Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
Alt-Svc
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
Content-Encoding
X-Iinfo
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Request-Id
X-Amz-Id-2
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
EagleId
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Server-Id
Feature-Policy
Server-Timing
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Host
Report-To
X-Rq
X-Ac
Content-Location
X-Node
X-OneAgent-JS-Injection
X-Backend-Server
X-Cnection
X-Response-Time
X-Origin-Cache
X-Cloud-Trace-Context
X-Application-Context
X-Readtime
Request-Id
Allow
EagleEye-TraceId
Surrogate-Control
X-Country
X-ORACLE-DMS-ECID
X-Cache-Lookup
X-Cdn
X-Vhost
X-DynaTrace
X-TTL
X-Url
Pinterest-Generated-By
X-Rack-Cache
X-Ua-Compatible
X-Clacks-Overhead
X-Origin-Upstream-Status
NEL
X-Ruxit-JS-Agent
X-FTR-Request-ID
Rating
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country-Code
X-CST
X-HW
X-ORACLE-DMS-RID
X-Dispatcher
X-Goog-Hash
X-Instart-Request-ID
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
X-DataStream-Cache-Status
Edge-Control
X-TtlSet
X-Vname
X-PC
X-Px
X-DataDome
X-VARITI-CCR
Service-Worker-Allowed
X-Mod-Pagespeed
X-MS-InvokeApp
X-Request-ID
Verso
X-Dns-Prefetch-Control
X-Recruiting
SPRequestGuid
X-D2id
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Kinja
X-Kinja-Build
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-Varnish-TTL
X-Vcap-Request-Id
RTSS
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
X-SharePointHealthScore
TCN
DynaTrace
X-Navigation-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-GitHub-Request-Id
X-RateLimit-Remaining
X-Sol
X-Middleton-Display
Response
X-Middleton-Response
Display
X-Akam-SW-Version
X-Powered-By-Plesk
MS-Author-Via
Charset
Content-MD5
X-Shield-Request-Id
X-ESI
ServerID
AR-CACHE
AR-PoweredBy
AR-ATIME
Ar-Sid
X-Amz-Rid
X-Trace
X-TEC-API-VERSION
Realpath
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Forwarded-Proto
X-Powered-CMS
Accept-Ch
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Dw-Request-Base-Id
Nginx-Cache
Accept-Ch-Lifetime
X-B3-TraceId
AR-Request-ID
X-Version
Fastly-Restarts
X-Cached
X-Upstream
X-Server-Name
Public-Key-Pins
X-Shard
X-DynaTrace-JS-Agent
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-Mrf-Item-Lastmod
Pagespeed
Access-Control-Request-Method
Paypal-Debug-Id
X-MSEdge-Ref
X-Goog-Storage-Class
X-Grace
SPIisLatency
SPRequestDuration
X-Client-IP
S
X-Debug
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Proxy
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-Expires
X-Country-Code-Real
X-FTR-Backend
X-Amz-Meta-S3cmd-Attrs
X-Id
X-Ezoic-Cdn
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-N
X-Vcache
X-FastCGI-Cache
X-T
X-Fastly-Request-ID
X-B3-Traceid
X-DIS-Request-ID
Accept-CH
X-Amzn-Trace-Id
MicrosoftSharePointTeamServices
Front-End-Https
Arr-Disable-Session-Affinity
X-NF-Request-ID
X-Content-Type
X-Hits
X-B3-Sampled
X-XRDS-Location
X-Ser
X-Varnish-Age
X-FTR-Cache-Host
Arc-Version
X-Mobile-Rewrite
PB-PID
PB-RID
Fastcgi-Cache
Alternate-Protocol
X-Frontend
X-Acc-Meta-Resource-Type
X-Logged-In
X-Content-Digest
Server-Name
X-Correlation-Id
X-Srv
X-Forwarded-For
X-Pad
Nel
X-Cache-Key
X-Node-Name
X-VCache
Host
Powered-By-ChinaCache
AMP-Access-Control-Allow-Source-Origin
X-Microsite
X-Request-Handler-Origin-Region
FilterID
TP-Cache
Healthy
TP-L2-Cache
X-Type
X-Rid
X-Kinsta-Cache
X-User-Agent
X-LB-Cache
Edge-Cache-Tag
X-IPLB-Instance
X-Request-Received
X-Request-Processing-Time
X-Debug-Info
X-AOL-HN
X-Cached-By
X-F-Cache
X-Zen-Fury
X-Cache-2
X-GUploader-UploadID
X-Revision
X-Amz-Apigw-Id
Powered
X-Amzn-RequestId
X-XRDS-LOCATION
X-Hostname
X-HS-Hub-Id
X-HS-Content-Id
X-Cache-Rule
X-Analytics
X-Cache-Age
Backend-Timing
X-Esi
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Accel-Expires
Surrogate-Key
X-Az
X-AppVersion
X-Activity-Id
X-Via-JSL
X-Varnish-Backend
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-RateLimit-Limit
X-Content-Security-Policy-Report-Only
X-BCube-Filmed-By
X-Instance
X-Varnish-Grace
X-Page-Id
X-Content-Options
X-Tumblr-User
X-Tumblr-Pixel
X-Cluster
X-FB-Debug
X-Jobs
X-Tumblr-Pixel-0
Source
X-Akamai-Edgescape
X-Amz-Replication-Status
X-App-Environment
X-Content-Powered-By
X-PHP-Backend
X-Request-Guid
Cache-Status
Cleartype
X-Fastcgi-Cache
X-TT
X-Framework
Server-Node
X-Forwarded-Host
Accept-CH-Lifetime
X-Server-ID
Refresh
X-B-Cache
X-Signature
X-Varnish-Hostname
X-FW-Static
X-FW-Type
X-FW-Server
X-FW-Hash
X-FW-Serve
Liferay-Portal
Tracecode
X-ATG-Version
DC
WPE-Backend
Host-Header
X-Mobile
X-Cache-Operation
Accept-Charset
X-Time
X-Cache-Control
X-Edge-Location
Access-Control-Allow-Method
X-Cache-Action
X-Drupal-Cache-Tags
Fastcgi-Useragent
Actual-Object-TTL
X-Cache-Hit
X-APP-VERSION
X-Hp-Webp
X-B
X-Erf-Bev-Bev
X-Accel-Buffering
Payment
X-Erf-Bev-Bev-Is-Generated
X-Mobile-URL
X-Response-Served-From
X-NWS-LOG-UUID
X-Storage
X-TX-ID
X-SS-Set-Cookie
X-Whom
X-UA-Device-Type
X-Content-Age
X-App-Server
Upgrade-Insecure-Requests
X-WebKit-CSP-Report-Only
Cache-Tv-Group
X-TT-TIMESTAMP
X-Git-Hash
X-GeoIP
X-Yottaa-Metrics
X-WA-Info
X-Yottaa-Optimizations
X-RequestSource
X-Cacheable-TTL
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Handled-By
Filters
X-Status
X-Adobe-Loc
Eomportal-Instance
Cache
X-Adobe-Content
X-Cache-TTL
X-RemovedCookies
Viewport
X-ProcessESI
NGB
X-VG-WebCache
Xserver
X-Geo-Country
Cache-Tag
Webserver
Retry-After
X-Presslabs-Stats
X-Cache-TTL-Remaining
X-FB-TRIP-ID
X-Ratelimit-Reset
X-FW-Dynamic
Server-Info
X-TA-CDN-Provider
Datacenter
X-Cache-Enabled
X-Seen-By
MS-CV
X-Ratelimit-Limit
X-Oracle-Dms-Rid
X-Contextid
X-Host-Name
X-B3-Spanid
X-Origin-Server
S-Cnection
X-Generated-By
Country
Frame-Options
X-Hyper-Cache
From-Origin
Ms-Operation-Id
X-RTag
X-CF-Powered-By
X-Mode
X-Tumblr-Pixel-3
X-Cache-Var
X-VWS-Id
Load-Balancing
Machine
X-AWS-Id
X-Cache-Config
X-Cache-Var-Map
Meta-Geo
X-ES-SERVER
X-Path-Route
X-LJ-Flow-ID
X-RN-RSRV
X-Section
X-Backend-Name
Cache-Key
X-Upstream-CT
X-Cache-Grace
X-Cache-Host
X-MP-GENERATED-AT
X-Upstream-HT
Mail-Subject
X-Proxied
X-Access
DSUID
We-Hiring
X-Labrador-Cache-Channel
Vix-Hermes-Req-Id
X-Hit
X-Routing-Service
X-Zipkin-Id
X-Varnish-Cache-Hits
Mn-Server-Ip
Now
X-Upgrade-Enabled
X-PCL
X-Device-Type
X-From
X-Viewer-Country
Decoy-Debug-TTL
X-Loop
Decoy-Debug-Key
Decoy-Debug-Status
X-Human
X-RCS-CacheZone
X-Guploader-Uploadid
X-Web-Node
X-OCL
X-Debug-Cache
Release
X-TNCMS
X-Varnish-Server
X-EIG-Tracking-Id
Rt-Fastcgi-Cache
X-Rule
X-ShopId
GEO-INFO
X-VG-TLSProxy
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShardId
OT-Force-Account-Verify
X-Sorting-Hat-ShopId
X-CCM
X-Proto
X-L-Path
X-Varnish-Hits
X-Endurance-Cache-Level
X-Magnolia-Registration
X-Environment-Context
X-Alternate-Cache-Key
X-Origin-Response-Time
X-R9-Blue-Green-Version
X-Region
ServedBy
X-Akamai-Request-ID
X-FC-Vary-Parameters
X-Goog-Meta-Goog-Reserved-File-Mtime
X-JoinUs
X-Hosted-By
X-Generated
X-NCache
X-Rendered-As
X-Timing-Wait
Uber-Trace-Id
X-Cluster-Node
X-S
X-Proxy-Build
X-Xfnlog-Site
Akamai-GRN
DB-Nickname
X-Drupal-Cache-Contexts
Cache-Name
X-Via-Fastly
X-PressLabs-Stats
X-BYPASS-REASON
X-ProxyCache-Key
X-ProxyCache-Status
X-VCT
SRV
X-Trace-Id
X-Site-Version
X-Locale
ProcessTime
Cteonnt-Length
X-Redis-Cache
NGX
X-Www-Served-By
X-Load-Cache
X-Platform-Server
X-UUID
Version
X-Request-Time
X-Nginx-Cache
X-Cache-NE
X-Time-Microsecs
X-MServer
X-Daa-Tunnel
X-Via-CDN
X-IP
X-Hl-Ver
X-ECACHE
X-EdgeConnect-Cache-Status
X-NewRelic-App-Data
Time
X-Origin
X-Wix-Request-Id
Azure-Version
Azure-SlotName
Azure-RegionName
S-Rt
Azure-SiteName
Azure-InstanceId
X-FW-Version
CACHE
Webcakes-App-Version
TWC-Privacy
TWC-GeoIP-LatLong
TWC-Connection-Speed
TWC-GeoIP-Country
X-ServerID
TWC-Device-Class
Property-Id
X-Rocket-Nginx-Bypass
X-Origin-Hint
Webcakes-Region
TWC-Locale-Group
X-Dc
Webcakes-App-Name
X-RateLimit-Reset
X-GEO
NtCoent-Length
X-IPS-LoggedIn
X-Vgn-Hpd-Reason
X-Cache-Remote
X-Proxy
X-FireWall-Port
X-No-Session
X-Akamai-Request-ID2
Origin
X-UA
X-CDN-Forward
X-Akamai-Transformed
X-Oneagent-Js-Injection
Odigeo-Trace-Id
X-Real-IP
X-HTML-Minification-Powered-By
X-Distributor
Fastly-SSL
L5d-Success-Class
X-ApacheServer
X-PERF
X-Cache-Backend
X-CS
X-Format
Served-By
X-Cache-Server
X-Microcachable
X-Compress-Hint
X-Pubstack
Ec-Rule-Version
X-Unique-ID
X-Webkit-Csp
Access-Control-Request-Headers
X-UnsetCookies
Cache-Tags
Origin-Edge-Control
LB
Origin-Cache-Control
X-SERVER-NAME
Fastcgi-X-Cache-Version
Hostname
X-Edge
X-Cache-Category-Id
X-BACKEND-TTL
IBM-Web2-Location
X-Grey
X-Tb
X-Varnish-Cacheable
X-NC
Backend-Name
Cross-Origin-Window-Policy
X-Developer
Content-Style-Type
GEO-REGION-INFO
Cdn-Request-Time
Content-Script-Type
X-Debug-Cookies
Fastly-SIE
Fly-Request-Id
Fly-Cache
X-Instart-Info
Fastly-SWR
X-Detected-As
X-Destination
X-Debug-Log
Cache-Cookie-Set-Idcheck
X-Edge-Server
X-IN-APIGATEWAY
X-DPWN-IS-SECURE
X-A-Dam
X-External-Request-Id
X-HS-Cache-Config
X-G
A
Arc-Country
X-HS-Combine-CSS
Cache-Cookie-Set-Lfrom
Cache-Prefix
X-Date
Cache-Cookie-Set-From
AsisCache
BehaviorPad-Version
Cdn-Host
MD5-Digest
X-Application
X-App-Name
Viewtype
X-ARC
X-B-Cookie
Rt-Proxy-Cache
Server-ID
VivaBuild
X-AIR-PT
X-A-Dcw
X-A
X-A-Ccd
X-A-Dgt
X-A-Wwc
X-Aed
X-Accel-Expires-Debug
X-Cache-Bucket
Request-Time
X-Internal-Host
X-CGP
Meta-Geo-Continent
X-Cluster-Name
X-Connection-Hash
Ha-Gx-Prefs
HA-Ipaddr
X-CF-Lambda-Version
Mobile-Detection-Method
Rendered-Blocks
Request-Country
Request-EU
Proxy-Firewall
X-Cdn-Srv
Node
X-CF-Lambda-Fn
X-D
X-Eu-Site
X-Vtex-Processado-Em
Proxy-Connection
X-Region-Sid
X-Org
X-VG-WebServer
X-NX-Host
X-Vtex-Remote-Cache
X-Rebelmouse-Surrogate-Control
X-NU-AKA-ACS-Version
X-Server-Time
X-B3-Parentspanid
X-Rebelmouse-Cache-Control
X-SRCache-Key
X-PAYTM-SRV-ID
X-Worker
X-S-Cookie
X-Powered-By-Defense
X-Rojux
X-Request-UUID
X-Is-Bot
Accept-Language
X-S-Maxage
X-ScT
Xc-Version
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
X-Rewrite-Enabled
X-ElasticPress-Search
ServerName
Gh-Request-Id
X-Irp-Debug
Is-Eu
X-Core-Mission
X-Backend-State
SS
X-Via-NSCOPI
X-Cache-Id
X-Cache-Info
Section-Io-Cache
Platform
X-TH-Server
X-Variation
RNT-Time
RNT-Machine
Resin-Trace
X-Cdn-Origin
On-Server
Memcached
X-ServiceProvider
X-Clientip
Server-Host
X-Skip-Cache
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Sn-Servicetimems
Server-Int
Countrycode
X-Epic-Correlation-Id
X-Location
X-Fastly-Cache
X-We-Are-Hiring
X-Nginx-Cache-Key
Apple-News-Services-Host
Apple-News-Services-Handled
Adler-Geo
W
X-Generated-On
X-Level-Front-Cache
X-Key
X-C
X-Hash
X-GeoIP-Country-Code
X-Varnish-Url
X-Geo-Header
Apple-News-Services-Parsed-Url
AKAMAI
Country-Code
Content-Disposition
X-Dispatcher-Server
X-Dispatch
X-Developers
X-Processor
Esi-Enabled
Apple-News-Services-Request-Url
X-Request-URI
True-Client-Country-4JS
X-PHP-Host
X-Reqid
REQUESTUUID
X-Via-SSL
X-Block-Status
X-Webstats-RespID
X-BBXSRF
X-Amz-Meta-Cache-Control
X-Auto-Login
X-WADP-Cache
X-WebServer
X-Wikidot-Backend
X-Via-Edge
X-Wikidot-Static-Cache
X-SD-PageType
X-Fetched-On
X-FPC
X-LI-UUID
X-Method
X-Distil-CS
X-LI-Proto
X-Li-Pop
X-Hnp-Log
X-Li-Fabric
X-Generation-Time
X-Gen-Mode
X-Gannett-Site-Version
X-Qloud-Router
X-Device-Os
X-Servername
X-Cms-Context
X-Clara-WADP
X-SIPLIST1
X-CDN-Cache
X-Server-IP
X-Served-From
X-Reboot
X-Request-Start
X-Response-By
X-Secret
X-Cache-FS-Status
X-Crawler
Wxu-Next-Region
User-Cache-Control
Fastly-Soc-X-Request-Id
UCS
PFcat
SD-X-WS
CDCHOST
X-Nc
V-Age
Web-Mar-Node
Wxu-Next-Commit
Wxu-Next-Hostname
Who
IsBot
GW-Server
X-Matched-Rule
X-CUA
L
Heartbleed
X-Amzn-Remapped-Content-Length
X-Swa-Ws
N-Cache
X-GeoIP-City
X-Proxy-Cache-Status
X-Proxy-Upstream
X-VServer
X-Thinkindot-L3
X-Origin-Expires
X-Owner
X-Release
X-Origin-Date
X-Thanos
X-Azure-Ref
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Bip
Pramga
X-Azure-Ref-OriginShield
Powered-By
Selected-Fe
CF-IPCountry
X-Varnish-Ttl
X-OVcl
Mime-Version
X-OVcl-Cache
Kp-EeAlive
X-VC-Cache
X-ND-Cache
X-TrackingId
X-Ua
X-FE
X-CLOUD-TRACE-CONTEXT
X-Parent-Response-Time
X-Pf-Uncompressing
X-Protected-By
X-Ratelimit-Remaining
X-Dynatrace-Js-Agent
PageSpeed
X-Urbn-Site-Id
Locale
X-Urbn-Context-Path
X-Varnish-Beresp-Ttl
Magicmarker
Pragrma
X-LAGOON
X-Fstrz
User-Agent
Memory
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Be
X-Page-Type
X-Origin-TTL
X-Hello
X-Flog
X-Origin-CC
X-ABtesting
Pagetype
X-URL
X-IN-WAF
X-Phone
X-Generated-In
X-Geo
X-Core-Value
X-User
X-Ttl
X-DC
X-Zone
X-Backend-Url
X-Varnish-Beresp-Status
X-Backend-Host
X-Cdn-Forward
X-Varnish-Beresp-Grace
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Debug-Cache-Expiry
X-Tt-Trace-Tag
X-GoCache-CacheStatus
X-Backend-TTL
X-Soup
X-B3-SpanId
X-MSEdge-Flight
X-Up
X-MSEdge-Features
X-Newrelic-Synthetics
X-Cache-Ttl
X-Birta-Served
X-Birta-Cache-Post
Geoip-Latitude
Geoip-City
X-TT-LOGID
GeoIp-Country-Code
X-Varnish-IP
X-Info
X-Litespeed-Cache
Cdn
Selected-FE
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Server-Time
X-Servedbyhost
HitType
X-Oss-Object-Type
X-Oss-Storage-Class
X-Check-Cacheable
X-MID
X-HS-Status
SN
X-Real-Ip
X-ZONE
X-Mid
X-Datadome
X-SayCDN-TTL
X-Old-Content-Length
X-VCL-Version
X-Say-TTL
X-Aicache-OS
X-Say-Cacheable
X-GRACE
Cache-Hits
CF-Cached-On
Amp-Access-Control-Allow-Source-Origin
X-Ruxit-Js-Agent
X-Agile-Id
X-Agile
X-Agile-Age
FSS-Proxy
X-Refresh
FSS-Cache
X-Cache-Debug
X-Vcl-Version
X-Tb-Optimization-Total-Bytes-Saved
X-Source
X-Amzn-Remapped-Connection
X-Akamai-SSL-Client-Sid
X-Amzn-Remapped-Date
X-ServedByHost
X-CSRF-TOKEN
X-Web-Server
X-Bc
GeoIP-Country-Code
X-Contensis-Viewer-Groups
Inserted-Into-Cache-At
X-Varnish-Authentication
Fastly-Backend-Name
X-Node-Id
X-Cache-ASPX
HostName
Server-Surrogate-Control
Server-Cache-Control
X-EC-Lua
X-App-Version
X-Cache-Time
X-IN-APIGATEWAYSSL
X-COUNTRY
X-APP
X-UPSTREAM-Address
WZWS-RAY
XServer
GeoIP-City
GeoIP-Latitude
Ajk
X-BC
RequestId
X-Logtrace-Id
X-Via-Ucdn
Srv
X-Nananana
X-CSRF-Token
X-WR-MODIFICATION
Ohc-Cache-HIT
X-Proxy-Cacherz
X-ECache
X-RateLimit-Limit-Second
Xkeyrz
X-RateLimit-Remaining-Second
X-NWS-UUID-VERIFY
Group
Ohc-File-Size
X-Wa
WebServer
X-Dynatrace
X-BE
X-Varnish-Beresp-TTL
HTTPS
Cf-Ipcountry
T-Server
X-CACHE-KEY
X-FORWARDED-FOR
X-PJAX-URL
PICS-Label
X-Tec-Api-Root
X-Unique-Id
X-Tec-Api-Origin
Backend
Get-Access-Time
X-Tec-Api-Version
Is-Session-Tracking
X-PAGE-TYPE
X-SN
URI
X-Fastly-Country-Code
X-Cache-Tag
Www
X-TIME
Xkeynj
DataCenter
X-LiteSpeed-Cache-Control
X-Render-Time
X-Cache-Miss-From
X-Sedo-Request-Id
X-Edge-IP
X-Instart-Isnd
X-Requestid
X-LB-ID
X-Request-Url
X-GDPR
X-Micro-Cache
X-MCACHE
MIME-Version
Dynatrace
Xet-Cookie
CDN
X-Cache-Expires
Requestid
Host-ID
X-NGINX-Cache
Cneonction
Lb
X-Fastly-Backend-Reqs
X-SRV
X-Vct
X-Lb-Id
X-Apw-Access-Object
X-Pjax-Url
X-Swift-Error
Pics-Label
X-Apw-Access-Action
X-Policy
X-Apw-Hits
X-Apw-Access-Token
SID
X-Uri
X-Dw-Trace-Id
X-Cf-Powered-By
X-Varnish-Action
X-WA
Correlation-Id
Epwk-Cache
X-Ecache
X-PF-Uncompressing
X-Newrelic-App-Data
X-NGENIX-Cache
RequestUuid
X-Service
X-Serial
Cache-Provider
X-Cdn-Request-ID
Fastcgi-X-Cache
X-RSL
X-Bug-Bounty
Warning
Lfy
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Page-Impression-Id
X-Flow-Id
X-Fastly-Cache-Hits
X-Html-Edge-Cache
X-WPE-Loopback-Upstream-Addr
X-RPS
X-Zalando-Child-Request-Id
X-Fpc
X-RPM
X-DW
X-DB
X-DI
X-DSS
X-ServerName