Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
X-Drupal-Cache
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
P3p
X-Template
Status
X-Language
Timing-Allow-Origin
Content-Encoding
X-Content-Security-Policy
X-Iinfo
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-Turbo-Charged-By
X-CDN
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Amz-Request-Id
X-Amz-Id-2
X-Pingback
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
X-Server-Powered-By
EagleId
X-UA-Device
X-Varnish-Cache
X-Nginx-Cache-Status
Request-Context
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-SaveTime
X-Swift-CacheTime
X-WebKit-CSP
Ali-Swift-Global-Savetime
Feature-Policy
X-Device
Server-Timing
X-Server-Id
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Host
Report-To
X-Ac
X-Rq
Content-Location
X-Node
X-OneAgent-JS-Injection
X-Backend-Server
X-Response-Time
X-Cnection
X-Origin-Cache
X-Cloud-Trace-Context
X-Application-Context
EagleEye-TraceId
Allow
Request-Id
X-Readtime
Surrogate-Control
X-Cache-Lookup
X-Country
X-ORACLE-DMS-ECID
X-Cdn
X-TTL
X-DynaTrace
X-Url
X-Vhost
Pinterest-Generated-By
X-Clacks-Overhead
X-Ua-Compatible
X-Rack-Cache
X-Ruxit-JS-Agent
X-Origin-Upstream-Status
NEL
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-CST
Rating
X-FTR-Request-ID
X-ORACLE-DMS-RID
X-Country-Code
X-HW
X-Goog-Hash
X-Instart-Request-ID
X-Dispatcher
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Id
Fusion-Source
Fusion-Content-Source
X-DataStream-Cache-Status
Edge-Control
X-Vname
X-PC
X-TtlSet
X-Px
X-VARITI-CCR
Service-Worker-Allowed
X-DataDome
X-MS-InvokeApp
X-Mod-Pagespeed
X-Request-ID
X-Dns-Prefetch-Control
Verso
SPRequestGuid
X-Recruiting
X-Use-Magma
X-Kinja-Server
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-D2id
X-Varnish-TTL
X-Vcap-Request-Id
X-SharePointHealthScore
RTSS
X-B3-TraceId
X-Amz-Server-Side-Encryption
X-Abt-Application-Version
TCN
DynaTrace
X-ESI
X-Navigation-Version
X-GitHub-Request-Id
X-Powered-By-Plesk
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-RateLimit-Remaining
X-Middleton-Display
X-Middleton-Response
X-Sol
Response
Display
X-Akam-SW-Version
Accept-Ch-Lifetime
Charset
Content-MD5
MS-Author-Via
X-Server-Name
Ar-Sid
AR-PoweredBy
AR-ATIME
AR-CACHE
ServerID
X-Trace
X-Shield-Request-Id
X-Amz-Rid
Realpath
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Dw-Request-Base-Id
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
Accept-Ch
X-Powered-CMS
AR-Request-ID
X-DynaTrace-JS-Agent
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Cached
X-Forwarded-Proto
Nginx-Cache
X-Version
X-Upstream
Fastly-Restarts
X-Shard
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
MRF-Tech
Public-Key-Pins
SPRequestDuration
SPIisLatency
X-Goog-Storage-Class
Paypal-Debug-Id
X-MSEdge-Ref
Access-Control-Request-Method
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Proxy
X-Client-IP
Pagespeed
S
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Amz-Meta-S3cmd-Attrs
X-Debug
X-Grace
X-Id
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Expires
X-Ezoic-Cdn
X-N
X-T
X-DIS-Request-ID
X-Fastly-Request-ID
MicrosoftSharePointTeamServices
Arr-Disable-Session-Affinity
Accept-CH
X-Amzn-Trace-Id
X-Content-Type
X-NF-Request-ID
Front-End-Https
X-Hits
X-Ser
X-B3-Sampled
X-Varnish-Age
PB-RID
Arc-Version
X-Mobile-Rewrite
PB-PID
Alternate-Protocol
X-Server-ID
X-VCache
X-Acc-Meta-Resource-Type
Fastcgi-Cache
X-FTR-Cache-Host
X-Frontend
X-Logged-In
X-FastCGI-Cache
X-XRDS-Location
X-Vcache
X-Content-Digest
Server-Name
X-Srv
X-Pad
X-Correlation-Id
X-Forwarded-For
Nel
Host
AMP-Access-Control-Allow-Source-Origin
Powered-By-ChinaCache
X-Node-Name
X-Request-Handler-Origin-Region
X-Microsite
FilterID
TP-L2-Cache
Healthy
TP-Cache
X-Rid
X-Type
X-XRDS-LOCATION
Edge-Cache-Tag
X-LB-Cache
X-Kinsta-Cache
X-IPLB-Instance
X-Request-Processing-Time
X-User-Agent
X-Debug-Info
X-Cache-Key
X-Request-Received
X-AOL-HN
X-Cached-By
X-B3-Traceid
X-Fastcgi-Cache
X-GUploader-UploadID
X-Cache-2
X-Revision
X-F-Cache
X-Hostname
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Zen-Fury
Powered
X-HS-Content-Id
X-Cache-Rule
X-HS-Hub-Id
Backend-Timing
X-Analytics
X-Cache-Age
Surrogate-Key
X-Accel-Expires
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Page-Id
X-Activity-Id
X-Varnish-Backend
VIX-Pulpo-Node
X-Az
X-AppVersion
VIX-Pulpo-Upstream-Status
X-Content-Security-Policy-Report-Only
X-Instance
X-Content-Options
X-Varnish-Grace
X-BCube-Filmed-By
X-Jobs
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel
X-FB-Debug
Source
X-Cluster
X-Via-JSL
X-App-Environment
X-Akamai-Edgescape
Cache-Status
X-Request-Guid
X-Content-Powered-By
X-PHP-Backend
X-Amz-Replication-Status
X-TT
X-Framework
Cleartype
Server-Node
X-RateLimit-Limit
X-Varnish-Hostname
Refresh
Tracecode
X-Forwarded-Host
WPE-Backend
X-Signature
X-B-Cache
Host-Header
X-ATG-Version
X-FW-Serve
X-FW-Type
X-FW-Static
X-FW-Server
X-FW-Hash
Liferay-Portal
X-Mobile
X-Cache-Operation
DC
X-Cache-Control
X-Time
Accept-Charset
X-NWS-LOG-UUID
X-Edge-Location
X-Cache-Action
X-Drupal-Cache-Tags
Actual-Object-TTL
Access-Control-Allow-Method
X-Cache-TTL
X-Esi
Fastcgi-Useragent
X-Cache-Hit
X-Hp-Webp
X-Accel-Buffering
X-Mobile-URL
X-Response-Served-From
X-App-Server
X-Whom
X-Storage
Payment
Upgrade-Insecure-Requests
X-Content-Age
X-UA-Device-Type
X-TX-ID
X-SS-Set-Cookie
X-B
X-WebKit-CSP-Report-Only
X-Handled-By
X-TT-TIMESTAMP
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
Filters
X-RequestSource
X-Git-Hash
X-Cacheable-TTL
X-GeoIP
Eomportal-Instance
Cache-Tv-Group
X-VG-WebCache
X-Adobe-Loc
X-Adobe-Content
X-WA-Info
X-RemovedCookies
Cache
X-ProcessESI
Viewport
X-Status
X-Geo-Country
X-APP-VERSION
Xserver
Server-Info
Accept-CH-Lifetime
NGB
Cache-Tag
Webserver
X-FB-TRIP-ID
X-Ratelimit-Limit
Datacenter
X-Presslabs-Stats
X-Cache-TTL-Remaining
X-Ratelimit-Reset
X-Cache-Enabled
Retry-After
X-TA-CDN-Provider
X-FW-Dynamic
X-Seen-By
X-Contextid
S-Cnection
X-Host-Name
X-Origin-Server
MS-CV
Country
X-Mode
From-Origin
Frame-Options
X-Hyper-Cache
Meta-Geo
X-LJ-Flow-ID
X-Cache-Var
X-RN-RSRV
X-Generated-By
X-AWS-Id
X-Cache-Config
Machine
X-Path-Route
Load-Balancing
X-ES-SERVER
X-CF-Powered-By
X-Tumblr-Pixel-3
X-Cache-Var-Map
X-VWS-Id
X-Varnish-Hits
X-Labrador-Cache-Channel
X-Hit
Vix-Hermes-Req-Id
Cache-Key
X-Cache-Grace
X-Upstream-HT
X-Zipkin-Id
X-Upstream-CT
We-Hiring
X-Backend-Name
Ms-Operation-Id
X-Proxied
X-RTag
X-Routing-Service
Mail-Subject
X-Magnolia-Registration
Release
DSUID
X-Cache-Host
X-Human
X-Varnish-Cache-Hits
X-Device-Type
Mn-Server-Ip
X-Access
X-MP-GENERATED-AT
X-Varnish-Server
X-Section
ServedBy
X-Upgrade-Enabled
Decoy-Debug-TTL
X-EIG-Tracking-Id
X-Web-Node
X-TNCMS
Uber-Trace-Id
Decoy-Debug-Key
Decoy-Debug-Status
X-Guploader-Uploadid
X-Loop
X-Rendered-As
X-From
GEO-INFO
X-Viewer-Country
X-OCL
X-Origin-Response-Time
OT-Force-Account-Verify
X-VG-TLSProxy
Now
X-Rule
X-Daa-Tunnel
Akamai-GRN
X-L-Path
X-Debug-Cache
X-Cluster-Node
X-PCL
Rt-Fastcgi-Cache
X-ProxyCache-Key
X-R9-Blue-Green-Version
X-RCS-CacheZone
X-Environment-Context
X-BYPASS-REASON
X-Proto
X-Endurance-Cache-Level
X-Akamai-Request-ID
X-ProxyCache-Status
DB-Nickname
X-FC-Vary-Parameters
X-Region
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-Proxy-Build
X-Timing-Wait
X-Sorting-Hat-ShopId
Cache-Name
X-S
X-NCache
X-JoinUs
X-ShopId
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Shopify-Stage
X-Hosted-By
X-ShardId
X-Generated
X-Via-Fastly
X-VCT
NGX
X-Trace-Id
X-Drupal-Cache-Contexts
X-CCM
X-Redis-Cache
X-PressLabs-Stats
X-B3-Spanid
X-Cache-NE
X-Site-Version
X-Platform-Server
X-Xfnlog-Site
X-Www-Served-By
X-UUID
X-Nginx-Cache
X-Locale
X-Load-Cache
Cteonnt-Length
X-NewRelic-App-Data
ProcessTime
X-MServer
X-EdgeConnect-Cache-Status
X-Hl-Ver
X-Vgn-Hpd-Reason
X-ECACHE
X-Oracle-Dms-Rid
X-ServerID
X-Request-Time
X-Rocket-Nginx-Bypass
SRV
X-Cache-Remote
X-Real-IP
X-Time-Microsecs
X-IP
Time
CACHE
Azure-SiteName
Azure-RegionName
Azure-InstanceId
X-Via-CDN
X-RateLimit-Reset
Azure-SlotName
X-Wix-Request-Id
X-Origin
X-FW-Version
S-Rt
X-GEO
Azure-Version
X-IPS-LoggedIn
X-Dc
Version
TWC-Privacy
TWC-Locale-Group
TWC-Device-Class
TWC-GeoIP-LatLong
Webcakes-App-Name
X-Origin-Hint
Webcakes-Region
Webcakes-App-Version
TWC-Connection-Speed
TWC-GeoIP-Country
Property-Id
X-UA
Origin
NtCoent-Length
X-Proxy
L5d-Success-Class
X-No-Session
X-Oneagent-Js-Injection
X-FireWall-Port
X-Cache-Backend
Served-By
X-Distributor
Fastly-SSL
X-Pubstack
X-Akamai-Transformed
Odigeo-Trace-Id
X-Unique-ID
X-Cache-Server
X-Microcachable
X-PERF
X-ApacheServer
Origin-Edge-Control
Origin-Cache-Control
X-Akamai-Request-ID2
Fastcgi-X-Cache-Version
X-Webkit-Csp
X-Format
X-CS
IBM-Web2-Location
X-Edge
X-Powered-By-Defense
X-CDN-Forward
X-Cache-Category-Id
X-Grey
Ec-Rule-Version
X-HTML-Minification-Powered-By
X-Compress-Hint
Access-Control-Request-Headers
X-Detected-As
X-Via-NSCOPI
Proxy-Connection
X-Is-Bot
X-BACKEND-TTL
X-UnsetCookies
Cache-Tags
Backend-Name
X-Varnish-Cacheable
X-CGP
X-External-Request-Id
X-CF-Lambda-Version
X-Tb
X-CF-Lambda-Fn
X-Eu-Site
HA-Ipaddr
Rendered-Blocks
A
Ha-Gx-Prefs
X-DPWN-IS-SECURE
X-Edge-Server
Node
X-Cdn-Srv
Meta-Geo-Continent
X-IN-APIGATEWAY
Proxy-Firewall
X-Internal-Host
Rt-Proxy-Cache
X-HS-Combine-CSS
X-HS-Cache-Config
X-A
X-G
X-Cache-Bucket
Mobile-Detection-Method
Request-Time
Arc-Country
Cross-Origin-Window-Policy
X-Destination
Content-Style-Type
Content-Script-Type
X-D
X-Debug-Log
Fastly-SIE
Fly-Cache
Fly-Request-Id
GEO-REGION-INFO
Fastly-SWR
X-Debug-Cookies
Server-ID
X-Connection-Hash
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
BehaviorPad-Version
AsisCache
X-Cluster-Name
Cache-Prefix
X-Developer
Cdn-Request-Time
Cdn-Host
MD5-Digest
X-Date
X-Instart-Info
X-SRCache-Key
X-AIR-PT
X-Aed
X-Nc
VivaBuild
Viewtype
X-Server-Time
X-App-Name
X-Rojux
X-Rewrite-Enabled
X-S-Cookie
X-S-Maxage
X-Application
X-ARC
LB
X-Transaction
X-A-Dcw
X-A-Dgt
X-Worker
Xc-Version
X-A-Ccd
X-A-Dam
Hostname
X-A-Wwc
X-Twitter-Response-Tags
X-Trv-Group
X-VG-WebServer
X-Vtex-Processado-Em
X-Accel-Expires-Debug
X-Vtex-Remote-Cache
X-Request-UUID
X-ScT
X-Rebelmouse-Cache-Control
X-B-Cookie
X-NX-Host
X-NU-AKA-ACS-Version
ServerName
PageSpeed
X-Org
X-Rebelmouse-Surrogate-Control
X-Processor
X-PAYTM-SRV-ID
X-Region-Sid
X-B3-Parentspanid
Mime-Version
X-ElasticPress-Search
X-Irp-Debug
X-TH-Server
RNT-Time
Gh-Request-Id
X-We-Are-Hiring
X-Variation
X-Core-Mission
X-PHP-Host
X-Clientip
X-Cdn-Origin
X-Cache-Info
On-Server
Platform
X-Cache-Id
X-Nginx-Cache-Key
X-Location
Server-Host
Section-Io-Cache
X-Level-Front-Cache
Is-Eu
X-Hash
Memcached
X-Backend-State
Request-Country
X-Key
X-Geo-Header
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Server-Int
X-Dispatcher-Server
X-C
Resin-Trace
Apple-News-Services-Host
Apple-News-Services-Handled
X-Reqid
X-Fastly-Cache
SS
X-Request-URI
Adler-Geo
X-Epic-Correlation-Id
X-Qloud-Router
X-Generated-On
X-Sn-Servicetimems
X-Server-IP
Country-Code
Countrycode
Esi-Enabled
X-GeoIP-Country-Code
RNT-Machine
X-Skip-Cache
Request-EU
X-ServiceProvider
X-Dispatch
Accept-Language
X-NC
X-Block-Status
X-Auto-Login
X-BBXSRF
X-Amz-Meta-Cache-Control
X-FPC
X-Servername
X-SIPLIST1
X-SVT-ORM-RULES
X-Served-From
X-Secret
X-Response-By
X-SD-PageType
X-SVT-ORM-VERSION
X-Swa-Ws
W
X-Developers
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-WebServer
X-Webstats-RespID
X-Request-Start
X-Reboot
X-Gannett-Site-Version
X-Gen-Mode
X-Generation-Time
X-Fetched-On
X-Distil-CS
X-CDN-Cache
X-Device-Os
X-Hnp-Log
X-Li-Fabric
X-ND-Cache
X-Protected-By
X-Method
X-LI-UUID
X-Li-Pop
X-LI-Proto
X-Cache-FS-Status
X-Crawler
REQUESTUUID
SD-X-WS
True-Client-Country-4JS
UCS
Pramga
Powered-By
AKAMAI
CDCHOST
Content-Disposition
PFcat
User-Cache-Control
IsBot
V-Age
Web-Mar-Node
Wxu-Next-Commit
Who
Wxu-Next-Region
Wxu-Next-Hostname
X-Datadome
Heartbleed
X-Ua
GW-Server
X-Varnish-Url
X-Matched-Rule
X-Origin-Expires
X-Owner
X-Origin-Date
Fastly-Soc-X-Request-Id
X-Release
X-CUA
X-GeoIP-City
X-Azure-Ref-OriginShield
X-Via-SSL
X-Thanos
X-Bip
X-Azure-Ref
Thinkindot-CacheControl
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Thinkindot-L3
X-VServer
X-Via-Edge
CF-IPCountry
X-Varnish-Ttl
X-Parent-Response-Time
X-Fstrz
X-OVcl
X-CLOUD-TRACE-CONTEXT
X-OVcl-Cache
Pragrma
X-Clara-WADP
X-VC-Cache
X-Cms-Context
X-WADP-Cache
L
X-Ratelimit-Remaining
N-Cache
X-Proxy-Upstream
X-Proxy-Cache-Status
X-Planisys-CDN-Rules
X-LAGOON
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Cdn-Forward
X-FE
X-TrackingId
Kp-EeAlive
X-Amzn-Remapped-Content-Length
Memory
X-GRACE
X-Origin-CC
Selected-Fe
X-Origin-TTL
X-Be
X-IN-WAF
User-Agent
X-Pf-Uncompressing
X-Phone
X-B3-SpanId
X-Core-Value
X-Varnish-Beresp-Ttl
X-Urbn-Context-Path
X-SERVER-NAME
X-Urbn-Site-Id
Locale
Magicmarker
X-Birta-Served
X-URL
X-Birta-Cache-Post
X-Ttl
X-Page-Type
X-Zone
X-Geo
X-Dynatrace-Js-Agent
X-Varnish-IP
X-DC
X-Info
X-ABtesting
Pagetype
Selected-FE
X-Flog
HitType
X-Hello
X-User
X-Generated-In
X-Varnish-Beresp-Status
Cdn
X-Backend-TTL
X-Varnish-Beresp-Grace
X-Newrelic-Synthetics
X-TT-LOGID
Geoip-City
Geoip-Latitude
GeoIp-Country-Code
X-Backend-Url
X-Backend-Host
X-Litespeed-Cache
X-Debug-Cache-Expiry
X-Tt-Trace-Tag
X-Debug-Cache-Fetch
X-Soup
X-Up
X-MSEdge-Features
X-GoCache-CacheStatus
X-Debug-Cache-Store
X-MSEdge-Flight
X-Source
X-Mid
X-App-Version
X-Check-Cacheable
X-MID
X-Refresh
X-Real-Ip
X-Agile-Id
X-Agile-Age
X-Cache-Debug
X-Servedbyhost
X-Agile
SN
X-Web-Server
X-HS-Status
CF-Cached-On
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Storage-Class
X-Aicache-OS
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Ruxit-Js-Agent
Amp-Access-Control-Allow-Source-Origin
FSS-Proxy
FSS-Cache
X-Vcl-Version
X-VCL-Version
X-Tb-Optimization-Total-Bytes-Saved
X-ZONE
HostName
X-Cache-Ttl
X-Amzn-Remapped-Connection
X-SayCDN-TTL
X-Old-Content-Length
X-Say-Cacheable
X-Say-TTL
X-ServedByHost
X-Amzn-Remapped-Date
X-UPSTREAM-Address
X-Bc
X-CACHE-KEY
Server-Surrogate-Control
Server-Cache-Control
X-Cache-ASPX
GeoIP-Country-Code
X-APP
X-Varnish-Authentication
X-Contensis-Viewer-Groups
X-CSRF-Token
Cache-Hits
Ohc-Cache-HIT
X-NWS-UUID-VERIFY
X-EC-Lua
Ohc-File-Size
X-Via-Ucdn
RequestId
GeoIP-City
WZWS-RAY
X-COUNTRY
Group
GeoIP-Latitude
XServer
Srv
X-Node-Id
HTTPS
Fastly-Backend-Name
X-Akamai-SSL-Client-Sid
X-Varnish-Beresp-TTL
X-BC
X-Nananana
X-IN-APIGATEWAYSSL
X-Logtrace-Id
Ajk
URI
Backend
X-WR-MODIFICATION
Www
Xkeyrz
Inserted-Into-Cache-At
X-Proxy-Cacherz
X-ECache
X-SN
X-Dynatrace
WebServer
X-Cache-Time
X-PAGE-TYPE
Cf-Ipcountry
X-CSRF-TOKEN
X-Instart-Isnd
X-Cache-Tag
X-Unique-Id
X-Request-Url
X-Wa
Get-Access-Time
X-FORWARDED-FOR
X-Tec-Api-Origin
X-TIME
Requestid
Lb
Host-ID
Xkeynj
X-Tec-Api-Root
X-Fastly-Country-Code
X-Cache-Expires
Is-Session-Tracking
X-RateLimit-Limit-Second
X-Tec-Api-Version
X-RateLimit-Remaining-Second
X-MCACHE
X-LiteSpeed-Cache-Control
X-Cache-Miss-From
X-Sedo-Request-Id
X-Edge-IP
X-BE
X-Requestid
X-NGENIX-Cache
Dynatrace
X-PF-Uncompressing
Epwk-Cache
X-Fastly-Backend-Reqs
X-PJAX-URL
X-Varnish-Action
PICS-Label
T-Server
Cneonction
Xet-Cookie
X-SRV
DataCenter
Pics-Label
X-Apw-Access-Object
X-Apw-Hits
X-Pjax-Url
X-Apw-Access-Token
Fastcgi-X-Cache
X-GDPR
X-LB-ID
X-Vct
X-Apw-Access-Action
X-Micro-Cache
X-Swift-Error
CDN
X-Render-Time
X-Lb-Id
X-Dw-Trace-Id
X-NGINX-Cache
Correlation-Id
X-Svr
X-Cf-Powered-By
X-WA
X-Ecache
X-AssetVersion
SID
X-Serial
X-Uri
X-Fpc
X-ServerName
X-Policy
X-Flow-Id
Lfy
Warning
X-Bug-Bounty
X-Akamai-ERPolicy
X-Html-Edge-Cache
X-WPE-Loopback-Upstream-Addr
Ohc-Response-Time
X-LiteSpeed-Tag
RequestUuid
X-Sf
X-Akamai-ERRuleID
X-Fastly-Cache-Hits
X-DSS
X-DW
X-RPM
X-RPS
X-DI
X-DB
X-Var-Ttl
FNAC-ModuleRouting
X-Page-Impression-Id
X-Zalando-Child-Request-Id
X-RSL