Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
Alt-Svc
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
Content-Encoding
X-Iinfo
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Age
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Request-Id
X-Amz-Id-2
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
EagleId
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Server-Id
Feature-Policy
Server-Timing
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Host
X-Rq
Report-To
X-Ac
Content-Location
X-Node
X-OneAgent-JS-Injection
X-Request-ID
X-Backend-Server
X-Response-Time
X-Cnection
X-Origin-Cache
X-Cloud-Trace-Context
X-Application-Context
X-Readtime
Allow
Request-Id
EagleEye-TraceId
Surrogate-Control
X-Country
X-ORACLE-DMS-ECID
X-Cache-Lookup
X-Cdn
X-Vhost
X-TTL
X-DynaTrace
X-Url
Pinterest-Generated-By
X-Rack-Cache
X-Ua-Compatible
X-Clacks-Overhead
X-Origin-Upstream-Status
NEL
X-Ruxit-JS-Agent
X-Dns-Prefetch-Control
X-FTR-Request-ID
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Rating
X-Country-Code
X-CST
X-HW
X-ORACLE-DMS-RID
X-Dispatcher
X-Goog-Hash
X-Instart-Request-ID
Fusion-Source
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Template-Id
X-DataStream-Cache-Status
Edge-Control
X-PC
X-TtlSet
X-Vname
X-DataDome
X-Px
X-VARITI-CCR
Service-Worker-Allowed
Verso
X-Mod-Pagespeed
X-MS-InvokeApp
X-Recruiting
SPRequestGuid
X-D2id
X-Use-Magma
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja-Build
X-Kinja-Server
X-Kinja
X-Exp-Variant
X-GoogleNews-Bot
X-Varnish-TTL
X-Vcap-Request-Id
RTSS
X-Amz-Server-Side-Encryption
X-Abt-Application-Version
TCN
DynaTrace
X-SharePointHealthScore
X-Navigation-Version
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-GitHub-Request-Id
X-Sol
Response
X-Middleton-Response
Display
X-Middleton-Display
X-Powered-By-Plesk
X-RateLimit-Remaining
X-Akam-SW-Version
MS-Author-Via
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-B3-TraceId
Charset
Content-MD5
Accept-Ch-Lifetime
X-Shield-Request-Id
ServerID
X-Amz-Rid
AR-PoweredBy
AR-CACHE
AR-ATIME
Ar-Sid
X-Trace
Realpath
X-Forwarded-Proto
X-Powered-CMS
Accept-Ch
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
Nginx-Cache
X-DynaTrace-JS-Agent
X-Dw-Request-Base-Id
X-ESI
AR-Request-ID
X-Version
X-Cached
Fastly-Restarts
X-Upstream
X-Server-Name
Public-Key-Pins
X-Shard
X-Mrf-Item-Lastmod
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Mrf-Section-Lastmod
Pagespeed
Access-Control-Request-Method
Paypal-Debug-Id
X-MSEdge-Ref
X-Goog-Storage-Class
X-Grace
SPRequestDuration
SPIisLatency
X-Client-IP
S
X-Vcache
X-Debug
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Proxy
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-FTR-Expires
X-FTR-DC
X-FTR-Realm
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Backend
X-FTR-Balancer
X-FTR-Cache-Status
X-Id
X-Amz-Meta-S3cmd-Attrs
X-Ezoic-Cdn
X-N
X-FastCGI-Cache
X-Fastly-Request-ID
X-T
X-DIS-Request-ID
X-Amzn-Trace-Id
Arr-Disable-Session-Affinity
Accept-CH
Front-End-Https
X-NF-Request-ID
MicrosoftSharePointTeamServices
X-Content-Type
X-Hits
X-B3-Sampled
X-XRDS-Location
X-Varnish-Age
X-Ser
X-FTR-Cache-Host
Arc-Version
PB-RID
PB-PID
Fastcgi-Cache
X-Mobile-Rewrite
X-B3-Traceid
X-Acc-Meta-Resource-Type
Alternate-Protocol
X-Frontend
Server-Name
X-Content-Digest
X-Logged-In
X-Correlation-Id
X-Pad
X-Srv
Nel
X-Cache-Key
X-Forwarded-For
X-Node-Name
AMP-Access-Control-Allow-Source-Origin
Host
X-Microsite
X-Request-Handler-Origin-Region
Powered-By-ChinaCache
FilterID
TP-L2-Cache
TP-Cache
X-Type
X-Kinsta-Cache
X-Rid
Healthy
X-LB-Cache
X-User-Agent
X-IPLB-Instance
X-Esi
X-Request-Received
Edge-Cache-Tag
X-Request-Processing-Time
X-Debug-Info
X-AOL-HN
X-Cached-By
X-VCache
X-F-Cache
X-Cache-2
X-Amz-Apigw-Id
Powered
X-Amzn-RequestId
X-GUploader-UploadID
X-Zen-Fury
X-Revision
X-XRDS-LOCATION
X-Hostname
X-HS-Hub-Id
X-Cache-Rule
X-HS-Content-Id
X-Analytics
X-Cache-Age
Backend-Timing
X-Accel-Expires
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Surrogate-Key
X-AppVersion
X-Az
X-Activity-Id
X-Via-JSL
VIX-Pulpo-Upstream-Status
X-Varnish-Backend
VIX-Pulpo-Node
X-Content-Security-Policy-Report-Only
X-Page-Id
X-BCube-Filmed-By
X-Instance
X-Varnish-Grace
X-Content-Options
X-Amz-Replication-Status
X-Cluster
X-FB-Debug
X-Jobs
X-Akamai-Edgescape
X-Tumblr-User
X-Request-Guid
X-PHP-Backend
X-Tumblr-Pixel-0
X-Content-Powered-By
X-Tumblr-Pixel
Cache-Status
Source
X-RateLimit-Limit
X-TT
X-App-Environment
X-Fastcgi-Cache
Cleartype
X-Framework
Server-Node
X-Forwarded-Host
Refresh
X-Server-ID
X-Signature
X-B-Cache
X-Varnish-Hostname
X-FW-Serve
X-FW-Hash
Liferay-Portal
X-FW-Type
X-FW-Server
X-FW-Static
Tracecode
X-ATG-Version
DC
WPE-Backend
Host-Header
X-Mobile
X-Cache-Operation
Accept-Charset
X-Cache-Control
X-Edge-Location
X-Cache-Action
Access-Control-Allow-Method
Fastcgi-Useragent
Accept-CH-Lifetime
X-Drupal-Cache-Tags
X-Time
Actual-Object-TTL
X-APP-VERSION
X-Cache-Hit
X-Accel-Buffering
X-B
X-Response-Served-From
X-NWS-LOG-UUID
X-Hp-Webp
Payment
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Mobile-URL
X-Storage
X-TX-ID
X-SS-Set-Cookie
X-Whom
X-WebKit-CSP-Report-Only
Upgrade-Insecure-Requests
X-Content-Age
X-App-Server
X-WA-Info
X-Yottaa-Metrics
Cache-Tv-Group
X-TT-TIMESTAMP
X-Git-Hash
X-Yottaa-Optimizations
X-Handled-By
X-Cacheable-TTL
X-UA-Device-Type
Filters
X-Adobe-Content
Eomportal-Instance
X-GeoIP
X-Tumblr-Pixel-1
Cache
X-Status
X-Tumblr-Pixel-2
X-Adobe-Loc
X-ProcessESI
X-RequestSource
NGB
X-RemovedCookies
Viewport
X-Geo-Country
X-VG-WebCache
Xserver
Cache-Tag
X-Cache-TTL
Retry-After
Datacenter
Webserver
X-Cache-TTL-Remaining
X-Ratelimit-Reset
X-FW-Dynamic
Server-Info
X-TA-CDN-Provider
X-FB-TRIP-ID
X-Cache-Enabled
X-Seen-By
X-Ratelimit-Limit
X-Presslabs-Stats
X-Oracle-Dms-Rid
MS-CV
X-Contextid
X-Host-Name
S-Cnection
X-Origin-Server
X-B3-Spanid
From-Origin
Country
Frame-Options
X-Generated-By
X-Hyper-Cache
X-RTag
X-PressLabs-Stats
Ms-Operation-Id
X-CF-Powered-By
X-Mode
X-ES-SERVER
X-Cache-Config
X-Cache-Var
X-Path-Route
Load-Balancing
Machine
X-Cache-Var-Map
X-Tumblr-Pixel-3
X-RN-RSRV
Meta-Geo
Vix-Hermes-Req-Id
X-Proxied
X-Cache-Grace
Cache-Key
X-MP-GENERATED-AT
X-Zipkin-Id
X-Section
X-Hit
X-Routing-Service
X-Access
X-Upstream-HT
X-Upstream-CT
X-Labrador-Cache-Channel
Decoy-Debug-TTL
X-Cache-Host
X-From
X-Upgrade-Enabled
Now
Decoy-Debug-Status
X-Human
X-RCS-CacheZone
X-PCL
X-OCL
X-Loop
X-Backend-Name
X-TNCMS
X-Varnish-Cache-Hits
X-Guploader-Uploadid
X-Web-Node
X-Viewer-Country
X-Varnish-Server
Decoy-Debug-Key
X-AWS-Id
Rt-Fastcgi-Cache
Mn-Server-Ip
ServedBy
X-Akamai-Request-ID
X-Alternate-Cache-Key
X-CCM
X-Magnolia-Registration
X-ShardId
X-Origin-Response-Time
X-LJ-Flow-ID
X-Sorting-Hat-ShopId
X-ShopId
X-VG-TLSProxy
X-Sorting-Hat-PodId
X-R9-Blue-Green-Version
X-VWS-Id
X-Shopify-Stage
X-L-Path
X-Varnish-Hits
X-Environment-Context
X-EIG-Tracking-Id
X-Debug-Cache
X-Rule
X-Endurance-Cache-Level
X-Region
X-Via-Fastly
X-Rendered-As
Cache-Name
X-S
DB-Nickname
DSUID
OT-Force-Account-Verify
GEO-INFO
Mail-Subject
X-Proxy-Build
X-Hosted-By
X-JoinUs
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated
X-Drupal-Cache-Contexts
X-FC-Vary-Parameters
X-Xfnlog-Site
X-NCache
Uber-Trace-Id
Akamai-GRN
X-Timing-Wait
X-Cluster-Node
We-Hiring
X-Proto
X-Device-Type
Release
SRV
X-Trace-Id
X-BYPASS-REASON
X-Nginx-Cache
X-ProxyCache-Key
X-Locale
X-ProxyCache-Status
X-Site-Version
X-Load-Cache
X-Www-Served-By
X-Redis-Cache
Cteonnt-Length
NGX
X-Platform-Server
X-VCT
X-UUID
Version
X-Request-Time
ProcessTime
X-IP
X-Daa-Tunnel
X-Time-Microsecs
X-Cache-NE
X-NewRelic-App-Data
X-ECACHE
X-EdgeConnect-Cache-Status
Time
X-Via-CDN
Azure-SiteName
S-Rt
Azure-SlotName
X-FW-Version
Azure-RegionName
Azure-InstanceId
X-Wix-Request-Id
Azure-Version
X-MServer
X-Origin
X-Dc
X-Rocket-Nginx-Bypass
X-Hl-Ver
X-GEO
TWC-Device-Class
TWC-Privacy
TWC-Locale-Group
CACHE
Webcakes-App-Version
X-Origin-Hint
Webcakes-Region
TWC-GeoIP-LatLong
Webcakes-App-Name
TWC-GeoIP-Country
TWC-Connection-Speed
Property-Id
X-Vgn-Hpd-Reason
X-Cache-Remote
X-ServerID
NtCoent-Length
X-No-Session
X-Proxy
X-FireWall-Port
X-IPS-LoggedIn
Origin
X-Akamai-Request-ID2
X-Oneagent-Js-Injection
X-CDN-Forward
X-Akamai-Transformed
Odigeo-Trace-Id
X-Real-IP
X-Distributor
X-HTML-Minification-Powered-By
X-RateLimit-Reset
X-ApacheServer
Fastly-SSL
X-PERF
X-UA
X-Format
X-CS
X-Cache-Backend
X-Cache-Server
L5d-Success-Class
Ec-Rule-Version
X-Webkit-Csp
X-Compress-Hint
X-Unique-ID
X-Pubstack
X-Microcachable
Access-Control-Request-Headers
LB
Origin-Edge-Control
Cache-Tags
Origin-Cache-Control
Served-By
X-SERVER-NAME
Fastcgi-X-Cache-Version
X-UnsetCookies
Hostname
IBM-Web2-Location
X-BACKEND-TTL
X-Cache-Category-Id
X-Tb
X-Edge
X-Grey
X-NC
X-Varnish-Cacheable
Backend-Name
X-Vtex-Processado-Em
GEO-REGION-INFO
MD5-Digest
Fly-Cache
Fastly-SWR
X-Worker
X-Vtex-Remote-Cache
Fly-Request-Id
X-VG-WebServer
X-App-Name
X-Server-Time
X-ScT
X-S-Maxage
Meta-Geo-Continent
X-SRCache-Key
X-Twitter-Response-Tags
X-Trv-Group
X-Transaction
Xc-Version
Cross-Origin-Window-Policy
BehaviorPad-Version
X-B-Cookie
X-ARC
Cache-Cookie-Set-From
AsisCache
X-Date
Arc-Country
A
X-Cache-Bucket
X-Connection-Hash
Cache-Cookie-Set-Idcheck
Cdn-Request-Time
Content-Script-Type
Content-Style-Type
X-S-Cookie
Cdn-Host
X-Application
Cache-Cookie-Set-Lfrom
Cache-Prefix
X-Cluster-Name
Fastly-SIE
X-CF-Lambda-Version
Viewtype
X-Accel-Expires-Debug
X-IN-APIGATEWAY
X-G
Server-ID
X-Instart-Info
X-Internal-Host
Request-Time
Rt-Proxy-Cache
X-External-Request-Id
VivaBuild
X-A-Dcw
X-Developer
X-A-Dgt
X-Detected-As
X-DPWN-IS-SECURE
X-A-Ccd
X-Destination
X-Edge-Server
X-A
Request-EU
Request-Country
X-Cdn-Srv
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-PAYTM-SRV-ID
X-Region-Sid
X-Request-UUID
X-A-Wwc
X-Rojux
X-Rewrite-Enabled
X-D
Mobile-Detection-Method
Proxy-Firewall
X-Aed
Rendered-Blocks
X-Is-Bot
X-NU-AKA-ACS-Version
X-Org
Node
X-CF-Lambda-Fn
X-AIR-PT
X-A-Dam
Proxy-Connection
Accept-Language
X-B3-Parentspanid
X-Powered-By-Defense
ServerName
X-ElasticPress-Search
RNT-Machine
X-Developers
Ha-Gx-Prefs
RNT-Time
Section-Io-Cache
True-Client-Country-4JS
Server-Int
X-Processor
X-PHP-Host
X-Request-URI
HA-Ipaddr
Memcached
X-ServiceProvider
On-Server
W
Is-Eu
Platform
X-Via-NSCOPI
X-Location
X-Fastly-Cache
X-Clientip
X-CGP
X-Cdn-Origin
X-Eu-Site
X-Core-Mission
X-Debug-Log
X-Debug-Cookies
X-Epic-Correlation-Id
X-Cache-Info
X-Cache-Id
X-HS-Combine-CSS
X-Level-Front-Cache
Gh-Request-Id
X-Nginx-Cache-Key
X-HS-Cache-Config
X-GeoIP-Country-Code
X-Generated-On
X-Backend-State
X-Geo-Header
X-NX-Host
Resin-Trace
Adler-Geo
X-Varnish-Url
Apple-News-Services-Request-Url
AKAMAI
Content-Disposition
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-We-Are-Hiring
X-Variation
Esi-Enabled
X-Sn-Servicetimems
X-SVT-ORM-RULES
Countrycode
X-SVT-ORM-VERSION
X-C
X-Skip-Cache
X-Key
X-Amz-Meta-Cache-Control
X-Wikidot-Backend
X-Irp-Debug
X-Li-Pop
CDCHOST
X-SIPLIST1
Web-Mar-Node
X-Method
X-LI-UUID
X-Li-Fabric
X-Hnp-Log
X-LI-Proto
X-WebServer
X-Block-Status
X-Cms-Context
X-Clara-WADP
X-Fetched-On
REQUESTUUID
X-Distil-CS
X-Device-Os
X-Dispatch
X-Dispatcher-Server
X-FPC
X-CDN-Cache
X-BBXSRF
X-Auto-Login
X-Wikidot-Static-Cache
X-Generation-Time
V-Age
X-Cache-FS-Status
X-Gannett-Site-Version
X-Gen-Mode
X-Hash
X-WADP-Cache
Country-Code
X-Response-By
SD-X-WS
X-Nc
X-Via-Edge
Server-Host
X-Qloud-Router
X-Reboot
X-Reqid
X-Request-Start
X-TH-Server
PFcat
Fastly-Soc-X-Request-Id
SS
X-SD-PageType
X-Secret
IsBot
X-Servername
User-Cache-Control
UCS
X-Via-SSL
X-Served-From
X-Server-IP
X-Ua
GW-Server
Heartbleed
X-GeoIP-City
X-Thanos
Powered-By
X-Crawler
Pramga
X-Swa-Ws
X-Amzn-Remapped-Content-Length
L
N-Cache
Wxu-Next-Region
X-Matched-Rule
Thinkindot-Control
X-Bip
Wxu-Next-Hostname
Wxu-Next-Commit
X-Origin-Date
X-VServer
Who
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
CF-IPCountry
X-Release
X-Azure-Ref
X-Azure-Ref-OriginShield
X-Origin-Expires
X-Owner
X-Webstats-RespID
X-Thinkindot-L3
Selected-Fe
X-Varnish-Ttl
X-Proxy-Upstream
X-TrackingId
X-Proxy-Cache-Status
X-Parent-Response-Time
X-VC-Cache
X-OVcl-Cache
X-OVcl
X-ND-Cache
X-CUA
Mime-Version
X-CLOUD-TRACE-CONTEXT
X-Ratelimit-Remaining
Kp-EeAlive
X-Pf-Uncompressing
X-FE
X-Protected-By
PageSpeed
X-Urbn-Context-Path
Locale
X-Urbn-Site-Id
X-Varnish-Beresp-Ttl
Magicmarker
Pragrma
User-Agent
X-LAGOON
X-Fstrz
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
Memory
X-Planisys-CDN-TTL
X-Flog
X-Origin-CC
X-Hello
X-Page-Type
X-ABtesting
X-Origin-TTL
X-URL
X-Be
X-Phone
X-Geo
Pagetype
X-Ttl
X-IN-WAF
X-Core-Value
X-DC
X-Cache-Ttl
X-Dynatrace-Js-Agent
X-Zone
X-User
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Generated-In
X-Backend-Url
X-Backend-Host
X-Cdn-Forward
X-Backend-TTL
X-B3-SpanId
X-MSEdge-Features
X-Tt-Trace-Tag
X-Up
X-Newrelic-Synthetics
X-MSEdge-Flight
X-GoCache-CacheStatus
X-Birta-Served
X-Birta-Cache-Post
X-Debug-Cache-Fetch
X-TT-LOGID
X-Soup
X-Debug-Cache-Store
X-Debug-Cache-Expiry
X-Varnish-IP
X-Info
X-Litespeed-Cache
X-Servedbyhost
X-Oss-Storage-Class
Geoip-Latitude
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Server-Time
Selected-FE
Geoip-City
GeoIp-Country-Code
Cdn
HitType
X-Check-Cacheable
X-MID
SN
X-Real-Ip
X-Mid
X-ZONE
X-Aicache-OS
X-HS-Status
X-Datadome
X-SayCDN-TTL
X-VCL-Version
X-Say-Cacheable
X-Old-Content-Length
X-Say-TTL
X-GRACE
X-Ruxit-Js-Agent
Amp-Access-Control-Allow-Source-Origin
Cache-Hits
CF-Cached-On
X-Agile-Id
X-Vcl-Version
X-Agile-Age
FSS-Cache
X-Agile
X-Tb-Optimization-Total-Bytes-Saved
X-Refresh
X-Cache-Debug
FSS-Proxy
X-Source
X-ServedByHost
X-Akamai-SSL-Client-Sid
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Web-Server
X-Bc
GeoIP-Country-Code
X-Varnish-Authentication
HostName
Fastly-Backend-Name
X-Node-Id
Server-Surrogate-Control
X-Contensis-Viewer-Groups
Server-Cache-Control
X-CSRF-TOKEN
Inserted-Into-Cache-At
X-Cache-ASPX
X-Cache-Time
X-App-Version
X-EC-Lua
WZWS-RAY
X-BC
X-IN-APIGATEWAYSSL
Ajk
X-APP
XServer
X-COUNTRY
RequestId
X-Logtrace-Id
X-UPSTREAM-Address
GeoIP-City
GeoIP-Latitude
X-Via-Ucdn
Srv
X-Nananana
X-CSRF-Token
X-FORWARDED-FOR
X-RateLimit-Limit-Second
X-ECache
Ohc-Cache-HIT
X-NWS-UUID-VERIFY
Ohc-File-Size
Xkeyrz
Group
X-Proxy-Cacherz
X-RateLimit-Remaining-Second
X-WR-MODIFICATION
X-TIME
X-Wa
X-Dynatrace
WebServer
X-BE
Cf-Ipcountry
X-Varnish-Beresp-TTL
HTTPS
Www
X-Unique-Id
Get-Access-Time
T-Server
Is-Session-Tracking
X-PJAX-URL
Xkeynj
X-LB-ID
X-CACHE-KEY
X-SRV
X-SN
X-Cache-Tag
PICS-Label
Backend
X-PAGE-TYPE
URI
X-Fastly-Country-Code
X-LiteSpeed-Cache-Control
X-Request-Url
X-Cache-Miss-From
X-Render-Time
X-Requestid
X-Sedo-Request-Id
X-Instart-Isnd
X-Micro-Cache
X-Edge-IP
X-GDPR
Dynatrace
X-MCACHE
MIME-Version
Host-ID
X-Fastly-Backend-Reqs
X-Cache-Expires
Requestid
Cneonction
Lb
CDN
Xet-Cookie
DataCenter
X-Apw-Hits
X-Uri
X-Policy
SID
X-Pjax-Url
Pics-Label
X-Vct
X-Apw-Access-Object
X-Apw-Access-Action
X-Swift-Error
X-Apw-Access-Token
X-Dw-Trace-Id
X-NGINX-Cache
X-Ecache
X-Lb-Id
X-WA
Correlation-Id
X-PF-Uncompressing
X-Cf-Powered-By
X-Varnish-Action
Epwk-Cache
X-Newrelic-App-Data
X-NGENIX-Cache
RequestUuid
X-RSL
X-DSS
X-DI
X-WPE-Loopback-Upstream-Addr
X-Serial
X-RPS
X-Cdn-Request-ID
X-Service
Cache-Provider
Fastcgi-X-Cache
X-RPM
X-Html-Edge-Cache
Lfy
X-Flow-Id
X-Fastly-Cache-Hits
X-Page-Impression-Id
X-Fpc
X-Zalando-Child-Request-Id
X-ServerName
X-Akamai-ERRuleID
Warning
X-Bug-Bounty
X-DW
X-Akamai-ERPolicy
X-DB