Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Request-Id
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
Alt-Svc
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
Content-Encoding
X-Iinfo
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Age
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Id-2
X-Amz-Request-Id
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
EagleId
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-SaveTime
X-Swift-CacheTime
X-WebKit-CSP
Ali-Swift-Global-Savetime
Feature-Policy
X-Server-Id
X-Device
Server-Timing
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Host
Report-To
X-Rq
X-Ac
Content-Location
X-Node
X-OneAgent-JS-Injection
X-Backend-Server
X-Cnection
X-Response-Time
X-Origin-Cache
X-Cloud-Trace-Context
X-Application-Context
EagleEye-TraceId
Allow
Request-Id
X-Readtime
Surrogate-Control
X-Country
X-ORACLE-DMS-ECID
X-Cache-Lookup
X-TTL
X-DynaTrace
X-Vhost
X-Url
X-Cdn
Pinterest-Generated-By
X-Rack-Cache
X-Clacks-Overhead
X-Origin-Upstream-Status
NEL
X-Ua-Compatible
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Ruxit-JS-Agent
X-FTR-Request-ID
Rating
X-CST
X-Country-Code
X-HW
X-ORACLE-DMS-RID
X-Goog-Hash
X-Dispatcher
X-Instart-Request-ID
Fusion-Component-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
Fusion-Content-Id
X-DataStream-Cache-Status
Edge-Control
X-PC
X-TtlSet
X-Vname
X-Px
X-VARITI-CCR
X-DataDome
Service-Worker-Allowed
X-MS-InvokeApp
X-Mod-Pagespeed
Verso
SPRequestGuid
X-Recruiting
X-Request-ID
X-D2id
X-Dns-Prefetch-Control
X-Cdn-Fetch
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-Exp-Id
X-Use-Magma
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Server
X-Varnish-TTL
X-Vcap-Request-Id
RTSS
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
X-SharePointHealthScore
DynaTrace
TCN
X-Navigation-Version
X-RateLimit-Remaining
X-GitHub-Request-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Powered-By-Plesk
Response
X-Middleton-Response
X-Sol
Display
X-Middleton-Display
X-Akam-SW-Version
X-B3-TraceId
MS-Author-Via
Charset
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
Content-MD5
Accept-Ch-Lifetime
X-ESI
AR-ATIME
X-Shield-Request-Id
AR-CACHE
AR-PoweredBy
Ar-Sid
ServerID
X-Amz-Rid
X-Trace
Realpath
X-Powered-CMS
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Forwarded-Proto
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Dw-Request-Base-Id
X-DynaTrace-JS-Agent
AR-Request-ID
Nginx-Cache
X-Version
X-Upstream
X-Cached
X-Server-Name
Accept-Ch
Fastly-Restarts
Public-Key-Pins
X-Shard
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
Access-Control-Request-Method
SPRequestDuration
Paypal-Debug-Id
SPIisLatency
X-Goog-Storage-Class
X-MSEdge-Ref
X-Client-IP
Pagespeed
S
X-Grace
Pinterest-Version
X-Upstream-Proxy
X-Pinterest-Rid
X-Debug
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-FTR-Realm
X-FTR-Backend
X-Id
X-Vcache
X-FTR-DC
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Expires
X-Amz-Meta-S3cmd-Attrs
X-Ezoic-Cdn
Accept-CH
X-N
X-Fastly-Request-ID
X-DIS-Request-ID
X-T
MicrosoftSharePointTeamServices
Arr-Disable-Session-Affinity
X-Amzn-Trace-Id
Front-End-Https
X-NF-Request-ID
X-XRDS-Location
X-Content-Type
X-Hits
X-B3-Sampled
X-Ser
X-Varnish-Age
X-FastCGI-Cache
X-Mobile-Rewrite
Arc-Version
PB-PID
PB-RID
X-FTR-Cache-Host
Fastcgi-Cache
Alternate-Protocol
X-Frontend
X-Acc-Meta-Resource-Type
X-Logged-In
X-Content-Digest
Server-Name
X-B3-Traceid
X-Correlation-Id
X-Forwarded-For
X-Pad
X-Srv
X-Node-Name
Host
AMP-Access-Control-Allow-Source-Origin
Nel
X-Request-Handler-Origin-Region
X-Microsite
Powered-By-ChinaCache
FilterID
TP-L2-Cache
Healthy
TP-Cache
X-VCache
X-Kinsta-Cache
X-LB-Cache
X-Cache-Key
X-Type
X-Rid
X-User-Agent
Edge-Cache-Tag
X-IPLB-Instance
X-AOL-HN
X-Debug-Info
X-Request-Processing-Time
X-Request-Received
X-GUploader-UploadID
X-Server-ID
X-Cached-By
X-F-Cache
X-Cache-2
Powered
X-Revision
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Zen-Fury
X-Fastcgi-Cache
X-Hostname
X-Cache-Rule
X-HS-Hub-Id
X-HS-Content-Id
Backend-Timing
X-Cache-Age
X-Analytics
X-XRDS-LOCATION
X-Accel-Expires
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Surrogate-Key
X-RateLimit-Limit
X-Esi
X-AppVersion
X-Activity-Id
X-Az
X-Varnish-Backend
X-Via-JSL
X-Page-Id
X-Content-Security-Policy-Report-Only
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Varnish-Grace
X-BCube-Filmed-By
X-Content-Options
Source
X-Cluster
X-Akamai-Edgescape
X-FB-Debug
X-Instance
X-Jobs
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-App-Environment
X-Amz-Replication-Status
X-Request-Guid
X-Content-Powered-By
X-PHP-Backend
Cache-Status
Cleartype
X-TT
X-Framework
Server-Node
Refresh
X-Forwarded-Host
X-B-Cache
X-Signature
X-Varnish-Hostname
Tracecode
X-FW-Server
X-FW-Static
X-FW-Type
X-FW-Hash
X-FW-Serve
Liferay-Portal
X-ATG-Version
WPE-Backend
Host-Header
DC
X-Mobile
X-Cache-Operation
Accept-Charset
X-Time
X-Cache-Control
Access-Control-Allow-Method
X-Edge-Location
X-Drupal-Cache-Tags
X-Cache-Action
Actual-Object-TTL
Fastcgi-Useragent
X-Cache-Hit
Cache
Accept-CH-Lifetime
X-NWS-LOG-UUID
Payment
X-Erf-Bev-Bev-Is-Generated
X-Response-Served-From
X-Mobile-URL
X-Hp-Webp
X-Accel-Buffering
X-Erf-Bev-Bev
X-Whom
X-App-Server
X-Storage
X-TX-ID
Upgrade-Insecure-Requests
X-B
X-UA-Device-Type
X-WebKit-CSP-Report-Only
X-Content-Age
X-TT-TIMESTAMP
Xserver
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-SS-Set-Cookie
X-GeoIP
X-RequestSource
Filters
X-Cacheable-TTL
X-Git-Hash
X-Handled-By
X-WA-Info
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Status
X-Cache-TTL
X-Adobe-Loc
X-Adobe-Content
Eomportal-Instance
X-Ratelimit-Reset
Viewport
X-RemovedCookies
X-ProcessESI
Cache-Tv-Group
X-APP-VERSION
X-VG-WebCache
X-Geo-Country
NGB
Cache-Tag
X-TA-CDN-Provider
Webserver
Retry-After
Datacenter
X-Cache-TTL-Remaining
X-FB-TRIP-ID
Server-Info
X-FW-Dynamic
X-Cache-Enabled
X-Presslabs-Stats
X-Seen-By
MS-CV
X-Contextid
X-Host-Name
X-Oracle-Dms-Rid
X-Ratelimit-Limit
S-Cnection
X-Origin-Server
From-Origin
Frame-Options
Country
X-Generated-By
X-Hyper-Cache
X-CF-Powered-By
X-Mode
X-RTag
Ms-Operation-Id
X-Cache-Var-Map
X-Path-Route
Meta-Geo
X-Cache-Config
X-AWS-Id
X-RN-RSRV
Load-Balancing
Machine
X-Cache-Var
X-VWS-Id
X-LJ-Flow-ID
X-ES-SERVER
X-Section
X-Hit
DSUID
X-Upstream-CT
X-Cache-Grace
X-Access
We-Hiring
X-Tumblr-Pixel-3
X-Proxied
X-Zipkin-Id
Vix-Hermes-Req-Id
Mail-Subject
X-Labrador-Cache-Channel
X-Upstream-HT
X-Cache-Host
Cache-Key
X-Routing-Service
X-PressLabs-Stats
Decoy-Debug-TTL
Decoy-Debug-Key
X-Debug-Cache
X-Web-Node
X-RCS-CacheZone
X-Magnolia-Registration
X-TNCMS
Mn-Server-Ip
X-OCL
X-From
Release
X-PCL
X-Varnish-Cache-Hits
X-Varnish-Server
X-Upgrade-Enabled
X-EIG-Tracking-Id
Decoy-Debug-Status
X-MP-GENERATED-AT
X-Viewer-Country
X-Loop
X-Device-Type
X-Human
X-Backend-Name
GEO-INFO
X-Origin-Response-Time
X-ShopId
X-ShardId
X-Rule
X-Shopify-Stage
X-VG-TLSProxy
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-R9-Blue-Green-Version
X-Proto
X-Akamai-Request-ID
ServedBy
Rt-Fastcgi-Cache
X-Alternate-Cache-Key
X-CCM
X-L-Path
X-Environment-Context
Now
OT-Force-Account-Verify
X-Varnish-Hits
X-Rendered-As
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Endurance-Cache-Level
Uber-Trace-Id
X-Hosted-By
X-Proxy-Build
X-JoinUs
X-Generated
X-Cluster-Node
X-FC-Vary-Parameters
X-B3-Spanid
X-S
X-Region
X-Timing-Wait
X-Via-Fastly
X-Xfnlog-Site
Akamai-GRN
Cache-Name
X-NCache
X-BYPASS-REASON
X-Guploader-Uploadid
X-ProxyCache-Key
X-Drupal-Cache-Contexts
DB-Nickname
X-ProxyCache-Status
X-Trace-Id
X-VCT
X-Locale
X-Site-Version
X-Redis-Cache
X-Nginx-Cache
ProcessTime
NGX
X-Www-Served-By
Cteonnt-Length
X-Platform-Server
X-Load-Cache
X-UUID
X-Cache-NE
X-Request-Time
X-EdgeConnect-Cache-Status
X-MServer
X-NewRelic-App-Data
X-Hl-Ver
Version
X-Time-Microsecs
X-IP
X-ECACHE
X-Daa-Tunnel
SRV
S-Rt
Azure-Version
X-Via-CDN
Time
X-Rocket-Nginx-Bypass
X-ServerID
X-Origin
X-FW-Version
Azure-SiteName
Azure-RegionName
Azure-InstanceId
Azure-SlotName
TWC-Device-Class
TWC-Locale-Group
X-Origin-Hint
TWC-Privacy
Webcakes-Region
Webcakes-App-Name
Webcakes-App-Version
TWC-GeoIP-LatLong
TWC-Connection-Speed
Property-Id
X-Wix-Request-Id
X-Vgn-Hpd-Reason
TWC-GeoIP-Country
X-Cache-Remote
X-IPS-LoggedIn
X-Real-IP
X-Proxy
Origin
X-GEO
X-No-Session
NtCoent-Length
X-FireWall-Port
X-Akamai-Request-ID2
X-Akamai-Transformed
Odigeo-Trace-Id
L5d-Success-Class
X-Dc
X-Distributor
Fastly-SSL
X-ApacheServer
X-Oneagent-Js-Injection
X-Cache-Backend
X-PERF
X-CS
Served-By
CACHE
X-HTML-Minification-Powered-By
X-Microcachable
X-Unique-ID
X-Format
X-Pubstack
X-RateLimit-Reset
X-Cache-Server
X-Compress-Hint
Ec-Rule-Version
X-UA
Origin-Edge-Control
X-CDN-Forward
Origin-Cache-Control
Access-Control-Request-Headers
Fastcgi-X-Cache-Version
Hostname
X-UnsetCookies
Cache-Tags
X-Webkit-Csp
X-Cache-Category-Id
IBM-Web2-Location
X-Grey
X-Tb
X-BACKEND-TTL
X-Edge
X-SERVER-NAME
X-Is-Bot
Backend-Name
X-Varnish-Cacheable
X-Detected-As
X-Accel-Expires-Debug
X-Aed
X-Worker
X-A
Xc-Version
X-A-Ccd
X-A-Dam
X-A-Dgt
X-A-Dcw
X-A-Wwc
X-VG-WebServer
X-Cache-Bucket
X-B-Cookie
X-HS-Cache-Config
X-Trv-Group
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Twitter-Response-Tags
X-ARC
X-AIR-PT
X-Vtex-Processado-Em
VivaBuild
X-App-Name
X-Application
X-Vtex-Remote-Cache
Server-ID
Fastly-SWR
Fly-Cache
Fastly-SIE
Rendered-Blocks
Request-EU
Request-Country
Fly-Request-Id
GEO-REGION-INFO
HA-Ipaddr
Meta-Geo-Continent
Ha-Gx-Prefs
Mobile-Detection-Method
Proxy-Firewall
Node
Cross-Origin-Window-Policy
Request-Time
BehaviorPad-Version
Cache-Cookie-Set-From
AsisCache
Arc-Country
A
X-CGP
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Content-Script-Type
Content-Style-Type
Cdn-Request-Time
Cdn-Host
Cache-Prefix
Rt-Proxy-Cache
Viewtype
LB
X-D
X-NX-Host
X-NU-AKA-ACS-Version
X-Debug-Cookies
X-Debug-Log
X-Connection-Hash
X-Org
Proxy-Connection
X-Rebelmouse-Cache-Control
X-Cluster-Name
X-PAYTM-SRV-ID
X-Destination
X-Developer
X-External-Request-Id
X-Instart-Info
X-IN-APIGATEWAY
X-HS-Combine-CSS
X-G
X-Eu-Site
X-Internal-Host
X-Powered-By-Defense
X-DPWN-IS-SECURE
X-Edge-Server
MD5-Digest
X-Rebelmouse-Surrogate-Control
X-Date
X-Rojux
X-S-Cookie
X-Server-Time
X-Transaction
X-Request-UUID
X-Rewrite-Enabled
X-SRCache-Key
X-Region-Sid
X-S-Maxage
X-ScT
X-Ua
X-NC
X-B3-Parentspanid
X-Skip-Cache
X-ServiceProvider
X-Clientip
X-Cache-Info
Resin-Trace
X-Cdn-Origin
X-Sn-Servicetimems
X-Cdn-Srv
X-Epic-Correlation-Id
On-Server
X-GeoIP-Country-Code
X-Hash
Memcached
X-Geo-Header
X-Generated-On
X-TH-Server
Platform
X-Irp-Debug
X-Fastly-Cache
X-Developers
SS
ServerName
Server-Int
X-Variation
True-Client-Country-4JS
X-Core-Mission
X-Reqid
X-Request-URI
X-PHP-Host
Server-Host
Section-Io-Cache
RNT-Time
X-Dispatcher-Server
X-Key
RNT-Machine
X-Dispatch
X-We-Are-Hiring
X-Nginx-Cache-Key
X-Backend-State
X-Level-Front-Cache
X-Cache-Id
W
Countrycode
X-Via-NSCOPI
PageSpeed
Accept-Language
Apple-News-Services-Handled
Adler-Geo
X-C
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Is-Eu
Apple-News-Services-Request-Url
Esi-Enabled
Country-Code
X-ElasticPress-Search
X-Nc
X-LI-UUID
X-LI-Proto
X-Li-Fabric
X-Li-Pop
X-FPC
X-Cache-FS-Status
X-CDN-Cache
X-Block-Status
X-BBXSRF
X-Amz-Meta-Cache-Control
X-Crawler
X-Device-Os
X-Gen-Mode
X-Gannett-Site-Version
X-Fetched-On
X-Distil-CS
X-Hnp-Log
X-Processor
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Webstats-RespID
X-WebServer
AKAMAI
Content-Disposition
X-Varnish-Url
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-SIPLIST1
X-Servername
X-Request-Start
X-Reboot
X-Qloud-Router
X-Method
IsBot
X-SD-PageType
X-Server-IP
X-Served-From
X-Secret
X-Location
X-Response-By
Wxu-Next-Region
REQUESTUUID
CDCHOST
Who
Wxu-Next-Hostname
Web-Mar-Node
Gh-Request-Id
PFcat
Wxu-Next-Commit
User-Cache-Control
V-Age
UCS
SD-X-WS
Mime-Version
Thinkindot-CacheControl
X-CUA
X-Thinkindot-L3
X-VServer
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Matched-Rule
X-Swa-Ws
X-Release
X-Owner
X-Origin-Expires
X-Origin-Date
Pramga
X-Generation-Time
Powered-By
X-GeoIP-City
X-Thanos
X-Azure-Ref
X-Bip
X-Cms-Context
X-Auto-Login
X-Via-Edge
L
X-WADP-Cache
X-Via-SSL
X-Clara-WADP
X-Azure-Ref-OriginShield
Fastly-Soc-X-Request-Id
GW-Server
N-Cache
X-ND-Cache
X-Amzn-Remapped-Content-Length
X-OVcl
X-Proxy-Upstream
X-OVcl-Cache
X-Proxy-Cache-Status
X-VC-Cache
Heartbleed
CF-IPCountry
X-Varnish-Ttl
Selected-Fe
X-Varnish-Beresp-Ttl
Kp-EeAlive
X-FE
X-CLOUD-TRACE-CONTEXT
X-Protected-By
X-TrackingId
User-Agent
Pragrma
X-Fstrz
X-Parent-Response-Time
X-LAGOON
X-Ratelimit-Remaining
X-Urbn-Context-Path
Locale
X-Urbn-Site-Id
X-DC
X-Pf-Uncompressing
X-Planisys-CDN-TTL
Magicmarker
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-B3-SpanId
X-Cdn-Forward
X-Origin-TTL
X-Origin-CC
X-Zone
X-Page-Type
Memory
X-Geo
X-Be
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-IN-WAF
X-Phone
X-ABtesting
X-Core-Value
X-Flog
Pagetype
X-Hello
X-URL
X-Datadome
X-User
X-Ttl
X-Generated-In
X-Dynatrace-Js-Agent
X-Birta-Served
X-Birta-Cache-Post
X-Newrelic-Synthetics
X-Soup
Cdn
X-Up
X-Backend-Host
X-GRACE
X-Info
X-Backend-TTL
X-Tt-Trace-Tag
X-Debug-Cache-Fetch
X-Varnish-IP
X-Debug-Cache-Expiry
X-Backend-Url
X-Debug-Cache-Store
X-MSEdge-Features
X-MSEdge-Flight
X-GoCache-CacheStatus
X-Cache-Ttl
HitType
Selected-FE
X-Servedbyhost
X-TT-LOGID
X-Litespeed-Cache
X-Oss-Hash-Crc64ecma
Geoip-Latitude
GeoIp-Country-Code
Geoip-City
X-Oss-Object-Type
X-HS-Status
X-Oss-Request-Id
SN
X-Oss-Storage-Class
X-Oss-Server-Time
X-Check-Cacheable
X-App-Version
X-Mid
X-MID
CF-Cached-On
X-VCL-Version
X-Real-Ip
X-Source
X-Cache-Debug
X-Agile-Id
X-Agile-Age
X-Refresh
X-Aicache-OS
X-SayCDN-TTL
X-Say-TTL
X-Say-Cacheable
X-Tb-Optimization-Total-Bytes-Saved
X-Agile
X-Ruxit-Js-Agent
Amp-Access-Control-Allow-Source-Origin
X-Old-Content-Length
Cache-Hits
X-Web-Server
X-Vcl-Version
FSS-Cache
X-ZONE
FSS-Proxy
GeoIP-Country-Code
X-Bc
X-Amzn-Remapped-Date
GeoIP-Latitude
GeoIP-City
X-ServedByHost
X-Akamai-SSL-Client-Sid
X-CACHE-KEY
X-Amzn-Remapped-Connection
X-CSRF-TOKEN
Srv
Fastly-Backend-Name
Inserted-Into-Cache-At
Server-Cache-Control
X-Varnish-Authentication
X-Contensis-Viewer-Groups
X-Cache-ASPX
WZWS-RAY
Server-Surrogate-Control
HostName
X-Node-Id
X-Nananana
X-Cache-Time
X-EC-Lua
X-IN-APIGATEWAYSSL
X-Logtrace-Id
Ajk
X-APP
X-COUNTRY
RequestId
X-UPSTREAM-Address
X-Via-Ucdn
X-CSRF-Token
Ohc-File-Size
Ohc-Cache-HIT
X-NWS-UUID-VERIFY
Group
X-BC
X-Wa
X-RateLimit-Remaining-Second
X-ECache
X-RateLimit-Limit-Second
X-Proxy-Cacherz
HTTPS
Xkeyrz
X-WR-MODIFICATION
XServer
WebServer
X-Dynatrace
X-BE
Cf-Ipcountry
Backend
X-Varnish-Beresp-TTL
X-Cache-Tag
X-SN
URI
Www
X-SRV
Is-Session-Tracking
X-Unique-Id
X-Request-Url
Lb
Cneonction
X-FORWARDED-FOR
X-Fastly-Country-Code
Get-Access-Time
X-Instart-Isnd
X-TIME
Xkeynj
T-Server
X-PAGE-TYPE
X-MCACHE
X-LiteSpeed-Cache-Control
X-Requestid
Requestid
X-Cache-Expires
X-Micro-Cache
X-Render-Time
X-GDPR
X-PJAX-URL
PICS-Label
X-LB-ID
Host-ID
X-Edge-IP
X-Sedo-Request-Id
X-Cache-Miss-From
Dynatrace
X-PF-Uncompressing
X-Fastly-Backend-Reqs
Pics-Label
X-Pjax-Url
Xet-Cookie
DataCenter
X-Vct
X-NGENIX-Cache
Epwk-Cache
MIME-Version
X-Lb-Id
X-Varnish-Action
X-Policy
X-Swift-Error
CDN
X-Apw-Hits
X-Apw-Access-Object
X-Uri
X-Apw-Access-Action
X-Apw-Access-Token
X-NGINX-Cache
X-Dw-Trace-Id
X-WA
X-Cf-Powered-By
X-Ecache
SID
Correlation-Id
Fastcgi-X-Cache
X-Newrelic-App-Data
X-ServerName
X-Service
X-Fastly-Cache-Hits
X-Cdn-Request-ID
X-Serial
X-Akamai-ERPolicy
Ohc-Response-Time
Sid
X-DW
X-Svr
X-Flow-Id
Lfy
X-Akamai-ERRuleID
X-WPE-Loopback-Upstream-Addr
X-LiteSpeed-Tag
X-Zalando-Child-Request-Id
X-Html-Edge-Cache
X-DB
X-DI
RequestUuid
X-Fpc
Warning
X-RSL
X-RPS
X-DSS
X-Page-Impression-Id
X-RPM
X-Bug-Bounty