Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Request-Id
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
X-Drupal-Cache
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
P3p
X-Template
Status
X-Language
Timing-Allow-Origin
Content-Encoding
X-Iinfo
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Amz-Request-Id
X-Amz-Id-2
X-Pingback
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
X-Server-Powered-By
EagleId
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
X-WebKit-CSP
Ali-Swift-Global-Savetime
Feature-Policy
X-Device
Server-Timing
X-Server-Id
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Host
Report-To
X-Ac
X-Rq
Content-Location
X-Node
X-OneAgent-JS-Injection
X-Backend-Server
X-Cnection
X-Response-Time
X-Origin-Cache
X-Cloud-Trace-Context
X-Application-Context
EagleEye-TraceId
Allow
Request-Id
X-Readtime
Surrogate-Control
X-Country
X-Cache-Lookup
X-ORACLE-DMS-ECID
X-TTL
X-DynaTrace
X-Url
X-Vhost
X-Cdn
X-Rack-Cache
Pinterest-Generated-By
X-Clacks-Overhead
X-Origin-Upstream-Status
X-Ruxit-JS-Agent
NEL
X-Ua-Compatible
X-CST
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Rating
X-ORACLE-DMS-RID
X-FTR-Request-ID
X-Country-Code
X-HW
X-Goog-Hash
X-Dispatcher
X-Instart-Request-ID
Fusion-Component-Id
Fusion-Source
Fusion-Content-Source
Fusion-Template-Id
Fusion-Content-Id
X-DataStream-Cache-Status
Edge-Control
X-TtlSet
X-Vname
X-PC
X-Px
X-VARITI-CCR
Service-Worker-Allowed
X-DataDome
X-MS-InvokeApp
X-Mod-Pagespeed
Verso
SPRequestGuid
X-Recruiting
X-Request-ID
X-GoogleNews-Bot
X-Exp-Id
X-Kinja-Server
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-Exp-Variant
X-Dns-Prefetch-Control
X-Use-Magma
X-Cdn-Fetch
X-D2id
X-Varnish-TTL
X-Vcap-Request-Id
RTSS
X-SharePointHealthScore
X-Amz-Server-Side-Encryption
X-Abt-Application-Version
TCN
DynaTrace
X-Navigation-Version
X-GitHub-Request-Id
X-Powered-By-Plesk
X-SRCache-Store-Status
X-RateLimit-Remaining
X-SRCache-Fetch-Status
X-Middleton-Display
Display
X-Middleton-Response
Response
X-Sol
X-Akam-SW-Version
Charset
Content-MD5
MS-Author-Via
X-B3-TraceId
X-ESI
X-Trace
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
AR-CACHE
AR-ATIME
AR-PoweredBy
Ar-Sid
ServerID
X-Shield-Request-Id
X-Amz-Rid
Realpath
X-Powered-CMS
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Dw-Request-Base-Id
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
AR-Request-ID
X-DynaTrace-JS-Agent
X-Forwarded-Proto
X-Version
Accept-Ch-Lifetime
Nginx-Cache
X-Cached
X-Server-Name
X-Upstream
Fastly-Restarts
X-Shard
Public-Key-Pins
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Mrf-Section-Lastmod
MRF-Tech
X-Mrf-Item-Lastmod
SPRequestDuration
SPIisLatency
Access-Control-Request-Method
Paypal-Debug-Id
Accept-Ch
X-Goog-Storage-Class
X-MSEdge-Ref
X-Client-IP
Pagespeed
Pinterest-Version
X-Upstream-Proxy
X-Pinterest-Rid
Accept-CH
S
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Debug
X-Amz-Meta-S3cmd-Attrs
X-Id
X-Country-Code-Real
X-Grace
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Realm
X-FTR-Balancer
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Expires
X-Ezoic-Cdn
X-N
X-T
X-DIS-Request-ID
X-Fastly-Request-ID
MicrosoftSharePointTeamServices
X-Vcache
Arr-Disable-Session-Affinity
X-XRDS-Location
X-Amzn-Trace-Id
Front-End-Https
X-NF-Request-ID
X-Content-Type
X-Hits
X-B3-Sampled
X-Varnish-Age
X-Mobile-Rewrite
X-Ser
PB-RID
PB-PID
Arc-Version
X-FastCGI-Cache
Alternate-Protocol
Fastcgi-Cache
X-Acc-Meta-Resource-Type
X-FTR-Cache-Host
X-Frontend
X-Logged-In
X-B3-Traceid
X-Content-Digest
Server-Name
X-Server-ID
X-Srv
X-Correlation-Id
X-Pad
X-Forwarded-For
X-VCache
Host
AMP-Access-Control-Allow-Source-Origin
X-Node-Name
Powered-By-ChinaCache
Nel
X-Microsite
X-Request-Handler-Origin-Region
FilterID
TP-L2-Cache
TP-Cache
Healthy
X-Rid
X-Cache-Key
X-Type
X-LB-Cache
X-Kinsta-Cache
Edge-Cache-Tag
X-IPLB-Instance
X-User-Agent
X-Request-Processing-Time
X-Request-Received
X-AOL-HN
X-Debug-Info
X-GUploader-UploadID
X-Cached-By
X-Revision
X-Cache-2
X-F-Cache
X-Zen-Fury
X-Amzn-RequestId
X-Amz-Apigw-Id
Powered
X-Hostname
X-Fastcgi-Cache
X-Cache-Rule
X-HS-Content-Id
X-HS-Hub-Id
X-Cache-Age
X-XRDS-LOCATION
Backend-Timing
X-Analytics
X-Accel-Expires
Surrogate-Key
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Esi
X-RateLimit-Limit
X-AppVersion
X-Activity-Id
X-Az
X-Page-Id
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Content-Security-Policy-Report-Only
X-Varnish-Backend
X-Via-JSL
X-BCube-Filmed-By
X-Varnish-Grace
X-Content-Options
X-Instance
X-Tumblr-User
X-Cluster
X-Tumblr-Pixel-0
X-Tumblr-Pixel
Source
X-Jobs
X-FB-Debug
X-Amz-Replication-Status
X-Request-Guid
X-Akamai-Edgescape
X-PHP-Backend
X-Content-Powered-By
Cache-Status
X-App-Environment
X-TT
Cleartype
X-Framework
Refresh
Server-Node
X-Forwarded-Host
Tracecode
X-Varnish-Hostname
WPE-Backend
X-Signature
Accept-CH-Lifetime
X-B-Cache
X-FW-Serve
X-ATG-Version
X-FW-Server
X-FW-Hash
X-FW-Static
X-FW-Type
Liferay-Portal
Host-Header
X-Mobile
X-Cache-Operation
DC
X-Time
X-Cache-Control
Accept-Charset
X-Edge-Location
X-NWS-LOG-UUID
Access-Control-Allow-Method
Actual-Object-TTL
X-Cache-Action
X-Drupal-Cache-Tags
Fastcgi-Useragent
X-Cache-Hit
Cache
Payment
X-Whom
X-Accel-Buffering
X-Response-Served-From
Upgrade-Insecure-Requests
X-App-Server
X-Hp-Webp
X-Mobile-URL
X-TX-ID
X-B
X-Storage
X-UA-Device-Type
X-WebKit-CSP-Report-Only
X-Content-Age
X-Handled-By
X-TT-TIMESTAMP
X-Yottaa-Optimizations
Xserver
X-Yottaa-Metrics
X-Erf-Bev-Bev-Is-Generated
X-Cacheable-TTL
X-SS-Set-Cookie
X-Git-Hash
X-GeoIP
X-Tumblr-Pixel-1
X-Erf-Bev-Bev
Filters
X-RequestSource
X-Tumblr-Pixel-2
X-Adobe-Loc
Eomportal-Instance
X-Cache-TTL
X-WA-Info
X-Adobe-Content
Cache-Tv-Group
Viewport
X-Ratelimit-Reset
X-RemovedCookies
X-ProcessESI
X-VG-WebCache
X-APP-VERSION
X-Status
X-Geo-Country
Cache-Tag
NGB
Webserver
Server-Info
Datacenter
X-FB-TRIP-ID
X-Cache-TTL-Remaining
Retry-After
X-Cache-Enabled
X-FW-Dynamic
X-Seen-By
X-TA-CDN-Provider
X-Contextid
X-Presslabs-Stats
S-Cnection
MS-CV
X-Ratelimit-Limit
X-Host-Name
X-Origin-Server
X-PressLabs-Stats
From-Origin
Country
X-Mode
Frame-Options
X-Generated-By
X-Hyper-Cache
X-RTag
X-Cache-Var
X-ES-SERVER
X-Path-Route
Load-Balancing
Meta-Geo
X-LJ-Flow-ID
X-RN-RSRV
X-Tumblr-Pixel-3
Ms-Operation-Id
Machine
X-Cache-Config
X-VWS-Id
X-AWS-Id
X-Cache-Var-Map
X-Human
Cache-Key
X-Upstream-CT
X-Upstream-HT
X-Routing-Service
X-Proxied
X-Labrador-Cache-Channel
DSUID
X-Varnish-Cache-Hits
X-Cache-Host
X-Backend-Name
Mail-Subject
X-Zipkin-Id
X-Cache-Grace
Vix-Hermes-Req-Id
We-Hiring
X-Hit
Release
X-Magnolia-Registration
X-CF-Powered-By
X-Varnish-Hits
X-Access
ServedBy
X-Web-Node
Uber-Trace-Id
X-MP-GENERATED-AT
Now
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
X-Viewer-Country
X-Section
X-Upgrade-Enabled
X-Loop
X-OCL
X-PCL
X-RCS-CacheZone
X-From
X-EIG-Tracking-Id
X-Debug-Cache
X-TNCMS
X-Device-Type
X-Varnish-Server
Mn-Server-Ip
X-Rendered-As
GEO-INFO
X-BYPASS-REASON
X-CCM
X-Cluster-Node
X-VG-TLSProxy
X-Endurance-Cache-Level
Rt-Fastcgi-Cache
X-B3-Spanid
X-R9-Blue-Green-Version
OT-Force-Account-Verify
X-Environment-Context
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-Rule
X-Proto
X-ProxyCache-Key
X-ProxyCache-Status
X-Origin-Response-Time
X-ShardId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-L-Path
X-ShopId
Akamai-GRN
X-Akamai-Request-ID
X-FC-Vary-Parameters
X-Xfnlog-Site
X-Generated
X-Timing-Wait
X-Proxy-Build
X-Daa-Tunnel
X-Region
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hosted-By
DB-Nickname
X-NCache
Cache-Name
X-Via-Fastly
X-JoinUs
X-S
X-Guploader-Uploadid
X-Redis-Cache
X-VCT
X-Trace-Id
X-Www-Served-By
X-Nginx-Cache
X-Drupal-Cache-Contexts
X-Locale
NGX
X-Site-Version
Cteonnt-Length
X-Cache-NE
X-UUID
X-Platform-Server
X-Load-Cache
X-NewRelic-App-Data
ProcessTime
SRV
X-MServer
X-Hl-Ver
X-EdgeConnect-Cache-Status
X-Vgn-Hpd-Reason
X-ECACHE
X-Request-Time
X-Cache-Remote
X-Time-Microsecs
X-ServerID
X-Real-IP
Time
X-Rocket-Nginx-Bypass
X-IP
X-Oracle-Dms-Rid
X-GEO
Azure-SiteName
Azure-InstanceId
X-FW-Version
X-Via-CDN
Azure-SlotName
Version
X-Origin
S-Rt
Azure-RegionName
X-Wix-Request-Id
Azure-Version
TWC-Locale-Group
TWC-Privacy
X-Origin-Hint
Webcakes-Region
TWC-GeoIP-LatLong
X-IPS-LoggedIn
TWC-GeoIP-Country
TWC-Device-Class
Webcakes-App-Name
Property-Id
Webcakes-App-Version
TWC-Connection-Speed
X-Proxy
Origin
X-No-Session
X-FireWall-Port
L5d-Success-Class
X-Akamai-Transformed
X-Distributor
NtCoent-Length
X-Dc
Served-By
X-Cache-Backend
Odigeo-Trace-Id
X-Oneagent-Js-Injection
Fastly-SSL
X-ApacheServer
X-PERF
X-Unique-ID
X-Microcachable
X-Akamai-Request-ID2
CACHE
X-Pubstack
X-CS
Origin-Edge-Control
Origin-Cache-Control
X-RateLimit-Reset
X-Format
X-Cache-Server
X-UA
Fastcgi-X-Cache-Version
X-CDN-Forward
X-Cache-Category-Id
IBM-Web2-Location
Hostname
Ec-Rule-Version
X-Grey
X-SERVER-NAME
X-HTML-Minification-Powered-By
Cache-Tags
X-Compress-Hint
X-Webkit-Csp
X-NC
X-UnsetCookies
X-Is-Bot
Proxy-Connection
X-Detected-As
X-Powered-By-Defense
X-Edge
X-Varnish-Cacheable
X-Tb
Backend-Name
X-Aed
X-Accel-Expires-Debug
X-A-Dgt
X-A-Wwc
X-AIR-PT
Xc-Version
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-CGP
X-Vtex-Remote-Cache
X-Connection-Hash
X-Cluster-Name
X-Cdn-Srv
X-Cache-Bucket
X-A-Dcw
X-Application
X-ARC
X-Worker
X-B-Cookie
X-App-Name
Viewtype
Fly-Request-Id
Request-Time
GEO-REGION-INFO
Fly-Cache
Fastly-SWR
Rt-Proxy-Cache
Cross-Origin-Window-Policy
Fastly-SIE
Request-EU
Request-Country
Node
Mobile-Detection-Method
Meta-Geo-Continent
HA-Ipaddr
Ha-Gx-Prefs
Rendered-Blocks
Proxy-Firewall
Content-Style-Type
Content-Script-Type
X-B3-Parentspanid
Arc-Country
AsisCache
VivaBuild
X-A
A
X-A-Ccd
ServerName
BehaviorPad-Version
Server-ID
Cdn-Host
Cdn-Request-Time
Cache-Prefix
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-A-Dam
X-Twitter-Response-Tags
X-Destination
X-Request-UUID
X-Developer
MD5-Digest
X-DPWN-IS-SECURE
X-Debug-Log
X-Debug-Cookies
X-Rewrite-Enabled
X-D
X-Date
X-Via-NSCOPI
X-Edge-Server
X-Vtex-Processado-Em
X-Processor
X-Rebelmouse-Cache-Control
X-G
X-Org
X-PAYTM-SRV-ID
X-External-Request-Id
X-Eu-Site
X-NU-AKA-ACS-Version
X-NX-Host
X-Region-Sid
X-Rebelmouse-Surrogate-Control
X-Rojux
Access-Control-Request-Headers
X-BACKEND-TTL
X-Instart-Info
X-Transaction
X-Internal-Host
X-HS-Combine-CSS
LB
X-VG-WebServer
X-IN-APIGATEWAY
X-Trv-Group
X-S-Cookie
X-SRCache-Key
X-Server-Time
X-ScT
X-S-Maxage
X-Ua
X-HS-Cache-Config
X-ElasticPress-Search
Section-Io-Cache
RNT-Time
RNT-Machine
Platform
X-Generated-On
X-Key
Memcached
Resin-Trace
X-Irp-Debug
X-Level-Front-Cache
X-Geo-Header
X-Location
X-Hash
X-Nginx-Cache-Key
On-Server
X-GeoIP-Country-Code
X-Epic-Correlation-Id
X-Cache-Id
X-Cache-Info
X-Sn-Servicetimems
X-Skip-Cache
X-Backend-State
X-Cdn-Origin
X-TH-Server
X-Variation
X-Clientip
X-Core-Mission
X-We-Are-Hiring
X-ServiceProvider
X-Server-IP
X-Qloud-Router
Server-Int
X-Fastly-Cache
Server-Host
X-Reqid
X-Request-URI
X-Dispatch
X-Dispatcher-Server
True-Client-Country-4JS
SS
X-PHP-Host
Esi-Enabled
Apple-News-Services-Request-Url
Country-Code
PageSpeed
Apple-News-Services-Parsed-Url
X-C
Adler-Geo
Apple-News-Services-Handled
Apple-News-Services-Host
Gh-Request-Id
Countrycode
Is-Eu
X-Wikidot-Backend
X-Device-Os
X-Distil-CS
X-Crawler
X-Fetched-On
X-Gannett-Site-Version
X-Webstats-RespID
X-FPC
X-Wikidot-Static-Cache
W
X-Auto-Login
X-Amz-Meta-Cache-Control
X-Developers
X-BBXSRF
X-Block-Status
X-CDN-Cache
X-Cache-FS-Status
X-Gen-Mode
X-Generation-Time
X-Secret
X-SD-PageType
X-Response-By
X-Served-From
X-SVT-ORM-VERSION
X-SIPLIST1
X-Servername
Accept-Language
X-Request-Start
X-Reboot
X-WebServer
X-Li-Pop
X-Hnp-Log
X-LI-Proto
AKAMAI
X-Swa-Ws
X-Method
X-LI-UUID
X-SVT-ORM-RULES
X-Li-Fabric
V-Age
CDCHOST
Who
Wxu-Next-Commit
PFcat
User-Cache-Control
REQUESTUUID
UCS
Pramga
Powered-By
Wxu-Next-Hostname
Web-Mar-Node
Content-Disposition
Wxu-Next-Region
IsBot
SD-X-WS
CF-IPCountry
X-ND-Cache
GW-Server
X-GeoIP-City
X-Thinkindot-L3
X-Thanos
X-Cms-Context
X-Origin-Date
X-Varnish-Url
X-Owner
Thinkindot-CacheControl-Type
X-Release
Thinkindot-Control
X-Nc
X-Origin-Expires
Fastly-Soc-X-Request-Id
X-CUA
X-Clara-WADP
X-VServer
X-Via-SSL
X-Azure-Ref
X-Bip
Heartbleed
X-Azure-Ref-OriginShield
X-WADP-Cache
X-Via-Edge
X-Matched-Rule
Thinkindot-CacheControl
Mime-Version
X-Parent-Response-Time
X-Datadome
X-OVcl
X-Protected-By
X-OVcl-Cache
L
X-VC-Cache
X-Varnish-Ttl
X-Proxy-Cache-Status
X-CLOUD-TRACE-CONTEXT
N-Cache
X-Proxy-Upstream
Pragrma
X-Fstrz
X-Amzn-Remapped-Content-Length
X-LAGOON
X-Ratelimit-Remaining
Selected-Fe
X-FE
Memory
X-TrackingId
Kp-EeAlive
X-DC
X-Varnish-Beresp-Ttl
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Cdn-Forward
User-Agent
X-Pf-Uncompressing
X-Origin-TTL
X-Origin-CC
X-GRACE
X-Urbn-Context-Path
X-Urbn-Site-Id
Locale
X-Core-Value
X-Phone
X-IN-WAF
Magicmarker
X-B3-SpanId
X-Page-Type
X-Be
X-Zone
X-Birta-Served
X-URL
X-Birta-Cache-Post
X-Geo
X-Varnish-Beresp-Grace
X-Hello
X-Ttl
X-Flog
Pagetype
X-ABtesting
X-Varnish-Beresp-Status
X-Varnish-IP
X-Dynatrace-Js-Agent
X-Backend-TTL
X-Info
X-Generated-In
Cdn
Selected-FE
X-User
HitType
X-Backend-Host
X-Backend-Url
X-Cache-Ttl
X-Servedbyhost
X-Newrelic-Synthetics
X-Debug-Cache-Expiry
X-MSEdge-Features
X-Debug-Cache-Store
X-MSEdge-Flight
X-Debug-Cache-Fetch
X-GoCache-CacheStatus
X-Up
X-TT-LOGID
X-Tt-Trace-Tag
X-Soup
SN
X-Litespeed-Cache
CF-Cached-On
Geoip-Latitude
Geoip-City
GeoIp-Country-Code
X-HS-Status
X-Mid
X-Source
X-MID
X-App-Version
X-Oss-Server-Time
X-Cache-Debug
X-Agile-Id
X-Agile
X-Oss-Hash-Crc64ecma
X-Agile-Age
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Request-Id
X-VCL-Version
X-Real-Ip
X-Refresh
X-Web-Server
X-Check-Cacheable
X-Tb-Optimization-Total-Bytes-Saved
X-Aicache-OS
X-Ruxit-Js-Agent
Amp-Access-Control-Allow-Source-Origin
X-Say-TTL
X-Say-Cacheable
X-ZONE
X-Amzn-Remapped-Date
GeoIP-Country-Code
FSS-Proxy
X-Bc
FSS-Cache
X-Vcl-Version
X-Old-Content-Length
X-Amzn-Remapped-Connection
X-SayCDN-TTL
X-ServedByHost
Cache-Hits
GeoIP-City
GeoIP-Latitude
X-CACHE-KEY
X-NWS-UUID-VERIFY
X-Cache-ASPX
Server-Surrogate-Control
WZWS-RAY
HostName
X-Contensis-Viewer-Groups
X-UPSTREAM-Address
X-Varnish-Authentication
X-APP
Server-Cache-Control
X-EC-Lua
Ohc-Cache-HIT
Ohc-File-Size
Inserted-Into-Cache-At
Fastly-Backend-Name
X-Via-Ucdn
X-COUNTRY
RequestId
X-Node-Id
Group
X-CSRF-TOKEN
Srv
X-CSRF-Token
X-IN-APIGATEWAYSSL
Ajk
X-Akamai-SSL-Client-Sid
X-Cache-Time
X-WR-MODIFICATION
X-Logtrace-Id
HTTPS
X-BC
X-Nananana
Backend
Xkeyrz
X-Varnish-Beresp-TTL
Www
X-Proxy-Cacherz
X-ECache
X-SN
WebServer
X-Dynatrace
XServer
Cf-Ipcountry
URI
X-Wa
X-RateLimit-Remaining-Second
X-BE
X-RateLimit-Limit-Second
X-Cache-Tag
X-Instart-Isnd
Xkeynj
Is-Session-Tracking
Get-Access-Time
Requestid
X-Unique-Id
X-Request-Url
X-Cache-Expires
Lb
Host-ID
X-TIME
X-FORWARDED-FOR
X-Fastly-Country-Code
X-PAGE-TYPE
X-MCACHE
X-LiteSpeed-Cache-Control
X-Requestid
X-Edge-IP
X-Sedo-Request-Id
PICS-Label
X-PJAX-URL
T-Server
X-Cache-Miss-From
X-LB-ID
X-NGENIX-Cache
Dynatrace
X-GDPR
X-Micro-Cache
X-Render-Time
Epwk-Cache
X-Fastly-Backend-Reqs
X-PF-Uncompressing
X-Varnish-Action
Cneonction
DataCenter
Xet-Cookie
X-SRV
X-Apw-Hits
X-Vct
X-Apw-Access-Token
Pics-Label
X-Pjax-Url
MIME-Version
CDN
X-Swift-Error
Fastcgi-X-Cache
X-Apw-Access-Object
X-Apw-Access-Action
X-Dw-Trace-Id
X-NGINX-Cache
X-Lb-Id
X-Cf-Powered-By
X-Svr
X-Uri
Correlation-Id
X-Policy
SID
X-WA
X-Ecache
X-AssetVersion
X-Bug-Bounty
X-Page-Impression-Id
Warning
Lfy
X-Var-Ttl
X-Fastly-Cache-Hits
X-Akamai-ERPolicy
X-Zalando-Child-Request-Id
FNAC-ModuleRouting
X-Sf
X-Serial
X-Akamai-ERRuleID
X-Html-Edge-Cache
Ohc-Response-Time
X-DSS
X-LiteSpeed-Tag
X-DW
X-RSL
X-RPS
X-Fpc
RequestUuid
X-DI
X-DB
X-ServerName
X-WPE-Loopback-Upstream-Addr
X-Flow-Id
X-RPM