Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Xss-Protection
X-Served-By
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
Alt-Svc
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
Content-Encoding
X-Iinfo
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-Turbo-Charged-By
X-CDN
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Id-2
X-Amz-Request-Id
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
EagleId
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-SaveTime
X-Swift-CacheTime
X-WebKit-CSP
Ali-Swift-Global-Savetime
X-Ua-Compatible
Feature-Policy
X-Device
Server-Timing
X-Server-Id
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Host
Report-To
X-Rq
X-Ac
Content-Location
X-Node
X-OneAgent-JS-Injection
X-Backend-Server
X-Cnection
X-Response-Time
X-Request-ID
X-Cloud-Trace-Context
X-Origin-Cache
X-Application-Context
EagleEye-TraceId
Allow
Request-Id
X-Readtime
Surrogate-Control
X-Cdn
X-Country
X-ORACLE-DMS-ECID
X-Cache-Lookup
X-TTL
X-Vhost
X-DynaTrace
X-Url
X-Rack-Cache
Pinterest-Generated-By
X-Clacks-Overhead
X-Origin-Upstream-Status
NEL
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Ruxit-JS-Agent
X-FTR-Request-ID
Rating
X-CST
X-Country-Code
X-HW
X-ORACLE-DMS-RID
X-Goog-Hash
X-Dispatcher
X-Instart-Request-ID
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
X-DataStream-Cache-Status
Edge-Control
X-PC
X-Vname
X-TtlSet
X-Px
X-VARITI-CCR
X-DataDome
Service-Worker-Allowed
X-MS-InvokeApp
Verso
X-Mod-Pagespeed
SPRequestGuid
X-Recruiting
X-Dns-Prefetch-Control
X-D2id
X-Kinja-Revision
X-Kinja-Build
X-Cdn-Fetch
X-Use-Magma
X-Exp-Id
X-Kinja-Server
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja
X-Varnish-TTL
X-Vcap-Request-Id
RTSS
X-Abt-Application-Version
X-SharePointHealthScore
X-Amz-Server-Side-Encryption
DynaTrace
TCN
X-Navigation-Version
X-RateLimit-Remaining
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-GitHub-Request-Id
X-Powered-By-Plesk
X-Sol
Response
X-Middleton-Display
X-Middleton-Response
Display
X-Akam-SW-Version
X-B3-TraceId
MS-Author-Via
Charset
Content-MD5
X-ESI
Accept-Ch-Lifetime
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Shield-Request-Id
AR-CACHE
Ar-Sid
AR-PoweredBy
AR-ATIME
X-Amz-Rid
ServerID
X-Trace
Realpath
X-Powered-CMS
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Forwarded-Proto
X-Dw-Request-Base-Id
X-DynaTrace-JS-Agent
Nginx-Cache
X-Version
AR-Request-ID
X-Upstream
X-Cached
Accept-Ch
X-Server-Name
Public-Key-Pins
Fastly-Restarts
X-Shard
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Access-Control-Request-Method
SPIisLatency
SPRequestDuration
X-Goog-Storage-Class
X-MSEdge-Ref
Paypal-Debug-Id
X-Client-IP
Pagespeed
S
X-Pinterest-Rid
X-Upstream-Proxy
Pinterest-Version
X-Debug
X-Id
X-Country-Code-Real
X-Grace
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Balancer
X-Amz-Meta-S3cmd-Attrs
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-FTR-Expires
X-Ezoic-Cdn
Accept-CH
X-N
X-DIS-Request-ID
X-T
X-Fastly-Request-ID
MicrosoftSharePointTeamServices
X-Vcache
Front-End-Https
X-XRDS-Location
X-NF-Request-ID
Arr-Disable-Session-Affinity
X-Amzn-Trace-Id
X-FastCGI-Cache
X-Content-Type
X-Hits
X-B3-Sampled
X-Varnish-Age
X-Ser
X-Mobile-Rewrite
PB-RID
PB-PID
Arc-Version
Fastcgi-Cache
X-FTR-Cache-Host
Alternate-Protocol
X-Server-ID
X-Frontend
X-Acc-Meta-Resource-Type
X-Logged-In
X-Content-Digest
Server-Name
X-B3-Traceid
X-Correlation-Id
X-Srv
X-Pad
X-Forwarded-For
X-VCache
X-Node-Name
Host
AMP-Access-Control-Allow-Source-Origin
Nel
X-Request-Handler-Origin-Region
Powered-By-ChinaCache
X-Microsite
FilterID
Healthy
TP-Cache
TP-L2-Cache
X-Cache-Key
X-LB-Cache
X-Type
X-Kinsta-Cache
X-User-Agent
X-Rid
Edge-Cache-Tag
X-AOL-HN
X-IPLB-Instance
X-Debug-Info
X-Request-Processing-Time
X-Request-Received
X-GUploader-UploadID
X-Cached-By
X-F-Cache
X-Cache-2
X-Revision
X-Zen-Fury
Powered
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Hostname
X-Cache-Rule
X-Analytics
Backend-Timing
X-Cache-Age
X-HS-Hub-Id
X-HS-Content-Id
X-XRDS-LOCATION
X-Accel-Expires
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Surrogate-Key
X-RateLimit-Limit
X-Esi
X-Fastcgi-Cache
X-Az
X-Via-JSL
X-Activity-Id
X-AppVersion
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Varnish-Backend
X-Page-Id
X-Varnish-Grace
X-BCube-Filmed-By
X-Content-Security-Policy-Report-Only
X-Content-Options
Source
X-Jobs
X-FB-Debug
X-Content-Powered-By
X-PHP-Backend
X-Instance
X-Request-Guid
X-Cluster
X-Amz-Replication-Status
X-Tumblr-User
X-Tumblr-Pixel
X-Akamai-Edgescape
X-Tumblr-Pixel-0
Cache-Status
X-TT
X-App-Environment
X-Framework
Cleartype
Server-Node
Refresh
X-Forwarded-Host
X-B-Cache
X-Signature
X-Varnish-Hostname
Tracecode
Liferay-Portal
X-FW-Type
X-FW-Hash
X-FW-Serve
X-FW-Static
X-FW-Server
WPE-Backend
Host-Header
X-ATG-Version
X-Mobile
DC
X-Cache-Operation
X-Time
Accept-Charset
X-Cache-Control
Access-Control-Allow-Method
X-Drupal-Cache-Tags
X-Cache-Action
X-Edge-Location
Actual-Object-TTL
Fastcgi-Useragent
X-Cache-Hit
Cache
Accept-CH-Lifetime
X-NWS-LOG-UUID
X-Response-Served-From
X-Accel-Buffering
X-Erf-Bev-Bev
Payment
X-Erf-Bev-Bev-Is-Generated
X-Hp-Webp
X-Mobile-URL
X-Whom
X-TX-ID
Upgrade-Insecure-Requests
X-Storage
X-B
X-App-Server
X-Content-Age
X-UA-Device-Type
X-WebKit-CSP-Report-Only
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-TT-TIMESTAMP
Xserver
X-SS-Set-Cookie
X-WA-Info
X-RequestSource
X-Cacheable-TTL
X-GeoIP
Filters
X-Cache-TTL
X-Adobe-Loc
X-Git-Hash
X-Adobe-Content
Eomportal-Instance
X-Status
X-Handled-By
Viewport
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-ProcessESI
Cache-Tv-Group
X-RemovedCookies
X-Ratelimit-Reset
X-VG-WebCache
X-APP-VERSION
X-Geo-Country
NGB
Cache-Tag
X-TA-CDN-Provider
Datacenter
Webserver
Server-Info
X-Cache-TTL-Remaining
Retry-After
X-FB-TRIP-ID
X-Cache-Enabled
X-FW-Dynamic
X-Seen-By
X-Contextid
MS-CV
X-Host-Name
X-Ratelimit-Limit
X-Oracle-Dms-Rid
X-Presslabs-Stats
S-Cnection
X-PressLabs-Stats
Frame-Options
Country
From-Origin
X-Origin-Server
X-Generated-By
X-CF-Powered-By
X-Mode
X-Hyper-Cache
X-Cache-Config
X-VWS-Id
Ms-Operation-Id
X-RTag
X-AWS-Id
X-Cache-Var
X-LJ-Flow-ID
X-Path-Route
Load-Balancing
Machine
X-RN-RSRV
Meta-Geo
X-ES-SERVER
X-Cache-Var-Map
X-Cache-Grace
Cache-Key
X-Section
DSUID
X-Upstream-CT
X-Upstream-HT
X-Access
Vix-Hermes-Req-Id
X-Labrador-Cache-Channel
X-Cache-Host
Mail-Subject
We-Hiring
Decoy-Debug-Status
Decoy-Debug-TTL
Release
Mn-Server-Ip
Decoy-Debug-Key
X-Hit
X-From
X-Varnish-Cache-Hits
X-PCL
X-Backend-Name
X-Upgrade-Enabled
X-Varnish-Server
X-Proxied
X-RCS-CacheZone
X-Routing-Service
X-Zipkin-Id
X-Web-Node
X-OCL
X-TNCMS
X-Human
X-Device-Type
X-Debug-Cache
X-Magnolia-Registration
X-Loop
X-EIG-Tracking-Id
X-MP-GENERATED-AT
X-ShopId
X-Shopify-Stage
X-Tumblr-Pixel-3
X-ShardId
X-Rule
X-R9-Blue-Green-Version
ServedBy
X-CCM
X-Alternate-Cache-Key
X-VG-TLSProxy
X-Sorting-Hat-ShopId
X-Proto
X-Origin-Response-Time
X-Sorting-Hat-PodId
GEO-INFO
X-Akamai-Request-ID
Now
Rt-Fastcgi-Cache
X-Viewer-Country
OT-Force-Account-Verify
X-Rendered-As
X-Varnish-Hits
X-Generated
X-FC-Vary-Parameters
X-Endurance-Cache-Level
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Environment-Context
X-JoinUs
X-Xfnlog-Site
X-Region
X-Timing-Wait
X-S
X-B3-Spanid
X-Proxy-Build
Uber-Trace-Id
X-L-Path
Akamai-GRN
Cache-Name
X-Cluster-Node
X-Hosted-By
X-ProxyCache-Key
X-Via-Fastly
X-Guploader-Uploadid
X-ProxyCache-Status
X-BYPASS-REASON
X-NCache
X-Trace-Id
X-VCT
X-Drupal-Cache-Contexts
X-Nginx-Cache
X-Locale
DB-Nickname
X-Site-Version
NGX
Cteonnt-Length
X-Www-Served-By
X-Redis-Cache
ProcessTime
X-Platform-Server
X-Load-Cache
X-UUID
X-Cache-NE
X-MServer
X-Request-Time
X-Hl-Ver
SRV
X-NewRelic-App-Data
X-Daa-Tunnel
Version
X-ECACHE
X-EdgeConnect-Cache-Status
X-IP
X-Time-Microsecs
Time
X-ServerID
X-Via-CDN
X-Rocket-Nginx-Bypass
S-Rt
X-Vgn-Hpd-Reason
X-Wix-Request-Id
X-Origin
X-Cache-Remote
Webcakes-Region
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Webcakes-App-Version
TWC-Privacy
TWC-Locale-Group
Webcakes-App-Name
TWC-Device-Class
X-GEO
X-Origin-Hint
X-IPS-LoggedIn
TWC-Connection-Speed
Property-Id
X-Proxy
X-FW-Version
Azure-RegionName
Origin
Azure-InstanceId
Azure-SiteName
Azure-SlotName
Azure-Version
X-Real-IP
X-No-Session
NtCoent-Length
X-FireWall-Port
X-Akamai-Request-ID2
X-Akamai-Transformed
L5d-Success-Class
X-Distributor
Odigeo-Trace-Id
X-Dc
X-Cache-Backend
Fastly-SSL
X-Oneagent-Js-Injection
CACHE
X-ApacheServer
Served-By
X-HTML-Minification-Powered-By
X-PERF
X-CS
X-Cache-Server
X-Unique-ID
X-Format
X-RateLimit-Reset
X-Microcachable
X-UA
Ec-Rule-Version
X-Compress-Hint
Origin-Edge-Control
X-CDN-Forward
Origin-Cache-Control
Access-Control-Request-Headers
Hostname
Fastcgi-X-Cache-Version
X-Pubstack
Cache-Tags
X-Grey
X-Cache-Category-Id
X-Webkit-Csp
IBM-Web2-Location
X-UnsetCookies
X-Tb
X-SERVER-NAME
X-Edge
X-Is-Bot
X-Detected-As
X-Varnish-Cacheable
Backend-Name
Proxy-Firewall
Node
Meta-Geo-Continent
Mobile-Detection-Method
HA-Ipaddr
Content-Script-Type
Content-Style-Type
BehaviorPad-Version
Cross-Origin-Window-Policy
Cache-Cookie-Set-From
Cdn-Request-Time
Cache-Cookie-Set-Lfrom
Cache-Prefix
Cdn-Host
Fastly-SIE
Fastly-SWR
Ha-Gx-Prefs
AsisCache
MD5-Digest
GEO-REGION-INFO
Fly-Request-Id
Fly-Cache
Cache-Cookie-Set-Idcheck
Rendered-Blocks
Arc-Country
X-Date
X-Org
X-NX-Host
X-NU-AKA-ACS-Version
X-PAYTM-SRV-ID
X-Rebelmouse-Cache-Control
X-Region-Sid
X-Rebelmouse-Surrogate-Control
X-Internal-Host
X-Instart-Info
X-External-Request-Id
X-Eu-Site
X-G
X-HS-Cache-Config
X-IN-APIGATEWAY
X-HS-Combine-CSS
X-Request-UUID
X-Rewrite-Enabled
X-VG-WebServer
X-Twitter-Response-Tags
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-Worker
X-Trv-Group
X-Transaction
X-S-Cookie
X-Rojux
X-S-Maxage
X-ScT
X-SRCache-Key
X-Server-Time
X-Edge-Server
X-DPWN-IS-SECURE
X-A-Dgt
X-A-Dcw
X-A-Wwc
X-Accel-Expires-Debug
X-AIR-PT
X-Aed
X-A-Dam
X-A-Ccd
Request-Time
Request-EU
Rt-Proxy-Cache
Server-ID
X-A
Viewtype
X-App-Name
X-Application
A
X-D
X-Debug-Cookies
X-Debug-Log
X-Developer
X-Destination
X-Connection-Hash
X-Cluster-Name
X-B-Cookie
X-ARC
X-Cache-Bucket
X-CF-Lambda-Fn
X-CGP
X-CF-Lambda-Version
Request-Country
VivaBuild
LB
X-Powered-By-Defense
X-BACKEND-TTL
Proxy-Connection
X-NC
X-B3-Parentspanid
X-Ua
X-Fastly-Cache
X-Request-URI
Server-Host
Memcached
Is-Eu
ServerName
X-TH-Server
Section-Io-Cache
RNT-Time
Platform
On-Server
X-ServiceProvider
True-Client-Country-4JS
X-Via-NSCOPI
RNT-Machine
Resin-Trace
X-Sn-Servicetimems
X-PHP-Host
X-GeoIP-Country-Code
X-Core-Mission
PageSpeed
X-Hash
X-Geo-Header
X-Generated-On
X-Epic-Correlation-Id
X-Dispatcher-Server
X-Developers
X-Clientip
X-Cdn-Srv
X-Level-Front-Cache
X-Backend-State
W
X-Key
X-Cache-Id
X-Cdn-Origin
X-Irp-Debug
X-Cache-Info
X-Reqid
Server-Int
X-C
Countrycode
Adler-Geo
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Variation
Country-Code
Apple-News-Services-Host
X-We-Are-Hiring
Apple-News-Services-Handled
Accept-Language
X-Nc
X-ElasticPress-Search
UCS
X-Crawler
X-Block-Status
X-Qloud-Router
X-Reboot
Web-Mar-Node
X-Varnish-Url
V-Age
User-Cache-Control
Wxu-Next-Hostname
X-Nginx-Cache-Key
X-SVT-ORM-VERSION
X-LI-Proto
X-Method
X-Amz-Meta-Cache-Control
X-LI-UUID
X-Li-Fabric
X-CDN-Cache
X-Li-Pop
Wxu-Next-Commit
Wxu-Next-Region
X-Processor
CDCHOST
X-Hnp-Log
Who
AKAMAI
X-SIPLIST1
X-Skip-Cache
X-WebServer
PFcat
X-Gen-Mode
X-Webstats-RespID
X-Gannett-Site-Version
X-Device-Os
Gh-Request-Id
X-Fetched-On
IsBot
X-BBXSRF
X-Dispatch
X-Distil-CS
X-Servername
X-SVT-ORM-RULES
X-Response-By
Esi-Enabled
SD-X-WS
X-Location
X-Request-Start
Content-Disposition
SS
X-Wikidot-Static-Cache
X-Server-IP
X-Wikidot-Backend
REQUESTUUID
X-Served-From
X-Secret
X-SD-PageType
Mime-Version
X-CUA
X-GeoIP-City
X-Generation-Time
X-FPC
X-Bip
X-WADP-Cache
X-Cache-FS-Status
X-Via-SSL
X-Via-Edge
X-Clara-WADP
X-Thanos
X-VServer
X-Owner
Powered-By
Thinkindot-CacheControl-Type
Fastly-Soc-X-Request-Id
X-Azure-Ref-OriginShield
X-Release
Thinkindot-CacheControl
X-Swa-Ws
X-Matched-Rule
X-Auto-Login
X-Azure-Ref
X-Thinkindot-L3
X-Cms-Context
X-Origin-Expires
L
X-Origin-Date
Thinkindot-Control
X-VC-Cache
Pramga
X-Proxy-Upstream
GW-Server
X-ND-Cache
Heartbleed
X-Proxy-Cache-Status
CF-IPCountry
X-Varnish-Ttl
Selected-Fe
X-Protected-By
Kp-EeAlive
N-Cache
X-OVcl-Cache
X-TrackingId
X-FE
X-OVcl
X-Varnish-Beresp-Ttl
X-CLOUD-TRACE-CONTEXT
X-Amzn-Remapped-Content-Length
X-Ratelimit-Remaining
User-Agent
X-LAGOON
X-Parent-Response-Time
Pragrma
X-Fstrz
X-Urbn-Context-Path
Locale
X-DC
X-Urbn-Site-Id
X-Pf-Uncompressing
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Cdn-Forward
Magicmarker
X-Zone
X-Page-Type
Memory
X-Origin-CC
X-B3-SpanId
X-Origin-TTL
X-Be
X-GRACE
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
Pagetype
X-Hello
X-ABtesting
X-Phone
X-Flog
X-Core-Value
X-IN-WAF
X-URL
X-Datadome
X-User
X-Geo
X-Generated-In
X-Ttl
X-Dynatrace-Js-Agent
X-Birta-Cache-Post
X-Birta-Served
X-GoCache-CacheStatus
X-Up
X-Varnish-IP
X-Soup
X-Info
Cdn
X-Backend-TTL
X-Newrelic-Synthetics
X-Backend-Url
X-Backend-Host
HitType
X-Cache-Ttl
Selected-FE
X-Debug-Cache-Fetch
X-TT-LOGID
X-Debug-Cache-Expiry
X-Debug-Cache-Store
X-MSEdge-Features
X-Tt-Trace-Tag
X-Servedbyhost
X-MSEdge-Flight
X-Litespeed-Cache
GeoIp-Country-Code
X-Oss-Storage-Class
Geoip-Latitude
X-Oss-Request-Id
SN
Geoip-City
X-Oss-Object-Type
X-HS-Status
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
CF-Cached-On
X-MID
X-Mid
X-Check-Cacheable
X-VCL-Version
X-Real-Ip
X-App-Version
X-Say-TTL
X-Tb-Optimization-Total-Bytes-Saved
X-Aicache-OS
X-Say-Cacheable
X-SayCDN-TTL
X-Source
X-Cache-Debug
X-Agile-Age
X-Refresh
X-Agile-Id
X-Agile
X-Ruxit-Js-Agent
Amp-Access-Control-Allow-Source-Origin
FSS-Proxy
X-ZONE
X-Web-Server
Cache-Hits
X-Vcl-Version
FSS-Cache
X-Old-Content-Length
GeoIP-Country-Code
X-Bc
X-ServedByHost
GeoIP-City
X-Akamai-SSL-Client-Sid
GeoIP-Latitude
X-CACHE-KEY
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-CSRF-TOKEN
Srv
Inserted-Into-Cache-At
X-Varnish-Authentication
Fastly-Backend-Name
X-Contensis-Viewer-Groups
Server-Surrogate-Control
WZWS-RAY
X-Node-Id
X-Cache-ASPX
Server-Cache-Control
HostName
X-Nananana
X-EC-Lua
X-Via-Ucdn
X-COUNTRY
X-IN-APIGATEWAYSSL
RequestId
Ajk
X-APP
X-UPSTREAM-Address
X-Logtrace-Id
X-Cache-Time
Ohc-Cache-HIT
X-CSRF-Token
Ohc-File-Size
Group
X-NWS-UUID-VERIFY
X-BC
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Wa
Xkeyrz
X-WR-MODIFICATION
HTTPS
X-Proxy-Cacherz
X-ECache
X-Dynatrace
XServer
WebServer
Cf-Ipcountry
X-SN
X-BE
X-Varnish-Beresp-TTL
URI
Www
Backend
X-Cache-Tag
Is-Session-Tracking
Get-Access-Time
T-Server
X-FORWARDED-FOR
Lb
X-Unique-Id
X-TIME
X-Instart-Isnd
X-Fastly-Country-Code
Xkeynj
X-PAGE-TYPE
Cneonction
X-Request-Url
X-LiteSpeed-Cache-Control
X-MCACHE
X-Edge-IP
X-LB-ID
PICS-Label
Host-ID
X-Requestid
Requestid
X-PJAX-URL
X-Cache-Expires
X-Cache-Miss-From
X-Micro-Cache
X-GDPR
X-Sedo-Request-Id
Dynatrace
X-Render-Time
X-Fastly-Backend-Reqs
Pics-Label
X-PF-Uncompressing
X-Pjax-Url
DataCenter
X-SRV
Xet-Cookie
X-Swift-Error
X-Varnish-Action
MIME-Version
X-Policy
X-NGENIX-Cache
Epwk-Cache
CDN
X-Lb-Id
X-Apw-Access-Action
X-Apw-Access-Object
X-Apw-Hits
X-Apw-Access-Token
X-Vct
X-Dw-Trace-Id
X-NGINX-Cache
SID
X-Cf-Powered-By
Fastcgi-X-Cache
X-Ecache
Correlation-Id
X-WA
X-Uri
X-Newrelic-App-Data
X-Bug-Bounty
Warning
Lfy
X-Page-Impression-Id
X-Service
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Serial
X-Html-Edge-Cache
X-Flow-Id
Sid
X-Cdn-Request-ID
X-WPE-Loopback-Upstream-Addr
X-DW
X-RPM
X-DSS
X-DI
Ohc-Response-Time
X-DB
X-RPS
X-RSL
X-ServerName
X-Fastly-Cache-Hits
RequestUuid
X-LiteSpeed-Tag
X-Svr
X-Fpc
X-Zalando-Child-Request-Id