Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Xss-Protection
X-Served-By
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
Alt-Svc
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Age
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Id-2
X-Amz-Request-Id
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
EagleId
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Server-Id
Feature-Policy
Server-Timing
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Host
X-Rq
Report-To
X-Ac
X-Node
Content-Location
X-OneAgent-JS-Injection
X-Response-Time
X-Backend-Server
X-Cnection
X-Request-ID
X-Cloud-Trace-Context
X-Origin-Cache
X-Application-Context
X-Readtime
Allow
Request-Id
EagleEye-TraceId
Surrogate-Control
X-Country
X-ORACLE-DMS-ECID
X-Cache-Lookup
X-Vhost
X-TTL
X-Url
X-Cdn
X-DynaTrace
Pinterest-Generated-By
X-Rack-Cache
X-Clacks-Overhead
X-Origin-Upstream-Status
X-Ua-Compatible
NEL
X-Ruxit-JS-Agent
Rating
X-FTR-Request-ID
X-CST
X-Country-Code
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Dns-Prefetch-Control
X-HW
X-ORACLE-DMS-RID
X-Dispatcher
X-Goog-Hash
X-Instart-Request-ID
Fusion-Template-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Source
Fusion-Component-Id
X-DataStream-Cache-Status
Edge-Control
X-TtlSet
X-PC
X-Vname
X-Px
X-DataDome
X-VARITI-CCR
Service-Worker-Allowed
Verso
X-Mod-Pagespeed
X-MS-InvokeApp
X-Recruiting
SPRequestGuid
X-Varnish-TTL
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-Exp-Id
X-Exp-Variant
X-Kinja-Server
X-Use-Magma
X-Vcap-Request-Id
X-D2id
RTSS
X-Amz-Server-Side-Encryption
X-Abt-Application-Version
TCN
X-SharePointHealthScore
DynaTrace
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-GitHub-Request-Id
X-Navigation-Version
X-RateLimit-Remaining
X-Middleton-Display
Display
Response
X-Sol
X-Akam-SW-Version
X-Middleton-Response
X-Powered-By-Plesk
X-B3-TraceId
MS-Author-Via
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
Charset
Content-MD5
ServerID
X-Shield-Request-Id
X-Amz-Rid
AR-PoweredBy
Ar-Sid
AR-CACHE
X-Forwarded-Proto
AR-ATIME
Realpath
X-Trace
Accept-Ch-Lifetime
X-Powered-CMS
X-ESI
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
Nginx-Cache
X-Goog-Metageneration
X-DynaTrace-JS-Agent
X-Dw-Request-Base-Id
X-Version
X-Upstream
X-Cached
Fastly-Restarts
AR-Request-ID
Accept-Ch
Public-Key-Pins
X-Server-Name
X-Shard
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Mrf-Section-Lastmod
Access-Control-Request-Method
X-MSEdge-Ref
X-Goog-Storage-Class
X-Grace
Paypal-Debug-Id
Pagespeed
SPIisLatency
SPRequestDuration
X-Client-IP
S
X-Debug
X-Pinterest-Rid
X-Id
Pinterest-Version
X-Vcache
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Realm
X-DataStream-Origin-MEX-Latency
X-FTR-Expires
X-DataStream-MidMile-RTT
X-Amz-Meta-S3cmd-Attrs
X-Upstream-Proxy
X-Ezoic-Cdn
X-N
X-Fastly-Request-ID
X-T
X-DIS-Request-ID
X-Amzn-Trace-Id
Arr-Disable-Session-Affinity
Front-End-Https
Accept-CH
X-NF-Request-ID
X-FastCGI-Cache
MicrosoftSharePointTeamServices
X-Content-Type
X-Hits
X-XRDS-Location
X-B3-Sampled
X-Varnish-Age
X-Ser
X-FTR-Cache-Host
Fastcgi-Cache
PB-PID
Arc-Version
X-Mobile-Rewrite
X-Frontend
X-Acc-Meta-Resource-Type
PB-RID
Alternate-Protocol
Server-Name
X-Logged-In
X-B3-Traceid
X-Content-Digest
X-Correlation-Id
X-Srv
X-Pad
X-Forwarded-For
X-Node-Name
AMP-Access-Control-Allow-Source-Origin
Nel
X-Cache-Key
X-Microsite
Host
X-Request-Handler-Origin-Region
FilterID
Powered-By-ChinaCache
TP-Cache
TP-L2-Cache
X-Type
X-Rid
X-Kinsta-Cache
X-VCache
X-LB-Cache
X-User-Agent
Healthy
X-IPLB-Instance
X-Request-Received
X-Request-Processing-Time
Edge-Cache-Tag
X-Debug-Info
X-F-Cache
X-AOL-HN
X-Cached-By
X-GUploader-UploadID
X-Cache-2
Powered
X-Esi
X-Zen-Fury
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Revision
X-HS-Content-Id
X-HS-Hub-Id
X-Hostname
X-Cache-Age
X-Analytics
Backend-Timing
X-Cache-Rule
X-XRDS-LOCATION
X-Accel-Expires
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Surrogate-Key
X-Via-JSL
X-Fastcgi-Cache
X-Activity-Id
X-Az
X-AppVersion
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-RateLimit-Limit
X-Page-Id
X-Instance
X-Content-Security-Policy-Report-Only
X-Varnish-Backend
X-Cluster
X-BCube-Filmed-By
X-Varnish-Grace
X-Tumblr-Pixel
X-Akamai-Edgescape
X-Request-Guid
X-FB-Debug
X-Tumblr-Pixel-0
X-Tumblr-User
X-Jobs
X-Content-Options
Cache-Status
Source
X-Content-Powered-By
X-PHP-Backend
X-Amz-Replication-Status
X-App-Environment
X-TT
X-Framework
Server-Node
X-B-Cache
X-Signature
X-Forwarded-Host
Cleartype
Refresh
X-FW-Static
Liferay-Portal
X-FW-Server
X-FW-Hash
X-FW-Type
X-Server-ID
X-FW-Serve
X-Varnish-Hostname
Tracecode
X-ATG-Version
Host-Header
WPE-Backend
DC
Accept-Charset
X-Cache-Operation
Access-Control-Allow-Method
X-Mobile
X-Cache-Control
Accept-CH-Lifetime
X-Cache-Action
X-Edge-Location
Fastcgi-Useragent
X-Drupal-Cache-Tags
X-Time
Actual-Object-TTL
X-Cache-Hit
X-Mobile-URL
X-Response-Served-From
Payment
X-Accel-Buffering
X-B
X-Erf-Bev-Bev-Is-Generated
X-Hp-Webp
X-Erf-Bev-Bev
X-NWS-LOG-UUID
X-Whom
X-TX-ID
X-Storage
X-APP-VERSION
X-Git-Hash
Upgrade-Insecure-Requests
X-App-Server
X-Content-Age
X-TT-TIMESTAMP
X-WebKit-CSP-Report-Only
Cache
X-WA-Info
X-Handled-By
X-Yottaa-Optimizations
X-SS-Set-Cookie
X-Cacheable-TTL
X-UA-Device-Type
X-Yottaa-Metrics
X-Tumblr-Pixel-1
X-Adobe-Loc
Cache-Tv-Group
X-Adobe-Content
X-Tumblr-Pixel-2
X-Status
X-GeoIP
Xserver
NGB
Eomportal-Instance
Filters
X-RequestSource
X-Geo-Country
X-VG-WebCache
Cache-Tag
Viewport
X-ProcessESI
X-RemovedCookies
Retry-After
Datacenter
Webserver
X-Cache-TTL
X-Ratelimit-Reset
X-Cache-TTL-Remaining
X-FW-Dynamic
Server-Info
X-Seen-By
X-FB-TRIP-ID
X-Cache-Enabled
X-TA-CDN-Provider
MS-CV
X-Contextid
X-Host-Name
X-Presslabs-Stats
X-Oracle-Dms-Rid
X-Ratelimit-Limit
S-Cnection
Frame-Options
X-PressLabs-Stats
X-Origin-Server
X-Generated-By
From-Origin
Country
X-Hyper-Cache
X-RTag
Ms-Operation-Id
X-Mode
X-B3-Spanid
X-Cache-Var-Map
X-Cache-Config
X-Path-Route
Machine
X-Tumblr-Pixel-3
X-Cache-Var
X-RN-RSRV
X-CF-Powered-By
Meta-Geo
X-ES-SERVER
Load-Balancing
X-Labrador-Cache-Channel
X-Zipkin-Id
X-Hit
X-Routing-Service
Vix-Hermes-Req-Id
X-MP-GENERATED-AT
Cache-Key
X-Access
X-Section
X-Proxied
X-Backend-Name
X-From
X-Cache-Grace
X-Web-Node
X-Human
X-Cache-Host
X-Varnish-Cache-Hits
X-Upstream-CT
X-Loop
Now
X-OCL
X-Viewer-Country
X-TNCMS
X-Varnish-Server
X-PCL
X-RCS-CacheZone
X-Upstream-HT
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-ShopId
ServedBy
Decoy-Debug-Status
Decoy-Debug-TTL
Mn-Server-Ip
Decoy-Debug-Key
X-Upgrade-Enabled
X-AWS-Id
X-Alternate-Cache-Key
X-Akamai-Request-ID
X-ShardId
X-Endurance-Cache-Level
X-Environment-Context
X-Varnish-Hits
X-Rule
X-VWS-Id
X-LJ-Flow-ID
X-L-Path
X-EIG-Tracking-Id
X-CCM
X-Magnolia-Registration
X-Origin-Response-Time
X-VG-TLSProxy
X-Debug-Cache
Cache-Name
DB-Nickname
Rt-Fastcgi-Cache
X-Timing-Wait
OT-Force-Account-Verify
X-Rendered-As
Mail-Subject
GEO-INFO
SRV
X-Region
DSUID
X-S
X-Proto
X-FC-Vary-Parameters
X-Generated
X-Xfnlog-Site
X-Cluster-Node
X-R9-Blue-Green-Version
Akamai-GRN
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hosted-By
We-Hiring
X-Proxy-Build
X-Drupal-Cache-Contexts
X-JoinUs
Uber-Trace-Id
X-NCache
X-Via-Fastly
X-Device-Type
Release
X-Guploader-Uploadid
X-Trace-Id
X-Nginx-Cache
Cteonnt-Length
X-ProxyCache-Status
X-ProxyCache-Key
X-BYPASS-REASON
Version
X-Redis-Cache
NGX
X-VCT
X-Platform-Server
X-UUID
ProcessTime
X-Site-Version
X-Locale
X-Request-Time
X-IP
X-Www-Served-By
X-Time-Microsecs
X-Load-Cache
Time
X-Cache-NE
X-Daa-Tunnel
Azure-RegionName
S-Rt
X-ECACHE
Azure-Version
Azure-SlotName
Azure-SiteName
X-EdgeConnect-Cache-Status
X-Origin
X-NewRelic-App-Data
X-Wix-Request-Id
Azure-InstanceId
X-Via-CDN
X-FW-Version
X-MServer
X-GEO
X-Hl-Ver
Property-Id
TWC-Privacy
TWC-Locale-Group
Webcakes-App-Version
Webcakes-Region
X-Origin-Hint
TWC-GeoIP-LatLong
Webcakes-App-Name
TWC-GeoIP-Country
TWC-Connection-Speed
TWC-Device-Class
X-Cache-Remote
X-Rocket-Nginx-Bypass
X-ServerID
X-Proxy
X-Dc
NtCoent-Length
X-Vgn-Hpd-Reason
X-FireWall-Port
X-IPS-LoggedIn
CACHE
X-No-Session
Origin
X-Akamai-Request-ID2
X-HTML-Minification-Powered-By
X-Akamai-Transformed
X-PERF
X-ApacheServer
X-Real-IP
Odigeo-Trace-Id
X-Distributor
X-CDN-Forward
X-CS
X-Oneagent-Js-Injection
X-Format
Fastly-SSL
X-Cache-Backend
Ec-Rule-Version
X-Cache-Server
L5d-Success-Class
X-RateLimit-Reset
Cache-Tags
X-Compress-Hint
Access-Control-Request-Headers
X-Unique-ID
X-UA
X-Pubstack
Served-By
Origin-Edge-Control
Origin-Cache-Control
X-UnsetCookies
Hostname
X-NC
X-Tb
X-Webkit-Csp
Fastcgi-X-Cache-Version
X-Microcachable
IBM-Web2-Location
X-Cache-Category-Id
LB
X-Grey
X-SERVER-NAME
Backend-Name
X-Varnish-Cacheable
X-SRCache-Key
X-Transaction
X-Twitter-Response-Tags
X-Rebelmouse-Surrogate-Control
X-Trv-Group
X-Region-Sid
X-Rojux
X-VG-WebServer
X-Rewrite-Enabled
X-S-Cookie
X-S-Maxage
GEO-REGION-INFO
X-Server-Time
X-ScT
X-Request-UUID
Fastly-SIE
Cache-Cookie-Set-Idcheck
Xc-Version
Cache-Cookie-Set-Lfrom
Cache-Prefix
Cache-Cookie-Set-From
BehaviorPad-Version
A
Arc-Country
AsisCache
Cdn-Host
Cdn-Request-Time
X-Vtex-Processado-Em
X-Rebelmouse-Cache-Control
Fastly-SWR
Fly-Cache
X-Vtex-Remote-Cache
Cross-Origin-Window-Policy
Content-Script-Type
Content-Style-Type
X-Worker
Fly-Request-Id
X-NU-AKA-ACS-Version
X-A-Wwc
X-Accel-Expires-Debug
X-Aed
X-AIR-PT
X-A-Dgt
X-Destination
X-A-Ccd
X-Developer
X-Detected-As
X-A-Dcw
X-App-Name
X-Application
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Cluster-Name
X-D
X-Cdn-Srv
X-Date
X-ARC
X-B-Cookie
ServerName
X-Cache-Bucket
X-A
VivaBuild
X-Instart-Info
Mobile-Detection-Method
X-IN-APIGATEWAY
Node
X-Internal-Host
X-Is-Bot
X-Org
X-Connection-Hash
MD5-Digest
Meta-Geo-Continent
Proxy-Firewall
Rendered-Blocks
Server-ID
X-Edge-Server
Viewtype
X-DPWN-IS-SECURE
Rt-Proxy-Cache
Request-Time
X-G
Request-Country
Request-EU
X-External-Request-Id
X-PAYTM-SRV-ID
X-A-Dam
X-BACKEND-TTL
Accept-Language
Proxy-Connection
X-Edge
X-B3-Parentspanid
X-ElasticPress-Search
RNT-Machine
X-Processor
Section-Io-Cache
Resin-Trace
Server-Int
X-PHP-Host
Platform
Ha-Gx-Prefs
Gh-Request-Id
X-Skip-Cache
HA-Ipaddr
Is-Eu
True-Client-Country-4JS
On-Server
Memcached
X-Request-URI
X-NX-Host
X-Powered-By-Defense
X-Fastly-Cache
X-Core-Mission
X-Clientip
X-Debug-Cookies
X-Debug-Log
X-Developers
X-Epic-Correlation-Id
X-Eu-Site
X-CGP
X-Cache-Info
X-HS-Combine-CSS
X-Location
X-Nginx-Cache-Key
X-HS-Cache-Config
X-Backend-State
X-Cache-Id
X-Geo-Header
X-GeoIP-Country-Code
W
RNT-Time
X-Varnish-Url
Apple-News-Services-Request-Url
X-Variation
Apple-News-Services-Handled
Apple-News-Services-Host
X-We-Are-Hiring
Esi-Enabled
Countrycode
Apple-News-Services-Parsed-Url
Adler-Geo
PageSpeed
X-Ua
User-Cache-Control
X-Block-Status
X-Cache-FS-Status
X-CDN-Cache
SD-X-WS
AKAMAI
CDCHOST
X-WADP-Cache
SS
X-WebServer
X-LI-Proto
X-LI-UUID
X-Irp-Debug
X-Li-Pop
X-Li-Fabric
X-Key
X-Level-Front-Cache
X-Wikidot-Static-Cache
X-Wikidot-Backend
Web-Mar-Node
X-C
X-Hash
X-BBXSRF
X-SVT-ORM-VERSION
X-Auto-Login
X-Hnp-Log
V-Age
X-Cdn-Origin
IsBot
X-TH-Server
X-Server-IP
X-Served-From
X-SD-PageType
X-Distil-CS
X-Servername
X-ServiceProvider
X-Sn-Servicetimems
X-SVT-ORM-RULES
X-Dispatcher-Server
X-Dispatch
X-Device-Os
X-SIPLIST1
X-Via-NSCOPI
X-Secret
X-Gen-Mode
X-Reqid
X-Generated-On
X-Qloud-Router
X-Amz-Meta-Cache-Control
Content-Disposition
X-Request-Start
X-Clara-WADP
X-Gannett-Site-Version
X-Response-By
Country-Code
X-FPC
CF-IPCountry
X-Amzn-Remapped-Content-Length
X-Bip
X-Cms-Context
X-Azure-Ref
X-Generation-Time
X-Fetched-On
REQUESTUUID
X-Crawler
X-Azure-Ref-OriginShield
X-Origin-Expires
PFcat
X-VServer
X-Thanos
X-Nc
UCS
Server-Host
X-Via-SSL
X-Release
Powered-By
X-Reboot
X-Via-Edge
Pramga
X-Owner
X-Webstats-RespID
Selected-Fe
X-Method
X-Swa-Ws
X-Origin-Date
Wxu-Next-Region
Who
Fastly-Soc-X-Request-Id
Wxu-Next-Commit
Wxu-Next-Hostname
Mime-Version
L
X-Proxy-Upstream
GW-Server
X-TrackingId
X-Proxy-Cache-Status
Heartbleed
X-CUA
X-Parent-Response-Time
X-Thinkindot-L3
Thinkindot-Control
X-OVcl-Cache
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-GeoIP-City
X-OVcl
N-Cache
X-Matched-Rule
X-Varnish-Ttl
X-FE
X-VC-Cache
Kp-EeAlive
X-ND-Cache
X-CLOUD-TRACE-CONTEXT
X-Protected-By
X-Ratelimit-Remaining
X-LAGOON
X-Pf-Uncompressing
Magicmarker
X-Varnish-Beresp-Ttl
X-Urbn-Context-Path
X-Urbn-Site-Id
Locale
X-Fstrz
Pragrma
User-Agent
Memory
X-Origin-TTL
X-Origin-CC
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Page-Type
X-Planisys-CDN-TTL
X-DC
X-Datadome
X-Hello
Pagetype
X-ABtesting
X-Flog
X-B3-SpanId
X-URL
X-Be
X-Phone
X-Geo
X-Core-Value
X-Backend-Url
X-User
X-Backend-Host
X-Ttl
X-Generated-In
X-IN-WAF
X-Cdn-Forward
X-Cache-Ttl
X-Zone
X-Dynatrace-Js-Agent
X-Varnish-Beresp-Status
X-Backend-TTL
X-Up
X-Newrelic-Synthetics
X-Varnish-Beresp-Grace
X-Tt-Trace-Tag
X-GoCache-CacheStatus
X-MSEdge-Features
X-MSEdge-Flight
X-Debug-Cache-Fetch
X-Soup
X-Debug-Cache-Expiry
X-Debug-Cache-Store
X-Birta-Cache-Post
X-Birta-Served
X-Servedbyhost
X-TT-LOGID
Cdn
X-Litespeed-Cache
X-Check-Cacheable
X-Info
X-Varnish-IP
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
Selected-FE
X-Oss-Storage-Class
Geoip-Latitude
X-ZONE
X-Oss-Server-Time
Geoip-City
GeoIp-Country-Code
HitType
X-MID
X-Real-Ip
X-HS-Status
SN
X-VCL-Version
Cache-Hits
X-Old-Content-Length
X-Say-TTL
X-SayCDN-TTL
X-Say-Cacheable
X-Mid
X-Aicache-OS
X-Tb-Optimization-Total-Bytes-Saved
X-GRACE
X-Akamai-SSL-Client-Sid
CF-Cached-On
X-Ruxit-Js-Agent
Amp-Access-Control-Allow-Source-Origin
FSS-Cache
X-Cache-Debug
X-Vcl-Version
FSS-Proxy
X-Refresh
X-Agile
X-Agile-Age
X-Agile-Id
X-Source
X-App-Version
X-CSRF-TOKEN
X-Amzn-Remapped-Connection
Fastly-Backend-Name
X-Amzn-Remapped-Date
X-Node-Id
Inserted-Into-Cache-At
X-ServedByHost
GeoIP-Country-Code
X-Cache-Time
X-Web-Server
X-BC
X-Bc
X-Cache-ASPX
X-IN-APIGATEWAYSSL
WZWS-RAY
GeoIP-Latitude
Ajk
X-Logtrace-Id
X-Contensis-Viewer-Groups
Server-Cache-Control
X-Varnish-Authentication
Server-Surrogate-Control
HostName
GeoIP-City
X-EC-Lua
RequestId
X-UPSTREAM-Address
XServer
X-COUNTRY
X-APP
X-Via-Ucdn
Srv
X-Nananana
X-CSRF-Token
X-FORWARDED-FOR
X-CACHE-KEY
X-RateLimit-Remaining-Second
X-Wa
X-RateLimit-Limit-Second
Xkeyrz
X-TIME
X-Proxy-Cacherz
X-NWS-UUID-VERIFY
X-WR-MODIFICATION
X-Varnish-Beresp-TTL
Ohc-File-Size
Ohc-Cache-HIT
Group
X-ECache
X-Dynatrace
WebServer
X-BE
HTTPS
T-Server
Cf-Ipcountry
X-LiteSpeed-Cache-Control
Backend
Xkeynj
Www
URI
X-Cache-Tag
PICS-Label
X-SRV
X-PJAX-URL
X-Micro-Cache
X-GDPR
X-SN
X-Fastly-Country-Code
X-Render-Time
Get-Access-Time
X-LB-ID
X-Unique-Id
Is-Session-Tracking
X-PAGE-TYPE
X-Requestid
Lb
X-Instart-Isnd
X-Edge-IP
X-Cache-Miss-From
X-Sedo-Request-Id
X-Request-Url
X-MCACHE
MIME-Version
Dynatrace
X-Pjax-Url
Requestid
Cneonction
X-Cache-Expires
X-Policy
X-Uri
X-Fastly-Backend-Reqs
CDN
Host-ID
SID
Xet-Cookie
DataCenter
X-Vct
X-Lb-Id
Pics-Label
X-Apw-Access-Object
X-Apw-Access-Action
X-Swift-Error
X-Apw-Access-Token
X-Apw-Hits
X-Dw-Trace-Id
X-NGINX-Cache
Epwk-Cache
X-PF-Uncompressing
Cache-Provider
X-WA
Correlation-Id
X-Cdn-Request-ID
X-Varnish-Action
X-Ecache
X-Cf-Powered-By
X-Newrelic-App-Data
X-NGENIX-Cache
Lfy
Warning
X-Bug-Bounty
X-Serial
X-Akamai-ERPolicy
X-WPE-Loopback-Upstream-Addr
X-Service
RequestUuid
Fastcgi-X-Cache
X-Akamai-ERRuleID
X-Html-Edge-Cache
X-Fastly-Cache-Hits
X-DW
X-ServerName
X-RPM
X-RPS
X-Fpc
X-DSS
X-DI
X-Flow-Id
X-Page-Impression-Id
X-Zalando-Child-Request-Id
X-DB
X-RSL