Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
Link
X-Powered-By
ETag
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Xss-Protection
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
X-Drupal-Cache
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
P3p
X-Template
Status
X-Language
Timing-Allow-Origin
Content-Encoding
X-Content-Security-Policy
X-Iinfo
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-Turbo-Charged-By
X-CDN
X-POWERED-BY
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Amz-Id-2
X-Amz-Request-Id
X-Pingback
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
X-Server-Powered-By
EagleId
X-UA-Device
X-Varnish-Cache
X-Nginx-Cache-Status
Request-Context
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
X-WebKit-CSP
Ali-Swift-Global-Savetime
Feature-Policy
X-Device
Server-Timing
X-Server-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Host
Report-To
X-Ac
X-Rq
Content-Location
X-Node
X-OneAgent-JS-Injection
X-Backend-Server
X-Response-Time
X-Cnection
X-Origin-Cache
X-Cloud-Trace-Context
X-Application-Context
EagleEye-TraceId
Allow
Request-Id
X-Readtime
Surrogate-Control
X-Cache-Lookup
X-Country
X-ORACLE-DMS-ECID
X-Cdn
X-TTL
X-DynaTrace
X-Url
X-Vhost
Pinterest-Generated-By
X-Rack-Cache
X-Clacks-Overhead
X-Ua-Compatible
X-Ruxit-JS-Agent
X-Origin-Upstream-Status
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-CST
Rating
X-FTR-Request-ID
X-ORACLE-DMS-RID
X-Country-Code
NEL
X-HW
X-Goog-Hash
X-Dispatcher
X-Instart-Request-ID
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Source
Fusion-Content-Id
X-DataStream-Cache-Status
Edge-Control
X-Vname
X-TtlSet
X-PC
X-Px
X-VARITI-CCR
Service-Worker-Allowed
X-DataDome
X-MS-InvokeApp
X-Mod-Pagespeed
X-Request-ID
X-Dns-Prefetch-Control
Verso
SPRequestGuid
X-Recruiting
X-Cdn-Fetch
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Use-Magma
X-Exp-Variant
X-Kinja
X-D2id
X-Varnish-TTL
X-Vcap-Request-Id
X-SharePointHealthScore
RTSS
X-B3-TraceId
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
TCN
DynaTrace
X-ESI
X-Navigation-Version
X-GitHub-Request-Id
X-SRCache-Store-Status
X-Powered-By-Plesk
X-SRCache-Fetch-Status
X-RateLimit-Remaining
Response
X-Middleton-Display
X-Middleton-Response
X-Sol
Display
X-Akam-SW-Version
Accept-Ch-Lifetime
Content-MD5
Charset
X-Server-Name
MS-Author-Via
AR-CACHE
Ar-Sid
AR-PoweredBy
AR-ATIME
ServerID
X-Trace
X-Shield-Request-Id
X-Amz-Rid
Realpath
X-Dw-Request-Base-Id
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
Accept-Ch
X-Powered-CMS
AR-Request-ID
X-DynaTrace-JS-Agent
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
Nginx-Cache
X-Forwarded-Proto
X-Cached
X-Version
X-Upstream
Fastly-Restarts
X-Shard
X-B3-TraceId-Primal
Public-Key-Pins
MRF-Tech
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Mrf-Cache-Status
SPIisLatency
SPRequestDuration
X-Goog-Storage-Class
Access-Control-Request-Method
Paypal-Debug-Id
X-MSEdge-Ref
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Proxy
X-Client-IP
Pagespeed
S
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Debug
X-Amz-Meta-S3cmd-Attrs
X-Grace
X-Id
X-FTR-DC
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Backend
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Realm
X-Ezoic-Cdn
X-FTR-Expires
X-N
X-T
X-DIS-Request-ID
X-Fastly-Request-ID
MicrosoftSharePointTeamServices
Arr-Disable-Session-Affinity
X-Amzn-Trace-Id
Accept-CH
X-NF-Request-ID
Front-End-Https
X-Content-Type
X-Ser
X-Hits
X-Varnish-Age
X-B3-Sampled
Arc-Version
PB-PID
PB-RID
X-Mobile-Rewrite
Nel
Alternate-Protocol
X-Server-ID
X-VCache
Fastcgi-Cache
X-Acc-Meta-Resource-Type
X-FTR-Cache-Host
X-Frontend
X-Logged-In
X-FastCGI-Cache
X-Content-Digest
Server-Name
X-XRDS-Location
X-Vcache
X-Srv
X-Pad
X-Correlation-Id
X-Forwarded-For
Host
Powered-By-ChinaCache
AMP-Access-Control-Allow-Source-Origin
X-Node-Name
X-Request-Handler-Origin-Region
X-Microsite
FilterID
Healthy
TP-L2-Cache
TP-Cache
X-Rid
X-Kinsta-Cache
Edge-Cache-Tag
X-LB-Cache
X-XRDS-LOCATION
X-Type
X-Cache-Key
X-IPLB-Instance
X-Request-Processing-Time
X-Debug-Info
X-Request-Received
X-User-Agent
X-AOL-HN
X-Cached-By
X-B3-Traceid
X-GUploader-UploadID
X-Fastcgi-Cache
X-Cache-2
X-Revision
X-F-Cache
X-Hostname
X-Amzn-RequestId
Powered
X-Amz-Apigw-Id
X-Zen-Fury
X-Cache-Rule
X-HS-Content-Id
X-HS-Hub-Id
Surrogate-Key
X-Cache-Age
X-Analytics
Backend-Timing
X-Accel-Expires
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Page-Id
X-AppVersion
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Az
X-Activity-Id
X-Varnish-Backend
X-Content-Security-Policy-Report-Only
X-BCube-Filmed-By
X-Instance
X-Content-Options
X-Varnish-Grace
X-Cluster
Source
X-Via-JSL
X-Jobs
X-Tumblr-User
X-FB-Debug
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Content-Powered-By
X-Request-Guid
Cache-Status
X-App-Environment
X-Akamai-Edgescape
X-Amz-Replication-Status
X-PHP-Backend
X-TT
Cleartype
X-Framework
Server-Node
X-RateLimit-Limit
X-Varnish-Hostname
Tracecode
Refresh
X-Forwarded-Host
WPE-Backend
X-B-Cache
X-Signature
X-FW-Server
X-FW-Type
Host-Header
X-FW-Static
X-FW-Serve
X-FW-Hash
X-ATG-Version
Liferay-Portal
X-Mobile
X-Cache-Operation
X-Time
DC
X-Cache-Control
Accept-Charset
X-Edge-Location
X-NWS-LOG-UUID
X-Drupal-Cache-Tags
Actual-Object-TTL
X-Cache-Action
Access-Control-Allow-Method
X-Cache-TTL
Fastcgi-Useragent
X-Esi
X-Cache-Hit
X-Mobile-URL
X-Response-Served-From
Upgrade-Insecure-Requests
X-Hp-Webp
X-Accel-Buffering
X-App-Server
Payment
X-Whom
X-Storage
X-TX-ID
X-B
X-SS-Set-Cookie
X-Content-Age
X-UA-Device-Type
X-WebKit-CSP-Report-Only
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Handled-By
X-TT-TIMESTAMP
X-Erf-Bev-Bev
X-GeoIP
X-Erf-Bev-Bev-Is-Generated
Xserver
Filters
X-Git-Hash
X-Cacheable-TTL
X-Tumblr-Pixel-1
X-RequestSource
X-Tumblr-Pixel-2
X-VG-WebCache
X-WA-Info
X-Adobe-Loc
Cache-Tv-Group
Eomportal-Instance
X-Adobe-Content
Viewport
Cache
X-RemovedCookies
X-ProcessESI
X-Geo-Country
X-Status
X-APP-VERSION
NGB
Server-Info
Accept-CH-Lifetime
Cache-Tag
X-Ratelimit-Limit
Webserver
X-FB-TRIP-ID
Datacenter
X-Presslabs-Stats
X-Cache-TTL-Remaining
X-Cache-Enabled
Retry-After
X-Ratelimit-Reset
X-TA-CDN-Provider
X-FW-Dynamic
X-Contextid
X-Seen-By
S-Cnection
X-Host-Name
X-Origin-Server
MS-CV
Country
From-Origin
X-Mode
Frame-Options
X-Hyper-Cache
Meta-Geo
X-Tumblr-Pixel-3
X-LJ-Flow-ID
Machine
Load-Balancing
X-AWS-Id
X-CF-Powered-By
X-VWS-Id
X-ES-SERVER
X-Cache-Config
X-Cache-Var
X-Generated-By
X-RN-RSRV
X-Cache-Var-Map
X-Path-Route
X-Labrador-Cache-Channel
We-Hiring
X-Varnish-Hits
Release
Mail-Subject
Vix-Hermes-Req-Id
Cache-Key
X-RTag
Ms-Operation-Id
X-Zipkin-Id
X-Hit
X-Varnish-Cache-Hits
X-Upstream-CT
X-Upstream-HT
DSUID
X-Backend-Name
X-Human
X-Cache-Grace
X-Cache-Host
X-Routing-Service
X-Magnolia-Registration
X-Proxied
X-Loop
X-Guploader-Uploadid
Decoy-Debug-Key
Decoy-Debug-Status
X-Varnish-Server
X-Device-Type
X-EIG-Tracking-Id
X-PCL
X-Web-Node
Decoy-Debug-TTL
X-Upgrade-Enabled
X-TNCMS
ServedBy
Uber-Trace-Id
X-Rendered-As
X-OCL
Now
X-Debug-Cache
X-RCS-CacheZone
Mn-Server-Ip
X-Access
X-Viewer-Country
X-Section
GEO-INFO
X-MP-GENERATED-AT
X-From
X-BYPASS-REASON
X-Akamai-Request-ID
X-CCM
X-Alternate-Cache-Key
X-Shopify-Stage
X-Sorting-Hat-PodId
X-ProxyCache-Key
X-ShardId
Rt-Fastcgi-Cache
X-Daa-Tunnel
OT-Force-Account-Verify
X-Rule
X-VG-TLSProxy
X-ProxyCache-Status
X-ShopId
X-Cluster-Node
Akamai-GRN
X-Sorting-Hat-ShopId
X-R9-Blue-Green-Version
X-Proto
X-Origin-Response-Time
X-Endurance-Cache-Level
X-L-Path
X-Environment-Context
X-Region
X-Generated
X-Via-Fastly
DB-Nickname
X-Xfnlog-Site
X-JoinUs
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Timing-Wait
X-Hosted-By
X-Proxy-Build
X-FC-Vary-Parameters
X-S
X-NCache
Cache-Name
X-VCT
NGX
X-Drupal-Cache-Contexts
X-B3-Spanid
X-Trace-Id
X-PressLabs-Stats
X-Redis-Cache
X-Cache-NE
X-Platform-Server
X-Load-Cache
X-UUID
X-Www-Served-By
X-Site-Version
X-Nginx-Cache
X-Locale
Cteonnt-Length
X-NewRelic-App-Data
X-MServer
ProcessTime
X-EdgeConnect-Cache-Status
X-Hl-Ver
X-Oracle-Dms-Rid
X-Vgn-Hpd-Reason
X-ECACHE
X-ServerID
X-Rocket-Nginx-Bypass
X-Real-IP
SRV
X-Cache-Remote
X-Request-Time
Time
X-Time-Microsecs
X-IP
CACHE
X-Dc
Azure-SiteName
Azure-RegionName
Azure-InstanceId
X-Via-CDN
X-RateLimit-Reset
Azure-SlotName
X-Wix-Request-Id
X-Origin
X-FW-Version
S-Rt
X-GEO
Azure-Version
Version
X-IPS-LoggedIn
TWC-Privacy
TWC-GeoIP-Country
TWC-Device-Class
TWC-Locale-Group
Webcakes-App-Name
X-Origin-Hint
Webcakes-Region
Webcakes-App-Version
TWC-Connection-Speed
TWC-GeoIP-LatLong
Property-Id
X-Proxy
X-UA
Origin
NtCoent-Length
L5d-Success-Class
X-No-Session
X-Oneagent-Js-Injection
X-FireWall-Port
X-Cache-Backend
X-Distributor
Served-By
Fastly-SSL
X-Pubstack
X-Akamai-Transformed
Odigeo-Trace-Id
X-Unique-ID
X-Cache-Server
X-Microcachable
X-PERF
X-ApacheServer
Origin-Edge-Control
X-Akamai-Request-ID2
Origin-Cache-Control
Fastcgi-X-Cache-Version
X-CS
X-Format
X-Webkit-Csp
IBM-Web2-Location
X-CDN-Forward
X-Grey
X-Cache-Category-Id
X-Powered-By-Defense
X-Edge
X-HTML-Minification-Powered-By
Ec-Rule-Version
X-Compress-Hint
Proxy-Connection
X-BACKEND-TTL
Access-Control-Request-Headers
X-Via-NSCOPI
Cache-Tags
X-UnsetCookies
X-Detected-As
X-Is-Bot
Backend-Name
X-Varnish-Cacheable
X-G
X-A
X-Cluster-Name
HA-Ipaddr
Ha-Gx-Prefs
X-CF-Lambda-Fn
Mobile-Detection-Method
Meta-Geo-Continent
X-Internal-Host
Node
X-Cache-Bucket
Rendered-Blocks
Proxy-Firewall
X-Instart-Info
X-IN-APIGATEWAY
X-Connection-Hash
X-CF-Lambda-Version
X-Cdn-Srv
MD5-Digest
X-HS-Combine-CSS
X-HS-Cache-Config
X-CGP
X-Eu-Site
Cache-Prefix
Fastly-SIE
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
BehaviorPad-Version
Cache-Cookie-Set-From
X-Debug-Log
Cdn-Host
Content-Style-Type
X-Destination
Content-Script-Type
X-Developer
Cdn-Request-Time
X-Debug-Cookies
AsisCache
X-DPWN-IS-SECURE
A
X-Edge-Server
X-NU-AKA-ACS-Version
X-External-Request-Id
X-D
GEO-REGION-INFO
Fastly-SWR
Arc-Country
Fly-Cache
Fly-Request-Id
X-Date
X-Tb
PageSpeed
Server-ID
X-Aed
Cross-Origin-Window-Policy
X-Twitter-Response-Tags
ServerName
X-ScT
X-Accel-Expires-Debug
X-Rojux
X-S-Cookie
X-S-Maxage
X-VG-WebServer
X-Server-Time
X-B-Cookie
X-App-Name
X-Nc
X-AIR-PT
Viewtype
X-SRCache-Key
VivaBuild
X-Trv-Group
X-ARC
X-Transaction
X-Application
LB
X-Rewrite-Enabled
Request-Country
X-Processor
Request-EU
X-Vtex-Processado-Em
X-A-Ccd
X-Worker
X-NX-Host
X-Org
X-PAYTM-SRV-ID
Xc-Version
Request-Time
X-A-Dam
X-Rebelmouse-Cache-Control
X-A-Dcw
X-A-Dgt
Rt-Proxy-Cache
X-Region-Sid
Hostname
X-Rebelmouse-Surrogate-Control
X-Request-UUID
X-Vtex-Remote-Cache
X-A-Wwc
Mime-Version
X-B3-Parentspanid
X-ElasticPress-Search
Esi-Enabled
Gh-Request-Id
Resin-Trace
RNT-Machine
RNT-Time
Memcached
On-Server
X-Cache-Id
Platform
X-Cache-Info
X-Cdn-Origin
Is-Eu
Server-Int
SS
X-Core-Mission
Server-Host
Section-Io-Cache
X-Backend-State
X-Clientip
True-Client-Country-4JS
X-Fastly-Cache
X-Level-Front-Cache
X-Sn-Servicetimems
X-Skip-Cache
X-Key
X-Irp-Debug
X-Geo-Header
X-GeoIP-Country-Code
X-C
X-Location
Countrycode
X-Server-IP
X-Reqid
X-Request-URI
X-Qloud-Router
X-PHP-Host
X-ServiceProvider
X-Nginx-Cache-Key
X-TH-Server
X-Hash
Apple-News-Services-Handled
Apple-News-Services-Request-Url
X-Epic-Correlation-Id
Adler-Geo
X-Dispatcher-Server
X-Dispatch
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Generated-On
Country-Code
X-We-Are-Hiring
X-Variation
X-NC
Accept-Language
X-Servername
X-Secret
X-SD-PageType
X-Wikidot-Static-Cache
X-Served-From
X-SIPLIST1
X-WebServer
X-Amz-Meta-Cache-Control
X-SVT-ORM-VERSION
X-Webstats-RespID
X-SVT-ORM-RULES
X-Wikidot-Backend
X-Swa-Ws
X-Auto-Login
X-Method
X-Gen-Mode
X-Developers
X-Generation-Time
X-Hnp-Log
X-Gannett-Site-Version
X-FPC
X-Device-Os
X-Distil-CS
W
X-Fetched-On
X-CDN-Cache
X-Li-Fabric
X-Block-Status
X-BBXSRF
X-Reboot
X-Request-Start
X-Protected-By
X-ND-Cache
X-Li-Pop
X-LI-Proto
X-LI-UUID
X-Cache-FS-Status
X-Response-By
X-Crawler
SD-X-WS
Content-Disposition
CDCHOST
UCS
REQUESTUUID
Pramga
IsBot
PFcat
Powered-By
User-Cache-Control
AKAMAI
Web-Mar-Node
Who
V-Age
Wxu-Next-Hostname
Wxu-Next-Commit
Wxu-Next-Region
X-Datadome
X-Clara-WADP
Heartbleed
X-Owner
X-WADP-Cache
X-Cms-Context
GW-Server
X-Via-SSL
X-Ua
X-Origin-Expires
X-Release
X-Origin-Date
X-GeoIP-City
Fastly-Soc-X-Request-Id
X-Via-Edge
X-Thinkindot-L3
X-CUA
X-VServer
X-Azure-Ref
X-Bip
X-Azure-Ref-OriginShield
X-Varnish-Url
Thinkindot-Control
Thinkindot-CacheControl
X-Matched-Rule
X-Thanos
Thinkindot-CacheControl-Type
CF-IPCountry
X-Parent-Response-Time
X-Varnish-Ttl
X-OVcl
X-CLOUD-TRACE-CONTEXT
X-Fstrz
X-OVcl-Cache
L
X-VC-Cache
Pragrma
X-Proxy-Upstream
N-Cache
X-Proxy-Cache-Status
X-Ratelimit-Remaining
X-Planisys-CDN-Cache
X-TrackingId
X-Amzn-Remapped-Content-Length
Memory
X-LAGOON
X-FE
Kp-EeAlive
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Cdn-Forward
Selected-Fe
X-Origin-TTL
X-Be
X-Origin-CC
X-GRACE
X-Phone
X-Pf-Uncompressing
User-Agent
X-IN-WAF
X-Core-Value
X-B3-SpanId
Locale
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Varnish-Beresp-Ttl
X-SERVER-NAME
Magicmarker
X-Birta-Cache-Post
X-URL
X-Birta-Served
X-Geo
X-Ttl
X-Zone
X-Page-Type
X-Dynatrace-Js-Agent
X-DC
X-Info
X-Varnish-IP
Selected-FE
HitType
X-Flog
X-ABtesting
Pagetype
X-Hello
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Generated-In
X-User
Cdn
X-Backend-TTL
X-TT-LOGID
X-Backend-Url
Geoip-Latitude
X-Backend-Host
X-Newrelic-Synthetics
GeoIp-Country-Code
Geoip-City
X-Litespeed-Cache
X-Tt-Trace-Tag
X-MSEdge-Features
X-GoCache-CacheStatus
SN
X-Soup
X-MSEdge-Flight
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-Up
X-Mid
X-Source
X-App-Version
X-MID
X-Check-Cacheable
X-Cache-Debug
X-Agile-Age
X-Agile-Id
X-Agile
X-Servedbyhost
CF-Cached-On
X-Real-Ip
X-Refresh
X-Web-Server
X-Vcl-Version
X-HS-Status
X-Aicache-OS
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Ruxit-Js-Agent
Amp-Access-Control-Allow-Source-Origin
X-ServedByHost
FSS-Cache
FSS-Proxy
X-ZONE
X-VCL-Version
X-Tb-Optimization-Total-Bytes-Saved
X-Cache-Ttl
HostName
X-Say-Cacheable
X-Amzn-Remapped-Date
X-Say-TTL
X-UPSTREAM-Address
X-Old-Content-Length
X-SayCDN-TTL
X-Amzn-Remapped-Connection
X-Bc
X-CACHE-KEY
GeoIP-Country-Code
X-Varnish-Authentication
X-APP
X-Contensis-Viewer-Groups
Server-Surrogate-Control
X-Cache-ASPX
Server-Cache-Control
X-NWS-UUID-VERIFY
Cache-Hits
Ohc-Cache-HIT
X-EC-Lua
X-CSRF-Token
Ohc-File-Size
WZWS-RAY
Group
X-COUNTRY
GeoIP-Latitude
RequestId
X-Via-Ucdn
GeoIP-City
Srv
Fastly-Backend-Name
Inserted-Into-Cache-At
X-Node-Id
X-Akamai-SSL-Client-Sid
HTTPS
X-Varnish-Beresp-TTL
X-BC
X-Nananana
X-Proxy-Cacherz
Ajk
X-IN-APIGATEWAYSSL
X-Logtrace-Id
URI
X-WR-MODIFICATION
Backend
Www
X-SN
Xkeyrz
X-ECache
XServer
WebServer
X-Cache-Time
X-Dynatrace
X-PAGE-TYPE
X-Instart-Isnd
Cf-Ipcountry
X-Cache-Tag
X-CSRF-TOKEN
X-Unique-Id
X-RateLimit-Remaining-Second
Is-Session-Tracking
Host-ID
Get-Access-Time
X-RateLimit-Limit-Second
Requestid
X-Cache-Expires
Lb
X-Tec-Api-Origin
X-Fastly-Country-Code
X-TIME
Xkeynj
X-Tec-Api-Root
X-FORWARDED-FOR
X-Request-Url
X-Tec-Api-Version
X-LiteSpeed-Cache-Control
X-MCACHE
X-Sedo-Request-Id
X-Wa
X-Requestid
X-BE
X-Edge-IP
X-Cache-Miss-From
X-NGENIX-Cache
Dynatrace
X-Apw-Access-Token
PICS-Label
X-Apw-Access-Object
X-Apw-Access-Action
T-Server
Epwk-Cache
X-Fastly-Backend-Reqs
X-PF-Uncompressing
Cneonction
X-Apw-Hits
X-Pjax-Url
X-Varnish-Action
DataCenter
X-SRV
Xet-Cookie
Pics-Label
X-Render-Time
X-Vct
Fastcgi-X-Cache
X-WA
X-Lb-Id
X-Micro-Cache
X-Swift-Error
CDN
X-LB-ID
X-GDPR
X-PJAX-URL
X-NGINX-Cache
X-Dw-Trace-Id
X-Svr
X-Cf-Powered-By
X-Ecache
Correlation-Id
X-AssetVersion
X-Uri
X-Policy
SID
X-ServerName
X-Serial
X-Fpc
X-Var-Ttl
X-Html-Edge-Cache
Lfy
Warning
X-Bug-Bounty
X-WPE-Loopback-Upstream-Addr
RequestUuid
FNAC-ModuleRouting
X-Sf
Ohc-Response-Time
X-LiteSpeed-Tag
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-DSS
X-DW
X-RPM
X-RPS
X-DI
X-DB
X-Fastly-Cache-Hits
X-Flow-Id
X-Page-Impression-Id
X-Zalando-Child-Request-Id
X-RSL