Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Alt-Svc
X-Adblock-Key
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
Content-Encoding
X-Iinfo
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Age
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Request-Id
X-Amz-Id-2
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
EagleId
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Server-Id
Feature-Policy
Server-Timing
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Host
X-Rq
Report-To
X-Ac
X-Node
Content-Location
X-OneAgent-JS-Injection
X-Backend-Server
X-Cnection
X-Response-Time
X-Request-ID
X-Cloud-Trace-Context
X-Origin-Cache
X-Application-Context
X-Readtime
Request-Id
Allow
EagleEye-TraceId
Surrogate-Control
X-Country
X-ORACLE-DMS-ECID
X-Cache-Lookup
X-Vhost
X-Url
X-Cdn
Pinterest-Generated-By
X-Rack-Cache
X-TTL
X-DynaTrace
X-Clacks-Overhead
X-Origin-Upstream-Status
X-Ua-Compatible
NEL
X-FTR-Request-ID
X-Ruxit-JS-Agent
Rating
X-Country-Code
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-CST
X-Dns-Prefetch-Control
X-HW
X-Dispatcher
X-Goog-Hash
X-Instart-Request-ID
X-ORACLE-DMS-RID
Fusion-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Template-Id
X-DataStream-Cache-Status
Edge-Control
X-PC
X-TtlSet
X-Vname
X-Px
X-DataDome
X-VARITI-CCR
Service-Worker-Allowed
Verso
X-Mod-Pagespeed
X-MS-InvokeApp
X-Recruiting
X-Varnish-TTL
X-D2id
SPRequestGuid
X-Kinja-Server
X-Use-Magma
X-Cdn-Fetch
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-Exp-Variant
X-GoogleNews-Bot
X-Exp-Id
X-Vcap-Request-Id
RTSS
X-Amz-Server-Side-Encryption
X-Abt-Application-Version
DynaTrace
TCN
X-SharePointHealthScore
X-Navigation-Version
X-GitHub-Request-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Sol
X-RateLimit-Remaining
X-Middleton-Display
X-Middleton-Response
Display
Response
X-Akam-SW-Version
X-Powered-By-Plesk
MS-Author-Via
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
Accept-Ch-Lifetime
Charset
X-Shield-Request-Id
Content-MD5
Accept-Ch
ServerID
X-Amz-Rid
AR-PoweredBy
AR-ATIME
Ar-Sid
AR-CACHE
X-Forwarded-Proto
X-B3-TraceId
Realpath
X-Trace
X-Powered-CMS
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Generation
Nginx-Cache
X-DynaTrace-JS-Agent
X-Dw-Request-Base-Id
X-Version
X-Upstream
X-Cached
AR-Request-ID
Fastly-Restarts
Public-Key-Pins
X-Server-Name
X-Shard
X-ESI
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
Mrf-Cache-Status
MRF-Tech
X-Mrf-Section-Lastmod
Pagespeed
Access-Control-Request-Method
X-MSEdge-Ref
Paypal-Debug-Id
X-Goog-Storage-Class
X-Vcache
X-Grace
SPRequestDuration
SPIisLatency
X-Client-IP
S
X-Debug
X-FTR-Balancer
X-FTR-Backend-Server
X-Country-Code-Real
X-DataStream-Origin-MEX-Latency
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-DC
X-FTR-Realm
X-FTR-Expires
X-DataStream-MidMile-RTT
X-Id
Pinterest-Version
X-Pinterest-Rid
X-Ezoic-Cdn
X-Amz-Meta-S3cmd-Attrs
X-Upstream-Proxy
X-FastCGI-Cache
X-N
X-Fastly-Request-ID
X-T
X-DIS-Request-ID
X-Amzn-Trace-Id
Front-End-Https
Arr-Disable-Session-Affinity
X-NF-Request-ID
MicrosoftSharePointTeamServices
X-Content-Type
X-B3-Traceid
X-Hits
X-XRDS-Location
Accept-CH
X-B3-Sampled
X-Varnish-Age
X-FTR-Cache-Host
X-Ser
Arc-Version
X-Mobile-Rewrite
Fastcgi-Cache
PB-RID
PB-PID
X-Frontend
X-Acc-Meta-Resource-Type
Alternate-Protocol
X-Content-Digest
Server-Name
X-Logged-In
X-Correlation-Id
X-Srv
X-Pad
X-Cache-Key
X-Forwarded-For
X-Node-Name
X-Esi
Nel
AMP-Access-Control-Allow-Source-Origin
X-Microsite
Host
X-Request-Handler-Origin-Region
Powered-By-ChinaCache
FilterID
TP-Cache
TP-L2-Cache
X-Type
X-Rid
Healthy
X-Kinsta-Cache
X-LB-Cache
X-User-Agent
X-IPLB-Instance
X-Request-Processing-Time
X-Request-Received
Edge-Cache-Tag
X-Debug-Info
X-AOL-HN
X-F-Cache
X-Cached-By
X-Cache-2
X-GUploader-UploadID
Powered
X-Zen-Fury
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Revision
X-VCache
X-Hostname
X-HS-Content-Id
X-HS-Hub-Id
X-Cache-Rule
X-Cache-Age
Backend-Timing
X-Analytics
X-XRDS-LOCATION
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Accel-Expires
X-Az
X-AppVersion
X-Activity-Id
Surrogate-Key
X-Via-JSL
VIX-Pulpo-Upstream-Status
X-Varnish-Backend
VIX-Pulpo-Node
X-Content-Security-Policy-Report-Only
X-RateLimit-Limit
X-Page-Id
X-BCube-Filmed-By
X-Instance
X-Content-Options
X-Varnish-Grace
X-Amz-Replication-Status
X-Cluster
X-FB-Debug
X-Akamai-Edgescape
X-Tumblr-User
X-PHP-Backend
X-Content-Powered-By
X-Request-Guid
X-Jobs
X-Tumblr-Pixel
X-Tumblr-Pixel-0
Source
Cache-Status
X-App-Environment
X-TT
X-Framework
Cleartype
Server-Node
X-Forwarded-Host
X-Signature
Refresh
X-B-Cache
X-Fastcgi-Cache
X-FW-Static
X-FW-Serve
X-FW-Server
X-FW-Type
X-Varnish-Hostname
X-FW-Hash
Liferay-Portal
X-Server-ID
Tracecode
X-ATG-Version
WPE-Backend
Host-Header
DC
Accept-Charset
X-Mobile
X-Cache-Operation
Access-Control-Allow-Method
X-Cache-Control
X-Edge-Location
X-Cache-Action
Fastcgi-Useragent
X-Drupal-Cache-Tags
X-Time
Actual-Object-TTL
X-APP-VERSION
X-Cache-Hit
X-B
Accept-CH-Lifetime
X-Response-Served-From
Payment
X-Mobile-URL
X-NWS-LOG-UUID
X-Accel-Buffering
X-Hp-Webp
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Storage
X-TX-ID
X-Whom
Upgrade-Insecure-Requests
X-WebKit-CSP-Report-Only
X-App-Server
X-Content-Age
X-Git-Hash
X-Oracle-Dms-Rid
X-TT-TIMESTAMP
Cache
X-Yottaa-Optimizations
Cache-Tv-Group
X-WA-Info
X-Yottaa-Metrics
X-Cacheable-TTL
X-Handled-By
Filters
X-SS-Set-Cookie
X-UA-Device-Type
X-Tumblr-Pixel-1
X-Adobe-Loc
X-Tumblr-Pixel-2
X-Status
Eomportal-Instance
X-Adobe-Content
X-GeoIP
X-RequestSource
NGB
X-RemovedCookies
Xserver
X-ProcessESI
X-Geo-Country
Viewport
X-VG-WebCache
Cache-Tag
Retry-After
Webserver
Datacenter
X-Ratelimit-Reset
X-Cache-TTL-Remaining
X-FW-Dynamic
Server-Info
X-Cache-TTL
X-Seen-By
X-FB-TRIP-ID
X-Cache-Enabled
X-TA-CDN-Provider
MS-CV
X-Host-Name
X-Contextid
X-B3-Spanid
X-Ratelimit-Limit
X-Presslabs-Stats
S-Cnection
X-PressLabs-Stats
Frame-Options
X-Origin-Server
From-Origin
X-Generated-By
Ms-Operation-Id
X-Hyper-Cache
Country
X-RTag
X-Mode
Machine
X-Cache-Var-Map
X-ES-SERVER
X-Cache-Var
Load-Balancing
X-CF-Powered-By
Meta-Geo
X-RN-RSRV
X-Cache-Config
X-Tumblr-Pixel-3
X-Path-Route
X-Cache-Grace
X-Zipkin-Id
X-Upstream-HT
Vix-Hermes-Req-Id
X-Hit
X-Upstream-CT
Cache-Key
X-Routing-Service
X-Proxied
X-Labrador-Cache-Channel
X-Access
X-Section
X-MP-GENERATED-AT
X-TNCMS
X-Human
X-OCL
X-Viewer-Country
Decoy-Debug-Key
X-Loop
X-RCS-CacheZone
X-Upgrade-Enabled
X-Backend-Name
X-From
Now
X-Cache-Host
X-PCL
Decoy-Debug-Status
Decoy-Debug-TTL
X-Varnish-Server
X-Varnish-Cache-Hits
X-Web-Node
X-CCM
Mn-Server-Ip
X-Alternate-Cache-Key
X-AWS-Id
Rt-Fastcgi-Cache
X-Akamai-Request-ID
ServedBy
X-Debug-Cache
X-Magnolia-Registration
X-ShardId
X-Origin-Response-Time
X-LJ-Flow-ID
X-Sorting-Hat-ShopId
X-ShopId
X-VG-TLSProxy
X-R9-Blue-Green-Version
X-Sorting-Hat-PodId
X-VWS-Id
X-Shopify-Stage
X-L-Path
X-Varnish-Hits
X-Endurance-Cache-Level
X-EIG-Tracking-Id
X-Region
X-Rule
X-Environment-Context
Mail-Subject
Cache-Name
X-S
X-Via-Fastly
DB-Nickname
OT-Force-Account-Verify
GEO-INFO
DSUID
X-Rendered-As
We-Hiring
X-Hosted-By
X-JoinUs
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated
X-Drupal-Cache-Contexts
X-FC-Vary-Parameters
X-NCache
SRV
X-Proxy-Build
X-Xfnlog-Site
Akamai-GRN
X-Cluster-Node
X-Proto
X-Timing-Wait
X-Device-Type
Uber-Trace-Id
Release
X-Guploader-Uploadid
X-Trace-Id
X-Nginx-Cache
X-Www-Served-By
X-Redis-Cache
Cteonnt-Length
X-ProxyCache-Status
X-ProxyCache-Key
X-BYPASS-REASON
NGX
X-Load-Cache
X-VCT
Version
X-UUID
X-Site-Version
X-Request-Time
X-Platform-Server
X-Locale
ProcessTime
X-Time-Microsecs
X-IP
Time
X-Daa-Tunnel
X-Via-CDN
X-Cache-NE
X-FW-Version
Azure-SiteName
Azure-RegionName
Azure-InstanceId
Azure-SlotName
Azure-Version
X-Origin
X-ECACHE
S-Rt
X-Wix-Request-Id
X-NewRelic-App-Data
X-EdgeConnect-Cache-Status
X-GEO
X-MServer
Webcakes-App-Version
X-Rocket-Nginx-Bypass
Webcakes-App-Name
Webcakes-Region
TWC-Locale-Group
TWC-Connection-Speed
Property-Id
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Privacy
X-Origin-Hint
X-Hl-Ver
X-Cache-Remote
NtCoent-Length
X-No-Session
X-Vgn-Hpd-Reason
X-FireWall-Port
X-Proxy
X-Dc
X-ServerID
CACHE
X-Akamai-Request-ID2
X-IPS-LoggedIn
Origin
X-Akamai-Transformed
X-HTML-Minification-Powered-By
X-ApacheServer
X-PERF
X-Real-IP
Odigeo-Trace-Id
X-Distributor
X-CS
X-Format
Fastly-SSL
X-CDN-Forward
X-Oneagent-Js-Injection
X-Cache-Backend
X-Cache-Server
X-RateLimit-Reset
L5d-Success-Class
Ec-Rule-Version
X-Microcachable
Cache-Tags
Access-Control-Request-Headers
X-UA
X-Pubstack
X-Compress-Hint
X-Unique-ID
Hostname
Served-By
Origin-Cache-Control
Origin-Edge-Control
X-UnsetCookies
X-NC
X-Tb
X-Webkit-Csp
Fastcgi-X-Cache-Version
X-Cache-Category-Id
IBM-Web2-Location
LB
X-Grey
X-SERVER-NAME
X-Varnish-Cacheable
X-B3-Parentspanid
Accept-Language
Backend-Name
Mobile-Detection-Method
Node
Meta-Geo-Continent
A
MD5-Digest
Cache-Cookie-Set-Idcheck
Fly-Cache
Cache-Cookie-Set-From
Fastly-SWR
Cache-Cookie-Set-Lfrom
Cross-Origin-Window-Policy
Fastly-SIE
Fly-Request-Id
GEO-REGION-INFO
Content-Script-Type
Cdn-Request-Time
Cdn-Host
Content-Style-Type
Cache-Prefix
BehaviorPad-Version
AsisCache
Arc-Country
X-Cache-Bucket
X-Org
X-NU-AKA-ACS-Version
X-PAYTM-SRV-ID
X-Rebelmouse-Cache-Control
X-Region-Sid
X-Rebelmouse-Surrogate-Control
X-Is-Bot
X-Internal-Host
X-Edge-Server
X-DPWN-IS-SECURE
X-External-Request-Id
X-G
X-Instart-Info
X-IN-APIGATEWAY
X-Request-UUID
X-Rewrite-Enabled
X-VG-WebServer
X-Twitter-Response-Tags
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-Worker
X-Trv-Group
X-Transaction
X-S-Cookie
X-Rojux
X-S-Maxage
X-ScT
X-SRCache-Key
X-Server-Time
X-Developer
X-Detected-As
X-A-Ccd
X-A
X-A-Dcw
X-A-Dgt
X-Accel-Expires-Debug
X-A-Wwc
VivaBuild
Viewtype
Request-Country
Rendered-Blocks
Request-EU
Request-Time
Server-ID
Rt-Proxy-Cache
X-Aed
X-AIR-PT
X-Cluster-Name
X-CF-Lambda-Version
X-Connection-Hash
X-D
X-Destination
X-Date
X-CF-Lambda-Fn
X-Cdn-Srv
X-Application
X-App-Name
X-ARC
X-B-Cookie
ServerName
Proxy-Firewall
X-A-Dam
Proxy-Connection
X-BACKEND-TTL
X-Edge
X-ElasticPress-Search
X-Cache-Info
X-Backend-State
W
X-Cache-Id
X-Cdn-Origin
X-Debug-Cookies
X-Core-Mission
X-Clientip
X-CGP
True-Client-Country-4JS
Section-Io-Cache
On-Server
Memcached
Is-Eu
HA-Ipaddr
Platform
Resin-Trace
X-Debug-Log
RNT-Time
RNT-Machine
Server-Int
X-Epic-Correlation-Id
X-Request-URI
X-Processor
X-PHP-Host
X-NX-Host
X-ServiceProvider
X-Skip-Cache
X-Varnish-Url
X-We-Are-Hiring
X-Variation
X-Sn-Servicetimems
X-Location
X-Level-Front-Cache
X-Powered-By-Defense
X-Fastly-Cache
X-Eu-Site
Ha-Gx-Prefs
X-Generated-On
X-Geo-Header
X-HS-Combine-CSS
X-HS-Cache-Config
X-GeoIP-Country-Code
X-Developers
X-Nginx-Cache-Key
Esi-Enabled
X-C
Apple-News-Services-Host
Content-Disposition
Adler-Geo
Apple-News-Services-Handled
Countrycode
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Gh-Request-Id
X-Ua
X-Ttl
X-Fetched-On
CDCHOST
X-Hnp-Log
X-Hash
X-Gen-Mode
X-Gannett-Site-Version
X-FPC
X-Dispatch
X-Block-Status
X-Cache-FS-Status
X-BBXSRF
X-Auto-Login
X-Amz-Meta-Cache-Control
Country-Code
X-CDN-Cache
X-Irp-Debug
X-Dispatcher-Server
X-Device-Os
X-Cms-Context
X-Clara-WADP
X-Distil-CS
X-Li-Pop
X-SVT-ORM-VERSION
X-TH-Server
X-SVT-ORM-RULES
X-SIPLIST1
X-Servername
X-Via-Edge
X-Via-SSL
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-WebServer
X-WADP-Cache
X-Server-IP
X-Served-From
AKAMAI
X-Qloud-Router
X-LI-UUID
X-LI-Proto
X-Li-Fabric
X-Reboot
X-Reqid
X-Secret
X-SD-PageType
X-Response-By
X-Request-Start
X-Key
X-Generation-Time
Fastly-Soc-X-Request-Id
Server-Host
Web-Mar-Node
SD-X-WS
PFcat
X-Via-NSCOPI
V-Age
IsBot
SS
User-Cache-Control
UCS
CF-IPCountry
X-Amzn-Remapped-Content-Length
X-Crawler
X-Origin-Date
X-Method
X-Matched-Rule
Selected-Fe
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
Pramga
X-Webstats-RespID
X-VServer
Heartbleed
N-Cache
REQUESTUUID
X-GeoIP-City
L
X-Thinkindot-L3
X-Release
GW-Server
Powered-By
X-Nc
X-Thanos
X-Swa-Ws
X-Owner
X-Origin-Expires
X-Bip
Wxu-Next-Commit
Wxu-Next-Hostname
X-Azure-Ref-OriginShield
Wxu-Next-Region
Who
X-Azure-Ref
Mime-Version
X-Proxy-Upstream
X-VC-Cache
X-Parent-Response-Time
X-TrackingId
X-CUA
X-Proxy-Cache-Status
X-OVcl-Cache
X-OVcl
X-Varnish-Ttl
X-CLOUD-TRACE-CONTEXT
X-Pf-Uncompressing
X-ND-Cache
X-FE
Kp-EeAlive
X-Urbn-Site-Id
X-Urbn-Context-Path
Locale
Magicmarker
PageSpeed
X-Ratelimit-Remaining
User-Agent
X-Protected-By
X-LAGOON
X-Varnish-Beresp-Ttl
Pragrma
Memory
X-Fstrz
X-Origin-CC
X-Origin-TTL
X-Planisys-CDN-TTL
X-Hello
X-Planisys-CDN-Rules
X-Flog
X-ABtesting
X-Planisys-CDN-Cache
X-Cache-Ttl
X-Page-Type
X-Datadome
X-DC
Pagetype
X-URL
X-Be
X-IN-WAF
X-Backend-Url
X-Backend-Host
X-Phone
X-Geo
X-User
X-Core-Value
X-Cdn-Forward
X-Generated-In
X-Backend-TTL
X-Dynatrace-Js-Agent
X-Zone
X-GoCache-CacheStatus
X-MSEdge-Features
X-MSEdge-Flight
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Newrelic-Synthetics
X-Up
X-Tt-Trace-Tag
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-B3-SpanId
X-Soup
X-Birta-Served
X-Birta-Cache-Post
X-Oss-Request-Id
X-Oss-Object-Type
Cdn
X-Servedbyhost
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-TT-LOGID
X-Litespeed-Cache
X-Varnish-IP
X-Check-Cacheable
X-Info
Selected-FE
X-Dynatrace
HitType
X-ZONE
Geoip-Latitude
GeoIp-Country-Code
Geoip-City
X-MID
X-VCL-Version
X-Old-Content-Length
X-Say-Cacheable
X-HS-Status
Cache-Hits
X-Say-TTL
SN
X-SayCDN-TTL
X-Real-Ip
X-Mid
X-Tb-Optimization-Total-Bytes-Saved
X-Aicache-OS
Amp-Access-Control-Allow-Source-Origin
X-Akamai-SSL-Client-Sid
CF-Cached-On
X-GRACE
X-Ruxit-Js-Agent
X-Agile
X-Agile-Age
X-Agile-Id
FSS-Proxy
FSS-Cache
X-Refresh
X-Vcl-Version
X-Cache-Debug
X-CSRF-TOKEN
X-Source
X-ServedByHost
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
GeoIP-Country-Code
Inserted-Into-Cache-At
X-Cache-Time
X-Node-Id
Fastly-Backend-Name
X-BC
X-Web-Server
X-Bc
X-Cache-ASPX
X-IN-APIGATEWAYSSL
WZWS-RAY
X-Varnish-Authentication
GeoIP-City
Ajk
GeoIP-Latitude
HostName
X-Contensis-Viewer-Groups
Server-Surrogate-Control
Server-Cache-Control
X-Logtrace-Id
X-App-Version
X-EC-Lua
X-Via-Ucdn
XServer
X-COUNTRY
X-UPSTREAM-Address
RequestId
X-APP
X-FORWARDED-FOR
Srv
X-CSRF-Token
X-Nananana
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Wa
X-Varnish-Beresp-TTL
X-WR-MODIFICATION
Xkeyrz
X-Proxy-Cacherz
X-TIME
Ohc-Cache-HIT
Group
X-ECache
Ohc-File-Size
X-NWS-UUID-VERIFY
X-BE
WebServer
Cf-Ipcountry
T-Server
HTTPS
PICS-Label
X-LiteSpeed-Cache-Control
Is-Session-Tracking
X-Render-Time
Backend
X-PAGE-TYPE
X-Fastly-Country-Code
X-Unique-Id
Get-Access-Time
X-SN
X-Micro-Cache
X-PJAX-URL
Www
X-Cache-Tag
Xkeynj
X-SRV
X-GDPR
X-LB-ID
URI
X-CACHE-KEY
X-Instart-Isnd
X-Requestid
Lb
X-Sedo-Request-Id
X-Cache-Miss-From
X-Edge-IP
X-Request-Url
MIME-Version
Dynatrace
X-MCACHE
X-Cache-Expires
Requestid
X-Fastly-Backend-Reqs
Cneonction
Host-ID
X-Policy
X-Pjax-Url
X-Uri
SID
CDN
DataCenter
Xet-Cookie
X-Lb-Id
Pics-Label
X-Apw-Access-Token
X-Apw-Access-Object
X-Apw-Hits
X-Swift-Error
X-Vct
X-Apw-Access-Action
X-NGINX-Cache
X-Dw-Trace-Id
X-Varnish-Action
X-Service
X-Cf-Powered-By
X-Ecache
Cache-Provider
X-Cdn-Request-ID
Correlation-Id
X-PF-Uncompressing
Epwk-Cache
X-WA
X-Newrelic-App-Data
X-NGENIX-Cache
X-DI
X-Html-Edge-Cache
X-Akamai-ERPolicy
X-DSS
Lfy
X-DB
Fastcgi-X-Cache
X-Bug-Bounty
Warning
X-Akamai-ERRuleID
X-Serial
X-Fastly-Cache-Hits
RequestUuid
X-Fpc
X-Page-Impression-Id
X-Zalando-Child-Request-Id
X-Flow-Id
X-ServerName
X-WPE-Loopback-Upstream-Addr
X-RPM
X-RPS
X-RSL
X-DW