Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Request-Id
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
X-Drupal-Cache
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
P3p
X-Template
Status
X-Language
Timing-Allow-Origin
Content-Encoding
X-Iinfo
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Amz-Request-Id
X-Amz-Id-2
X-Pingback
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
X-Server-Powered-By
EagleId
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
X-WebKit-CSP
Ali-Swift-Global-Savetime
Feature-Policy
X-Device
Server-Timing
X-Server-Id
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Host
Report-To
X-Ac
X-Rq
Content-Location
X-Node
X-OneAgent-JS-Injection
X-Backend-Server
X-Cnection
X-Response-Time
X-Origin-Cache
X-Cloud-Trace-Context
X-Application-Context
EagleEye-TraceId
Allow
Request-Id
X-Readtime
Surrogate-Control
X-Country
X-Cache-Lookup
X-ORACLE-DMS-ECID
X-TTL
X-DynaTrace
X-Url
X-Vhost
X-Cdn
X-Rack-Cache
Pinterest-Generated-By
X-Clacks-Overhead
X-Origin-Upstream-Status
NEL
X-Ua-Compatible
X-CST
X-Ruxit-JS-Agent
X-EdgeConnect-Origin-MEX-Latency
Rating
X-EdgeConnect-MidMile-RTT
X-ORACLE-DMS-RID
X-FTR-Request-ID
X-Country-Code
X-HW
X-Goog-Hash
X-Dispatcher
X-Instart-Request-ID
Fusion-Source
Fusion-Content-Source
Fusion-Component-Id
Fusion-Content-Id
Fusion-Template-Id
X-DataStream-Cache-Status
Edge-Control
X-PC
X-Vname
X-TtlSet
X-Px
X-VARITI-CCR
Service-Worker-Allowed
X-DataDome
X-MS-InvokeApp
X-Mod-Pagespeed
Verso
SPRequestGuid
X-Recruiting
X-Request-ID
X-Dns-Prefetch-Control
X-Kinja-Server
X-Kinja-Revision
X-Cdn-Fetch
X-D2id
X-Use-Magma
X-GoogleNews-Bot
X-Kinja-Build
X-Exp-Id
X-Kinja
X-Exp-Variant
X-Varnish-TTL
X-Vcap-Request-Id
RTSS
X-SharePointHealthScore
X-Amz-Server-Side-Encryption
X-Abt-Application-Version
TCN
DynaTrace
X-Navigation-Version
X-B3-TraceId
X-GitHub-Request-Id
X-RateLimit-Remaining
X-Powered-By-Plesk
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-ESI
X-Middleton-Display
Display
X-Middleton-Response
Response
X-Sol
X-Akam-SW-Version
Charset
Content-MD5
MS-Author-Via
AR-PoweredBy
AR-CACHE
Ar-Sid
AR-ATIME
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Trace
Accept-Ch-Lifetime
ServerID
X-Shield-Request-Id
X-Amz-Rid
Realpath
X-Server-Name
X-Goog-Generation
X-Goog-Metageneration
X-Powered-CMS
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Dw-Request-Base-Id
AR-Request-ID
X-DynaTrace-JS-Agent
X-Forwarded-Proto
Nginx-Cache
X-Version
X-Cached
X-Upstream
Fastly-Restarts
X-Shard
Public-Key-Pins
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
SPRequestDuration
SPIisLatency
Access-Control-Request-Method
Paypal-Debug-Id
Accept-Ch
X-Goog-Storage-Class
X-MSEdge-Ref
X-Client-IP
Pagespeed
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Proxy
Accept-CH
S
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Debug
X-Amz-Meta-S3cmd-Attrs
X-Id
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-Balancer
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Backend
X-FTR-DC
X-FTR-Expires
X-Ezoic-Cdn
X-N
X-T
X-DIS-Request-ID
X-Fastly-Request-ID
X-Grace
MicrosoftSharePointTeamServices
X-XRDS-Location
Arr-Disable-Session-Affinity
Front-End-Https
X-NF-Request-ID
X-Amzn-Trace-Id
X-Content-Type
X-Hits
X-B3-Sampled
X-Ser
X-Varnish-Age
X-Mobile-Rewrite
PB-PID
Arc-Version
PB-RID
Alternate-Protocol
X-Vcache
Fastcgi-Cache
X-Acc-Meta-Resource-Type
X-Frontend
X-Logged-In
X-Content-Digest
X-VCache
Server-Name
X-Server-ID
X-FTR-Cache-Host
X-Srv
X-FastCGI-Cache
X-Pad
X-Forwarded-For
X-Correlation-Id
Host
AMP-Access-Control-Allow-Source-Origin
X-B3-Traceid
X-Node-Name
Nel
Powered-By-ChinaCache
X-Request-Handler-Origin-Region
X-Microsite
FilterID
TP-L2-Cache
TP-Cache
Healthy
X-Rid
X-Fastcgi-Cache
X-Type
X-Kinsta-Cache
X-LB-Cache
Edge-Cache-Tag
X-IPLB-Instance
X-Request-Received
X-User-Agent
X-Request-Processing-Time
X-AOL-HN
X-Debug-Info
X-Cached-By
X-Cache-Key
X-F-Cache
X-Revision
X-Cache-2
X-Zen-Fury
X-Amz-Apigw-Id
X-Hostname
X-Amzn-RequestId
X-GUploader-UploadID
Powered
X-HS-Hub-Id
X-Cache-Rule
X-HS-Content-Id
X-Analytics
Backend-Timing
X-XRDS-LOCATION
X-Cache-Age
X-Accel-Expires
Surrogate-Key
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-RateLimit-Limit
X-Activity-Id
X-AppVersion
X-Az
X-Page-Id
X-Varnish-Backend
VIX-Pulpo-Node
X-Via-JSL
VIX-Pulpo-Upstream-Status
X-Content-Security-Policy-Report-Only
X-BCube-Filmed-By
X-Varnish-Grace
X-Instance
X-Content-Options
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
X-Jobs
X-FB-Debug
X-Cluster
X-App-Environment
Cache-Status
X-Akamai-Edgescape
Source
X-Request-Guid
X-Content-Powered-By
X-PHP-Backend
X-Amz-Replication-Status
X-TT
X-Framework
Cleartype
Server-Node
Refresh
X-Forwarded-Host
Tracecode
X-Varnish-Hostname
WPE-Backend
X-B-Cache
X-Signature
X-Esi
X-FW-Static
X-FW-Type
X-FW-Server
X-FW-Serve
X-FW-Hash
Host-Header
X-ATG-Version
Liferay-Portal
X-Mobile
X-Time
DC
X-Cache-Operation
X-Cache-Control
Accept-Charset
X-Edge-Location
X-Cache-Action
Actual-Object-TTL
Access-Control-Allow-Method
X-NWS-LOG-UUID
X-Drupal-Cache-Tags
Fastcgi-Useragent
X-Cache-Hit
Cache
Accept-CH-Lifetime
Payment
X-Accel-Buffering
X-Mobile-URL
X-Hp-Webp
Upgrade-Insecure-Requests
X-Cache-TTL
X-App-Server
X-Response-Served-From
X-Whom
X-B
X-Storage
X-TX-ID
X-UA-Device-Type
X-WebKit-CSP-Report-Only
X-Content-Age
X-TT-TIMESTAMP
X-Handled-By
X-Yottaa-Metrics
X-Yottaa-Optimizations
Xserver
X-Erf-Bev-Bev
X-GeoIP
X-Tumblr-Pixel-2
X-SS-Set-Cookie
X-Tumblr-Pixel-1
X-Erf-Bev-Bev-Is-Generated
X-RequestSource
X-Cacheable-TTL
Filters
X-Adobe-Content
X-Adobe-Loc
Eomportal-Instance
X-WA-Info
Cache-Tv-Group
X-Git-Hash
X-Ratelimit-Reset
Viewport
X-VG-WebCache
X-ProcessESI
X-RemovedCookies
X-Status
X-Geo-Country
NGB
Cache-Tag
Server-Info
Webserver
X-FB-TRIP-ID
X-APP-VERSION
Datacenter
X-Cache-TTL-Remaining
Retry-After
X-Cache-Enabled
X-FW-Dynamic
X-TA-CDN-Provider
X-Seen-By
X-Contextid
S-Cnection
X-Ratelimit-Limit
MS-CV
X-Presslabs-Stats
X-Host-Name
X-PressLabs-Stats
X-Origin-Server
From-Origin
Country
X-Guploader-Uploadid
Frame-Options
X-Mode
X-Hyper-Cache
X-Generated-By
Load-Balancing
X-Cache-Var
X-AWS-Id
X-Path-Route
X-Cache-Config
X-RN-RSRV
X-Tumblr-Pixel-3
X-VWS-Id
X-LJ-Flow-ID
Meta-Geo
X-ES-SERVER
X-RTag
X-CF-Powered-By
Ms-Operation-Id
Machine
X-Cache-Var-Map
X-Routing-Service
X-Varnish-Hits
X-Labrador-Cache-Channel
X-Upstream-CT
X-Proxied
X-Cache-Grace
Mail-Subject
Vix-Hermes-Req-Id
X-Human
DSUID
Cache-Key
We-Hiring
X-Backend-Name
X-Varnish-Cache-Hits
X-Cache-Host
X-Hit
X-Zipkin-Id
X-Upstream-HT
Release
X-Magnolia-Registration
ServedBy
X-Access
Uber-Trace-Id
X-Web-Node
Now
X-Section
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
X-Viewer-Country
Mn-Server-Ip
X-Debug-Cache
X-Loop
X-OCL
X-PCL
X-RCS-CacheZone
X-TNCMS
X-From
X-Rendered-As
X-Device-Type
X-EIG-Tracking-Id
X-Upgrade-Enabled
X-Varnish-Server
X-MP-GENERATED-AT
GEO-INFO
Rt-Fastcgi-Cache
X-ProxyCache-Key
X-Akamai-Request-ID
X-Sorting-Hat-PodId
X-ProxyCache-Status
X-Rule
X-Sorting-Hat-ShopId
X-R9-Blue-Green-Version
X-Alternate-Cache-Key
X-Proto
X-Endurance-Cache-Level
X-Environment-Context
X-L-Path
X-Origin-Response-Time
X-Cluster-Node
X-BYPASS-REASON
X-VG-TLSProxy
X-CCM
Akamai-GRN
OT-Force-Account-Verify
X-ShopId
X-ShardId
X-Shopify-Stage
X-Via-Fastly
X-Proxy-Build
X-Region
X-Timing-Wait
X-FC-Vary-Parameters
X-NCache
X-JoinUs
X-Hosted-By
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated
X-Xfnlog-Site
DB-Nickname
Cache-Name
X-S
X-Daa-Tunnel
X-VCT
X-Trace-Id
X-Redis-Cache
X-Nginx-Cache
X-Drupal-Cache-Contexts
X-Site-Version
X-Www-Served-By
NGX
X-Locale
Cteonnt-Length
X-NewRelic-App-Data
X-Cache-NE
X-Platform-Server
X-Load-Cache
X-UUID
X-B3-Spanid
ProcessTime
X-MServer
X-Hl-Ver
X-EdgeConnect-Cache-Status
X-Vgn-Hpd-Reason
X-Request-Time
X-ECACHE
X-Cache-Remote
X-IP
X-Time-Microsecs
X-Rocket-Nginx-Bypass
X-Real-IP
X-ServerID
Time
X-Oracle-Dms-Rid
X-GEO
Version
X-Via-CDN
X-Wix-Request-Id
S-Rt
Azure-SiteName
X-FW-Version
SRV
X-Origin
Azure-SlotName
Azure-Version
Azure-InstanceId
Azure-RegionName
X-Origin-Hint
TWC-Locale-Group
TWC-Connection-Speed
Webcakes-Region
Property-Id
X-IPS-LoggedIn
TWC-Privacy
TWC-Device-Class
Webcakes-App-Version
Webcakes-App-Name
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-Dc
X-Proxy
Origin
X-FireWall-Port
X-No-Session
L5d-Success-Class
X-Distributor
Odigeo-Trace-Id
NtCoent-Length
X-Cache-Backend
Served-By
X-Oneagent-Js-Injection
X-Akamai-Transformed
Fastly-SSL
X-Pubstack
X-ApacheServer
X-Unique-ID
CACHE
X-Akamai-Request-ID2
X-Microcachable
X-PERF
X-Cache-Server
Origin-Edge-Control
X-CS
X-Format
Origin-Cache-Control
X-RateLimit-Reset
X-UA
Fastcgi-X-Cache-Version
X-Grey
Hostname
X-Cache-Category-Id
Ec-Rule-Version
IBM-Web2-Location
X-Webkit-Csp
X-Compress-Hint
X-HTML-Minification-Powered-By
Cache-Tags
X-UnsetCookies
X-Powered-By-Defense
X-Is-Bot
X-CDN-Forward
X-Edge
X-Detected-As
Proxy-Connection
Backend-Name
X-Varnish-Cacheable
X-Tb
Cdn-Host
Cache-Cookie-Set-Lfrom
Cache-Prefix
Content-Script-Type
Cdn-Request-Time
Request-Time
X-CGP
Content-Style-Type
Rendered-Blocks
Node
GEO-REGION-INFO
Mobile-Detection-Method
Meta-Geo-Continent
Ha-Gx-Prefs
MD5-Digest
Fly-Request-Id
Fly-Cache
Request-Country
Cross-Origin-Window-Policy
Cache-Cookie-Set-Idcheck
Proxy-Firewall
Fastly-SWR
Fastly-SIE
Request-EU
X-CF-Lambda-Fn
X-A-Dgt
X-Cache-Bucket
X-A-Dcw
X-A-Dam
X-A-Ccd
X-B-Cookie
X-ARC
X-AIR-PT
X-App-Name
X-Aed
X-Accel-Expires-Debug
X-A-Wwc
X-A
VivaBuild
X-CF-Lambda-Version
X-Application
X-B3-Parentspanid
AsisCache
BehaviorPad-Version
X-Cdn-Srv
Arc-Country
A
Viewtype
ServerName
Server-ID
Rt-Proxy-Cache
Cache-Cookie-Set-From
X-G
X-Transaction
X-Trv-Group
X-BACKEND-TTL
X-SRCache-Key
X-NU-AKA-ACS-Version
X-Internal-Host
X-Instart-Info
X-Twitter-Response-Tags
X-Rojux
X-HS-Combine-CSS
X-IN-APIGATEWAY
X-NX-Host
X-Org
X-S-Maxage
X-Region-Sid
X-S-Cookie
X-Request-UUID
X-Rewrite-Enabled
X-ScT
X-Rebelmouse-Surrogate-Control
X-PAYTM-SRV-ID
X-Ua
X-Server-Time
X-Rebelmouse-Cache-Control
X-VG-WebServer
X-HS-Cache-Config
X-DPWN-IS-SECURE
X-Edge-Server
X-Debug-Cookies
Xc-Version
X-Developer
X-Date
X-D
X-Debug-Log
X-Destination
X-Connection-Hash
X-External-Request-Id
Access-Control-Request-Headers
X-Cluster-Name
HA-Ipaddr
X-Worker
X-Vtex-Processado-Em
X-Via-NSCOPI
X-Eu-Site
X-Vtex-Remote-Cache
X-ElasticPress-Search
X-NC
RNT-Machine
X-Server-IP
Resin-Trace
Is-Eu
X-We-Are-Hiring
On-Server
Platform
Memcached
X-TH-Server
X-Skip-Cache
X-Sn-Servicetimems
X-Variation
X-ServiceProvider
X-PHP-Host
X-Fastly-Cache
X-Backend-State
X-Generated-On
X-Geo-Header
X-Hash
X-GeoIP-Country-Code
X-Cache-Id
X-Cache-Info
X-Dispatch
X-Core-Mission
X-Dispatcher-Server
X-Cdn-Origin
X-Epic-Correlation-Id
X-Irp-Debug
X-Key
Server-Int
X-Qloud-Router
Server-Host
Section-Io-Cache
X-Request-URI
X-Reqid
SS
True-Client-Country-4JS
X-Location
X-Level-Front-Cache
X-Nginx-Cache-Key
X-Clientip
X-Processor
RNT-Time
Countrycode
LB
X-Nc
Esi-Enabled
X-C
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Adler-Geo
Apple-News-Services-Handled
Apple-News-Services-Host
PageSpeed
Country-Code
Gh-Request-Id
Mime-Version
X-Crawler
X-SD-PageType
Accept-Language
X-Fetched-On
X-Distil-CS
X-Device-Os
X-Secret
X-Served-From
Who
Web-Mar-Node
Wxu-Next-Commit
Wxu-Next-Hostname
X-Servername
Wxu-Next-Region
X-Request-Start
X-Reboot
X-Block-Status
X-BBXSRF
X-LI-Proto
X-Hnp-Log
X-Li-Pop
X-Cache-FS-Status
X-Li-Fabric
X-Generation-Time
X-LI-UUID
X-Amz-Meta-Cache-Control
X-CDN-Cache
X-Gen-Mode
X-Method
X-SVT-ORM-RULES
X-Auto-Login
X-Gannett-Site-Version
X-SIPLIST1
X-Wikidot-Static-Cache
Powered-By
W
SD-X-WS
X-Wikidot-Backend
X-SVT-ORM-VERSION
REQUESTUUID
X-Webstats-RespID
CDCHOST
Content-Disposition
AKAMAI
UCS
User-Cache-Control
V-Age
X-Developers
Pramga
PFcat
X-WebServer
X-Swa-Ws
IsBot
Heartbleed
X-VServer
Fastly-Soc-X-Request-Id
X-Clara-WADP
GW-Server
X-Varnish-Url
X-Cms-Context
X-FPC
X-GeoIP-City
X-WADP-Cache
X-Azure-Ref-OriginShield
X-Response-By
X-Release
X-Thinkindot-L3
X-Owner
X-Thanos
Thinkindot-CacheControl
X-CUA
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Origin-Expires
X-Origin-Date
X-Via-SSL
X-Azure-Ref
X-Matched-Rule
X-Bip
X-ND-Cache
X-Via-Edge
X-GRACE
X-Datadome
X-Parent-Response-Time
X-SERVER-NAME
L
X-OVcl-Cache
X-OVcl
CF-IPCountry
X-Protected-By
X-VC-Cache
X-Varnish-Ttl
X-CLOUD-TRACE-CONTEXT
N-Cache
X-Proxy-Upstream
X-B3-SpanId
X-Fstrz
X-Proxy-Cache-Status
Pragrma
X-Amzn-Remapped-Content-Length
X-Cdn-Forward
Selected-Fe
X-TrackingId
X-FE
X-LAGOON
X-Ratelimit-Remaining
Kp-EeAlive
X-Varnish-Beresp-Ttl
Memory
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
User-Agent
Locale
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Origin-TTL
X-Origin-CC
X-Be
X-Pf-Uncompressing
X-Core-Value
X-IN-WAF
X-Phone
X-Page-Type
Magicmarker
X-Zone
X-DC
X-URL
X-Birta-Cache-Post
X-Birta-Served
X-Ruxit-Js-Agent
Pagetype
X-Varnish-Beresp-Status
X-ABtesting
X-Ttl
X-Hello
X-Geo
X-Varnish-Beresp-Grace
X-Flog
X-Info
X-Backend-TTL
X-Varnish-IP
X-Dynatrace-Js-Agent
Selected-FE
X-User
HitType
X-Generated-In
Cdn
X-Backend-Host
X-App-Version
X-Backend-Url
X-Newrelic-Synthetics
X-MSEdge-Flight
X-Servedbyhost
X-Tt-Trace-Tag
SN
X-TT-LOGID
X-MSEdge-Features
X-Soup
X-Up
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-GoCache-CacheStatus
X-Debug-Cache-Store
X-Litespeed-Cache
X-HS-Status
Geoip-Latitude
Geoip-City
CF-Cached-On
GeoIp-Country-Code
X-Source
X-MID
X-Mid
X-Oss-Request-Id
X-Agile-Age
X-Oss-Hash-Crc64ecma
X-Cache-Debug
X-Oss-Storage-Class
X-Oss-Object-Type
X-Agile-Id
X-Oss-Server-Time
X-Real-Ip
X-Cache-Ttl
X-Refresh
X-CACHE-KEY
X-Agile
X-Check-Cacheable
X-Web-Server
X-Vcl-Version
X-VCL-Version
X-Aicache-OS
X-Tb-Optimization-Total-Bytes-Saved
Amp-Access-Control-Allow-Source-Origin
GeoIP-Country-Code
X-SayCDN-TTL
X-Say-TTL
X-Old-Content-Length
X-Say-Cacheable
X-ZONE
FSS-Cache
FSS-Proxy
X-Bc
X-Amzn-Remapped-Date
GeoIP-Latitude
X-ServedByHost
X-Amzn-Remapped-Connection
Srv
Cache-Hits
GeoIP-City
WZWS-RAY
Server-Cache-Control
X-Varnish-Authentication
Server-Surrogate-Control
X-UPSTREAM-Address
X-Contensis-Viewer-Groups
X-APP
X-Cache-ASPX
HostName
X-NWS-UUID-VERIFY
X-EC-Lua
Ohc-File-Size
Ohc-Cache-HIT
X-COUNTRY
Group
Fastly-Backend-Name
X-CSRF-TOKEN
Inserted-Into-Cache-At
RequestId
X-Node-Id
X-Via-Ucdn
X-CSRF-Token
X-Akamai-SSL-Client-Sid
X-Cache-Time
X-WR-MODIFICATION
X-Logtrace-Id
X-IN-APIGATEWAYSSL
HTTPS
Ajk
Cf-Ipcountry
X-Nananana
X-BC
X-Varnish-Beresp-TTL
X-Proxy-Cacherz
Backend
X-ECache
Www
X-SN
Xkeyrz
X-Cache-Tag
XServer
WebServer
X-Dynatrace
X-Instart-Isnd
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
URI
X-Wa
Lb
Get-Access-Time
Xkeynj
Is-Session-Tracking
Requestid
Host-ID
X-Cache-Expires
X-Request-Url
X-Fastly-Country-Code
X-Unique-Id
X-TIME
X-FORWARDED-FOR
X-PAGE-TYPE
X-BE
X-MCACHE
X-LiteSpeed-Cache-Control
X-Cache-Miss-From
X-Requestid
T-Server
X-Edge-IP
X-PF-Uncompressing
X-Sedo-Request-Id
Dynatrace
X-NGENIX-Cache
Epwk-Cache
Pics-Label
X-Varnish-Action
X-Pjax-Url
PICS-Label
X-Micro-Cache
X-Render-Time
X-GDPR
X-Fastly-Backend-Reqs
X-LB-ID
X-PJAX-URL
Cneonction
Xet-Cookie
X-Correlation-ID
X-SRV
DataCenter
X-Ftr-Cache-Host
CDN
X-Lb-Id
X-Swift-Error
X-Vct
X-Apw-Access-Token
Fastcgi-X-Cache
X-Apw-Hits
X-Apw-Access-Action
X-Apw-Access-Object
X-NGINX-Cache
X-Dw-Trace-Id
X-Ecache
X-Policy
X-WA
Correlation-Id
X-Uri
X-Fpc
X-Cf-Powered-By
X-Svr
X-AssetVersion
MIME-Version
Warning
X-Akamai-ERRuleID
Ohc-Response-Time
RequestUuid
X-LiteSpeed-Tag
X-WPE-Loopback-Upstream-Addr
SID
Sid
X-Serial
X-Html-Edge-Cache
Lfy
X-Flow-Id
X-Page-Impression-Id
X-DSS
X-DW
X-DI
X-DB
X-Akamai-ERPolicy
FNAC-ModuleRouting
X-RPM
X-RPS
X-Fastly-Cache-Hits
X-ServerName
X-Sf
X-Bug-Bounty
X-RSL
X-Zalando-Child-Request-Id
X-Var-Ttl