Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
CF-RAY
ETag
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Xss-Protection
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
Alt-Svc
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
Content-Encoding
X-Iinfo
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
CF-Ray
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Request-Id
X-Amz-Id-2
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
X-Server-Powered-By
EagleId
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-SaveTime
X-Swift-CacheTime
X-WebKit-CSP
Ali-Swift-Global-Savetime
Feature-Policy
X-Server-Id
X-Device
Server-Timing
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Host
Report-To
X-Ac
X-Rq
Content-Location
X-Node
X-OneAgent-JS-Injection
X-Backend-Server
X-Response-Time
X-Cnection
X-Origin-Cache
X-Cloud-Trace-Context
X-Application-Context
EagleEye-TraceId
Allow
Request-Id
X-Readtime
Surrogate-Control
X-Country
X-ORACLE-DMS-ECID
X-Cache-Lookup
X-Cdn
X-TTL
X-DynaTrace
X-Url
X-Vhost
Pinterest-Generated-By
X-Rack-Cache
X-Ua-Compatible
X-Clacks-Overhead
X-Origin-Upstream-Status
X-Ruxit-JS-Agent
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-CST
Rating
X-FTR-Request-ID
X-ORACLE-DMS-RID
X-Country-Code
NEL
X-HW
X-Goog-Hash
X-Dispatcher
X-Instart-Request-ID
Fusion-Content-Id
Fusion-Source
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Source
X-DataStream-Cache-Status
Edge-Control
X-PC
X-Vname
X-TtlSet
X-Px
X-DataDome
X-VARITI-CCR
Service-Worker-Allowed
X-MS-InvokeApp
X-Mod-Pagespeed
X-Request-ID
X-Dns-Prefetch-Control
Verso
SPRequestGuid
X-Recruiting
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja
X-Use-Magma
X-Cdn-Fetch
X-D2id
X-Kinja-Revision
X-Kinja-Build
X-Exp-Id
X-Kinja-Server
X-Varnish-TTL
X-Vcap-Request-Id
RTSS
X-SharePointHealthScore
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
DynaTrace
TCN
X-Navigation-Version
X-GitHub-Request-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-B3-TraceId
X-RateLimit-Remaining
X-Powered-By-Plesk
X-Middleton-Response
X-Sol
Display
X-Middleton-Display
Response
X-Akam-SW-Version
X-ESI
Charset
MS-Author-Via
Content-MD5
AR-ATIME
AR-CACHE
ServerID
AR-PoweredBy
Ar-Sid
X-Shield-Request-Id
Accept-Ch-Lifetime
X-Amz-Rid
X-Trace
Realpath
X-Powered-CMS
X-Goog-Stored-Content-Length
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Goog-Metageneration
Accept-Ch
X-Server-Name
X-Goog-Generation
X-Dw-Request-Base-Id
X-Goog-Stored-Content-Encoding
X-Forwarded-Proto
X-DynaTrace-JS-Agent
AR-Request-ID
Nginx-Cache
X-Version
X-Cached
X-Upstream
Fastly-Restarts
X-Shard
Public-Key-Pins
MRF-Tech
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
SPRequestDuration
Access-Control-Request-Method
SPIisLatency
X-Goog-Storage-Class
X-MSEdge-Ref
Paypal-Debug-Id
X-Client-IP
Pagespeed
S
X-Upstream-Proxy
Pinterest-Version
X-Pinterest-Rid
X-Grace
X-Debug
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Id
X-Amz-Meta-S3cmd-Attrs
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend
X-FTR-DC
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-Expires
X-Ezoic-Cdn
X-N
X-T
X-DIS-Request-ID
X-Fastly-Request-ID
MicrosoftSharePointTeamServices
Accept-CH
Arr-Disable-Session-Affinity
X-Amzn-Trace-Id
Front-End-Https
X-NF-Request-ID
X-Content-Type
X-Hits
X-Vcache
X-FastCGI-Cache
X-B3-Sampled
X-Ser
X-Varnish-Age
Nel
Arc-Version
X-Mobile-Rewrite
PB-PID
PB-RID
Alternate-Protocol
Fastcgi-Cache
X-Acc-Meta-Resource-Type
X-FTR-Cache-Host
X-Frontend
X-Logged-In
X-Content-Digest
X-XRDS-Location
Server-Name
X-Srv
X-Correlation-Id
X-VCache
X-Pad
X-Forwarded-For
X-B3-Traceid
Host
X-Node-Name
Powered-By-ChinaCache
AMP-Access-Control-Allow-Source-Origin
X-Cache-Key
X-Microsite
X-Request-Handler-Origin-Region
FilterID
TP-L2-Cache
TP-Cache
Healthy
X-Type
X-Rid
Edge-Cache-Tag
X-XRDS-LOCATION
X-Kinsta-Cache
X-Server-ID
X-LB-Cache
X-IPLB-Instance
X-User-Agent
X-Request-Processing-Time
X-Request-Received
X-Debug-Info
X-AOL-HN
X-Cached-By
X-Cache-2
X-F-Cache
X-GUploader-UploadID
X-Revision
X-Zen-Fury
X-Amz-Apigw-Id
X-Amzn-RequestId
Powered
X-Hostname
X-HS-Hub-Id
X-Cache-Rule
X-HS-Content-Id
Backend-Timing
X-Cache-Age
X-Analytics
X-Fastcgi-Cache
X-Accel-Expires
Surrogate-Key
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Activity-Id
X-Az
X-AppVersion
X-Varnish-Backend
X-Via-JSL
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Page-Id
X-Content-Security-Policy-Report-Only
X-Instance
X-Content-Options
X-BCube-Filmed-By
X-Varnish-Grace
X-Akamai-Edgescape
Source
X-FB-Debug
X-Jobs
X-Tumblr-User
X-Tumblr-Pixel-0
X-Cluster
X-Tumblr-Pixel
X-App-Environment
Cache-Status
X-Content-Powered-By
X-Amz-Replication-Status
X-PHP-Backend
X-Request-Guid
X-TT
X-Framework
Cleartype
Server-Node
Refresh
X-Forwarded-Host
X-Esi
X-RateLimit-Limit
X-B-Cache
X-Varnish-Hostname
X-Signature
Tracecode
X-FW-Static
X-FW-Server
X-FW-Hash
X-FW-Serve
X-FW-Type
Liferay-Portal
WPE-Backend
X-ATG-Version
Host-Header
DC
X-Mobile
X-Time
X-Cache-Operation
Accept-Charset
X-Cache-Control
X-Edge-Location
X-Cache-Action
Access-Control-Allow-Method
X-Drupal-Cache-Tags
Accept-CH-Lifetime
Actual-Object-TTL
Fastcgi-Useragent
X-NWS-LOG-UUID
X-Cache-Hit
Payment
X-Hp-Webp
X-Response-Served-From
X-Mobile-URL
X-Accel-Buffering
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Whom
X-TX-ID
X-App-Server
Upgrade-Insecure-Requests
X-B
X-Cache-TTL
X-Storage
X-SS-Set-Cookie
X-UA-Device-Type
X-WebKit-CSP-Report-Only
X-Content-Age
X-TT-TIMESTAMP
X-Yottaa-Optimizations
Xserver
X-Handled-By
X-Yottaa-Metrics
X-APP-VERSION
X-Cacheable-TTL
X-GeoIP
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-RequestSource
X-WA-Info
X-Git-Hash
Filters
X-Adobe-Loc
Eomportal-Instance
Cache-Tv-Group
Cache
X-Status
X-Adobe-Content
Viewport
X-VG-WebCache
X-RemovedCookies
X-ProcessESI
X-Geo-Country
NGB
Cache-Tag
X-Ratelimit-Limit
Webserver
X-Presslabs-Stats
Server-Info
X-FB-TRIP-ID
Datacenter
Retry-After
X-Cache-TTL-Remaining
X-Ratelimit-Reset
X-TA-CDN-Provider
X-FW-Dynamic
X-Cache-Enabled
X-Seen-By
X-Contextid
MS-CV
X-Host-Name
S-Cnection
X-Origin-Server
Country
From-Origin
X-Generated-By
X-Hyper-Cache
X-Mode
Frame-Options
X-CF-Powered-By
X-RTag
Ms-Operation-Id
X-RN-RSRV
X-Cache-Var-Map
X-Cache-Var
Meta-Geo
X-AWS-Id
X-Tumblr-Pixel-3
X-ES-SERVER
Load-Balancing
X-Cache-Config
X-VWS-Id
X-LJ-Flow-ID
Machine
X-Path-Route
X-Zipkin-Id
X-Varnish-Cache-Hits
DSUID
X-Access
X-Backend-Name
Vix-Hermes-Req-Id
X-Upstream-CT
Cache-Key
X-Upstream-HT
Release
Mail-Subject
X-Hit
We-Hiring
X-Cache-Host
X-MP-GENERATED-AT
X-Labrador-Cache-Channel
X-Section
X-Proxied
X-Routing-Service
X-B3-Spanid
X-Cache-Grace
X-Human
Decoy-Debug-Status
X-Viewer-Country
Decoy-Debug-Key
X-Guploader-Uploadid
X-From
X-R9-Blue-Green-Version
X-Loop
X-OCL
X-PCL
X-Web-Node
X-Varnish-Hits
Decoy-Debug-TTL
Now
Mn-Server-Ip
X-Magnolia-Registration
X-Device-Type
X-EIG-Tracking-Id
X-TNCMS
Uber-Trace-Id
X-Varnish-Server
X-Upgrade-Enabled
X-RCS-CacheZone
X-Debug-Cache
ServedBy
X-BYPASS-REASON
X-ProxyCache-Status
Akamai-GRN
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-ProxyCache-Key
X-Cluster-Node
X-Shopify-Stage
X-Alternate-Cache-Key
X-Environment-Context
OT-Force-Account-Verify
Rt-Fastcgi-Cache
X-Endurance-Cache-Level
X-ShopId
X-ShardId
X-CCM
X-Origin-Response-Time
GEO-INFO
X-Akamai-Request-ID
X-L-Path
X-Proto
X-VG-TLSProxy
X-Rendered-As
X-Rule
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Proxy-Build
X-S
X-Region
X-JoinUs
X-Generated
X-FC-Vary-Parameters
X-Hosted-By
X-Xfnlog-Site
X-Timing-Wait
X-NCache
Cache-Name
DB-Nickname
X-Via-Fastly
X-PressLabs-Stats
X-Drupal-Cache-Contexts
X-Trace-Id
X-VCT
X-Www-Served-By
X-Nginx-Cache
X-Redis-Cache
NGX
X-Site-Version
X-Locale
Cteonnt-Length
X-Platform-Server
X-UUID
X-NewRelic-App-Data
ProcessTime
X-Load-Cache
X-Cache-NE
X-Daa-Tunnel
SRV
X-MServer
X-EdgeConnect-Cache-Status
X-Request-Time
X-ECACHE
X-Oracle-Dms-Rid
X-Hl-Ver
X-IP
Version
X-Time-Microsecs
X-Vgn-Hpd-Reason
X-Rocket-Nginx-Bypass
Time
X-ServerID
X-Origin
CACHE
X-FW-Version
Azure-SlotName
Azure-InstanceId
X-Via-CDN
X-Dc
Azure-RegionName
Azure-SiteName
X-Wix-Request-Id
S-Rt
Azure-Version
X-RateLimit-Reset
X-Cache-Remote
X-Origin-Hint
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-Connection-Speed
X-IPS-LoggedIn
Property-Id
X-GEO
TWC-GeoIP-Country
Webcakes-App-Version
Webcakes-Region
TWC-Privacy
Webcakes-App-Name
TWC-Locale-Group
X-Real-IP
X-Proxy
Origin
NtCoent-Length
X-UA
X-No-Session
X-FireWall-Port
X-Oneagent-Js-Injection
X-Akamai-Request-ID2
Odigeo-Trace-Id
L5d-Success-Class
X-Distributor
Fastly-SSL
X-Akamai-Transformed
X-Cache-Backend
Served-By
X-PERF
X-ApacheServer
X-CDN-Forward
X-HTML-Minification-Powered-By
X-CS
X-Unique-ID
X-Format
X-Cache-Server
X-Microcachable
X-Pubstack
Origin-Edge-Control
Origin-Cache-Control
X-Webkit-Csp
X-Compress-Hint
Fastcgi-X-Cache-Version
Ec-Rule-Version
X-Edge
IBM-Web2-Location
Cache-Tags
X-Grey
X-UnsetCookies
X-Cache-Category-Id
X-Powered-By-Defense
LB
X-BACKEND-TTL
Proxy-Connection
X-Detected-As
X-Tb
Backend-Name
X-Varnish-Cacheable
X-Is-Bot
Fastly-SIE
Cross-Origin-Window-Policy
MD5-Digest
X-NU-AKA-ACS-Version
HA-Ipaddr
X-Org
X-NX-Host
Ha-Gx-Prefs
GEO-REGION-INFO
Fly-Request-Id
Fastly-SWR
Fly-Cache
Content-Style-Type
Cache-Cookie-Set-Idcheck
X-Edge-Server
A
Arc-Country
X-Eu-Site
X-External-Request-Id
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
AsisCache
X-Debug-Cookies
X-PAYTM-SRV-ID
Cdn-Host
Cdn-Request-Time
Cache-Prefix
Cache-Cookie-Set-Lfrom
BehaviorPad-Version
Cache-Cookie-Set-From
Content-Script-Type
Rt-Proxy-Cache
X-ARC
X-B-Cookie
X-Cache-Bucket
X-Application
X-App-Name
X-Accel-Expires-Debug
X-Aed
X-AIR-PT
X-Destination
X-Cdn-Srv
X-Debug-Log
X-D
X-Date
X-Connection-Hash
X-Cluster-Name
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-CGP
X-A-Wwc
X-A-Dgt
Request-EU
Request-Time
X-Region-Sid
Request-Country
Rendered-Blocks
Mobile-Detection-Method
Node
Proxy-Firewall
Server-ID
ServerName
X-A-Ccd
X-A-Dam
X-A-Dcw
X-A
X-Developer
Viewtype
VivaBuild
Meta-Geo-Continent
X-DPWN-IS-SECURE
X-HS-Cache-Config
X-Request-UUID
X-Transaction
X-Rojux
Hostname
X-Trv-Group
X-IN-APIGATEWAY
X-Twitter-Response-Tags
X-Server-Time
X-Vtex-Processado-Em
X-VG-WebServer
X-Rewrite-Enabled
X-Nc
X-Vtex-Remote-Cache
X-G
Access-Control-Request-Headers
X-S-Cookie
X-Via-NSCOPI
X-Internal-Host
X-S-Maxage
X-ScT
PageSpeed
X-Worker
X-Instart-Info
Xc-Version
X-SRCache-Key
X-HS-Combine-CSS
X-ElasticPress-Search
X-B3-Parentspanid
W
X-Key
X-We-Are-Hiring
X-Irp-Debug
Esi-Enabled
Server-Host
Section-Io-Cache
X-Server-IP
RNT-Machine
On-Server
Platform
Resin-Trace
X-Variation
X-Dispatch
RNT-Time
X-Hash
Is-Eu
X-Nginx-Cache-Key
X-GeoIP-Country-Code
Memcached
X-Dispatcher-Server
Gh-Request-Id
Server-Int
X-Cdn-Origin
X-ServiceProvider
X-Clientip
X-Qloud-Router
X-Generated-On
Countrycode
X-Epic-Correlation-Id
X-Processor
X-Request-URI
True-Client-Country-4JS
X-Skip-Cache
X-Reqid
X-C
X-Developers
X-Sn-Servicetimems
X-Fastly-Cache
X-Core-Mission
X-TH-Server
X-PHP-Host
Accept-Language
Adler-Geo
X-Geo-Header
X-Level-Front-Cache
SS
X-Backend-State
X-Location
X-Cache-Id
X-Cache-Info
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Country-Code
Apple-News-Services-Request-Url
Mime-Version
X-NC
Web-Mar-Node
V-Age
User-Cache-Control
X-Secret
Who
X-Amz-Meta-Cache-Control
X-Li-Fabric
X-Block-Status
X-BBXSRF
X-Cache-FS-Status
X-CDN-Cache
X-Crawler
X-SIPLIST1
X-Swa-Ws
X-Auto-Login
X-Device-Os
X-Served-From
Wxu-Next-Region
Wxu-Next-Hostname
X-Servername
X-LI-UUID
X-Li-Pop
X-LI-Proto
Wxu-Next-Commit
Powered-By
CDCHOST
X-Response-By
Content-Disposition
UCS
X-Distil-CS
X-Webstats-RespID
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Varnish-Url
X-Generation-Time
X-Fetched-On
X-FPC
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Reboot
X-Gen-Mode
X-Gannett-Site-Version
X-WebServer
AKAMAI
X-Method
SD-X-WS
PFcat
X-SD-PageType
REQUESTUUID
X-Request-Start
Pramga
X-Hnp-Log
IsBot
X-SERVER-NAME
X-CUA
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Matched-Rule
X-Via-Edge
X-Clara-WADP
X-Via-SSL
X-Cms-Context
X-WADP-Cache
X-Release
Thinkindot-CacheControl
Fastly-Soc-X-Request-Id
L
X-Owner
CF-IPCountry
X-VServer
X-Origin-Expires
X-GeoIP-City
Heartbleed
X-ND-Cache
X-Thanos
X-Origin-Date
GW-Server
X-Bip
X-Thinkindot-L3
X-Azure-Ref-OriginShield
X-Azure-Ref
X-Ua
X-Varnish-Ttl
X-OVcl
N-Cache
X-Protected-By
X-CLOUD-TRACE-CONTEXT
X-VC-Cache
X-Proxy-Cache-Status
X-OVcl-Cache
X-Proxy-Upstream
X-Amzn-Remapped-Content-Length
X-Ratelimit-Remaining
Kp-EeAlive
X-FE
X-Parent-Response-Time
X-TrackingId
X-Varnish-Beresp-Ttl
X-Fstrz
Selected-Fe
Pragrma
User-Agent
X-Planisys-CDN-Rules
X-Pf-Uncompressing
X-LAGOON
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Urbn-Context-Path
Locale
X-Urbn-Site-Id
Magicmarker
Memory
X-Be
X-Core-Value
X-Phone
X-Origin-TTL
X-Cdn-Forward
X-Origin-CC
X-IN-WAF
X-Zone
X-Datadome
X-Varnish-Beresp-Grace
X-URL
X-Varnish-Beresp-Status
Pagetype
X-ABtesting
X-Flog
X-Ttl
X-Hello
X-Geo
X-Page-Type
X-B3-SpanId
X-DC
X-Dynatrace-Js-Agent
X-Generated-In
X-Birta-Served
X-Birta-Cache-Post
X-User
X-Backend-TTL
X-GRACE
X-Backend-Host
Cdn
X-Backend-Url
X-Info
X-Varnish-IP
HitType
Selected-FE
X-Newrelic-Synthetics
X-Debug-Cache-Store
X-MSEdge-Features
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
GeoIp-Country-Code
X-MSEdge-Flight
Geoip-City
Geoip-Latitude
X-GoCache-CacheStatus
X-Tt-Trace-Tag
X-Soup
X-TT-LOGID
X-Up
X-Litespeed-Cache
SN
X-MID
X-Mid
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Object-Type
X-Servedbyhost
X-Real-Ip
X-Cache-Ttl
X-HS-Status
CF-Cached-On
X-Cache-Debug
X-Agile
X-Agile-Age
X-Agile-Id
X-Aicache-OS
X-Vcl-Version
X-Source
X-Refresh
Amp-Access-Control-Allow-Source-Origin
X-Check-Cacheable
X-Ruxit-Js-Agent
X-App-Version
X-ServedByHost
X-Web-Server
X-SayCDN-TTL
X-Say-Cacheable
X-Old-Content-Length
X-VCL-Version
FSS-Proxy
X-Tb-Optimization-Total-Bytes-Saved
FSS-Cache
X-ZONE
X-Say-TTL
HostName
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
Cache-Hits
X-Bc
Server-Surrogate-Control
GeoIP-Country-Code
X-Varnish-Authentication
X-CSRF-Token
X-Cache-ASPX
X-Contensis-Viewer-Groups
Server-Cache-Control
X-EC-Lua
WZWS-RAY
X-APP
RequestId
GeoIP-Latitude
GeoIP-City
X-Via-Ucdn
X-COUNTRY
X-UPSTREAM-Address
Inserted-Into-Cache-At
X-Node-Id
Fastly-Backend-Name
Ohc-File-Size
Srv
Ohc-Cache-HIT
X-Logtrace-Id
X-Cache-Time
X-IN-APIGATEWAYSSL
X-NWS-UUID-VERIFY
Group
Ajk
X-Akamai-SSL-Client-Sid
X-Nananana
X-BC
X-CACHE-KEY
X-CSRF-TOKEN
X-Proxy-Cacherz
X-WR-MODIFICATION
Xkeyrz
X-ECache
HTTPS
WebServer
X-Dynatrace
XServer
X-PAGE-TYPE
X-Varnish-Beresp-TTL
Backend
X-RateLimit-Limit-Second
Cf-Ipcountry
X-RateLimit-Remaining-Second
X-Wa
X-Cache-Tag
X-SN
URI
Www
X-TIME
Get-Access-Time
X-Tec-Api-Origin
X-Fastly-Country-Code
X-Unique-Id
X-FORWARDED-FOR
X-Tec-Api-Root
X-Instart-Isnd
X-Request-Url
X-Tec-Api-Version
Xkeynj
X-BE
Is-Session-Tracking
X-MCACHE
X-LiteSpeed-Cache-Control
Lb
X-Edge-IP
Cneonction
X-Cache-Miss-From
PICS-Label
X-Sedo-Request-Id
X-PJAX-URL
Host-ID
X-Requestid
X-Cache-Expires
Requestid
T-Server
Dynatrace
X-Fastly-Backend-Reqs
X-GDPR
X-LB-ID
X-Micro-Cache
X-Render-Time
X-SRV
DataCenter
Xet-Cookie
X-Apw-Access-Token
X-Apw-Access-Object
Pics-Label
X-Apw-Hits
X-Vct
X-Swift-Error
X-Apw-Access-Action
X-PF-Uncompressing
CDN
X-Varnish-Action
X-Lb-Id
Epwk-Cache
X-NGENIX-Cache
X-Pjax-Url
X-Dw-Trace-Id
X-NGINX-Cache
X-Policy
X-Uri
SID
X-Ecache
X-WA
X-Cf-Powered-By
Correlation-Id
Fastcgi-X-Cache
MIME-Version
Warning
X-Bug-Bounty
X-Akamai-ERPolicy
Lfy
Ohc-Response-Time
X-WPE-Loopback-Upstream-Addr
RequestUuid
X-Svr
X-Serial
X-Html-Edge-Cache
X-LiteSpeed-Tag
X-Akamai-ERRuleID
X-Fastly-Cache-Hits
X-DSS
X-DI
X-RSL
X-RPS
X-RPM
X-DB
X-Fpc
X-ServerName
X-Flow-Id
X-Page-Impression-Id
X-Zalando-Child-Request-Id
X-DW