Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Request-Id
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
X-Drupal-Cache
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
P3p
X-Template
Status
X-Language
Timing-Allow-Origin
Content-Encoding
X-Iinfo
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Amz-Request-Id
X-Amz-Id-2
X-Pingback
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
X-Server-Powered-By
EagleId
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
X-WebKit-CSP
Ali-Swift-Global-Savetime
Feature-Policy
X-Device
Server-Timing
X-Server-Id
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Host
Report-To
X-Ac
X-Rq
Content-Location
X-Node
X-OneAgent-JS-Injection
X-Backend-Server
X-Cnection
X-Response-Time
X-Origin-Cache
X-Cloud-Trace-Context
X-Application-Context
EagleEye-TraceId
Allow
Request-Id
X-Readtime
Surrogate-Control
X-Country
X-Cache-Lookup
X-ORACLE-DMS-ECID
X-TTL
X-DynaTrace
X-Url
X-Vhost
X-Cdn
X-Rack-Cache
Pinterest-Generated-By
X-Clacks-Overhead
X-Origin-Upstream-Status
NEL
X-Ua-Compatible
X-CST
X-Ruxit-JS-Agent
Rating
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-ORACLE-DMS-RID
X-FTR-Request-ID
X-Country-Code
X-HW
X-Goog-Hash
X-Dispatcher
X-Instart-Request-ID
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Template-Id
X-DataStream-Cache-Status
Edge-Control
X-PC
X-TtlSet
X-Vname
X-Px
X-VARITI-CCR
Service-Worker-Allowed
X-DataDome
X-MS-InvokeApp
X-Mod-Pagespeed
Verso
SPRequestGuid
X-Recruiting
X-Request-ID
X-Dns-Prefetch-Control
X-Kinja-Build
X-Kinja-Revision
X-D2id
X-Kinja-Server
X-Use-Magma
X-Exp-Variant
X-Exp-Id
X-GoogleNews-Bot
X-Cdn-Fetch
X-Kinja
X-Varnish-TTL
X-Vcap-Request-Id
RTSS
X-SharePointHealthScore
X-Amz-Server-Side-Encryption
X-Abt-Application-Version
DynaTrace
TCN
X-Navigation-Version
X-B3-TraceId
X-GitHub-Request-Id
X-RateLimit-Remaining
X-Powered-By-Plesk
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-ESI
X-Middleton-Display
Display
X-Middleton-Response
X-Sol
Response
X-Akam-SW-Version
Charset
Content-MD5
MS-Author-Via
AR-PoweredBy
AR-CACHE
Ar-Sid
AR-ATIME
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
Accept-Ch-Lifetime
ServerID
X-Trace
X-Shield-Request-Id
X-Amz-Rid
Realpath
X-Server-Name
X-Powered-CMS
X-Dw-Request-Base-Id
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
AR-Request-ID
X-DynaTrace-JS-Agent
X-Forwarded-Proto
Nginx-Cache
X-Version
X-Cached
X-Upstream
Fastly-Restarts
X-Shard
Public-Key-Pins
MRF-Tech
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-B3-TraceId-Primal
SPIisLatency
SPRequestDuration
Access-Control-Request-Method
Paypal-Debug-Id
X-Goog-Storage-Class
Accept-Ch
X-MSEdge-Ref
X-Client-IP
Pagespeed
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Proxy
Accept-CH
S
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Debug
X-Amz-Meta-S3cmd-Attrs
X-Id
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-Balancer
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Backend
X-Country-Code-Real
X-FTR-Expires
X-Ezoic-Cdn
X-N
X-T
X-Grace
X-Fastly-Request-ID
X-DIS-Request-ID
MicrosoftSharePointTeamServices
Arr-Disable-Session-Affinity
Front-End-Https
X-XRDS-Location
X-NF-Request-ID
X-Amzn-Trace-Id
X-Hits
X-Content-Type
X-B3-Sampled
X-Varnish-Age
X-Ser
X-Mobile-Rewrite
Arc-Version
PB-PID
PB-RID
Alternate-Protocol
X-Vcache
Fastcgi-Cache
X-Acc-Meta-Resource-Type
X-Frontend
X-Logged-In
Server-Name
X-Server-ID
X-Content-Digest
X-VCache
X-FTR-Cache-Host
X-Srv
X-FastCGI-Cache
X-Pad
X-Forwarded-For
X-Correlation-Id
Host
AMP-Access-Control-Allow-Source-Origin
X-B3-Traceid
X-Node-Name
Powered-By-ChinaCache
Nel
X-Microsite
X-Request-Handler-Origin-Region
FilterID
TP-Cache
TP-L2-Cache
X-Rid
Healthy
X-Kinsta-Cache
X-Type
Edge-Cache-Tag
X-Fastcgi-Cache
X-IPLB-Instance
X-LB-Cache
X-Request-Received
X-Request-Processing-Time
X-User-Agent
X-Debug-Info
X-AOL-HN
X-Cached-By
X-Cache-Key
X-Revision
X-F-Cache
X-Cache-2
X-Zen-Fury
X-Amzn-RequestId
Powered
X-Amz-Apigw-Id
X-Hostname
X-GUploader-UploadID
X-Cache-Rule
X-HS-Hub-Id
X-HS-Content-Id
X-XRDS-LOCATION
X-Analytics
Backend-Timing
X-Cache-Age
Surrogate-Key
X-Accel-Expires
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-RateLimit-Limit
X-Activity-Id
X-Az
X-Page-Id
X-AppVersion
X-Varnish-Backend
VIX-Pulpo-Node
X-Via-JSL
VIX-Pulpo-Upstream-Status
X-Content-Security-Policy-Report-Only
X-Content-Options
X-BCube-Filmed-By
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel
X-Varnish-Grace
X-FB-Debug
X-Cluster
X-Instance
X-Jobs
X-App-Environment
X-Akamai-Edgescape
X-PHP-Backend
X-Content-Powered-By
Source
Cache-Status
X-Amz-Replication-Status
X-TT
X-Framework
Cleartype
X-Request-Guid
Server-Node
X-Forwarded-Host
Refresh
Tracecode
X-Varnish-Hostname
X-Signature
X-B-Cache
WPE-Backend
X-Esi
X-FW-Server
X-FW-Type
X-FW-Hash
X-FW-Static
X-FW-Serve
Host-Header
X-ATG-Version
Liferay-Portal
X-Mobile
X-Time
X-Cache-Operation
Accept-Charset
X-Cache-Control
DC
X-Edge-Location
X-Cache-Action
Actual-Object-TTL
Access-Control-Allow-Method
X-NWS-LOG-UUID
X-Drupal-Cache-Tags
Fastcgi-Useragent
Cache
X-Cache-Hit
Payment
Accept-CH-Lifetime
X-Hp-Webp
X-Cache-TTL
Upgrade-Insecure-Requests
X-Accel-Buffering
X-Response-Served-From
X-Mobile-URL
X-App-Server
X-Whom
X-TX-ID
X-Storage
X-B
X-WebKit-CSP-Report-Only
X-Content-Age
X-UA-Device-Type
X-Yottaa-Metrics
X-Yottaa-Optimizations
Xserver
X-Handled-By
X-TT-TIMESTAMP
Filters
X-RequestSource
X-SS-Set-Cookie
X-Cacheable-TTL
X-Erf-Bev-Bev
X-Tumblr-Pixel-2
X-Erf-Bev-Bev-Is-Generated
X-Tumblr-Pixel-1
X-GeoIP
X-Adobe-Loc
X-Git-Hash
Eomportal-Instance
X-WA-Info
Cache-Tv-Group
X-Adobe-Content
X-ProcessESI
X-RemovedCookies
X-VG-WebCache
X-Ratelimit-Reset
Viewport
X-Status
X-Geo-Country
NGB
Cache-Tag
Webserver
Server-Info
X-FB-TRIP-ID
X-APP-VERSION
Datacenter
X-Cache-TTL-Remaining
X-Cache-Enabled
Retry-After
X-FW-Dynamic
X-Seen-By
X-TA-CDN-Provider
X-Contextid
S-Cnection
MS-CV
X-Presslabs-Stats
X-Ratelimit-Limit
X-Host-Name
X-PressLabs-Stats
X-Origin-Server
From-Origin
X-Guploader-Uploadid
X-Oneagent-Js-Injection
Country
X-Mode
Frame-Options
X-Generated-By
X-Hyper-Cache
Machine
X-Cache-Config
X-AWS-Id
X-RN-RSRV
Ms-Operation-Id
X-Tumblr-Pixel-3
X-VWS-Id
X-Cache-Var
X-Cache-Var-Map
Meta-Geo
X-CF-Powered-By
X-RTag
X-LJ-Flow-ID
X-ES-SERVER
X-Path-Route
Load-Balancing
X-Proxied
X-Upstream-CT
X-Human
X-Upstream-HT
X-Routing-Service
X-Cache-Grace
X-Labrador-Cache-Channel
DSUID
Cache-Key
X-Hit
Mail-Subject
Vix-Hermes-Req-Id
X-Cache-Host
X-Zipkin-Id
X-Backend-Name
We-Hiring
X-Varnish-Cache-Hits
Release
X-Magnolia-Registration
X-Varnish-Hits
X-EIG-Tracking-Id
X-Device-Type
X-Debug-Cache
X-From
GEO-INFO
X-OCL
Uber-Trace-Id
Now
Decoy-Debug-Status
Decoy-Debug-Key
Decoy-Debug-TTL
Mn-Server-Ip
X-RCS-CacheZone
ServedBy
X-PCL
X-Web-Node
X-Viewer-Country
X-Access
X-MP-GENERATED-AT
X-Rendered-As
X-Section
X-Upgrade-Enabled
X-Varnish-Server
Rt-Fastcgi-Cache
X-ProxyCache-Key
Akamai-GRN
X-Akamai-Request-ID
OT-Force-Account-Verify
X-Shopify-Stage
X-Rule
X-ShopId
X-R9-Blue-Green-Version
X-ProxyCache-Status
X-Alternate-Cache-Key
X-BYPASS-REASON
X-Environment-Context
X-Sorting-Hat-ShopId
X-L-Path
X-Loop
X-Endurance-Cache-Level
X-Origin-Response-Time
X-CCM
X-Cluster-Node
X-VG-TLSProxy
X-ShardId
X-Sorting-Hat-PodId
X-TNCMS
X-Region
X-JoinUs
X-Proxy-Build
X-Proto
X-Hosted-By
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Via-Fastly
X-Xfnlog-Site
X-Timing-Wait
X-NCache
X-FC-Vary-Parameters
X-S
Cache-Name
DB-Nickname
X-Generated
X-Daa-Tunnel
X-VCT
X-Trace-Id
X-Redis-Cache
X-Nginx-Cache
X-Site-Version
X-Www-Served-By
Cteonnt-Length
NGX
X-Drupal-Cache-Contexts
X-Load-Cache
X-Locale
X-Platform-Server
X-UUID
X-NewRelic-App-Data
X-Cache-NE
X-B3-Spanid
ProcessTime
X-MServer
X-EdgeConnect-Cache-Status
X-Hl-Ver
X-Request-Time
X-ECACHE
X-Vgn-Hpd-Reason
X-Cache-Remote
X-Rocket-Nginx-Bypass
X-IP
X-Real-IP
X-Time-Microsecs
X-ServerID
X-Oracle-Dms-Rid
SRV
Azure-SlotName
S-Rt
X-FW-Version
X-Origin
X-Wix-Request-Id
Version
Azure-Version
X-Via-CDN
Azure-InstanceId
Azure-RegionName
Azure-SiteName
X-IPS-LoggedIn
Time
Webcakes-App-Name
TWC-Privacy
Webcakes-App-Version
Webcakes-Region
X-Origin-Hint
TWC-Locale-Group
TWC-GeoIP-LatLong
Property-Id
TWC-Device-Class
TWC-Connection-Speed
TWC-GeoIP-Country
X-Dc
X-Proxy
Origin
X-GEO
X-FireWall-Port
X-No-Session
L5d-Success-Class
Served-By
NtCoent-Length
X-Cache-Backend
Odigeo-Trace-Id
X-Distributor
X-Akamai-Transformed
X-Unique-ID
CACHE
X-PERF
X-ApacheServer
X-Akamai-Request-ID2
X-Microcachable
X-Pubstack
Origin-Edge-Control
Fastly-SSL
X-Cache-Server
Origin-Cache-Control
X-RateLimit-Reset
X-Format
X-CS
X-UA
Fastcgi-X-Cache-Version
IBM-Web2-Location
X-Grey
Hostname
X-Cache-Category-Id
X-Webkit-Csp
Cache-Tags
X-UnsetCookies
X-HTML-Minification-Powered-By
X-Compress-Hint
X-Is-Bot
X-Edge
X-Powered-By-Defense
Proxy-Connection
X-Detected-As
X-CDN-Forward
X-Varnish-Cacheable
X-Tb
Ec-Rule-Version
Cache-Cookie-Set-From
X-Request-UUID
X-Trv-Group
X-Vtex-Processado-Em
Cache-Cookie-Set-Idcheck
X-S-Cookie
X-Cache-Bucket
X-App-Name
X-Application
X-ARC
X-B-Cookie
Cache-Cookie-Set-Lfrom
Cache-Prefix
Mobile-Detection-Method
MD5-Digest
X-HS-Cache-Config
X-CF-Lambda-Fn
X-IN-APIGATEWAY
X-BACKEND-TTL
Request-Time
X-Region-Sid
X-AIR-PT
X-Cdn-Srv
X-B3-Parentspanid
GEO-REGION-INFO
X-Internal-Host
BehaviorPad-Version
X-Rewrite-Enabled
Viewtype
VivaBuild
X-A
ServerName
AsisCache
Rt-Proxy-Cache
Arc-Country
A
Server-ID
X-A-Ccd
HA-Ipaddr
X-A-Wwc
X-Accel-Expires-Debug
X-Aed
Fastly-SIE
X-Transaction
X-A-Dgt
X-A-Dam
X-A-Dcw
X-Instart-Info
X-VG-WebServer
X-SRCache-Key
Request-EU
X-Debug-Log
X-Debug-Cookies
X-Destination
X-Vtex-Remote-Cache
X-External-Request-Id
X-NX-Host
Fly-Request-Id
Proxy-Firewall
Fastly-SWR
X-D
X-Date
X-NU-AKA-ACS-Version
X-Rojux
X-Worker
X-DPWN-IS-SECURE
X-Twitter-Response-Tags
Node
X-Edge-Server
Fly-Cache
Xc-Version
X-Eu-Site
X-Developer
Cross-Origin-Window-Policy
X-Connection-Hash
Meta-Geo-Continent
Cdn-Request-Time
Request-Country
Content-Script-Type
X-Ua
X-ScT
X-Rebelmouse-Cache-Control
X-G
Cdn-Host
X-Rebelmouse-Surrogate-Control
X-S-Maxage
X-Org
X-Server-Time
X-CGP
X-PAYTM-SRV-ID
Access-Control-Request-Headers
X-Via-NSCOPI
X-Cluster-Name
Rendered-Blocks
X-HS-Combine-CSS
Ha-Gx-Prefs
Content-Style-Type
X-CF-Lambda-Version
Backend-Name
X-ElasticPress-Search
X-NC
Resin-Trace
RNT-Machine
On-Server
Is-Eu
Platform
X-Reqid
X-Level-Front-Cache
X-Key
X-Irp-Debug
X-Dispatcher-Server
X-Nginx-Cache-Key
X-Core-Mission
X-Dispatch
X-We-Are-Hiring
X-Epic-Correlation-Id
X-Sn-Servicetimems
X-Generated-On
X-Skip-Cache
X-Variation
X-Fastly-Cache
X-ServiceProvider
X-Clientip
X-PHP-Host
True-Client-Country-4JS
X-Cache-Id
X-GeoIP-Country-Code
SS
Server-Int
Section-Io-Cache
Server-Host
X-Cache-Info
X-Cdn-Origin
X-Qloud-Router
X-Processor
X-Server-IP
X-Hash
X-Request-URI
X-Geo-Header
RNT-Time
Countrycode
Apple-News-Services-Request-Url
Esi-Enabled
PageSpeed
Adler-Geo
LB
Apple-News-Services-Handled
Apple-News-Services-Host
Country-Code
Gh-Request-Id
X-Nc
X-C
Apple-News-Services-Parsed-Url
Mime-Version
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
Who
User-Cache-Control
UCS
V-Age
X-SIPLIST1
Web-Mar-Node
X-Crawler
X-Served-From
Accept-Language
X-Generation-Time
X-Hnp-Log
X-Cache-FS-Status
X-Gen-Mode
X-Gannett-Site-Version
X-Device-Os
X-Distil-CS
X-Fetched-On
X-Block-Status
X-BBXSRF
X-Method
X-Request-Start
X-SVT-ORM-RULES
X-Amz-Meta-Cache-Control
X-Location
X-Backend-State
X-Auto-Login
X-Secret
X-Servername
Content-Disposition
CDCHOST
X-Wikidot-Backend
PFcat
Pramga
W
X-Developers
X-Webstats-RespID
REQUESTUUID
Memcached
X-SVT-ORM-VERSION
X-WebServer
IsBot
X-Swa-Ws
X-TH-Server
AKAMAI
Powered-By
X-Wikidot-Static-Cache
X-Li-Pop
X-WADP-Cache
X-Bip
X-Li-Fabric
X-Clara-WADP
X-Varnish-Url
GW-Server
X-CUA
X-Cms-Context
Heartbleed
X-GeoIP-City
X-LI-Proto
X-FPC
X-CDN-Cache
X-LI-UUID
X-Release
X-Reboot
X-Owner
X-Azure-Ref-OriginShield
Thinkindot-CacheControl
X-Response-By
SD-X-WS
X-Thinkindot-L3
X-SD-PageType
X-Origin-Expires
X-Origin-Date
X-Via-SSL
Fastly-Soc-X-Request-Id
X-Azure-Ref
Thinkindot-Control
X-Matched-Rule
X-ND-Cache
X-Via-Edge
Thinkindot-CacheControl-Type
X-Thanos
X-Datadome
X-GRACE
X-Parent-Response-Time
X-SERVER-NAME
X-Protected-By
X-VServer
CF-IPCountry
X-OVcl
X-VC-Cache
L
X-OVcl-Cache
X-Varnish-Ttl
X-Proxy-Cache-Status
X-B3-SpanId
X-CLOUD-TRACE-CONTEXT
X-Fstrz
N-Cache
Pragrma
X-Proxy-Upstream
X-Amzn-Remapped-Content-Length
X-Cdn-Forward
Kp-EeAlive
X-TrackingId
Selected-Fe
X-Ratelimit-Remaining
X-LAGOON
X-FE
X-Varnish-Beresp-Ttl
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
User-Agent
Memory
X-Urbn-Context-Path
Locale
X-Origin-TTL
X-Urbn-Site-Id
X-Be
X-Origin-CC
X-Pf-Uncompressing
X-Core-Value
X-IN-WAF
X-Page-Type
Magicmarker
X-Phone
X-DC
X-Geo
X-Zone
X-Ruxit-Js-Agent
X-Birta-Served
X-Birta-Cache-Post
X-URL
Pagetype
X-Flog
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Hello
X-ABtesting
X-Ttl
X-Dynatrace-Js-Agent
X-Info
X-Backend-TTL
X-Varnish-IP
Selected-FE
HitType
X-Generated-In
X-User
Cdn
X-Backend-Host
X-Backend-Url
X-App-Version
SN
X-Soup
X-Debug-Cache-Store
X-Debug-Cache-Expiry
X-Servedbyhost
X-TT-LOGID
X-Up
X-Newrelic-Synthetics
X-Debug-Cache-Fetch
X-Tt-Trace-Tag
X-MSEdge-Features
X-MSEdge-Flight
X-Litespeed-Cache
X-HS-Status
Geoip-Latitude
GeoIp-Country-Code
Geoip-City
CF-Cached-On
X-GoCache-CacheStatus
X-Mid
X-Source
X-MID
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Object-Type
X-Cache-Ttl
X-CACHE-KEY
X-Refresh
X-Real-Ip
X-Agile-Age
X-Agile
X-Agile-Id
X-Cache-Debug
X-Check-Cacheable
X-Web-Server
X-Aicache-OS
X-Tb-Optimization-Total-Bytes-Saved
X-VCL-Version
X-Vcl-Version
Amp-Access-Control-Allow-Source-Origin
X-ZONE
X-Say-Cacheable
X-Old-Content-Length
X-Say-TTL
FSS-Proxy
FSS-Cache
X-SayCDN-TTL
X-Bc
Cache-Hits
X-Amzn-Remapped-Connection
Srv
X-ServedByHost
GeoIP-Country-Code
X-Amzn-Remapped-Date
WZWS-RAY
X-Varnish-Authentication
Server-Surrogate-Control
Server-Cache-Control
GeoIP-Latitude
X-Contensis-Viewer-Groups
HostName
X-Cache-ASPX
X-APP
GeoIP-City
X-UPSTREAM-Address
Ohc-File-Size
X-EC-Lua
Ohc-Cache-HIT
X-NWS-UUID-VERIFY
X-Via-Ucdn
Inserted-Into-Cache-At
X-COUNTRY
RequestId
Fastly-Backend-Name
X-CSRF-TOKEN
X-Node-Id
Group
X-CSRF-Token
HTTPS
X-Logtrace-Id
X-WR-MODIFICATION
X-Akamai-SSL-Client-Sid
X-IN-APIGATEWAYSSL
X-Cache-Time
Ajk
Cf-Ipcountry
X-BC
X-Nananana
X-Cache-Tag
X-ECache
X-Proxy-Cacherz
Backend
X-SN
Www
X-Varnish-Beresp-TTL
Xkeyrz
X-Dynatrace
XServer
WebServer
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
URI
X-Wa
X-Instart-Isnd
Lb
Is-Session-Tracking
Xkeynj
Get-Access-Time
Requestid
Host-ID
X-Cache-Expires
X-Request-Url
X-Fastly-Country-Code
X-Unique-Id
X-TIME
X-FORWARDED-FOR
X-PAGE-TYPE
X-BE
X-MCACHE
X-LiteSpeed-Cache-Control
X-Cache-Miss-From
X-Requestid
T-Server
X-Edge-IP
X-PF-Uncompressing
X-Sedo-Request-Id
Dynatrace
X-NGENIX-Cache
Epwk-Cache
Pics-Label
X-Varnish-Action
X-Pjax-Url
PICS-Label
X-Micro-Cache
X-Render-Time
X-GDPR
X-Fastly-Backend-Reqs
X-LB-ID
X-PJAX-URL
Cneonction
Xet-Cookie
X-Correlation-ID
X-SRV
DataCenter
X-Ftr-Cache-Host
CDN
X-Lb-Id
X-Swift-Error
X-Vct
X-Apw-Access-Token
Fastcgi-X-Cache
X-Apw-Hits
X-Apw-Access-Action
X-Apw-Access-Object
X-NGINX-Cache
X-Dw-Trace-Id
X-Cf-Powered-By
X-Ecache
X-Fpc
X-WA
X-Policy
X-Svr
X-Uri
Correlation-Id
MIME-Version
X-AssetVersion
Ohc-Response-Time
RequestUuid
Warning
X-Akamai-ERRuleID
X-LiteSpeed-Tag
Lfy
SID
Sid
X-Serial
X-Html-Edge-Cache
X-WPE-Loopback-Upstream-Addr
X-Flow-Id
X-Page-Impression-Id
X-DI
X-DSS
X-DB
X-Zalando-Child-Request-Id
X-Akamai-ERPolicy
FNAC-ModuleRouting
X-DW
X-RPM
X-Fastly-Cache-Hits
X-ServerName
X-Sf
X-Bug-Bounty
X-RPS
X-RSL
X-Var-Ttl