Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Alt-Svc
X-Adblock-Key
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
P3p
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
X-Template
X-Language
Status
Timing-Allow-Origin
Content-Encoding
X-Iinfo
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-Turbo-Charged-By
X-CDN
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Age
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Request-Id
X-Amz-Id-2
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
EagleId
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Server-Id
Feature-Policy
Server-Timing
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Host
X-Rq
Report-To
X-Ac
X-Node
Content-Location
X-OneAgent-JS-Injection
X-Backend-Server
X-Cnection
X-Response-Time
X-Request-ID
X-Cloud-Trace-Context
X-Origin-Cache
X-Application-Context
X-Readtime
Request-Id
Allow
EagleEye-TraceId
X-Cdn
Surrogate-Control
X-Country
X-ORACLE-DMS-ECID
X-Cache-Lookup
X-Vhost
X-TTL
X-DynaTrace
X-Url
Pinterest-Generated-By
X-Rack-Cache
X-Clacks-Overhead
X-Origin-Upstream-Status
X-Ua-Compatible
NEL
X-Ruxit-JS-Agent
X-FTR-Request-ID
Rating
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country-Code
X-CST
X-Dns-Prefetch-Control
X-HW
X-ORACLE-DMS-RID
X-Dispatcher
X-Goog-Hash
X-Instart-Request-ID
Fusion-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Template-Id
X-DataStream-Cache-Status
Edge-Control
X-PC
X-TtlSet
X-Vname
X-Px
X-VARITI-CCR
X-DataDome
Service-Worker-Allowed
Verso
X-Mod-Pagespeed
X-MS-InvokeApp
X-Recruiting
X-Varnish-TTL
X-D2id
SPRequestGuid
X-Use-Magma
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-GoogleNews-Bot
RTSS
X-Vcap-Request-Id
X-Amz-Server-Side-Encryption
X-Abt-Application-Version
TCN
DynaTrace
X-SharePointHealthScore
X-Navigation-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-GitHub-Request-Id
X-RateLimit-Remaining
X-Middleton-Display
Display
X-Sol
Response
X-Middleton-Response
X-Akam-SW-Version
X-Powered-By-Plesk
X-B3-TraceId
MS-Author-Via
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
Charset
X-Shield-Request-Id
Content-MD5
ServerID
X-Amz-Rid
Ar-Sid
AR-PoweredBy
AR-CACHE
AR-ATIME
X-Forwarded-Proto
Realpath
X-Trace
X-Powered-CMS
Accept-Ch-Lifetime
X-ESI
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Metageneration
Nginx-Cache
X-DynaTrace-JS-Agent
X-Dw-Request-Base-Id
X-Version
X-Upstream
X-Cached
AR-Request-ID
Fastly-Restarts
Accept-Ch
Public-Key-Pins
X-Server-Name
X-Shard
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Pagespeed
Access-Control-Request-Method
Paypal-Debug-Id
X-MSEdge-Ref
X-Goog-Storage-Class
X-Vcache
X-Grace
SPRequestDuration
SPIisLatency
X-Client-IP
S
X-Debug
X-FTR-Balancer
X-FTR-Backend-Server
X-Country-Code-Real
X-DataStream-Origin-MEX-Latency
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-DC
X-FTR-Realm
X-FTR-Expires
X-DataStream-MidMile-RTT
X-Id
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Proxy
X-Amz-Meta-S3cmd-Attrs
X-Ezoic-Cdn
Accept-CH
X-N
X-Fastly-Request-ID
X-T
X-DIS-Request-ID
Front-End-Https
X-Amzn-Trace-Id
Arr-Disable-Session-Affinity
X-NF-Request-ID
X-FastCGI-Cache
MicrosoftSharePointTeamServices
X-Content-Type
X-XRDS-Location
X-Hits
X-B3-Sampled
X-FTR-Cache-Host
X-Varnish-Age
X-Ser
Arc-Version
Fastcgi-Cache
PB-PID
PB-RID
X-Mobile-Rewrite
X-Frontend
X-Acc-Meta-Resource-Type
Alternate-Protocol
Server-Name
X-Content-Digest
X-Logged-In
X-B3-Traceid
X-Correlation-Id
X-Srv
X-Pad
X-Forwarded-For
X-Node-Name
Nel
AMP-Access-Control-Allow-Source-Origin
X-Cache-Key
Host
X-Request-Handler-Origin-Region
X-Microsite
Powered-By-ChinaCache
FilterID
TP-Cache
TP-L2-Cache
X-Type
X-Rid
X-Kinsta-Cache
Healthy
X-User-Agent
X-LB-Cache
X-IPLB-Instance
X-Request-Received
X-Request-Processing-Time
Edge-Cache-Tag
X-AOL-HN
X-Debug-Info
X-Cached-By
X-F-Cache
X-Cache-2
X-GUploader-UploadID
X-Zen-Fury
Powered
X-Esi
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Revision
X-VCache
X-Hostname
X-HS-Content-Id
X-HS-Hub-Id
X-Cache-Age
X-Cache-Rule
Backend-Timing
X-Analytics
X-XRDS-LOCATION
X-Kong-Upstream-Latency
X-Accel-Expires
X-Kong-Proxy-Latency
X-Via-JSL
X-Az
X-Activity-Id
Surrogate-Key
X-AppVersion
X-Fastcgi-Cache
VIX-Pulpo-Upstream-Status
X-Varnish-Backend
VIX-Pulpo-Node
X-Content-Security-Policy-Report-Only
X-Instance
X-Page-Id
X-BCube-Filmed-By
X-RateLimit-Limit
X-Content-Options
X-FB-Debug
X-Amz-Replication-Status
X-Cluster
X-Varnish-Grace
X-Jobs
X-Akamai-Edgescape
X-PHP-Backend
X-Tumblr-User
X-Tumblr-Pixel-0
X-Request-Guid
X-Content-Powered-By
X-Tumblr-Pixel
Cache-Status
Source
X-TT
X-App-Environment
Server-Node
Cleartype
X-Framework
X-Forwarded-Host
Refresh
X-B-Cache
X-Signature
X-FW-Static
X-FW-Server
X-FW-Serve
X-FW-Type
X-Server-ID
X-Varnish-Hostname
Accept-CH-Lifetime
X-FW-Hash
Liferay-Portal
Tracecode
DC
X-ATG-Version
WPE-Backend
Host-Header
Accept-Charset
X-Mobile
X-Cache-Operation
Access-Control-Allow-Method
X-Cache-Control
Fastcgi-Useragent
X-Edge-Location
X-Cache-Action
X-Drupal-Cache-Tags
X-Time
Actual-Object-TTL
X-Cache-Hit
X-B
X-NWS-LOG-UUID
Payment
X-Accel-Buffering
X-Mobile-URL
X-Response-Served-From
X-Hp-Webp
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Storage
X-TX-ID
X-Whom
Upgrade-Insecure-Requests
X-APP-VERSION
X-Git-Hash
X-WebKit-CSP-Report-Only
X-App-Server
X-Content-Age
Cache
X-Yottaa-Optimizations
X-WA-Info
X-Yottaa-Metrics
X-TT-TIMESTAMP
Cache-Tv-Group
X-Cacheable-TTL
Filters
X-SS-Set-Cookie
X-Handled-By
X-UA-Device-Type
X-GeoIP
Eomportal-Instance
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Adobe-Content
X-Adobe-Loc
X-Status
X-RequestSource
NGB
Xserver
X-RemovedCookies
X-ProcessESI
Viewport
X-Geo-Country
X-VG-WebCache
Cache-Tag
X-Cache-TTL
Retry-After
Webserver
Datacenter
X-Ratelimit-Reset
X-Cache-TTL-Remaining
X-FW-Dynamic
Server-Info
X-FB-TRIP-ID
X-Seen-By
X-Cache-Enabled
MS-CV
X-TA-CDN-Provider
X-Host-Name
X-Contextid
X-Oracle-Dms-Rid
X-Presslabs-Stats
X-Ratelimit-Limit
X-PressLabs-Stats
S-Cnection
Frame-Options
X-Origin-Server
X-Generated-By
From-Origin
Country
X-Hyper-Cache
Ms-Operation-Id
X-RTag
X-B3-Spanid
X-Mode
X-RN-RSRV
Meta-Geo
Load-Balancing
X-Cache-Config
X-Tumblr-Pixel-3
X-CF-Powered-By
X-ES-SERVER
X-Cache-Var
X-Path-Route
Machine
X-Cache-Var-Map
Vix-Hermes-Req-Id
X-Upstream-CT
X-Zipkin-Id
X-Proxied
Cache-Key
X-Section
X-Access
X-Labrador-Cache-Channel
X-Hit
X-Upstream-HT
X-MP-GENERATED-AT
X-Routing-Service
X-Cache-Grace
X-Human
X-From
X-Cache-Host
X-Upgrade-Enabled
Decoy-Debug-TTL
X-Loop
X-PCL
X-Viewer-Country
Now
X-Web-Node
X-Varnish-Server
X-Varnish-Cache-Hits
X-OCL
Decoy-Debug-Status
X-RCS-CacheZone
X-Backend-Name
X-TNCMS
Decoy-Debug-Key
Rt-Fastcgi-Cache
X-CCM
ServedBy
X-AWS-Id
X-Debug-Cache
Mn-Server-Ip
X-Alternate-Cache-Key
X-Akamai-Request-ID
X-Magnolia-Registration
X-ShardId
X-Origin-Response-Time
X-LJ-Flow-ID
X-Sorting-Hat-ShopId
X-ShopId
X-VG-TLSProxy
X-R9-Blue-Green-Version
X-Sorting-Hat-PodId
X-Shopify-Stage
X-VWS-Id
X-L-Path
X-Varnish-Hits
X-Endurance-Cache-Level
X-EIG-Tracking-Id
X-Region
X-Rule
X-Environment-Context
Mail-Subject
Cache-Name
X-S
X-Via-Fastly
DB-Nickname
OT-Force-Account-Verify
GEO-INFO
DSUID
X-Rendered-As
We-Hiring
X-Hosted-By
X-JoinUs
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated
X-Drupal-Cache-Contexts
X-FC-Vary-Parameters
X-NCache
SRV
X-Proxy-Build
X-Xfnlog-Site
Akamai-GRN
X-Cluster-Node
X-Proto
X-Timing-Wait
X-Device-Type
Uber-Trace-Id
Release
X-Guploader-Uploadid
X-Trace-Id
X-Locale
X-Nginx-Cache
Cteonnt-Length
X-Site-Version
X-Redis-Cache
X-ProxyCache-Key
X-ProxyCache-Status
X-BYPASS-REASON
X-Www-Served-By
Version
NGX
X-VCT
X-Load-Cache
X-UUID
X-Platform-Server
X-Request-Time
ProcessTime
X-Time-Microsecs
X-IP
Time
X-Daa-Tunnel
X-Cache-NE
X-NewRelic-App-Data
X-Via-CDN
X-EdgeConnect-Cache-Status
Azure-InstanceId
X-FW-Version
Azure-Version
X-ECACHE
Azure-SlotName
Azure-RegionName
Azure-SiteName
S-Rt
X-Wix-Request-Id
X-Origin
X-GEO
X-MServer
Webcakes-App-Name
TWC-Privacy
Webcakes-App-Version
X-Rocket-Nginx-Bypass
Property-Id
X-Origin-Hint
Webcakes-Region
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-GeoIP-Country
TWC-Connection-Speed
X-Hl-Ver
X-Cache-Remote
X-FireWall-Port
X-No-Session
X-Proxy
X-Vgn-Hpd-Reason
X-ServerID
X-Dc
NtCoent-Length
X-Akamai-Request-ID2
CACHE
X-IPS-LoggedIn
Origin
X-Akamai-Transformed
X-HTML-Minification-Powered-By
X-ApacheServer
X-PERF
X-Real-IP
X-Distributor
Odigeo-Trace-Id
X-Format
X-Oneagent-Js-Injection
X-CDN-Forward
Fastly-SSL
X-CS
X-Cache-Backend
X-Cache-Server
L5d-Success-Class
X-RateLimit-Reset
Ec-Rule-Version
X-Unique-ID
Access-Control-Request-Headers
X-Microcachable
X-Compress-Hint
X-UA
X-Pubstack
Cache-Tags
Served-By
Origin-Cache-Control
Origin-Edge-Control
X-UnsetCookies
Hostname
Fastcgi-X-Cache-Version
X-Webkit-Csp
X-Tb
X-NC
IBM-Web2-Location
X-Cache-Category-Id
LB
X-SERVER-NAME
X-Grey
X-Varnish-Cacheable
X-B3-Parentspanid
Accept-Language
Backend-Name
Cdn-Host
Content-Script-Type
Cdn-Request-Time
Mobile-Detection-Method
Meta-Geo-Continent
Cache-Prefix
Node
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Content-Style-Type
Cross-Origin-Window-Policy
Fly-Request-Id
GEO-REGION-INFO
Arc-Country
MD5-Digest
Fly-Cache
Fastly-SWR
A
Fastly-SIE
AsisCache
BehaviorPad-Version
X-Cache-Bucket
X-Org
X-NU-AKA-ACS-Version
X-PAYTM-SRV-ID
X-Rebelmouse-Cache-Control
X-Region-Sid
X-Rebelmouse-Surrogate-Control
X-Is-Bot
X-Internal-Host
X-Edge-Server
X-DPWN-IS-SECURE
X-External-Request-Id
X-G
X-Instart-Info
X-IN-APIGATEWAY
X-Request-UUID
X-Rewrite-Enabled
X-VG-WebServer
X-Twitter-Response-Tags
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-Worker
X-Trv-Group
X-Transaction
X-S-Cookie
X-Rojux
X-S-Maxage
X-ScT
X-SRCache-Key
X-Server-Time
X-Developer
X-Detected-As
X-A-Ccd
X-A
X-A-Dcw
X-A-Dgt
X-Accel-Expires-Debug
X-A-Wwc
VivaBuild
Viewtype
Request-Country
Rendered-Blocks
Request-EU
Request-Time
Server-ID
Rt-Proxy-Cache
X-Aed
X-AIR-PT
X-Cluster-Name
X-CF-Lambda-Version
X-Connection-Hash
X-D
X-Destination
X-Date
X-CF-Lambda-Fn
X-Cdn-Srv
X-Application
X-App-Name
X-ARC
X-B-Cookie
ServerName
Proxy-Firewall
X-A-Dam
X-Edge
X-BACKEND-TTL
Proxy-Connection
X-ElasticPress-Search
X-Cache-Info
W
X-Backend-State
X-Cache-Id
X-CGP
X-Debug-Log
X-Debug-Cookies
X-Core-Mission
X-Clientip
X-Cdn-Origin
Server-Int
Platform
On-Server
Memcached
Is-Eu
Resin-Trace
RNT-Machine
X-Developers
Section-Io-Cache
RNT-Time
True-Client-Country-4JS
X-Eu-Site
X-Skip-Cache
X-ServiceProvider
X-Request-URI
X-Processor
X-Sn-Servicetimems
X-SVT-ORM-RULES
X-Varnish-Url
X-We-Are-Hiring
X-Variation
X-SVT-ORM-VERSION
X-PHP-Host
X-NX-Host
X-Generated-On
X-Powered-By-Defense
X-Fastly-Cache
HA-Ipaddr
X-Geo-Header
X-GeoIP-Country-Code
X-Location
X-Level-Front-Cache
X-HS-Combine-CSS
X-HS-Cache-Config
X-Epic-Correlation-Id
X-Nginx-Cache-Key
Ha-Gx-Prefs
Apple-News-Services-Handled
AKAMAI
Adler-Geo
Apple-News-Services-Host
Apple-News-Services-Request-Url
Countrycode
Esi-Enabled
X-C
Content-Disposition
Gh-Request-Id
Apple-News-Services-Parsed-Url
X-Ua
X-LI-UUID
X-Auto-Login
X-LI-Proto
X-Li-Pop
X-Key
X-Li-Fabric
X-Method
Web-Mar-Node
User-Cache-Control
UCS
V-Age
X-Cms-Context
IsBot
X-Irp-Debug
X-Hnp-Log
X-Amz-Meta-Cache-Control
X-Distil-CS
X-Dispatcher-Server
X-Dispatch
X-Device-Os
CDCHOST
X-Fetched-On
X-Generation-Time
X-Hash
X-Gen-Mode
X-Gannett-Site-Version
X-FPC
Fastly-Soc-X-Request-Id
X-Cache-FS-Status
X-Servername
X-Via-NSCOPI
X-WADP-Cache
X-Server-IP
X-Served-From
X-SD-PageType
X-Secret
X-SIPLIST1
X-Clara-WADP
REQUESTUUID
X-CDN-Cache
X-Block-Status
Country-Code
X-TH-Server
PFcat
X-WebServer
X-BBXSRF
X-Reboot
X-Wikidot-Backend
SS
X-Qloud-Router
X-Wikidot-Static-Cache
Server-Host
X-Reqid
X-Response-By
X-Request-Start
SD-X-WS
CF-IPCountry
X-Amzn-Remapped-Content-Length
X-Crawler
N-Cache
X-GeoIP-City
X-Origin-Expires
X-Thanos
X-Thinkindot-L3
X-Via-Edge
X-Via-SSL
X-Swa-Ws
X-Nc
X-Origin-Date
X-VServer
X-Owner
X-Webstats-RespID
X-Matched-Rule
X-Release
Heartbleed
Pramga
Selected-Fe
X-Azure-Ref-OriginShield
Powered-By
GW-Server
L
X-Bip
Thinkindot-CacheControl
Wxu-Next-Hostname
Wxu-Next-Region
Wxu-Next-Commit
Who
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Azure-Ref
Mime-Version
X-Proxy-Upstream
X-TrackingId
X-CUA
X-OVcl-Cache
X-OVcl
X-Parent-Response-Time
X-Proxy-Cache-Status
X-VC-Cache
X-Varnish-Ttl
Kp-EeAlive
X-FE
X-ND-Cache
X-CLOUD-TRACE-CONTEXT
Locale
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Ratelimit-Remaining
PageSpeed
Magicmarker
X-Pf-Uncompressing
X-Protected-By
X-LAGOON
User-Agent
X-Varnish-Beresp-Ttl
Pragrma
Memory
X-Fstrz
X-Origin-CC
X-Origin-TTL
X-ABtesting
X-Hello
X-Flog
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Page-Type
X-Planisys-CDN-TTL
X-Datadome
X-Be
X-DC
Pagetype
X-B3-SpanId
X-URL
X-Cdn-Forward
X-Backend-Host
X-Phone
X-Backend-Url
X-Ttl
X-Generated-In
X-Geo
X-Core-Value
X-IN-WAF
X-User
X-Backend-TTL
X-Zone
X-Dynatrace-Js-Agent
X-Cache-Ttl
X-Up
X-Varnish-Beresp-Status
X-Tt-Trace-Tag
X-Varnish-Beresp-Grace
X-GoCache-CacheStatus
X-MSEdge-Flight
X-MSEdge-Features
X-Newrelic-Synthetics
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Soup
X-Debug-Cache-Expiry
X-Birta-Cache-Post
X-Birta-Served
X-Servedbyhost
X-TT-LOGID
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Request-Id
Cdn
X-Oss-Storage-Class
X-Info
X-Litespeed-Cache
X-Check-Cacheable
X-Varnish-IP
Selected-FE
X-ZONE
Geoip-City
Geoip-Latitude
HitType
GeoIp-Country-Code
SN
X-MID
X-SayCDN-TTL
Cache-Hits
X-Say-Cacheable
X-Old-Content-Length
X-Say-TTL
X-VCL-Version
X-HS-Status
X-Real-Ip
X-Mid
X-Aicache-OS
X-Tb-Optimization-Total-Bytes-Saved
CF-Cached-On
Amp-Access-Control-Allow-Source-Origin
X-Ruxit-Js-Agent
X-GRACE
X-Akamai-SSL-Client-Sid
FSS-Cache
X-Vcl-Version
X-Cache-Debug
FSS-Proxy
X-App-Version
X-Agile
X-Agile-Age
X-Refresh
X-Agile-Id
X-Source
X-CSRF-TOKEN
Fastly-Backend-Name
X-Amzn-Remapped-Date
X-Node-Id
X-Amzn-Remapped-Connection
Inserted-Into-Cache-At
X-ServedByHost
X-Cache-Time
GeoIP-Country-Code
X-BC
X-Web-Server
X-Bc
X-Varnish-Authentication
GeoIP-Latitude
HostName
X-Contensis-Viewer-Groups
Server-Cache-Control
Server-Surrogate-Control
X-Cache-ASPX
Ajk
GeoIP-City
X-IN-APIGATEWAYSSL
WZWS-RAY
X-Logtrace-Id
X-EC-Lua
XServer
RequestId
X-UPSTREAM-Address
X-Via-Ucdn
X-COUNTRY
X-APP
X-CACHE-KEY
Srv
X-Nananana
X-CSRF-Token
X-FORWARDED-FOR
X-Wa
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
Ohc-Cache-HIT
Xkeyrz
X-WR-MODIFICATION
X-Varnish-Beresp-TTL
Ohc-File-Size
Group
X-NWS-UUID-VERIFY
X-ECache
X-TIME
X-Proxy-Cacherz
WebServer
X-Dynatrace
HTTPS
T-Server
Cf-Ipcountry
X-BE
X-LiteSpeed-Cache-Control
X-GDPR
Www
X-Micro-Cache
X-SRV
X-Fastly-Country-Code
X-PJAX-URL
X-SN
Is-Session-Tracking
X-LB-ID
X-Cache-Tag
URI
PICS-Label
X-Render-Time
Get-Access-Time
X-Unique-Id
X-PAGE-TYPE
Xkeynj
Backend
Lb
X-Edge-IP
X-Instart-Isnd
X-Request-Url
X-Requestid
X-Cache-Miss-From
X-Sedo-Request-Id
X-MCACHE
MIME-Version
Dynatrace
Pics-Label
X-Policy
Cneonction
CDN
Requestid
X-Uri
X-Cache-Expires
X-Fastly-Backend-Reqs
Host-ID
X-Pjax-Url
Xet-Cookie
DataCenter
X-Lb-Id
X-Apw-Access-Action
X-Vct
X-Apw-Hits
SID
X-PF-Uncompressing
X-Apw-Access-Token
X-Apw-Access-Object
X-Swift-Error
X-NGINX-Cache
X-Dw-Trace-Id
X-WA
X-Cdn-Request-ID
Epwk-Cache
X-Cf-Powered-By
X-Varnish-Action
Correlation-Id
X-Service
X-Ecache
Cache-Provider
X-Newrelic-App-Data
X-NGENIX-Cache
Sid
X-ServerName
X-Serial
Warning
X-Bug-Bounty
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Fastly-Cache-Hits
Lfy
X-Html-Edge-Cache
Fastcgi-X-Cache
RequestUuid
X-WPE-Loopback-Upstream-Addr
X-Flow-Id
X-Page-Impression-Id
X-RPM
X-RPS
X-RSL
X-DW
X-DSS
X-Zalando-Child-Request-Id
X-DB
X-DI
X-Fpc