Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Request-Id
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
X-Drupal-Cache
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
P3p
X-Template
Status
X-Language
Timing-Allow-Origin
Content-Encoding
X-Iinfo
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Amz-Request-Id
X-Amz-Id-2
X-Pingback
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
X-Server-Powered-By
EagleId
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
X-WebKit-CSP
Ali-Swift-Global-Savetime
Feature-Policy
X-Device
Server-Timing
X-Server-Id
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Host
Report-To
X-Ac
X-Rq
Content-Location
X-Node
X-OneAgent-JS-Injection
X-Backend-Server
X-Cnection
X-Response-Time
X-Origin-Cache
X-Cloud-Trace-Context
X-Application-Context
EagleEye-TraceId
Allow
Request-Id
X-Readtime
Surrogate-Control
X-Country
X-Cache-Lookup
X-ORACLE-DMS-ECID
X-TTL
X-DynaTrace
X-Url
X-Vhost
X-Cdn
X-Rack-Cache
Pinterest-Generated-By
X-Clacks-Overhead
X-Origin-Upstream-Status
X-Ruxit-JS-Agent
NEL
X-Ua-Compatible
X-CST
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Rating
X-ORACLE-DMS-RID
X-FTR-Request-ID
X-Country-Code
X-HW
X-Goog-Hash
X-Dispatcher
X-Instart-Request-ID
Fusion-Component-Id
Fusion-Source
Fusion-Content-Source
Fusion-Template-Id
Fusion-Content-Id
X-DataStream-Cache-Status
Edge-Control
X-TtlSet
X-Vname
X-PC
X-Px
X-VARITI-CCR
Service-Worker-Allowed
X-DataDome
X-MS-InvokeApp
X-Mod-Pagespeed
Verso
SPRequestGuid
X-Recruiting
X-Request-ID
X-GoogleNews-Bot
X-Exp-Id
X-Kinja-Server
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-Exp-Variant
X-Dns-Prefetch-Control
X-Use-Magma
X-Cdn-Fetch
X-D2id
X-Varnish-TTL
X-Vcap-Request-Id
RTSS
X-SharePointHealthScore
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
TCN
DynaTrace
X-Navigation-Version
X-GitHub-Request-Id
X-RateLimit-Remaining
X-Powered-By-Plesk
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Display
X-Middleton-Display
Response
X-Middleton-Response
X-Sol
X-Akam-SW-Version
Charset
Content-MD5
MS-Author-Via
X-B3-TraceId
X-ESI
X-Trace
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
AR-CACHE
AR-ATIME
AR-PoweredBy
Ar-Sid
ServerID
X-Shield-Request-Id
X-Amz-Rid
Realpath
X-Powered-CMS
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Dw-Request-Base-Id
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
AR-Request-ID
X-DynaTrace-JS-Agent
X-Forwarded-Proto
X-Version
Accept-Ch-Lifetime
Nginx-Cache
X-Cached
X-Server-Name
X-Upstream
Fastly-Restarts
X-Shard
Public-Key-Pins
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Mrf-Section-Lastmod
MRF-Tech
X-Mrf-Item-Lastmod
SPRequestDuration
SPIisLatency
Access-Control-Request-Method
Paypal-Debug-Id
Accept-Ch
X-Goog-Storage-Class
X-MSEdge-Ref
X-Client-IP
Pagespeed
Pinterest-Version
X-Upstream-Proxy
X-Pinterest-Rid
Accept-CH
S
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Debug
X-Amz-Meta-S3cmd-Attrs
X-Id
X-Country-Code-Real
X-Grace
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Realm
X-FTR-Balancer
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Expires
X-Ezoic-Cdn
X-N
X-T
X-DIS-Request-ID
X-Fastly-Request-ID
MicrosoftSharePointTeamServices
X-Vcache
Arr-Disable-Session-Affinity
X-XRDS-Location
X-Amzn-Trace-Id
Front-End-Https
X-NF-Request-ID
X-Content-Type
X-Hits
X-B3-Sampled
X-Varnish-Age
X-Mobile-Rewrite
X-Ser
PB-RID
PB-PID
Arc-Version
X-FastCGI-Cache
Alternate-Protocol
Fastcgi-Cache
X-Acc-Meta-Resource-Type
X-FTR-Cache-Host
X-Frontend
X-Logged-In
X-B3-Traceid
X-Content-Digest
Server-Name
X-Server-ID
X-Srv
X-Correlation-Id
X-Pad
X-Forwarded-For
X-VCache
Host
AMP-Access-Control-Allow-Source-Origin
X-Node-Name
Powered-By-ChinaCache
Nel
X-Microsite
X-Request-Handler-Origin-Region
FilterID
TP-L2-Cache
TP-Cache
Healthy
X-Rid
X-Cache-Key
X-Type
X-LB-Cache
X-Kinsta-Cache
Edge-Cache-Tag
X-IPLB-Instance
X-User-Agent
X-Request-Processing-Time
X-Request-Received
X-AOL-HN
X-Debug-Info
X-GUploader-UploadID
X-Cached-By
X-Revision
X-Cache-2
X-F-Cache
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Zen-Fury
X-Fastcgi-Cache
X-Hostname
Powered
X-Cache-Rule
X-HS-Content-Id
X-HS-Hub-Id
X-Analytics
X-Cache-Age
X-XRDS-LOCATION
Backend-Timing
X-Accel-Expires
Surrogate-Key
X-Kong-Upstream-Latency
X-RateLimit-Limit
X-Kong-Proxy-Latency
X-Esi
X-Az
X-Page-Id
X-Activity-Id
X-AppVersion
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Content-Security-Policy-Report-Only
X-Varnish-Backend
X-Via-JSL
X-BCube-Filmed-By
X-Varnish-Grace
X-Content-Options
X-Instance
X-Tumblr-User
X-Cluster
X-Tumblr-Pixel-0
X-Tumblr-Pixel
Source
X-Jobs
X-FB-Debug
X-Amz-Replication-Status
X-Request-Guid
X-Akamai-Edgescape
X-PHP-Backend
X-Content-Powered-By
Cache-Status
X-App-Environment
X-TT
Cleartype
X-Framework
Refresh
Server-Node
X-Forwarded-Host
Tracecode
X-Varnish-Hostname
WPE-Backend
X-Signature
Accept-CH-Lifetime
X-B-Cache
X-FW-Serve
X-ATG-Version
X-FW-Server
X-FW-Hash
X-FW-Static
X-FW-Type
Liferay-Portal
Host-Header
X-Mobile
X-Cache-Operation
DC
X-Time
X-Cache-Control
Accept-Charset
X-Edge-Location
X-NWS-LOG-UUID
Access-Control-Allow-Method
Actual-Object-TTL
X-Cache-Action
X-Drupal-Cache-Tags
Fastcgi-Useragent
X-Cache-Hit
Cache
Payment
X-Whom
X-Accel-Buffering
X-Response-Served-From
Upgrade-Insecure-Requests
X-App-Server
X-Hp-Webp
X-Mobile-URL
X-TX-ID
X-B
X-Storage
X-UA-Device-Type
X-WebKit-CSP-Report-Only
X-Content-Age
X-Handled-By
X-TT-TIMESTAMP
X-Yottaa-Optimizations
Xserver
X-Yottaa-Metrics
X-Erf-Bev-Bev-Is-Generated
X-Cacheable-TTL
X-SS-Set-Cookie
X-Git-Hash
X-GeoIP
X-Tumblr-Pixel-1
X-Erf-Bev-Bev
Filters
X-RequestSource
X-Tumblr-Pixel-2
X-Adobe-Loc
Eomportal-Instance
X-Cache-TTL
X-WA-Info
X-Adobe-Content
Cache-Tv-Group
Viewport
X-Ratelimit-Reset
X-RemovedCookies
X-ProcessESI
X-VG-WebCache
X-APP-VERSION
X-Status
X-Geo-Country
Cache-Tag
NGB
Webserver
Server-Info
Datacenter
X-FB-TRIP-ID
X-Cache-TTL-Remaining
Retry-After
X-Cache-Enabled
X-FW-Dynamic
X-Seen-By
X-TA-CDN-Provider
X-Contextid
X-Presslabs-Stats
S-Cnection
MS-CV
X-Ratelimit-Limit
X-Host-Name
X-Origin-Server
X-PressLabs-Stats
From-Origin
Country
X-Mode
Frame-Options
X-Generated-By
X-Hyper-Cache
X-RTag
X-Cache-Var
X-ES-SERVER
X-Path-Route
Load-Balancing
Meta-Geo
X-LJ-Flow-ID
X-RN-RSRV
X-Tumblr-Pixel-3
Ms-Operation-Id
Machine
X-Cache-Config
X-VWS-Id
X-AWS-Id
X-Cache-Var-Map
X-Human
Cache-Key
X-Upstream-CT
X-Upstream-HT
X-Routing-Service
X-Proxied
X-Labrador-Cache-Channel
DSUID
X-Varnish-Cache-Hits
X-Cache-Host
X-Backend-Name
Mail-Subject
X-Zipkin-Id
X-Cache-Grace
Vix-Hermes-Req-Id
We-Hiring
X-Hit
Release
X-CF-Powered-By
X-Magnolia-Registration
X-Varnish-Hits
X-PCL
Uber-Trace-Id
ServedBy
X-RCS-CacheZone
GEO-INFO
X-OCL
X-From
X-Debug-Cache
X-Device-Type
X-EIG-Tracking-Id
Mn-Server-Ip
X-Loop
Now
Decoy-Debug-Status
X-Varnish-Server
X-MP-GENERATED-AT
X-Viewer-Country
X-Web-Node
X-Access
X-Upgrade-Enabled
X-Rendered-As
X-Section
Decoy-Debug-Key
X-TNCMS
Decoy-Debug-TTL
X-BYPASS-REASON
X-Akamai-Request-ID
X-CCM
OT-Force-Account-Verify
Rt-Fastcgi-Cache
X-B3-Spanid
X-Alternate-Cache-Key
X-Origin-Response-Time
X-Shopify-Stage
X-ShopId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-R9-Blue-Green-Version
X-VG-TLSProxy
X-ShardId
X-Rule
X-Environment-Context
X-Endurance-Cache-Level
X-L-Path
Akamai-GRN
X-ProxyCache-Status
X-ProxyCache-Key
X-Cluster-Node
X-Proto
X-NCache
X-JoinUs
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated
X-Proxy-Build
X-Region
X-Xfnlog-Site
X-Via-Fastly
X-Timing-Wait
X-S
X-FC-Vary-Parameters
X-Hosted-By
DB-Nickname
X-Daa-Tunnel
Cache-Name
X-Guploader-Uploadid
X-VCT
X-Redis-Cache
X-Trace-Id
X-Www-Served-By
X-Locale
Cteonnt-Length
NGX
X-Drupal-Cache-Contexts
X-Nginx-Cache
X-Site-Version
X-Platform-Server
X-UUID
X-Cache-NE
X-Load-Cache
ProcessTime
X-NewRelic-App-Data
X-MServer
SRV
X-EdgeConnect-Cache-Status
X-Hl-Ver
X-ECACHE
X-Vgn-Hpd-Reason
X-Request-Time
X-Cache-Remote
X-IP
X-Rocket-Nginx-Bypass
X-Real-IP
Time
X-Time-Microsecs
X-ServerID
X-GEO
X-Oracle-Dms-Rid
Azure-Version
X-Origin
Azure-SlotName
S-Rt
X-FW-Version
Azure-InstanceId
X-Via-CDN
Azure-SiteName
X-Wix-Request-Id
Version
Azure-RegionName
X-Origin-Hint
X-IPS-LoggedIn
Webcakes-Region
TWC-Locale-Group
TWC-Connection-Speed
TWC-GeoIP-LatLong
TWC-Device-Class
Property-Id
TWC-Privacy
Webcakes-App-Name
Webcakes-App-Version
TWC-GeoIP-Country
Origin
X-Proxy
X-FireWall-Port
X-No-Session
L5d-Success-Class
X-Cache-Backend
Served-By
Odigeo-Trace-Id
X-Akamai-Transformed
NtCoent-Length
X-Distributor
X-Dc
X-Oneagent-Js-Injection
Fastly-SSL
X-PERF
CACHE
X-ApacheServer
X-Unique-ID
X-Pubstack
X-Akamai-Request-ID2
X-Microcachable
X-Cache-Server
X-Format
X-CS
X-RateLimit-Reset
Origin-Cache-Control
Origin-Edge-Control
X-UA
Fastcgi-X-Cache-Version
X-CDN-Forward
Ec-Rule-Version
X-Cache-Category-Id
IBM-Web2-Location
Hostname
X-Grey
X-Webkit-Csp
X-HTML-Minification-Powered-By
X-UnsetCookies
Cache-Tags
X-Compress-Hint
X-SERVER-NAME
X-NC
Proxy-Connection
X-Is-Bot
X-Detected-As
X-Edge
X-Powered-By-Defense
X-Tb
X-Varnish-Cacheable
Backend-Name
Rendered-Blocks
MD5-Digest
Cdn-Host
Cache-Prefix
Cdn-Request-Time
Content-Script-Type
Content-Style-Type
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Arc-Country
AsisCache
BehaviorPad-Version
Cache-Cookie-Set-From
Cross-Origin-Window-Policy
Fastly-SIE
Request-Country
Meta-Geo-Continent
Mobile-Detection-Method
Node
HA-Ipaddr
Ha-Gx-Prefs
Fastly-SWR
Fly-Cache
Fly-Request-Id
GEO-REGION-INFO
Proxy-Firewall
X-Vtex-Processado-Em
X-Debug-Cookies
X-Rewrite-Enabled
X-Rojux
X-Debug-Log
X-Destination
X-Developer
X-Request-UUID
X-S-Cookie
X-Date
X-CGP
X-CF-Lambda-Version
X-Cluster-Name
X-Connection-Hash
X-S-Maxage
X-D
X-DPWN-IS-SECURE
X-Edge-Server
X-IN-APIGATEWAY
X-PAYTM-SRV-ID
X-HS-Combine-CSS
X-Instart-Info
X-Org
X-NU-AKA-ACS-Version
X-Internal-Host
X-HS-Cache-Config
X-Processor
X-Region-Sid
X-Eu-Site
X-Rebelmouse-Surrogate-Control
X-External-Request-Id
X-Rebelmouse-Cache-Control
X-G
X-ScT
X-Server-Time
X-A-Dgt
Xc-Version
X-A-Dcw
X-A-Wwc
X-Accel-Expires-Debug
X-Aed
X-Worker
X-A-Dam
X-A-Ccd
Server-ID
Rt-Proxy-Cache
ServerName
Viewtype
X-A
VivaBuild
X-Vtex-Remote-Cache
X-AIR-PT
X-Transaction
X-Cache-Bucket
X-Cdn-Srv
A
X-CF-Lambda-Fn
X-SRCache-Key
X-Trv-Group
X-Twitter-Response-Tags
X-Application
X-App-Name
X-NX-Host
X-ARC
X-VG-WebServer
X-B-Cookie
Request-EU
Request-Time
X-Via-NSCOPI
X-Ua
LB
Access-Control-Request-Headers
X-BACKEND-TTL
X-B3-Parentspanid
X-ElasticPress-Search
Server-Int
True-Client-Country-4JS
SS
X-Skip-Cache
X-ServiceProvider
X-Server-IP
X-Key
RNT-Time
On-Server
X-Variation
Memcached
Platform
X-TH-Server
Section-Io-Cache
RNT-Machine
Resin-Trace
Server-Host
X-Reqid
X-Generated-On
X-Fastly-Cache
X-Epic-Correlation-Id
X-Nginx-Cache-Key
X-Geo-Header
X-GeoIP-Country-Code
X-Irp-Debug
X-Level-Front-Cache
X-Location
X-Hash
X-Dispatcher-Server
X-Dispatch
X-Cache-Info
X-Cache-Id
X-Backend-State
Is-Eu
X-Cdn-Origin
X-Qloud-Router
PageSpeed
X-Core-Mission
X-Clientip
X-PHP-Host
X-Request-URI
X-Sn-Servicetimems
Apple-News-Services-Parsed-Url
Gh-Request-Id
X-We-Are-Hiring
Countrycode
Apple-News-Services-Request-Url
Country-Code
Apple-News-Services-Host
Apple-News-Services-Handled
Esi-Enabled
Adler-Geo
X-C
IsBot
X-Reboot
X-Block-Status
X-Developers
X-Request-Start
X-BBXSRF
X-Response-By
W
X-Servername
Wxu-Next-Region
X-Served-From
X-Secret
Accept-Language
X-SD-PageType
X-Amz-Meta-Cache-Control
X-Crawler
AKAMAI
X-Generation-Time
X-Gen-Mode
X-Hnp-Log
X-LI-UUID
X-Li-Fabric
X-Li-Pop
X-LI-Proto
X-Gannett-Site-Version
X-FPC
CDCHOST
X-CDN-Cache
Content-Disposition
Wxu-Next-Hostname
X-Device-Os
X-Fetched-On
X-Method
X-Distil-CS
X-Cache-FS-Status
X-Auto-Login
X-SVT-ORM-VERSION
X-Wikidot-Static-Cache
REQUESTUUID
X-SVT-ORM-RULES
Powered-By
SD-X-WS
X-Swa-Ws
X-Webstats-RespID
Wxu-Next-Commit
X-WebServer
X-Wikidot-Backend
PFcat
Pramga
Web-Mar-Node
Who
X-SIPLIST1
V-Age
User-Cache-Control
UCS
CF-IPCountry
X-Via-SSL
Mime-Version
X-CUA
X-Via-Edge
X-GeoIP-City
X-Owner
X-Varnish-Url
X-WADP-Cache
X-Origin-Expires
X-ND-Cache
X-Thanos
X-Thinkindot-L3
X-Origin-Date
GW-Server
X-Matched-Rule
X-VServer
Heartbleed
X-Clara-WADP
X-Cms-Context
X-Release
X-Azure-Ref-OriginShield
X-Nc
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Fastly-Soc-X-Request-Id
Thinkindot-Control
X-Bip
X-Azure-Ref
X-Parent-Response-Time
X-Datadome
X-Protected-By
X-OVcl
L
X-VC-Cache
X-OVcl-Cache
X-Varnish-Ttl
X-CLOUD-TRACE-CONTEXT
N-Cache
Pragrma
X-Fstrz
X-Proxy-Cache-Status
X-Proxy-Upstream
X-Amzn-Remapped-Content-Length
X-FE
Memory
X-TrackingId
X-Ratelimit-Remaining
Kp-EeAlive
Selected-Fe
X-LAGOON
X-DC
X-Varnish-Beresp-Ttl
User-Agent
X-Cdn-Forward
X-Planisys-CDN-Rules
X-Pf-Uncompressing
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Urbn-Site-Id
X-Origin-TTL
Locale
X-Origin-CC
X-Urbn-Context-Path
X-GRACE
X-Phone
Magicmarker
X-Page-Type
X-Core-Value
X-IN-WAF
X-B3-SpanId
X-Zone
X-Be
X-Birta-Cache-Post
X-URL
X-Birta-Served
X-Varnish-Beresp-Status
Pagetype
X-ABtesting
X-Ttl
X-Geo
X-Flog
X-Varnish-Beresp-Grace
X-Hello
X-Info
X-Varnish-IP
X-Backend-TTL
X-Dynatrace-Js-Agent
Selected-FE
X-User
Cdn
HitType
X-Generated-In
X-Backend-Url
X-Backend-Host
X-Cache-Ttl
X-Newrelic-Synthetics
X-Up
X-Tt-Trace-Tag
X-Servedbyhost
X-Soup
X-Debug-Cache-Store
X-MSEdge-Flight
SN
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-TT-LOGID
X-GoCache-CacheStatus
X-MSEdge-Features
X-Litespeed-Cache
Geoip-City
CF-Cached-On
X-HS-Status
Geoip-Latitude
GeoIp-Country-Code
X-Mid
X-App-Version
X-MID
X-Source
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-VCL-Version
X-Real-Ip
X-Agile-Age
X-Refresh
X-Agile-Id
X-Agile
X-Cache-Debug
X-Web-Server
X-Check-Cacheable
X-Tb-Optimization-Total-Bytes-Saved
X-Aicache-OS
Amp-Access-Control-Allow-Source-Origin
X-Ruxit-Js-Agent
FSS-Cache
X-SayCDN-TTL
X-Bc
X-Vcl-Version
FSS-Proxy
X-ZONE
X-Say-TTL
X-Amzn-Remapped-Date
GeoIP-Country-Code
X-Amzn-Remapped-Connection
X-Old-Content-Length
X-Say-Cacheable
GeoIP-City
Cache-Hits
X-ServedByHost
GeoIP-Latitude
WZWS-RAY
X-CACHE-KEY
X-NWS-UUID-VERIFY
X-Contensis-Viewer-Groups
X-Varnish-Authentication
X-APP
X-Cache-ASPX
X-UPSTREAM-Address
HostName
Server-Cache-Control
Server-Surrogate-Control
Ohc-File-Size
Ohc-Cache-HIT
X-EC-Lua
X-CSRF-TOKEN
RequestId
X-Via-Ucdn
Fastly-Backend-Name
Inserted-Into-Cache-At
Group
X-Node-Id
X-COUNTRY
X-CSRF-Token
Srv
X-Cache-Time
X-WR-MODIFICATION
X-Logtrace-Id
HTTPS
X-Akamai-SSL-Client-Sid
Ajk
X-IN-APIGATEWAYSSL
X-BC
X-Nananana
X-SN
Www
X-Proxy-Cacherz
X-ECache
X-Varnish-Beresp-TTL
Xkeyrz
Backend
WebServer
X-Dynatrace
XServer
X-Wa
X-RateLimit-Limit-Second
URI
Cf-Ipcountry
X-BE
X-Cache-Tag
X-RateLimit-Remaining-Second
X-Instart-Isnd
Host-ID
Is-Session-Tracking
X-TIME
Requestid
Lb
X-Unique-Id
Xkeynj
Get-Access-Time
X-PAGE-TYPE
X-Request-Url
X-FORWARDED-FOR
X-Fastly-Country-Code
X-Cache-Expires
X-MCACHE
X-LiteSpeed-Cache-Control
X-Requestid
X-Edge-IP
X-LB-ID
X-PJAX-URL
PICS-Label
X-Sedo-Request-Id
X-Cache-Miss-From
T-Server
X-NGENIX-Cache
Dynatrace
X-PF-Uncompressing
X-Render-Time
Epwk-Cache
X-Varnish-Action
Cneonction
X-GDPR
X-Micro-Cache
X-Fastly-Backend-Reqs
Xet-Cookie
X-SRV
DataCenter
MIME-Version
X-Vct
Fastcgi-X-Cache
CDN
X-Apw-Hits
X-Apw-Access-Token
Pics-Label
X-Pjax-Url
X-Apw-Access-Action
X-Apw-Access-Object
X-Swift-Error
X-Dw-Trace-Id
X-NGINX-Cache
X-Cf-Powered-By
Correlation-Id
X-WA
SID
X-Policy
X-Svr
X-Uri
X-Lb-Id
X-Ecache
X-AssetVersion
X-ServerName
X-Fpc
X-Serial
X-WPE-Loopback-Upstream-Addr
X-Html-Edge-Cache
Lfy
Warning
X-Bug-Bounty
RequestUuid
X-LiteSpeed-Tag
X-Sf
X-Var-Ttl
FNAC-ModuleRouting
Ohc-Response-Time
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-DSS
X-DW
X-RPM
X-RPS
X-DI
X-DB
X-Fastly-Cache-Hits
X-Flow-Id
X-Page-Impression-Id
X-Zalando-Child-Request-Id
X-RSL