Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Request-Id
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
X-Drupal-Cache
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
P3p
X-Template
Status
X-Language
Timing-Allow-Origin
Content-Encoding
X-Iinfo
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Amz-Request-Id
X-Amz-Id-2
X-Pingback
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
X-Server-Powered-By
EagleId
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
X-WebKit-CSP
Ali-Swift-Global-Savetime
Feature-Policy
X-Device
Server-Timing
X-Server-Id
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Host
Report-To
X-Ac
X-Rq
Content-Location
X-Node
X-OneAgent-JS-Injection
X-Backend-Server
X-Cnection
X-Response-Time
X-Origin-Cache
X-Cloud-Trace-Context
X-Application-Context
EagleEye-TraceId
Allow
Request-Id
X-Readtime
Surrogate-Control
X-Country
X-Cache-Lookup
X-ORACLE-DMS-ECID
X-TTL
X-DynaTrace
X-Url
X-Vhost
X-Cdn
X-Rack-Cache
Pinterest-Generated-By
X-Clacks-Overhead
X-Origin-Upstream-Status
X-Ruxit-JS-Agent
NEL
X-Ua-Compatible
X-CST
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Rating
X-ORACLE-DMS-RID
X-FTR-Request-ID
X-Country-Code
X-HW
X-Goog-Hash
X-Dispatcher
X-Instart-Request-ID
Fusion-Component-Id
Fusion-Source
Fusion-Content-Source
Fusion-Template-Id
Fusion-Content-Id
X-DataStream-Cache-Status
Edge-Control
X-TtlSet
X-Vname
X-PC
X-Px
X-VARITI-CCR
Service-Worker-Allowed
X-DataDome
X-MS-InvokeApp
X-Mod-Pagespeed
Verso
SPRequestGuid
X-Recruiting
X-Request-ID
X-GoogleNews-Bot
X-Exp-Id
X-Kinja-Server
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-Exp-Variant
X-Dns-Prefetch-Control
X-Use-Magma
X-Cdn-Fetch
X-D2id
X-Varnish-TTL
X-Vcap-Request-Id
X-SharePointHealthScore
RTSS
X-Amz-Server-Side-Encryption
X-Abt-Application-Version
TCN
DynaTrace
X-Navigation-Version
X-GitHub-Request-Id
X-RateLimit-Remaining
X-Powered-By-Plesk
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Display
X-Middleton-Display
Response
X-Middleton-Response
X-Sol
X-Akam-SW-Version
Charset
Content-MD5
MS-Author-Via
X-B3-TraceId
X-ESI
X-Trace
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
AR-CACHE
AR-ATIME
AR-PoweredBy
Ar-Sid
ServerID
X-Shield-Request-Id
X-Amz-Rid
Realpath
X-Powered-CMS
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Dw-Request-Base-Id
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
AR-Request-ID
X-DynaTrace-JS-Agent
X-Forwarded-Proto
X-Version
Accept-Ch-Lifetime
Nginx-Cache
X-Cached
X-Server-Name
X-Upstream
Fastly-Restarts
X-Shard
Public-Key-Pins
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Mrf-Section-Lastmod
MRF-Tech
X-Mrf-Item-Lastmod
SPRequestDuration
SPIisLatency
Access-Control-Request-Method
Paypal-Debug-Id
Accept-Ch
X-Goog-Storage-Class
X-MSEdge-Ref
X-Client-IP
Pagespeed
Pinterest-Version
X-Upstream-Proxy
X-Pinterest-Rid
Accept-CH
S
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Debug
X-Amz-Meta-S3cmd-Attrs
X-Id
X-Country-Code-Real
X-Grace
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Realm
X-FTR-Balancer
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Expires
X-Ezoic-Cdn
X-N
X-T
X-DIS-Request-ID
X-Fastly-Request-ID
MicrosoftSharePointTeamServices
X-Vcache
Arr-Disable-Session-Affinity
X-XRDS-Location
X-Amzn-Trace-Id
Front-End-Https
X-NF-Request-ID
X-Content-Type
X-Hits
X-B3-Sampled
X-Varnish-Age
X-Mobile-Rewrite
X-Ser
PB-RID
PB-PID
Arc-Version
X-FastCGI-Cache
Alternate-Protocol
Fastcgi-Cache
X-Acc-Meta-Resource-Type
X-FTR-Cache-Host
X-Frontend
X-Logged-In
X-B3-Traceid
X-Content-Digest
Server-Name
X-Server-ID
X-Srv
X-Correlation-Id
X-Pad
X-Forwarded-For
X-VCache
Host
AMP-Access-Control-Allow-Source-Origin
X-Node-Name
Powered-By-ChinaCache
Nel
X-Microsite
X-Request-Handler-Origin-Region
FilterID
TP-L2-Cache
TP-Cache
Healthy
X-Rid
X-Cache-Key
X-Type
X-LB-Cache
X-Kinsta-Cache
Edge-Cache-Tag
X-IPLB-Instance
X-User-Agent
X-Request-Processing-Time
X-Request-Received
X-AOL-HN
X-Debug-Info
X-GUploader-UploadID
X-Cached-By
X-Revision
X-Cache-2
X-F-Cache
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Zen-Fury
X-Fastcgi-Cache
X-Hostname
Powered
X-Cache-Rule
X-HS-Content-Id
X-HS-Hub-Id
X-Analytics
X-Cache-Age
X-XRDS-LOCATION
Backend-Timing
X-Accel-Expires
Surrogate-Key
X-Kong-Upstream-Latency
X-RateLimit-Limit
X-Kong-Proxy-Latency
X-Esi
X-Az
X-Page-Id
X-Activity-Id
X-AppVersion
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Content-Security-Policy-Report-Only
X-Varnish-Backend
X-Via-JSL
X-BCube-Filmed-By
X-Varnish-Grace
X-Content-Options
X-Instance
X-Tumblr-User
X-Cluster
X-Tumblr-Pixel-0
X-Tumblr-Pixel
Source
X-Jobs
X-FB-Debug
X-Amz-Replication-Status
X-Request-Guid
X-Akamai-Edgescape
X-PHP-Backend
X-Content-Powered-By
Cache-Status
X-App-Environment
X-TT
Cleartype
X-Framework
Refresh
Server-Node
X-Forwarded-Host
Tracecode
X-Varnish-Hostname
WPE-Backend
X-Signature
Accept-CH-Lifetime
X-B-Cache
X-FW-Serve
X-ATG-Version
X-FW-Server
X-FW-Hash
X-FW-Static
X-FW-Type
Liferay-Portal
Host-Header
X-Mobile
X-Cache-Operation
DC
X-Time
Accept-Charset
X-Cache-Control
X-Edge-Location
Actual-Object-TTL
Access-Control-Allow-Method
X-Cache-Action
X-Drupal-Cache-Tags
X-NWS-LOG-UUID
Fastcgi-Useragent
X-Cache-Hit
Cache
Payment
X-Whom
X-Hp-Webp
X-App-Server
X-Accel-Buffering
X-Mobile-URL
Upgrade-Insecure-Requests
X-Response-Served-From
X-Storage
X-B
X-TX-ID
X-UA-Device-Type
X-Content-Age
X-WebKit-CSP-Report-Only
X-Handled-By
X-Yottaa-Optimizations
X-Yottaa-Metrics
Xserver
X-TT-TIMESTAMP
X-SS-Set-Cookie
X-Tumblr-Pixel-1
X-Erf-Bev-Bev
X-GeoIP
Filters
X-Erf-Bev-Bev-Is-Generated
X-Tumblr-Pixel-2
X-Cacheable-TTL
X-RequestSource
X-Git-Hash
X-Adobe-Loc
X-WA-Info
X-Cache-TTL
X-Adobe-Content
Cache-Tv-Group
Eomportal-Instance
Viewport
X-ProcessESI
X-Ratelimit-Reset
X-RemovedCookies
X-VG-WebCache
X-APP-VERSION
X-Status
X-Geo-Country
NGB
Cache-Tag
Webserver
Server-Info
Datacenter
X-FB-TRIP-ID
X-Cache-TTL-Remaining
Retry-After
X-Cache-Enabled
X-FW-Dynamic
X-Seen-By
X-TA-CDN-Provider
X-Contextid
X-Presslabs-Stats
S-Cnection
MS-CV
X-Ratelimit-Limit
X-Host-Name
X-Origin-Server
X-PressLabs-Stats
From-Origin
Country
X-Mode
Frame-Options
X-Generated-By
X-Hyper-Cache
X-RTag
X-Cache-Var
X-ES-SERVER
X-Path-Route
Load-Balancing
Meta-Geo
X-LJ-Flow-ID
X-RN-RSRV
X-Tumblr-Pixel-3
Ms-Operation-Id
Machine
X-Cache-Config
X-VWS-Id
X-AWS-Id
X-Cache-Var-Map
X-Human
Cache-Key
X-Upstream-CT
X-Upstream-HT
X-Routing-Service
X-Proxied
X-Labrador-Cache-Channel
DSUID
X-Varnish-Cache-Hits
X-Cache-Host
X-Backend-Name
Mail-Subject
X-Zipkin-Id
X-Cache-Grace
Vix-Hermes-Req-Id
We-Hiring
X-Hit
Release
X-CF-Powered-By
X-Magnolia-Registration
X-Varnish-Hits
X-PCL
Uber-Trace-Id
ServedBy
X-RCS-CacheZone
GEO-INFO
X-OCL
X-From
X-Debug-Cache
X-Device-Type
X-EIG-Tracking-Id
Mn-Server-Ip
X-Loop
Now
Decoy-Debug-Status
X-Varnish-Server
X-MP-GENERATED-AT
X-Viewer-Country
X-Web-Node
X-Access
X-Upgrade-Enabled
X-Rendered-As
X-Section
Decoy-Debug-Key
X-TNCMS
Decoy-Debug-TTL
X-BYPASS-REASON
X-Akamai-Request-ID
X-CCM
OT-Force-Account-Verify
Rt-Fastcgi-Cache
X-B3-Spanid
X-Alternate-Cache-Key
X-Origin-Response-Time
X-Shopify-Stage
X-ShopId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-R9-Blue-Green-Version
X-VG-TLSProxy
X-ShardId
X-Rule
X-Environment-Context
X-Endurance-Cache-Level
X-L-Path
Akamai-GRN
X-ProxyCache-Status
X-ProxyCache-Key
X-Cluster-Node
X-Proto
X-NCache
X-JoinUs
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated
X-Proxy-Build
X-Region
X-Xfnlog-Site
X-Via-Fastly
X-Timing-Wait
X-S
X-FC-Vary-Parameters
X-Hosted-By
Cache-Name
DB-Nickname
X-Daa-Tunnel
X-Guploader-Uploadid
X-VCT
X-Trace-Id
X-Redis-Cache
X-Drupal-Cache-Contexts
X-Site-Version
X-Locale
Cteonnt-Length
X-Www-Served-By
X-Nginx-Cache
NGX
X-Load-Cache
X-Cache-NE
X-Platform-Server
X-UUID
ProcessTime
X-NewRelic-App-Data
SRV
X-MServer
X-EdgeConnect-Cache-Status
X-Hl-Ver
X-Cache-Remote
X-ECACHE
X-Vgn-Hpd-Reason
X-Request-Time
X-IP
X-Rocket-Nginx-Bypass
X-Time-Microsecs
Time
X-ServerID
X-Real-IP
X-Oracle-Dms-Rid
X-GEO
Azure-RegionName
X-Origin
X-Wix-Request-Id
Azure-SlotName
X-Via-CDN
S-Rt
Azure-Version
Azure-InstanceId
Version
X-FW-Version
Azure-SiteName
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Device-Class
X-IPS-LoggedIn
TWC-Connection-Speed
TWC-Locale-Group
TWC-Privacy
X-Origin-Hint
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
Property-Id
Origin
X-Proxy
X-FireWall-Port
X-No-Session
L5d-Success-Class
Odigeo-Trace-Id
NtCoent-Length
X-Distributor
Served-By
X-Cache-Backend
X-Akamai-Transformed
X-Dc
X-Oneagent-Js-Injection
Fastly-SSL
CACHE
X-ApacheServer
X-Unique-ID
X-Akamai-Request-ID2
X-PERF
X-Pubstack
X-Microcachable
X-RateLimit-Reset
Origin-Cache-Control
Origin-Edge-Control
X-Cache-Server
X-Format
X-CS
Fastcgi-X-Cache-Version
X-CDN-Forward
X-UA
Ec-Rule-Version
Hostname
IBM-Web2-Location
X-Grey
X-Cache-Category-Id
X-Webkit-Csp
Cache-Tags
X-Compress-Hint
X-SERVER-NAME
X-HTML-Minification-Powered-By
X-UnsetCookies
X-NC
Proxy-Connection
X-Edge
X-Powered-By-Defense
X-Detected-As
X-Is-Bot
Backend-Name
X-Varnish-Cacheable
Request-Country
Rendered-Blocks
Meta-Geo-Continent
Cdn-Host
Cache-Prefix
Cdn-Request-Time
Content-Script-Type
Content-Style-Type
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Arc-Country
AsisCache
BehaviorPad-Version
Cache-Cookie-Set-From
Cross-Origin-Window-Policy
Fastly-SIE
MD5-Digest
Request-EU
Mobile-Detection-Method
Node
HA-Ipaddr
Ha-Gx-Prefs
Fastly-SWR
Fly-Cache
Fly-Request-Id
GEO-REGION-INFO
Proxy-Firewall
X-Vtex-Processado-Em
X-Debug-Log
X-Debug-Cookies
X-Rewrite-Enabled
X-Destination
X-Request-UUID
X-DPWN-IS-SECURE
X-Developer
X-Rojux
X-S-Cookie
X-Cluster-Name
X-CGP
X-Connection-Hash
X-D
X-Date
X-S-Maxage
X-Edge-Server
X-Eu-Site
X-IN-APIGATEWAY
X-PAYTM-SRV-ID
X-Instart-Info
X-Org
X-NU-AKA-ACS-Version
X-Internal-Host
X-HS-Combine-CSS
X-HS-Cache-Config
X-Rebelmouse-Surrogate-Control
X-Region-Sid
X-External-Request-Id
X-G
X-Processor
X-Rebelmouse-Cache-Control
X-CF-Lambda-Version
X-ScT
X-A-Wwc
X-A-Dgt
Xc-Version
X-Accel-Expires-Debug
X-Worker
X-Vtex-Remote-Cache
X-Aed
X-A-Dcw
X-A-Dam
ServerName
Server-ID
Viewtype
VivaBuild
X-A-Ccd
X-A
X-AIR-PT
X-App-Name
X-Cdn-Srv
X-Transaction
A
X-SRCache-Key
X-Server-Time
X-CF-Lambda-Fn
X-Cache-Bucket
X-Trv-Group
X-NX-Host
X-Application
X-ARC
X-B-Cookie
X-Twitter-Response-Tags
X-VG-WebServer
Rt-Proxy-Cache
Request-Time
X-Via-NSCOPI
X-Tb
Access-Control-Request-Headers
X-B3-Parentspanid
X-Ua
LB
X-BACKEND-TTL
X-ElasticPress-Search
X-PHP-Host
PageSpeed
Resin-Trace
X-Qloud-Router
X-Backend-State
Is-Eu
X-Server-IP
Gh-Request-Id
X-Request-URI
Memcached
RNT-Machine
X-Reqid
Platform
Section-Io-Cache
X-Geo-Header
X-GeoIP-Country-Code
X-Hash
X-Generated-On
X-Fastly-Cache
X-Dispatch
X-Dispatcher-Server
X-Epic-Correlation-Id
X-Irp-Debug
X-Key
Server-Int
Server-Host
X-Nginx-Cache-Key
SS
X-Location
X-Level-Front-Cache
True-Client-Country-4JS
RNT-Time
On-Server
X-Cache-Id
X-Clientip
X-TH-Server
Esi-Enabled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Countrycode
Country-Code
X-Core-Mission
X-We-Are-Hiring
X-Cdn-Origin
X-Variation
X-Cache-Info
Apple-News-Services-Handled
Apple-News-Services-Request-Url
X-C
X-Skip-Cache
X-ServiceProvider
X-Sn-Servicetimems
Adler-Geo
Who
Web-Mar-Node
X-Distil-CS
X-Wikidot-Backend
X-Auto-Login
X-Li-Fabric
X-Li-Pop
UCS
User-Cache-Control
AKAMAI
V-Age
Wxu-Next-Commit
Wxu-Next-Hostname
X-Gannett-Site-Version
X-FPC
X-Wikidot-Static-Cache
X-Webstats-RespID
X-Hnp-Log
X-Gen-Mode
X-BBXSRF
W
Wxu-Next-Region
X-Generation-Time
X-Fetched-On
X-Amz-Meta-Cache-Control
X-Block-Status
X-Crawler
X-SVT-ORM-RULES
Mime-Version
X-Reboot
X-Swa-Ws
X-SVT-ORM-VERSION
X-Cache-FS-Status
X-Request-Start
X-Secret
X-Served-From
X-SD-PageType
X-SIPLIST1
IsBot
X-Response-By
PFcat
Powered-By
X-Servername
X-Developers
X-Method
X-Device-Os
X-LI-UUID
X-WebServer
CDCHOST
SD-X-WS
Pramga
Accept-Language
X-LI-Proto
REQUESTUUID
Content-Disposition
X-CDN-Cache
CF-IPCountry
X-Cms-Context
X-CUA
X-Origin-Expires
X-Via-Edge
X-Thinkindot-L3
X-Via-SSL
X-VServer
X-Varnish-Url
X-WADP-Cache
X-Thanos
X-Nc
X-ND-Cache
X-Matched-Rule
X-Origin-Date
X-Clara-WADP
X-Release
X-GeoIP-City
X-Owner
X-Bip
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Fastly-Soc-X-Request-Id
X-Azure-Ref
Heartbleed
GW-Server
Thinkindot-Control
X-Azure-Ref-OriginShield
X-Datadome
X-Parent-Response-Time
X-OVcl-Cache
X-Protected-By
L
X-OVcl
X-VC-Cache
X-Varnish-Ttl
X-Fstrz
X-Proxy-Upstream
N-Cache
Pragrma
X-Proxy-Cache-Status
X-CLOUD-TRACE-CONTEXT
X-Amzn-Remapped-Content-Length
Kp-EeAlive
X-FE
Memory
Selected-Fe
X-TrackingId
X-LAGOON
X-Ratelimit-Remaining
X-Varnish-Beresp-Ttl
X-DC
X-Pf-Uncompressing
X-Cdn-Forward
X-Planisys-CDN-TTL
User-Agent
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Urbn-Context-Path
X-Urbn-Site-Id
X-GRACE
Locale
X-Origin-TTL
X-Origin-CC
Magicmarker
X-Phone
X-Page-Type
X-IN-WAF
X-Core-Value
X-B3-SpanId
X-Be
X-Zone
X-Birta-Served
X-URL
X-Birta-Cache-Post
X-ABtesting
X-Varnish-Beresp-Grace
X-Hello
X-Geo
X-Ttl
Pagetype
X-Flog
X-Varnish-Beresp-Status
X-Info
X-Varnish-IP
X-Backend-TTL
X-Dynatrace-Js-Agent
HitType
X-User
Cdn
X-Generated-In
Selected-FE
X-Backend-Url
X-Backend-Host
X-Cache-Ttl
SN
X-MSEdge-Features
X-TT-LOGID
X-GoCache-CacheStatus
X-Tt-Trace-Tag
X-MSEdge-Flight
X-Servedbyhost
X-Debug-Cache-Store
X-Newrelic-Synthetics
X-Up
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-Soup
X-Litespeed-Cache
X-HS-Status
CF-Cached-On
Geoip-Latitude
GeoIp-Country-Code
Geoip-City
X-MID
X-Mid
X-Source
X-App-Version
X-VCL-Version
X-Cache-Debug
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Oss-Server-Time
X-Agile
X-Agile-Age
X-Refresh
X-Real-Ip
X-Agile-Id
X-Oss-Object-Type
X-Oss-Request-Id
X-Check-Cacheable
X-Web-Server
X-Aicache-OS
X-Tb-Optimization-Total-Bytes-Saved
X-Ruxit-Js-Agent
Amp-Access-Control-Allow-Source-Origin
FSS-Cache
FSS-Proxy
X-Say-TTL
GeoIP-Country-Code
X-Old-Content-Length
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-SayCDN-TTL
X-Say-Cacheable
X-Bc
X-ZONE
X-Vcl-Version
Cache-Hits
GeoIP-City
GeoIP-Latitude
X-ServedByHost
WZWS-RAY
X-CACHE-KEY
X-Varnish-Authentication
X-Contensis-Viewer-Groups
HostName
X-APP
X-Cache-ASPX
X-UPSTREAM-Address
Server-Surrogate-Control
Server-Cache-Control
Ohc-File-Size
X-NWS-UUID-VERIFY
Ohc-Cache-HIT
X-EC-Lua
RequestId
X-Via-Ucdn
X-CSRF-TOKEN
Group
X-Node-Id
Inserted-Into-Cache-At
Fastly-Backend-Name
X-COUNTRY
Srv
X-CSRF-Token
X-Akamai-SSL-Client-Sid
HTTPS
X-Cache-Time
Ajk
X-IN-APIGATEWAYSSL
X-WR-MODIFICATION
X-Logtrace-Id
X-Nananana
X-BC
Xkeyrz
X-Proxy-Cacherz
X-Varnish-Beresp-TTL
Www
X-SN
Backend
X-ECache
X-Dynatrace
WebServer
XServer
X-RateLimit-Limit-Second
URI
X-Instart-Isnd
X-RateLimit-Remaining-Second
X-Cache-Tag
Cf-Ipcountry
X-Wa
X-BE
Get-Access-Time
Is-Session-Tracking
X-FORWARDED-FOR
X-Cache-Expires
X-Request-Url
Lb
Requestid
Xkeynj
Host-ID
X-Fastly-Country-Code
X-TIME
X-Unique-Id
X-PAGE-TYPE
X-LiteSpeed-Cache-Control
X-MCACHE
X-Cache-Miss-From
X-Sedo-Request-Id
X-Edge-IP
X-Requestid
T-Server
X-PJAX-URL
X-LB-ID
PICS-Label
X-NGENIX-Cache
Dynatrace
X-Render-Time
X-PF-Uncompressing
X-Varnish-Action
X-GDPR
X-Fastly-Backend-Reqs
Epwk-Cache
Cneonction
X-SRV
Xet-Cookie
DataCenter
X-Apw-Access-Token
Pics-Label
X-Apw-Access-Object
X-Apw-Hits
X-Pjax-Url
X-Swift-Error
X-Vct
X-Apw-Access-Action
CDN
Fastcgi-X-Cache
X-Micro-Cache
X-Dw-Trace-Id
X-NGINX-Cache
X-Lb-Id
Correlation-Id
X-Ecache
X-Uri
X-Cf-Powered-By
X-Policy
SID
X-Svr
X-WA
MIME-Version
X-AssetVersion
X-Html-Edge-Cache
X-WPE-Loopback-Upstream-Addr
Lfy
Warning
X-Bug-Bounty
RequestUuid
Ohc-Response-Time
FNAC-ModuleRouting
X-Sf
X-Serial
X-Var-Ttl
X-Akamai-ERPolicy
X-LiteSpeed-Tag
X-Akamai-ERRuleID
X-DSS
X-DI
X-RSL
X-RPS
X-RPM
X-DB
X-Fpc
X-ServerName
X-Fastly-Cache-Hits
X-Flow-Id
X-Page-Impression-Id
X-Zalando-Child-Request-Id
X-DW