Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
CF-RAY
ETag
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Xss-Protection
Referrer-Policy
X-Served-By
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
Alt-Svc
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
Content-Encoding
X-Iinfo
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
CF-Ray
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Id-2
X-Amz-Request-Id
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
EagleId
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Server-Id
Feature-Policy
Server-Timing
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Host
X-Rq
X-Ac
Report-To
Content-Location
X-OneAgent-JS-Injection
X-Node
X-Backend-Server
X-Cnection
X-Response-Time
X-Origin-Cache
X-Cloud-Trace-Context
X-Application-Context
Request-Id
X-Readtime
EagleEye-TraceId
Allow
Surrogate-Control
X-Country
X-ORACLE-DMS-ECID
X-Cache-Lookup
X-Cdn
X-Vhost
X-DynaTrace
X-TTL
X-Url
Pinterest-Generated-By
X-Ua-Compatible
X-Rack-Cache
X-Clacks-Overhead
X-Origin-Upstream-Status
NEL
X-Ruxit-JS-Agent
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-FTR-Request-ID
Rating
X-Country-Code
X-CST
X-HW
X-ORACLE-DMS-RID
X-Dispatcher
X-Goog-Hash
X-Instart-Request-ID
Fusion-Content-Source
Fusion-Component-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Id
X-DataStream-Cache-Status
Edge-Control
X-Vname
X-TtlSet
X-PC
X-Px
X-DataDome
X-VARITI-CCR
Service-Worker-Allowed
X-Request-ID
X-MS-InvokeApp
X-Mod-Pagespeed
Verso
X-Dns-Prefetch-Control
X-Recruiting
SPRequestGuid
X-D2id
X-Kinja-Server
X-GoogleNews-Bot
X-Exp-Id
X-Exp-Variant
X-Kinja
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja-Build
X-Use-Magma
X-Varnish-TTL
X-Vcap-Request-Id
RTSS
X-Amz-Server-Side-Encryption
X-Abt-Application-Version
X-SharePointHealthScore
DynaTrace
TCN
X-Navigation-Version
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-GitHub-Request-Id
X-RateLimit-Remaining
X-Sol
X-Middleton-Display
Display
X-Middleton-Response
Response
X-Akam-SW-Version
X-Powered-By-Plesk
Accept-Ch
MS-Author-Via
Charset
X-B3-TraceId
Content-MD5
Accept-Ch-Lifetime
X-Shield-Request-Id
X-ESI
ServerID
AR-CACHE
Ar-Sid
AR-PoweredBy
AR-ATIME
X-Amz-Rid
X-Trace
Realpath
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Forwarded-Proto
X-Powered-CMS
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Dw-Request-Base-Id
Nginx-Cache
X-DynaTrace-JS-Agent
AR-Request-ID
X-Version
X-Cached
X-Upstream
Fastly-Restarts
X-Server-Name
Public-Key-Pins
X-Shard
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Mrf-Cache-Status
Pagespeed
Access-Control-Request-Method
Paypal-Debug-Id
X-MSEdge-Ref
SPRequestDuration
SPIisLatency
X-Grace
X-Goog-Storage-Class
X-Client-IP
S
X-Debug
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Proxy
X-FTR-Realm
X-FTR-Expires
X-Country-Code-Real
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-DC
X-FTR-Backend-Server
X-Amz-Meta-S3cmd-Attrs
X-Id
X-Ezoic-Cdn
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-N
X-Vcache
X-FastCGI-Cache
X-T
X-Fastly-Request-ID
X-DIS-Request-ID
X-Amzn-Trace-Id
MicrosoftSharePointTeamServices
Front-End-Https
X-NF-Request-ID
Arr-Disable-Session-Affinity
X-Content-Type
X-Hits
X-B3-Sampled
X-Varnish-Age
X-Ser
X-FTR-Cache-Host
PB-RID
Arc-Version
X-Mobile-Rewrite
PB-PID
Fastcgi-Cache
X-B3-Traceid
Alternate-Protocol
Accept-CH
X-Frontend
X-Acc-Meta-Resource-Type
X-Logged-In
X-XRDS-Location
X-Content-Digest
Server-Name
X-Correlation-Id
X-Srv
X-Pad
X-Forwarded-For
Nel
X-Cache-Key
X-Node-Name
X-VCache
Host
Powered-By-ChinaCache
AMP-Access-Control-Allow-Source-Origin
X-Request-Handler-Origin-Region
X-Microsite
FilterID
TP-Cache
TP-L2-Cache
Healthy
X-Rid
X-Type
X-User-Agent
X-Kinsta-Cache
X-LB-Cache
X-XRDS-LOCATION
Edge-Cache-Tag
X-IPLB-Instance
X-Request-Processing-Time
X-Request-Received
X-Debug-Info
X-AOL-HN
X-Cached-By
X-Cache-2
X-F-Cache
X-Zen-Fury
X-Amz-Apigw-Id
X-GUploader-UploadID
Powered
X-Amzn-RequestId
X-Revision
X-Hostname
X-Cache-Rule
X-HS-Hub-Id
X-HS-Content-Id
X-Analytics
Backend-Timing
X-Cache-Age
X-Esi
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Accel-Expires
Surrogate-Key
X-Activity-Id
X-Via-JSL
X-Az
X-AppVersion
X-Varnish-Backend
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Content-Security-Policy-Report-Only
X-Instance
X-Page-Id
X-Content-Options
X-BCube-Filmed-By
X-Varnish-Grace
X-Jobs
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
X-Cluster
X-FB-Debug
X-Amz-Replication-Status
Source
X-Akamai-Edgescape
X-PHP-Backend
X-App-Environment
X-Request-Guid
X-Content-Powered-By
Cache-Status
X-TT
X-Fastcgi-Cache
Cleartype
X-Framework
Server-Node
X-Server-ID
X-Forwarded-Host
Refresh
X-B-Cache
X-RateLimit-Limit
X-Signature
X-Varnish-Hostname
X-FW-Serve
X-FW-Static
X-FW-Type
X-FW-Hash
Liferay-Portal
X-FW-Server
Tracecode
X-ATG-Version
DC
Host-Header
WPE-Backend
X-Mobile
X-Cache-Operation
Accept-Charset
X-Time
X-Cache-Control
Access-Control-Allow-Method
X-Edge-Location
X-Cache-Action
X-Drupal-Cache-Tags
Accept-CH-Lifetime
Fastcgi-Useragent
Actual-Object-TTL
X-Cache-Hit
X-APP-VERSION
X-Hp-Webp
X-B
Payment
X-Accel-Buffering
X-NWS-LOG-UUID
X-Mobile-URL
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Response-Served-From
X-TX-ID
X-Storage
Xserver
X-WebKit-CSP-Report-Only
Upgrade-Insecure-Requests
X-Whom
X-Content-Age
X-SS-Set-Cookie
X-App-Server
X-GeoIP
X-TT-TIMESTAMP
X-UA-Device-Type
X-Yottaa-Optimizations
X-Yottaa-Metrics
Cache-Tv-Group
X-Git-Hash
X-WA-Info
X-Cacheable-TTL
X-RequestSource
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
Filters
X-Handled-By
X-Adobe-Loc
Eomportal-Instance
X-Adobe-Content
Cache
X-Status
NGB
Viewport
X-ProcessESI
X-Cache-TTL
X-RemovedCookies
X-VG-WebCache
X-Geo-Country
Cache-Tag
X-Ratelimit-Limit
Webserver
Retry-After
Datacenter
X-Presslabs-Stats
X-Cache-TTL-Remaining
X-FB-TRIP-ID
Server-Info
X-Ratelimit-Reset
X-FW-Dynamic
X-TA-CDN-Provider
X-Cache-Enabled
X-Seen-By
X-Oracle-Dms-Rid
MS-CV
X-Contextid
X-Host-Name
X-Origin-Server
X-B3-Spanid
S-Cnection
X-Generated-By
Country
Frame-Options
From-Origin
X-Hyper-Cache
Ms-Operation-Id
X-Mode
X-RTag
X-CF-Powered-By
X-Tumblr-Pixel-3
X-RN-RSRV
Meta-Geo
X-VWS-Id
X-LJ-Flow-ID
Load-Balancing
X-Cache-Config
X-Path-Route
X-Cache-Var-Map
X-AWS-Id
Machine
X-ES-SERVER
X-Cache-Var
X-Backend-Name
X-Cache-Grace
X-Cache-Host
We-Hiring
X-Upstream-HT
Cache-Key
X-Zipkin-Id
Mail-Subject
DSUID
X-Access
Vix-Hermes-Req-Id
X-Upstream-CT
X-Varnish-Cache-Hits
X-Hit
X-Routing-Service
X-Section
X-MP-GENERATED-AT
X-Proxied
X-Labrador-Cache-Channel
X-Varnish-Server
X-Web-Node
X-Loop
X-OCL
Release
X-PCL
X-Guploader-Uploadid
Now
Mn-Server-Ip
X-RCS-CacheZone
X-Upgrade-Enabled
X-Device-Type
Decoy-Debug-Status
X-Debug-Cache
X-TNCMS
X-EIG-Tracking-Id
X-Viewer-Country
X-From
X-Human
Decoy-Debug-Key
Decoy-Debug-TTL
X-Shopify-Stage
OT-Force-Account-Verify
X-VG-TLSProxy
X-Region
GEO-INFO
X-Proto
X-Rule
X-ShardId
X-ShopId
X-R9-Blue-Green-Version
X-Sorting-Hat-PodId
X-L-Path
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-CCM
X-Endurance-Cache-Level
X-Environment-Context
X-Varnish-Hits
X-Akamai-Request-ID
X-Magnolia-Registration
ServedBy
Rt-Fastcgi-Cache
X-Origin-Response-Time
X-Generated
X-FC-Vary-Parameters
X-Proxy-Build
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Cluster-Node
X-Hosted-By
X-Timing-Wait
X-NCache
Uber-Trace-Id
X-S
X-JoinUs
X-Rendered-As
DB-Nickname
X-PressLabs-Stats
X-Via-Fastly
X-Drupal-Cache-Contexts
Akamai-GRN
X-Xfnlog-Site
Cache-Name
X-BYPASS-REASON
X-ProxyCache-Status
X-ProxyCache-Key
SRV
X-Trace-Id
X-VCT
X-Nginx-Cache
X-Locale
ProcessTime
X-Site-Version
Cteonnt-Length
X-Load-Cache
X-Www-Served-By
NGX
X-Redis-Cache
X-Platform-Server
Version
X-UUID
X-Request-Time
X-Daa-Tunnel
X-Via-CDN
X-Time-Microsecs
X-MServer
X-Cache-NE
X-IP
Time
X-EdgeConnect-Cache-Status
X-NewRelic-App-Data
X-Hl-Ver
X-ECACHE
Azure-RegionName
Azure-SiteName
Azure-SlotName
Azure-Version
X-Origin
X-Wix-Request-Id
S-Rt
Azure-InstanceId
X-FW-Version
X-ServerID
TWC-GeoIP-Country
Webcakes-App-Version
X-Dc
Property-Id
TWC-GeoIP-LatLong
Webcakes-App-Name
X-Rocket-Nginx-Bypass
TWC-Privacy
X-Origin-Hint
TWC-Locale-Group
TWC-Device-Class
Webcakes-Region
TWC-Connection-Speed
CACHE
X-GEO
X-RateLimit-Reset
X-IPS-LoggedIn
NtCoent-Length
X-Vgn-Hpd-Reason
X-Cache-Remote
X-Proxy
X-No-Session
Origin
X-Akamai-Request-ID2
X-FireWall-Port
X-Akamai-Transformed
X-Oneagent-Js-Injection
X-UA
X-CDN-Forward
X-HTML-Minification-Powered-By
Odigeo-Trace-Id
X-Distributor
X-Real-IP
Fastly-SSL
X-ApacheServer
L5d-Success-Class
X-PERF
X-Format
X-Cache-Backend
X-CS
X-Cache-Server
Served-By
X-Webkit-Csp
X-Microcachable
X-Unique-ID
X-Compress-Hint
X-Pubstack
Ec-Rule-Version
Access-Control-Request-Headers
Cache-Tags
X-UnsetCookies
Origin-Cache-Control
LB
Origin-Edge-Control
X-SERVER-NAME
Fastcgi-X-Cache-Version
X-BACKEND-TTL
X-Edge
IBM-Web2-Location
X-Tb
X-Cache-Category-Id
X-Grey
X-Varnish-Cacheable
Backend-Name
HA-Ipaddr
X-CF-Lambda-Version
X-CGP
X-Cluster-Name
Ha-Gx-Prefs
X-Eu-Site
X-A
X-External-Request-Id
X-Connection-Hash
X-HS-Cache-Config
X-G
X-Internal-Host
Node
Mobile-Detection-Method
X-B3-Parentspanid
X-NU-AKA-ACS-Version
Xc-Version
X-NX-Host
Meta-Geo-Continent
X-Cdn-Srv
X-Instart-Info
X-IN-APIGATEWAY
X-Edge-Server
X-CF-Lambda-Fn
X-Is-Bot
MD5-Digest
X-HS-Combine-CSS
A
X-Developer
X-Detected-As
Cache-Prefix
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Cdn-Host
Cdn-Request-Time
Content-Style-Type
Cross-Origin-Window-Policy
Content-Script-Type
X-Debug-Log
X-Destination
Cache-Cookie-Set-From
BehaviorPad-Version
X-PAYTM-SRV-ID
Fly-Request-Id
GEO-REGION-INFO
X-D
X-Powered-By-Defense
Fly-Cache
Fastly-SWR
Arc-Country
AsisCache
X-Debug-Cookies
Fastly-SIE
X-Date
X-DPWN-IS-SECURE
X-Org
Rt-Proxy-Cache
X-B-Cookie
X-Server-Time
X-AIR-PT
X-VG-WebServer
Proxy-Connection
X-Vtex-Processado-Em
X-Accel-Expires-Debug
X-Aed
Accept-Language
X-Nc
X-ARC
X-SRCache-Key
X-Application
X-App-Name
X-A-Ccd
X-Transaction
Server-ID
X-Twitter-Response-Tags
X-Trv-Group
X-Vtex-Remote-Cache
X-ScT
X-Rebelmouse-Surrogate-Control
Rendered-Blocks
X-Region-Sid
X-S-Maxage
X-A-Wwc
X-A-Dam
X-Rebelmouse-Cache-Control
X-A-Dcw
X-A-Dgt
Proxy-Firewall
X-Cache-Bucket
X-Rewrite-Enabled
X-Rojux
X-S-Cookie
X-Worker
Hostname
X-Request-UUID
VivaBuild
Viewtype
Request-Time
ServerName
X-ElasticPress-Search
True-Client-Country-4JS
Esi-Enabled
W
Section-Io-Cache
Request-Country
Memcached
Request-EU
X-Backend-State
X-Cdn-Origin
On-Server
X-Cache-Id
Platform
X-Cache-Info
Resin-Trace
Is-Eu
Server-Host
Server-Int
X-Core-Mission
Countrycode
Gh-Request-Id
X-Clientip
RNT-Machine
RNT-Time
SS
X-Epic-Correlation-Id
X-Nginx-Cache-Key
Country-Code
X-Processor
X-Reqid
X-Location
X-Level-Front-Cache
X-Hash
X-Irp-Debug
X-C
X-Key
X-Request-URI
X-ServiceProvider
X-TH-Server
X-Variation
X-We-Are-Hiring
X-Varnish-Url
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Via-NSCOPI
X-Skip-Cache
X-Sn-Servicetimems
X-GeoIP-Country-Code
X-PHP-Host
Apple-News-Services-Request-Url
Adler-Geo
X-Dispatcher-Server
AKAMAI
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Fastly-Cache
Apple-News-Services-Handled
X-Developers
Content-Disposition
X-Dispatch
X-Generated-On
X-Geo-Header
X-NC
X-SIPLIST1
X-Auto-Login
X-Device-Os
X-Amz-Meta-Cache-Control
X-Wikidot-Backend
X-Wikidot-Static-Cache
REQUESTUUID
X-Webstats-RespID
X-WebServer
X-Via-Edge
X-Via-SSL
X-WADP-Cache
X-Servername
X-SD-PageType
X-LI-UUID
X-CDN-Cache
X-FPC
X-Method
X-LI-Proto
X-Li-Pop
X-Clara-WADP
X-Generation-Time
X-Gannett-Site-Version
X-Li-Fabric
X-Cms-Context
X-Fetched-On
X-BBXSRF
X-Response-By
X-Secret
X-Served-From
X-Request-Start
X-Distil-CS
X-Cache-FS-Status
X-Qloud-Router
X-Reboot
X-Server-IP
X-Crawler
V-Age
IsBot
SD-X-WS
Fastly-Soc-X-Request-Id
UCS
Wxu-Next-Region
Wxu-Next-Hostname
Who
PFcat
Wxu-Next-Commit
Mime-Version
X-Swa-Ws
Heartbleed
L
X-Thinkindot-L3
GW-Server
X-CUA
CDCHOST
X-Matched-Rule
X-Owner
X-Release
X-VServer
X-Thanos
X-Origin-Expires
X-Origin-Date
X-Amzn-Remapped-Content-Length
Powered-By
X-GeoIP-City
N-Cache
X-Hnp-Log
X-Gen-Mode
X-Azure-Ref-OriginShield
X-Block-Status
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Azure-Ref
Thinkindot-CacheControl
Pramga
X-Bip
User-Cache-Control
Web-Mar-Node
Selected-Fe
CF-IPCountry
X-Varnish-Ttl
X-VC-Cache
X-CLOUD-TRACE-CONTEXT
Kp-EeAlive
X-Parent-Response-Time
X-OVcl-Cache
X-TrackingId
X-Ua
X-OVcl
X-Proxy-Cache-Status
X-Proxy-Upstream
X-ND-Cache
X-FE
X-Protected-By
X-Pf-Uncompressing
X-Ratelimit-Remaining
PageSpeed
X-Urbn-Site-Id
Locale
X-Varnish-Beresp-Ttl
X-Urbn-Context-Path
Pragrma
X-LAGOON
X-Fstrz
Magicmarker
User-Agent
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
Memory
X-Planisys-CDN-Cache
X-Be
X-Hello
X-Origin-CC
X-Origin-TTL
X-Flog
X-ABtesting
Pagetype
X-URL
X-Generated-In
X-User
X-Core-Value
X-Phone
X-Varnish-Beresp-Grace
X-Ttl
X-IN-WAF
X-Page-Type
X-Geo
X-Varnish-Beresp-Status
X-DC
X-Zone
X-Dynatrace-Js-Agent
X-Cdn-Forward
X-Backend-Url
X-Backend-Host
X-Newrelic-Synthetics
X-Backend-TTL
X-MSEdge-Features
X-MSEdge-Flight
X-B3-SpanId
X-GoCache-CacheStatus
X-Debug-Cache-Store
X-Tt-Trace-Tag
X-Up
X-Debug-Cache-Expiry
X-Soup
X-Debug-Cache-Fetch
X-Cache-Ttl
X-Birta-Served
X-Birta-Cache-Post
X-TT-LOGID
Cdn
GeoIp-Country-Code
Geoip-Latitude
Geoip-City
X-Varnish-IP
X-Info
X-Litespeed-Cache
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Storage-Class
Selected-FE
HitType
X-Check-Cacheable
X-MID
X-Servedbyhost
X-Real-Ip
X-HS-Status
SN
X-Mid
X-ZONE
CF-Cached-On
X-SayCDN-TTL
X-Vcl-Version
X-Old-Content-Length
X-Datadome
X-Say-Cacheable
X-Aicache-OS
X-Say-TTL
Cache-Hits
X-GRACE
X-Ruxit-Js-Agent
Amp-Access-Control-Allow-Source-Origin
FSS-Proxy
FSS-Cache
X-ServedByHost
X-VCL-Version
X-Tb-Optimization-Total-Bytes-Saved
X-Agile-Age
X-Agile-Id
X-Refresh
X-NODE
X-Agile
X-Cache-Debug
HostName
X-Source
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Akamai-SSL-Client-Sid
X-Bc
X-Web-Server
X-CSRF-Token
X-Contensis-Viewer-Groups
Server-Surrogate-Control
Server-Cache-Control
X-Node-Id
X-Cache-ASPX
GeoIP-Country-Code
X-Varnish-Authentication
Fastly-Backend-Name
Inserted-Into-Cache-At
X-EC-Lua
X-Cache-Time
X-App-Version
X-APP
X-Logtrace-Id
X-COUNTRY
X-IN-APIGATEWAYSSL
RequestId
X-BC
Ajk
X-CSRF-TOKEN
GeoIP-Latitude
WZWS-RAY
X-UPSTREAM-Address
GeoIP-City
X-Via-Ucdn
Srv
X-Nananana
X-WR-MODIFICATION
Xkeyrz
X-Proxy-Cacherz
Group
Ohc-Cache-HIT
Ohc-File-Size
X-ECache
X-NWS-UUID-VERIFY
X-RateLimit-Remaining-Second
X-Wa
X-RateLimit-Limit-Second
WebServer
XServer
X-Dynatrace
X-BE
HTTPS
Cf-Ipcountry
X-Varnish-Beresp-TTL
X-PAGE-TYPE
X-PJAX-URL
Is-Session-Tracking
X-FORWARDED-FOR
X-Tec-Api-Version
X-SN
Get-Access-Time
T-Server
X-TIME
URI
X-Cache-Tag
PICS-Label
Www
Xkeynj
X-CACHE-KEY
X-Unique-Id
X-Tec-Api-Root
X-Fastly-Country-Code
Backend
X-Tec-Api-Origin
X-Sedo-Request-Id
X-Instart-Isnd
X-LB-ID
X-Request-Url
X-GDPR
X-Requestid
X-Micro-Cache
X-Edge-IP
X-Cache-Miss-From
X-Fastly-Backend-Reqs
Dynatrace
Xet-Cookie
X-LiteSpeed-Cache-Control
X-MCACHE
Cneonction
Requestid
X-Render-Time
Lb
Host-ID
X-Cache-Expires
X-SRV
DataCenter
X-Pjax-Url
X-Lb-Id
Pics-Label
X-Swift-Error
CDN
X-Apw-Access-Object
X-Policy
X-Uri
SID
X-Vct
X-Apw-Access-Action
MIME-Version
X-Apw-Hits
X-Apw-Access-Token
X-NGINX-Cache
X-Dw-Trace-Id
X-PF-Uncompressing
Correlation-Id
X-WA
X-Ecache
X-Cf-Powered-By
Epwk-Cache
X-Varnish-Action
X-NGENIX-Cache
X-Newrelic-App-Data
X-Service
X-Html-Edge-Cache
X-ServerName
X-Serial
Cache-Provider
X-Cdn-Request-ID
Warning
X-Zalando-Child-Request-Id
RequestUuid
X-Bug-Bounty
X-Akamai-ERPolicy
X-Page-Impression-Id
X-Fastly-Cache-Hits
X-Flow-Id
X-Akamai-ERRuleID
Fastcgi-X-Cache
Lfy
X-RPM
X-RPS
X-RSL
X-DW
X-DSS
X-WPE-Loopback-Upstream-Addr
X-DB
X-DI
X-Fpc