
X-Cache-Hit
X-Accel-Buffering
X-Mobile-URL
X-Hp-Webp
X-Response-Served-From
X-App-Server
Upgrade-Insecure-Requests
Payment
X-Whom
X-Content-Age
X-SS-Set-Cookie
X-UA-Device-Type
X-TX-ID
X-B
X-Storage
X-Handled-By
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-WebKit-CSP-Report-Only
Filters
X-Git-Hash
X-GeoIP
X-Cacheable-TTL
X-RequestSource
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Erf-Bev-Bev
X-TT-TIMESTAMP
X-Erf-Bev-Bev-Is-Generated
Cache-Tv-Group
X-VG-WebCache
X-Adobe-Loc
Xserver
X-Adobe-Content
Eomportal-Instance
X-WA-Info
X-ProcessESI
Viewport
X-RemovedCookies
Cache
X-Geo-Country
X-Status
X-APP-VERSION
Server-Info
Accept-CH-Lifetime
Cache-Tag
NGB
Webserver
X-Ratelimit-Limit
X-FB-TRIP-ID
X-Presslabs-Stats
Datacenter
X-Cache-TTL-Remaining
Retry-After
X-Cache-Enabled
X-Ratelimit-Reset
X-TA-CDN-Provider
X-FW-Dynamic
X-Seen-By
X-Contextid
S-Cnection
X-Host-Name
X-Origin-Server
MS-CV
Country
X-Mode
From-Origin
Frame-Options
X-Tumblr-Pixel-3
X-AWS-Id
X-Hyper-Cache
X-Cache-Var
X-VWS-Id
X-ES-SERVER
X-Cache-Var-Map
Meta-Geo
X-LJ-Flow-ID
X-RN-RSRV
Machine
Load-Balancing
X-Path-Route
X-CF-Powered-By
X-Routing-Service
X-Varnish-Hits
X-Proxied
X-Hit
X-Zipkin-Id
X-Human
X-Backend-Name
X-Varnish-Cache-Hits
X-Upstream-HT
X-Upstream-CT
DSUID
Mail-Subject
X-Generated-By
We-Hiring
X-RTag
Release
X-Cache-Config
Ms-Operation-Id
X-Magnolia-Registration
Uber-Trace-Id
X-Section
Vix-Hermes-Req-Id
X-TNCMS
X-Guploader-Uploadid
X-MP-GENERATED-AT
Mn-Server-Ip
Now
X-OCL
X-Access
X-PCL
X-Upgrade-Enabled
X-RCS-CacheZone
X-Loop
X-EIG-Tracking-Id
X-Debug-Cache
X-Rendered-As
X-Cache-Host
GEO-INFO
X-From
X-Labrador-Cache-Channel
X-Varnish-Server
X-Device-Type
X-VG-TLSProxy
Decoy-Debug-Key
X-Rule
Decoy-Debug-Status
Decoy-Debug-TTL
Rt-Fastcgi-Cache
X-ShardId
X-ShopId
X-BYPASS-REASON
X-Cluster-Node
X-Endurance-Cache-Level
X-Shopify-Stage
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
OT-Force-Account-Verify
X-Daa-Tunnel
X-Akamai-Request-ID
X-Sorting-Hat-ShopId
Akamai-GRN
X-ProxyCache-Status
X-Web-Node
X-Proto
X-R9-Blue-Green-Version
X-Origin-Response-Time
X-Viewer-Country
X-ProxyCache-Key
X-Timing-Wait
Cache-Name
X-S
DB-Nickname
X-Cache-Grace
X-Proxy-Build
X-Hosted-By
Cache-Key
X-CCM
X-Xfnlog-Site
X-JoinUs
X-L-Path
X-Via-Fastly
X-FC-Vary-Parameters
X-Generated
X-Environment-Context
X-NCache
X-Goog-Meta-Goog-Reserved-File-Mtime
ServedBy
X-Region
X-Drupal-Cache-Contexts
X-VCT
X-PressLabs-Stats
X-Redis-Cache
X-Locale
X-UUID
X-Www-Served-By
X-Trace-Id
X-B3-Spanid
X-Platform-Server
X-Load-Cache
X-Cache-NE
X-Site-Version
X-Nginx-Cache
NGX
Cteonnt-Length
X-NewRelic-App-Data
X-MServer
ProcessTime
X-EdgeConnect-Cache-Status
X-Hl-Ver
X-ECACHE
X-Oracle-Dms-Rid
X-Vgn-Hpd-Reason
X-Cache-Remote
X-Rocket-Nginx-Bypass
X-Request-Time
X-ServerID
X-Real-IP
Time
X-IP
X-Dc
SRV
X-Time-Microsecs
S-Rt
Azure-InstanceId
X-FW-Version
X-Wix-Request-Id
X-Via-CDN
Azure-Version
Azure-SlotName
Azure-SiteName
Azure-RegionName
X-RateLimit-Reset
X-IPS-LoggedIn
X-Origin
CACHE
Property-Id
TWC-Locale-Group
TWC-GeoIP-LatLong
Version
TWC-Privacy
Webcakes-App-Name
Webcakes-Region
Webcakes-App-Version
TWC-Device-Class
X-Origin-Hint
X-GEO
TWC-GeoIP-Country
TWC-Connection-Speed
X-Proxy
NtCoent-Length
X-No-Session
L5d-Success-Class
X-UA
X-Oneagent-Js-Injection
X-FireWall-Port
Origin
Served-By
X-Distributor
Fastly-SSL
X-Microcachable
X-Cache-Server
X-Cache-Backend
X-Akamai-Transformed
Origin-Edge-Control
Origin-Cache-Control
Fastcgi-X-Cache-Version
X-CS
X-Unique-ID
X-Akamai-Request-ID2
X-Pubstack
X-PERF
X-Webkit-Csp
X-Format
Odigeo-Trace-Id
X-ApacheServer
X-CDN-Forward
X-Grey
X-Cache-Category-Id
X-Edge
X-Powered-By-Defense
IBM-Web2-Location
X-Compress-Hint
Ec-Rule-Version
X-HTML-Minification-Powered-By
X-BACKEND-TTL
X-UnsetCookies
X-Is-Bot
X-Via-NSCOPI
Access-Control-Request-Headers
X-Detected-As
Cache-Tags
Backend-Name
Request-Time
Node
Request-EU
Rt-Proxy-Cache
Rendered-Blocks
Request-Country
X-A
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-A-Dam
X-A-Ccd
ServerName
Viewtype
VivaBuild
Server-ID
Cross-Origin-Window-Policy
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Cache-Prefix
Cdn-Host
Cache-Cookie-Set-From
BehaviorPad-Version
X-Tb
A
Arc-Country
AsisCache
Cdn-Request-Time
Content-Script-Type
Ha-Gx-Prefs
HA-Ipaddr
MD5-Digest
Meta-Geo-Continent
GEO-REGION-INFO
Fly-Request-Id
Content-Style-Type
X-Accel-Expires-Debug
Fly-Cache
Mobile-Detection-Method
X-Cdn-Srv
X-Request-UUID
X-Rewrite-Enabled
X-Rojux
X-S-Cookie
X-Region-Sid
X-Processor
X-Internal-Host
X-NU-AKA-ACS-Version
X-Org
X-PAYTM-SRV-ID
X-S-Maxage
X-ScT
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Worker
Xc-Version
X-VG-WebServer
X-Twitter-Response-Tags
X-Server-Time
X-SRCache-Key
X-Transaction
X-Trv-Group
X-Instart-Info
X-IN-APIGATEWAY
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-CGP
X-Cluster-Name
X-Cache-Bucket
X-B-Cookie
X-AIR-PT
X-App-Name
X-Application
X-ARC
X-D
X-Date
X-External-Request-Id
X-G
X-HS-Cache-Config
X-HS-Combine-CSS
X-Eu-Site
X-Edge-Server
X-Destination
X-Developer
X-DPWN-IS-SECURE
X-Aed
X-Connection-Hash
LB
Hostname
PageSpeed
Proxy-Connection
X-Nc
X-Varnish-Cacheable
Mime-Version
X-Geo-Header
X-GeoIP-Country-Code
Is-Eu
X-Generated-On
X-Fastly-Cache
Memcached
Fastly-SIE
Fastly-SWR
Gh-Request-Id
X-Key
X-Epic-Correlation-Id
X-Level-Front-Cache
X-Hash
X-Irp-Debug
Platform
Section-Io-Cache
RNT-Time
RNT-Machine
Server-Host
SS
X-We-Are-Hiring
X-Backend-State
Resin-Trace
X-Clientip
X-Location
X-Dispatch
X-Debug-Log
X-Debug-Cookies
X-Core-Mission
Proxy-Firewall
X-Dispatcher-Server
X-Variation
X-C
X-Reqid
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Qloud-Router
Apple-News-Services-Request-Url
Esi-Enabled
X-Server-IP
X-Skip-Cache
Adler-Geo
Apple-News-Services-Handled
Apple-News-Services-Host
X-TH-Server
Apple-News-Services-Parsed-Url
X-B3-Parentspanid
Country-Code
X-Nginx-Cache-Key
Countrycode
X-NX-Host
X-ElasticPress-Search
X-NC
X-Block-Status
X-CDN-Cache
X-ServiceProvider
X-Cdn-Origin
X-LI-UUID
X-Cache-FS-Status
X-BBXSRF
X-Servername
X-Cache-Id
X-Cache-Info
X-SIPLIST1
X-Method
W
X-Developers
Wxu-Next-Region
X-Amz-Meta-Cache-Control
X-Wikidot-Static-Cache
X-Auto-Login
X-Sn-Servicetimems
X-Webstats-RespID
X-Wikidot-Backend
X-SVT-ORM-RULES
Accept-Language
X-Reboot
X-Fetched-On
X-ND-Cache
X-Distil-CS
X-FPC
X-Gen-Mode
Wxu-Next-Hostname
X-Protected-By
X-PHP-Host
X-Generation-Time
X-Request-Start
X-Request-URI
X-Crawler
X-Hnp-Log
X-SVT-ORM-VERSION
X-SD-PageType
X-Response-By
X-LI-Proto
X-Device-Os
X-Li-Fabric
X-Li-Pop
X-Served-From
X-WebServer
REQUESTUUID
Pramga
SD-X-WS
Server-Int
UCS
True-Client-Country-4JS
Powered-By
PFcat
CDCHOST
AKAMAI
Content-Disposition
Wxu-Next-Commit
On-Server
User-Cache-Control
IsBot
Who
Web-Mar-Node
X-Datadome
X-GeoIP-City
Heartbleed
GW-Server
Fastly-Soc-X-Request-Id
X-Gannett-Site-Version
X-CUA
X-Ua
X-Via-SSL
X-Origin-Date
X-Via-Edge
X-Clara-WADP
X-Origin-Expires
X-Azure-Ref
X-Swa-Ws
X-Secret
V-Age
X-Cms-Context
X-Azure-Ref-OriginShield
X-Bip
X-Owner
X-Release
X-WADP-Cache
X-Thanos
CF-IPCountry
X-Varnish-Ttl
X-Parent-Response-Time
X-CLOUD-TRACE-CONTEXT
L
Thinkindot-CacheControl-Type
Thinkindot-Control
Thinkindot-CacheControl
X-OVcl-Cache
X-Matched-Rule
X-Thinkindot-L3
X-OVcl
X-VC-Cache
X-VServer
X-Fstrz
Pragrma
X-Varnish-Url
X-Proxy-Cache-Status
X-Ratelimit-Remaining
X-Proxy-Upstream
N-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Amzn-Remapped-Content-Length
X-TrackingId
X-FE
Memory
X-Cdn-Forward
X-Planisys-CDN-Cache
X-GRACE
Selected-Fe
X-Be
X-Origin-TTL
X-Origin-CC
X-Phone
X-Core-Value
Kp-EeAlive
X-LAGOON
X-IN-WAF
X-Pf-Uncompressing
X-B3-SpanId
X-SERVER-NAME
X-Varnish-Beresp-Ttl
Magicmarker
User-Agent
Locale
X-URL
X-Urbn-Context-Path
X-Birta-Served
X-Urbn-Site-Id
X-Birta-Cache-Post
X-Page-Type
X-Ttl
X-Geo
X-Zone
X-Dynatrace-Js-Agent
X-Info
X-Varnish-IP
X-DC
Selected-FE
Pagetype
HitType
X-ABtesting
Cdn
X-Backend-TTL
X-Varnish-Beresp-Grace
X-Flog
X-User
X-Varnish-Beresp-Status
X-Hello
X-Backend-Url
Geoip-City
X-Backend-Host
X-Generated-In
Geoip-Latitude
X-TT-LOGID
X-Newrelic-Synthetics
GeoIp-Country-Code
X-Litespeed-Cache
X-GoCache-CacheStatus
X-MSEdge-Flight
X-Up
X-Soup
X-MSEdge-Features
X-Debug-Cache-Expiry
SN
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Mid
X-Check-Cacheable
X-MID
X-Source
X-App-Version
X-Cache-Debug
X-Tt-Trace-Tag
X-Servedbyhost
X-Refresh
X-Agile-Id
X-Agile
X-Agile-Age
X-Real-Ip
CF-Cached-On
X-Web-Server
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-HS-Status
X-Oss-Storage-Class
X-Aicache-OS
X-Vcl-Version
X-Ruxit-Js-Agent
Amp-Access-Control-Allow-Source-Origin
X-VCL-Version
X-ServedByHost
FSS-Proxy
FSS-Cache
X-ZONE
X-Tb-Optimization-Total-Bytes-Saved
X-Cache-Ttl
HostName
X-Old-Content-Length
X-UPSTREAM-Address
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-CACHE-KEY
X-Say-Cacheable
X-SayCDN-TTL
X-Say-TTL
X-Varnish-Authentication
GeoIP-Country-Code
X-APP
X-Bc
X-Cache-ASPX
X-Contensis-Viewer-Groups
Server-Cache-Control
Server-Surrogate-Control
X-EC-Lua
X-NWS-UUID-VERIFY
Ohc-File-Size
Ohc-Cache-HIT
X-CSRF-Token
Cache-Hits
X-Via-Ucdn
Group
WZWS-RAY
GeoIP-City
X-COUNTRY
RequestId
GeoIP-Latitude
Srv
X-Akamai-SSL-Client-Sid
HTTPS
X-Varnish-Beresp-TTL
Inserted-Into-Cache-At
X-Node-Id
X-Nananana
X-BC
URI
X-WR-MODIFICATION
X-SN
Ajk
Fastly-Backend-Name
Xkeyrz
Www
X-Proxy-Cacherz
X-IN-APIGATEWAYSSL
X-ECache
X-Logtrace-Id
Backend
X-Cache-Time
X-Dynatrace
WebServer
XServer
X-CSRF-TOKEN
X-Instart-Isnd
Cf-Ipcountry
X-Cache-Tag
X-Unique-Id
X-TIME
X-Cache-Expires
Requestid
X-PAGE-TYPE
X-Request-Url
Get-Access-Time
X-Fastly-Country-Code
Host-ID
Xkeynj
Is-Session-Tracking
Lb
X-FORWARDED-FOR
X-Tec-Api-Origin
X-LiteSpeed-Cache-Control
X-Tec-Api-Root
X-Tec-Api-Version
X-MCACHE
X-RateLimit-Limit-Second
X-Wa
X-Edge-IP
X-Cache-Miss-From
X-RateLimit-Remaining-Second
X-Sedo-Request-Id
X-Requestid
X-BE
Dynatrace
X-NGENIX-Cache
X-PF-Uncompressing
X-Apw-Access-Object
X-Apw-Access-Token
X-Pjax-Url
X-Apw-Access-Action
Cneonction
PICS-Label
T-Server
Epwk-Cache
X-Fastly-Backend-Reqs
X-Varnish-Action
X-Apw-Hits
X-SRV
DataCenter
Xet-Cookie
Pics-Label
X-LB-ID
X-Swift-Error
CDN
X-Micro-Cache
X-Render-Time
X-PJAX-URL
X-GDPR
X-WA
X-Lb-Id
X-Vct
Fastcgi-X-Cache
X-NGINX-Cache
X-Dw-Trace-Id
X-Svr
Correlation-Id
X-Ecache
X-Cf-Powered-By
X-AssetVersion
X-Uri
X-Serial
X-ServerName
SID
X-Fpc
X-Akamai-ERPolicy
X-Html-Edge-Cache
Lfy
Warning
X-Bug-Bounty
X-WPE-Loopback-Upstream-Addr
RequestUuid
X-Sf
X-Var-Ttl
Ohc-Response-Time
X-LiteSpeed-Tag
FNAC-ModuleRouting
X-Akamai-ERRuleID
X-DSS
X-DW
X-RPM
X-RPS
X-DI
X-DB
X-Fastly-Cache-Hits
X-Flow-Id
X-Page-Impression-Id
X-Zalando-Child-Request-Id
X-RSL