Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Request-Id
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
X-Drupal-Cache
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
P3p
X-Template
Status
X-Language
Timing-Allow-Origin
Content-Encoding
X-Iinfo
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Request-Id
X-Amz-Id-2
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
X-Server-Powered-By
EagleId
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
X-WebKit-CSP
Ali-Swift-Global-Savetime
Feature-Policy
X-Device
Server-Timing
X-Server-Id
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Host
Report-To
X-Ac
X-Rq
Content-Location
X-Node
X-OneAgent-JS-Injection
X-Backend-Server
X-Cnection
X-Response-Time
X-Origin-Cache
X-Cloud-Trace-Context
X-Application-Context
EagleEye-TraceId
Allow
Request-Id
X-Readtime
Surrogate-Control
X-Country
X-Cache-Lookup
X-ORACLE-DMS-ECID
X-TTL
X-DynaTrace
X-Url
X-Vhost
X-Cdn
X-Rack-Cache
Pinterest-Generated-By
X-Clacks-Overhead
X-Origin-Upstream-Status
NEL
X-Ua-Compatible
X-CST
X-Ruxit-JS-Agent
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Rating
X-ORACLE-DMS-RID
X-FTR-Request-ID
X-Country-Code
X-HW
X-Goog-Hash
X-Dispatcher
X-Instart-Request-ID
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Source
Fusion-Content-Id
X-DataStream-Cache-Status
Edge-Control
X-Vname
X-TtlSet
X-PC
X-Px
X-VARITI-CCR
Service-Worker-Allowed
X-DataDome
X-MS-InvokeApp
X-Mod-Pagespeed
Verso
SPRequestGuid
X-Recruiting
X-Request-ID
X-Exp-Variant
X-Exp-Id
X-Dns-Prefetch-Control
X-Cdn-Fetch
X-GoogleNews-Bot
X-Use-Magma
X-Kinja-Revision
X-Kinja-Server
X-Kinja
X-Kinja-Build
X-D2id
X-Varnish-TTL
X-Vcap-Request-Id
RTSS
X-SharePointHealthScore
X-Amz-Server-Side-Encryption
X-Abt-Application-Version
TCN
DynaTrace
X-Navigation-Version
X-B3-TraceId
X-GitHub-Request-Id
X-RateLimit-Remaining
X-Powered-By-Plesk
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-ESI
Display
Response
X-Middleton-Display
X-Sol
X-Middleton-Response
X-Akam-SW-Version
Charset
Content-MD5
MS-Author-Via
X-TEC-API-ORIGIN
X-Trace
X-TEC-API-ROOT
Ar-Sid
AR-CACHE
AR-PoweredBy
X-TEC-API-VERSION
AR-ATIME
Accept-Ch-Lifetime
ServerID
X-Shield-Request-Id
X-Amz-Rid
Realpath
X-Server-Name
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Powered-CMS
X-Goog-Generation
X-Dw-Request-Base-Id
X-Goog-Stored-Content-Encoding
AR-Request-ID
X-DynaTrace-JS-Agent
X-Forwarded-Proto
X-Version
Nginx-Cache
X-Cached
X-Upstream
Fastly-Restarts
X-Shard
Public-Key-Pins
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
MRF-Tech
SPRequestDuration
SPIisLatency
Accept-Ch
X-Goog-Storage-Class
Access-Control-Request-Method
Paypal-Debug-Id
X-MSEdge-Ref
X-Client-IP
Pagespeed
X-Pinterest-Rid
X-Upstream-Proxy
Pinterest-Version
S
Accept-CH
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Debug
X-Amz-Meta-S3cmd-Attrs
X-Id
X-FTR-Realm
X-Country-Code-Real
X-FTR-DC
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Expires
X-Ezoic-Cdn
X-N
X-T
X-Fastly-Request-ID
X-Grace
X-DIS-Request-ID
MicrosoftSharePointTeamServices
X-XRDS-Location
Arr-Disable-Session-Affinity
Front-End-Https
X-Amzn-Trace-Id
X-NF-Request-ID
X-Content-Type
X-Hits
X-B3-Sampled
X-Varnish-Age
X-Ser
PB-RID
Arc-Version
PB-PID
X-Mobile-Rewrite
X-Vcache
Alternate-Protocol
X-Acc-Meta-Resource-Type
Fastcgi-Cache
X-Frontend
X-Logged-In
Server-Name
X-Server-ID
X-Content-Digest
X-VCache
X-FTR-Cache-Host
X-Srv
X-FastCGI-Cache
X-Pad
X-Forwarded-For
X-Correlation-Id
Host
AMP-Access-Control-Allow-Source-Origin
X-Node-Name
X-B3-Traceid
Nel
Powered-By-ChinaCache
X-Microsite
X-Request-Handler-Origin-Region
FilterID
TP-L2-Cache
Healthy
TP-Cache
X-Rid
X-Kinsta-Cache
X-LB-Cache
X-Type
X-Fastcgi-Cache
Edge-Cache-Tag
X-IPLB-Instance
X-User-Agent
X-Request-Received
X-Request-Processing-Time
X-AOL-HN
X-Debug-Info
X-Cached-By
X-Cache-Key
X-Revision
X-Cache-2
X-F-Cache
X-Zen-Fury
X-Amzn-RequestId
X-Hostname
X-Amz-Apigw-Id
X-GUploader-UploadID
Powered
X-HS-Hub-Id
X-Cache-Rule
X-HS-Content-Id
X-Analytics
X-XRDS-LOCATION
X-Cache-Age
Backend-Timing
Surrogate-Key
X-Accel-Expires
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-RateLimit-Limit
X-Activity-Id
X-Az
X-AppVersion
X-Page-Id
X-Varnish-Backend
VIX-Pulpo-Node
X-Content-Security-Policy-Report-Only
X-Via-JSL
VIX-Pulpo-Upstream-Status
X-Instance
X-Content-Options
X-BCube-Filmed-By
X-Varnish-Grace
Source
X-FB-Debug
X-Jobs
X-Tumblr-Pixel
X-Cluster
X-Tumblr-Pixel-0
X-Tumblr-User
Cache-Status
X-App-Environment
X-Amz-Replication-Status
X-PHP-Backend
X-Content-Powered-By
X-Akamai-Edgescape
X-Request-Guid
X-TT
X-Framework
Cleartype
Server-Node
Refresh
X-Forwarded-Host
X-Varnish-Hostname
Tracecode
WPE-Backend
X-Signature
X-B-Cache
X-Esi
X-FW-Hash
X-FW-Server
X-FW-Type
X-FW-Static
X-FW-Serve
X-ATG-Version
Host-Header
Liferay-Portal
X-Mobile
X-Cache-Operation
DC
X-Time
X-Cache-Control
Accept-Charset
X-Edge-Location
Access-Control-Allow-Method
X-Cache-Action
Actual-Object-TTL
X-Drupal-Cache-Tags
X-NWS-LOG-UUID
Fastcgi-Useragent
Cache
X-Cache-Hit
Payment
Accept-CH-Lifetime
X-Response-Served-From
X-Mobile-URL
X-Whom
Upgrade-Insecure-Requests
X-Cache-TTL
X-App-Server
X-Accel-Buffering
X-Hp-Webp
X-B
X-Storage
X-TX-ID
X-WebKit-CSP-Report-Only
X-UA-Device-Type
X-Content-Age
Xserver
X-Handled-By
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-TT-TIMESTAMP
X-Cacheable-TTL
X-Git-Hash
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-SS-Set-Cookie
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
Filters
X-RequestSource
X-GeoIP
X-WA-Info
Eomportal-Instance
Cache-Tv-Group
X-Adobe-Content
X-Adobe-Loc
X-ProcessESI
X-Ratelimit-Reset
X-VG-WebCache
Viewport
X-RemovedCookies
X-Status
X-Geo-Country
NGB
Cache-Tag
Server-Info
Webserver
X-APP-VERSION
X-FB-TRIP-ID
Datacenter
Retry-After
X-Cache-TTL-Remaining
X-Cache-Enabled
X-FW-Dynamic
X-Seen-By
X-TA-CDN-Provider
X-Contextid
X-Presslabs-Stats
X-Ratelimit-Limit
X-Host-Name
S-Cnection
MS-CV
X-Origin-Server
X-PressLabs-Stats
X-Oneagent-Js-Injection
From-Origin
X-Guploader-Uploadid
Country
X-Mode
Frame-Options
X-Hyper-Cache
X-Generated-By
Ms-Operation-Id
X-ES-SERVER
X-VWS-Id
Meta-Geo
X-LJ-Flow-ID
X-Path-Route
X-RTag
X-Tumblr-Pixel-3
X-Cache-Config
X-Cache-Var-Map
Load-Balancing
X-CF-Powered-By
X-AWS-Id
Machine
X-RN-RSRV
X-Cache-Var
X-Cache-Grace
X-Cache-Host
Release
X-Upstream-HT
X-Proxied
We-Hiring
Vix-Hermes-Req-Id
X-Backend-Name
X-Hit
X-Varnish-Hits
Mail-Subject
Cache-Key
DSUID
X-Labrador-Cache-Channel
X-Routing-Service
X-Human
X-Varnish-Cache-Hits
X-Upstream-CT
X-Magnolia-Registration
X-Zipkin-Id
X-Viewer-Country
X-Web-Node
Decoy-Debug-Key
ServedBy
X-From
Uber-Trace-Id
X-Section
X-Loop
Now
X-Varnish-Server
X-Upgrade-Enabled
Decoy-Debug-Status
Mn-Server-Ip
X-Access
X-MP-GENERATED-AT
X-Rendered-As
X-RCS-CacheZone
X-PCL
X-Debug-Cache
GEO-INFO
X-OCL
Decoy-Debug-TTL
X-EIG-Tracking-Id
X-Device-Type
X-TNCMS
X-Origin-Response-Time
X-Sorting-Hat-ShopId
X-Endurance-Cache-Level
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Environment-Context
X-L-Path
X-VG-TLSProxy
Akamai-GRN
X-R9-Blue-Green-Version
X-ShopId
X-ShardId
X-Proto
X-BYPASS-REASON
X-Alternate-Cache-Key
X-Akamai-Request-ID
X-ProxyCache-Key
X-ProxyCache-Status
X-Rule
X-Cluster-Node
X-CCM
Rt-Fastcgi-Cache
OT-Force-Account-Verify
X-JoinUs
X-NCache
X-Hosted-By
X-Goog-Meta-Goog-Reserved-File-Mtime
X-FC-Vary-Parameters
X-Generated
X-Proxy-Build
X-Region
Cache-Name
X-Xfnlog-Site
X-Via-Fastly
DB-Nickname
X-S
X-Timing-Wait
X-Daa-Tunnel
X-VCT
X-Redis-Cache
X-Trace-Id
X-Nginx-Cache
X-Locale
Cteonnt-Length
X-Site-Version
X-Drupal-Cache-Contexts
NGX
X-Www-Served-By
X-Cache-NE
X-Load-Cache
X-NewRelic-App-Data
X-UUID
X-Platform-Server
X-B3-Spanid
ProcessTime
X-MServer
X-Hl-Ver
X-EdgeConnect-Cache-Status
X-Request-Time
X-Vgn-Hpd-Reason
X-Cache-Remote
X-ECACHE
X-ServerID
X-Rocket-Nginx-Bypass
X-Real-IP
X-Time-Microsecs
X-IP
X-Oracle-Dms-Rid
Time
X-Origin
SRV
Version
S-Rt
X-FW-Version
Azure-SlotName
Azure-Version
X-Via-CDN
Azure-RegionName
Azure-InstanceId
X-Wix-Request-Id
Azure-SiteName
X-Origin-Hint
Webcakes-App-Name
Webcakes-App-Version
TWC-Privacy
Webcakes-Region
TWC-Device-Class
TWC-Connection-Speed
Property-Id
X-IPS-LoggedIn
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Locale-Group
X-Dc
X-Proxy
Origin
X-GEO
X-FireWall-Port
X-No-Session
L5d-Success-Class
Odigeo-Trace-Id
X-Cache-Backend
X-Distributor
Served-By
X-Akamai-Transformed
NtCoent-Length
Fastly-SSL
CACHE
X-Unique-ID
X-Pubstack
X-PERF
X-Akamai-Request-ID2
X-Microcachable
X-ApacheServer
X-CS
Origin-Edge-Control
X-Format
X-Cache-Server
Origin-Cache-Control
X-RateLimit-Reset
X-UA
Fastcgi-X-Cache-Version
X-Grey
X-Cache-Category-Id
IBM-Web2-Location
Hostname
Ec-Rule-Version
X-UnsetCookies
X-Webkit-Csp
X-Compress-Hint
X-HTML-Minification-Powered-By
Cache-Tags
X-Detected-As
Proxy-Connection
X-CDN-Forward
X-Powered-By-Defense
X-Is-Bot
X-Edge
Backend-Name
X-Varnish-Cacheable
X-Tb
Request-Country
Rendered-Blocks
Meta-Geo-Continent
Proxy-Firewall
Cache-Cookie-Set-From
Mobile-Detection-Method
Node
Cdn-Request-Time
MD5-Digest
Fly-Cache
Fastly-SIE
Fly-Request-Id
GEO-REGION-INFO
Ha-Gx-Prefs
HA-Ipaddr
Cross-Origin-Window-Policy
Content-Style-Type
Cache-Prefix
Arc-Country
Cache-Cookie-Set-Lfrom
Cdn-Host
BehaviorPad-Version
Content-Script-Type
AsisCache
Cache-Cookie-Set-Idcheck
X-Worker
X-IN-APIGATEWAY
X-HS-Combine-CSS
X-HS-Cache-Config
X-Vtex-Processado-Em
X-VG-WebServer
X-Twitter-Response-Tags
X-Instart-Info
X-G
X-External-Request-Id
X-Destination
X-Debug-Log
X-Developer
X-DPWN-IS-SECURE
X-Eu-Site
X-Edge-Server
X-Internal-Host
X-NU-AKA-ACS-Version
X-S-Maxage
X-S-Cookie
X-Rojux
X-ScT
X-Server-Time
X-Transaction
X-SRCache-Key
X-Rewrite-Enabled
X-Request-UUID
X-Org
X-NX-Host
X-PAYTM-SRV-ID
X-Rebelmouse-Cache-Control
X-Region-Sid
X-Rebelmouse-Surrogate-Control
X-Vtex-Remote-Cache
X-Debug-Cookies
X-A-Dgt
X-A-Dcw
X-A-Dam
X-A-Wwc
X-Accel-Expires-Debug
X-AIR-PT
X-Aed
X-A-Ccd
X-A
Rt-Proxy-Cache
Request-Time
Server-ID
ServerName
VivaBuild
Viewtype
Xc-Version
X-App-Name
X-CGP
A
X-Cluster-Name
X-Connection-Hash
X-Date
X-D
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Application
X-Trv-Group
X-ARC
X-B-Cookie
X-Cdn-Srv
X-Cache-Bucket
Request-EU
Fastly-SWR
X-B3-Parentspanid
Access-Control-Request-Headers
X-Via-NSCOPI
X-Ua
X-BACKEND-TTL
X-ElasticPress-Search
X-NC
X-Generated-On
Resin-Trace
X-Nc
True-Client-Country-4JS
X-Request-URI
SS
Gh-Request-Id
LB
X-Fastly-Cache
PageSpeed
X-ServiceProvider
RNT-Machine
X-Geo-Header
X-Server-IP
X-GeoIP-Country-Code
On-Server
X-Cache-Id
X-Nginx-Cache-Key
Platform
X-Cache-Info
X-Hash
X-PHP-Host
Is-Eu
X-Sn-Servicetimems
X-Qloud-Router
X-Processor
Memcached
X-Reqid
X-Skip-Cache
X-Level-Front-Cache
X-We-Are-Hiring
X-Backend-State
X-Core-Mission
Server-Host
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Adler-Geo
Server-Int
X-Clientip
Apple-News-Services-Handled
Apple-News-Services-Host
Esi-Enabled
Section-Io-Cache
X-C
X-Epic-Correlation-Id
Country-Code
Countrycode
X-Irp-Debug
X-Cdn-Origin
RNT-Time
X-Location
X-Variation
X-Dispatcher-Server
X-Key
X-TH-Server
X-Dispatch
Mime-Version
User-Cache-Control
V-Age
X-Li-Fabric
UCS
X-Gannett-Site-Version
X-Auto-Login
X-Device-Os
X-Distil-CS
X-Crawler
X-BBXSRF
X-Cache-FS-Status
X-Block-Status
X-Amz-Meta-Cache-Control
X-Fetched-On
Wxu-Next-Commit
Who
Web-Mar-Node
Wxu-Next-Hostname
Wxu-Next-Region
X-Gen-Mode
X-Generation-Time
X-Hnp-Log
Powered-By
X-Secret
X-Served-From
X-SD-PageType
X-Response-By
X-WebServer
X-Request-Start
X-Li-Pop
AKAMAI
X-Swa-Ws
Accept-Language
Content-Disposition
X-SVT-ORM-VERSION
X-SIPLIST1
X-SVT-ORM-RULES
CDCHOST
X-Reboot
X-Developers
X-Method
REQUESTUUID
SD-X-WS
X-LI-Proto
X-LI-UUID
W
Pramga
X-Webstats-RespID
IsBot
X-Wikidot-Backend
PFcat
X-Wikidot-Static-Cache
X-CDN-Cache
X-VServer
X-Clara-WADP
X-Via-SSL
X-WADP-Cache
X-FPC
X-Origin-Expires
X-Owner
X-Origin-Date
X-ND-Cache
X-Matched-Rule
X-Release
X-GeoIP-City
X-Via-Edge
X-Thinkindot-L3
X-Thanos
X-Servername
X-CUA
X-Cms-Context
Thinkindot-CacheControl-Type
X-Azure-Ref
Thinkindot-CacheControl
GW-Server
Heartbleed
X-Varnish-Url
X-Azure-Ref-OriginShield
Fastly-Soc-X-Request-Id
X-Bip
Thinkindot-Control
X-GRACE
X-Datadome
X-SERVER-NAME
X-Parent-Response-Time
L
X-Protected-By
CF-IPCountry
X-VC-Cache
X-OVcl-Cache
X-OVcl
X-Varnish-Ttl
X-B3-SpanId
X-Proxy-Upstream
X-Fstrz
Pragrma
X-Proxy-Cache-Status
X-CLOUD-TRACE-CONTEXT
N-Cache
X-Cdn-Forward
X-Amzn-Remapped-Content-Length
X-LAGOON
X-FE
X-Ratelimit-Remaining
Kp-EeAlive
Selected-Fe
X-TrackingId
X-Varnish-Beresp-Ttl
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
User-Agent
Memory
X-Urbn-Site-Id
X-Origin-CC
X-Be
X-Urbn-Context-Path
X-Origin-TTL
Locale
Magicmarker
X-Page-Type
X-Geo
X-IN-WAF
X-Pf-Uncompressing
X-Phone
X-Core-Value
X-DC
X-Zone
X-Ruxit-Js-Agent
X-Birta-Served
X-URL
X-Birta-Cache-Post
X-Flog
X-Varnish-Beresp-Grace
X-ABtesting
X-Ttl
Pagetype
X-Hello
X-Varnish-Beresp-Status
X-Varnish-IP
X-Dynatrace-Js-Agent
X-Info
X-Backend-TTL
Selected-FE
X-User
X-Generated-In
Cdn
HitType
X-App-Version
X-Backend-Url
X-Backend-Host
X-Tt-Trace-Tag
X-MSEdge-Flight
X-Servedbyhost
Geoip-City
GeoIp-Country-Code
X-TT-LOGID
SN
X-MSEdge-Features
Geoip-Latitude
X-Soup
X-Up
X-Debug-Cache-Store
X-Newrelic-Synthetics
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-GoCache-CacheStatus
X-Litespeed-Cache
CF-Cached-On
X-HS-Status
X-MID
X-Mid
X-Source
X-Oss-Storage-Class
X-Agile-Age
X-Agile-Id
X-CACHE-KEY
X-Refresh
X-Real-Ip
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Cache-Debug
X-Agile
X-Oss-Server-Time
X-Cache-Ttl
X-Web-Server
X-Check-Cacheable
X-Aicache-OS
X-VCL-Version
X-Tb-Optimization-Total-Bytes-Saved
X-Vcl-Version
Amp-Access-Control-Allow-Source-Origin
FSS-Cache
X-Old-Content-Length
X-Say-Cacheable
X-ZONE
FSS-Proxy
X-SayCDN-TTL
X-Say-TTL
X-Bc
GeoIP-Country-Code
Cache-Hits
X-Amzn-Remapped-Connection
Srv
X-Amzn-Remapped-Date
X-ServedByHost
WZWS-RAY
GeoIP-City
Server-Cache-Control
X-Cache-ASPX
HostName
X-Contensis-Viewer-Groups
GeoIP-Latitude
X-APP
Server-Surrogate-Control
X-UPSTREAM-Address
X-Varnish-Authentication
Ohc-File-Size
Ohc-Cache-HIT
X-EC-Lua
X-NWS-UUID-VERIFY
X-Via-Ucdn
RequestId
Group
Fastly-Backend-Name
Inserted-Into-Cache-At
X-Node-Id
X-CSRF-TOKEN
X-COUNTRY
X-CSRF-Token
Ajk
X-IN-APIGATEWAYSSL
X-Logtrace-Id
X-Cache-Time
X-WR-MODIFICATION
HTTPS
X-Akamai-SSL-Client-Sid
X-BC
Cf-Ipcountry
X-Nananana
Xkeyrz
X-Proxy-Cacherz
Www
X-SN
Backend
X-ECache
X-Cache-Tag
X-Varnish-Beresp-TTL
X-Dynatrace
XServer
WebServer
Lb
URI
X-RateLimit-Remaining-Second
X-Wa
X-Instart-Isnd
X-RateLimit-Limit-Second
X-Cache-Expires
X-TIME
X-FORWARDED-FOR
Requestid
Get-Access-Time
Host-ID
Xkeynj
X-Request-Url
X-Unique-Id
X-BE
X-Fastly-Country-Code
Is-Session-Tracking
X-PAGE-TYPE
X-LiteSpeed-Cache-Control
X-MCACHE
X-Sedo-Request-Id
X-Requestid
X-PF-Uncompressing
T-Server
X-Cache-Miss-From
X-Edge-IP
Dynatrace
X-NGENIX-Cache
X-Ftr-Cache-Host
Epwk-Cache
Pics-Label
X-PJAX-URL
X-LB-ID
X-GDPR
X-Micro-Cache
X-Render-Time
PICS-Label
X-Pjax-Url
Cneonction
X-Fastly-Backend-Reqs
X-Varnish-Action
DataCenter
X-Correlation-ID
X-SRV
Xet-Cookie
X-Vct
Fastcgi-X-Cache
CDN
X-Swift-Error
X-Lb-Id
X-Apw-Access-Action
X-Apw-Access-Object
X-Apw-Access-Token
X-Apw-Hits
X-NGINX-Cache
X-Dw-Trace-Id
X-Svr
X-WA
X-Fpc
X-Ecache
SID
X-Uri
X-Policy
X-ServerName
X-Cf-Powered-By
Correlation-Id
X-AssetVersion
MIME-Version
X-Akamai-ERPolicy
X-Html-Edge-Cache
X-Serial
X-LiteSpeed-Tag
X-Akamai-ERRuleID
Warning
Lfy
X-WPE-Loopback-Upstream-Addr
RequestUuid
X-Bug-Bounty
X-RSL
X-Sf
X-DB
X-Flow-Id
FNAC-ModuleRouting
X-Zalando-Child-Request-Id
X-Page-Impression-Id
X-DI
X-DSS
X-Var-Ttl
X-Fastly-Cache-Hits
X-RPS
X-RPM
X-DW
Ohc-Response-Time