Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Request-Id
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
Alt-Svc
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
Content-Encoding
X-Iinfo
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Id-2
X-Amz-Request-Id
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
EagleId
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
X-WebKit-CSP
Ali-Swift-Global-Savetime
Feature-Policy
X-Server-Id
X-Device
Server-Timing
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Host
Report-To
X-Rq
X-Ac
Content-Location
X-Node
X-OneAgent-JS-Injection
X-Backend-Server
X-Cnection
X-Response-Time
X-Origin-Cache
X-Cloud-Trace-Context
X-Application-Context
EagleEye-TraceId
Allow
Request-Id
X-Readtime
Surrogate-Control
X-Country
X-ORACLE-DMS-ECID
X-Cache-Lookup
X-TTL
X-DynaTrace
X-Vhost
X-Url
X-Cdn
X-Rack-Cache
Pinterest-Generated-By
X-Clacks-Overhead
X-Origin-Upstream-Status
NEL
X-Ua-Compatible
X-Ruxit-JS-Agent
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Rating
X-FTR-Request-ID
X-CST
X-Country-Code
X-HW
X-Goog-Hash
X-Dispatcher
X-Instart-Request-ID
X-ORACLE-DMS-RID
Fusion-Template-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Source
Fusion-Component-Id
X-DataStream-Cache-Status
Edge-Control
X-PC
X-Vname
X-TtlSet
X-Px
X-VARITI-CCR
X-DataDome
Service-Worker-Allowed
X-MS-InvokeApp
X-Mod-Pagespeed
Verso
X-Recruiting
SPRequestGuid
X-Request-ID
X-Dns-Prefetch-Control
X-D2id
X-Varnish-TTL
X-Exp-Variant
X-GoogleNews-Bot
X-Exp-Id
X-Kinja-Revision
X-Kinja-Build
X-Kinja-Server
X-Use-Magma
X-Kinja
X-Cdn-Fetch
X-Vcap-Request-Id
RTSS
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
X-SharePointHealthScore
DynaTrace
TCN
X-Navigation-Version
X-RateLimit-Remaining
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-GitHub-Request-Id
X-Powered-By-Plesk
Response
X-Middleton-Response
X-Middleton-Display
X-Sol
Display
X-Akam-SW-Version
Charset
MS-Author-Via
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
Content-MD5
Accept-Ch-Lifetime
ServerID
X-Shield-Request-Id
AR-ATIME
Ar-Sid
AR-PoweredBy
AR-CACHE
Accept-Ch
X-Amz-Rid
X-Trace
Realpath
X-Powered-CMS
X-B3-TraceId
X-Goog-Generation
X-Goog-Metageneration
X-Forwarded-Proto
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Dw-Request-Base-Id
Nginx-Cache
X-DynaTrace-JS-Agent
X-ESI
AR-Request-ID
X-Version
X-Cached
X-Upstream
Fastly-Restarts
Public-Key-Pins
X-Shard
X-Server-Name
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
Mrf-Cache-Status
MRF-Tech
Access-Control-Request-Method
SPRequestDuration
Paypal-Debug-Id
X-MSEdge-Ref
SPIisLatency
X-Goog-Storage-Class
X-Client-IP
Pagespeed
S
X-Grace
Pinterest-Version
X-Upstream-Proxy
X-Pinterest-Rid
X-Debug
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-FTR-Balancer
X-FTR-Backend
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-DC
X-FTR-Realm
X-Amz-Meta-S3cmd-Attrs
X-FTR-Cache-Status
X-Id
X-Vcache
X-FTR-Expires
X-Ezoic-Cdn
X-N
X-T
X-DIS-Request-ID
X-Fastly-Request-ID
MicrosoftSharePointTeamServices
X-Amzn-Trace-Id
Arr-Disable-Session-Affinity
X-FastCGI-Cache
Front-End-Https
X-XRDS-Location
X-NF-Request-ID
X-Content-Type
X-B3-Traceid
X-Hits
Accept-CH
X-B3-Sampled
X-Varnish-Age
X-Ser
PB-RID
X-Mobile-Rewrite
Arc-Version
PB-PID
X-FTR-Cache-Host
Fastcgi-Cache
Alternate-Protocol
X-Acc-Meta-Resource-Type
X-Frontend
X-Logged-In
X-Content-Digest
Server-Name
X-Srv
X-Correlation-Id
X-Pad
X-Forwarded-For
X-Node-Name
Host
AMP-Access-Control-Allow-Source-Origin
Nel
X-Cache-Key
Powered-By-ChinaCache
X-Microsite
X-Request-Handler-Origin-Region
FilterID
TP-L2-Cache
Healthy
TP-Cache
X-Type
X-VCache
X-Rid
X-Kinsta-Cache
X-LB-Cache
X-User-Agent
Edge-Cache-Tag
X-IPLB-Instance
X-Request-Received
X-Request-Processing-Time
X-AOL-HN
X-Debug-Info
X-Cached-By
X-GUploader-UploadID
X-Server-ID
X-Cache-2
X-Esi
X-F-Cache
X-Zen-Fury
Powered
X-Revision
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Hostname
X-Cache-Rule
X-HS-Content-Id
X-HS-Hub-Id
X-Cache-Age
X-Analytics
Backend-Timing
X-XRDS-LOCATION
X-Accel-Expires
X-Kong-Upstream-Latency
Surrogate-Key
X-Kong-Proxy-Latency
X-RateLimit-Limit
X-Via-JSL
X-Fastcgi-Cache
X-Varnish-Backend
X-Az
X-AppVersion
X-Activity-Id
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Content-Security-Policy-Report-Only
X-Page-Id
X-Varnish-Grace
X-BCube-Filmed-By
X-Instance
X-Content-Options
X-Akamai-Edgescape
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
Source
X-Jobs
X-Cluster
X-FB-Debug
X-Amz-Replication-Status
X-App-Environment
X-Content-Powered-By
X-PHP-Backend
X-Request-Guid
Cache-Status
Cleartype
X-TT
X-Framework
Server-Node
Refresh
X-Forwarded-Host
X-B-Cache
X-Signature
X-Varnish-Hostname
Tracecode
X-FW-Static
X-FW-Type
X-FW-Server
X-FW-Serve
X-FW-Hash
Liferay-Portal
X-ATG-Version
WPE-Backend
Host-Header
DC
X-Mobile
X-Cache-Operation
X-Time
Accept-Charset
X-Cache-Control
X-Edge-Location
Access-Control-Allow-Method
X-Cache-Action
X-Drupal-Cache-Tags
Actual-Object-TTL
X-Cache-Hit
Fastcgi-Useragent
Cache
X-NWS-LOG-UUID
Accept-CH-Lifetime
X-Response-Served-From
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Mobile-URL
X-Accel-Buffering
X-Hp-Webp
Payment
Upgrade-Insecure-Requests
X-Storage
X-TX-ID
X-B
X-Whom
X-App-Server
X-APP-VERSION
X-Oracle-Dms-Rid
X-Content-Age
Xserver
X-WebKit-CSP-Report-Only
X-UA-Device-Type
X-Yottaa-Optimizations
X-TT-TIMESTAMP
X-Yottaa-Metrics
Filters
X-Tumblr-Pixel-1
X-Git-Hash
X-GeoIP
X-Cacheable-TTL
X-WA-Info
X-Tumblr-Pixel-2
X-Handled-By
X-SS-Set-Cookie
X-RequestSource
X-Status
Eomportal-Instance
Cache-Tv-Group
X-Adobe-Loc
X-Adobe-Content
Viewport
X-RemovedCookies
X-Ratelimit-Reset
X-ProcessESI
X-VG-WebCache
X-Geo-Country
NGB
X-Cache-TTL
Cache-Tag
X-TA-CDN-Provider
Webserver
Datacenter
Retry-After
X-Cache-TTL-Remaining
X-FB-TRIP-ID
Server-Info
X-FW-Dynamic
X-Cache-Enabled
X-Seen-By
X-Contextid
MS-CV
X-Host-Name
X-Ratelimit-Limit
X-Presslabs-Stats
X-PressLabs-Stats
S-Cnection
X-Origin-Server
Country
Frame-Options
From-Origin
X-Generated-By
X-Hyper-Cache
X-Mode
X-CF-Powered-By
Ms-Operation-Id
X-B3-Spanid
X-RTag
X-Tumblr-Pixel-3
X-AWS-Id
X-ES-SERVER
X-LJ-Flow-ID
X-Cache-Config
Meta-Geo
Load-Balancing
X-Cache-Var
X-Cache-Var-Map
X-RN-RSRV
X-Path-Route
X-VWS-Id
Machine
X-Access
DSUID
X-Section
X-Cache-Grace
X-Upstream-HT
X-Routing-Service
X-Cache-Host
Vix-Hermes-Req-Id
We-Hiring
Cache-Key
X-Proxied
X-MP-GENERATED-AT
X-Hit
Mail-Subject
X-Labrador-Cache-Channel
X-Upstream-CT
X-Varnish-Cache-Hits
X-Zipkin-Id
X-Backend-Name
X-Upgrade-Enabled
Now
Decoy-Debug-Status
Decoy-Debug-TTL
X-Viewer-Country
Decoy-Debug-Key
X-Web-Node
X-Varnish-Server
Mn-Server-Ip
Release
X-Debug-Cache
X-Loop
X-Human
X-From
X-Magnolia-Registration
X-OCL
X-RCS-CacheZone
X-PCL
X-Varnish-Hits
X-TNCMS
X-EIG-Tracking-Id
X-Device-Type
X-Origin-Response-Time
GEO-INFO
X-Sorting-Hat-ShopId
X-L-Path
X-Proto
X-R9-Blue-Green-Version
X-ShopId
X-Shopify-Stage
X-ShardId
X-Rule
X-VG-TLSProxy
X-Rendered-As
X-Alternate-Cache-Key
X-Akamai-Request-ID
Rt-Fastcgi-Cache
X-Endurance-Cache-Level
X-Sorting-Hat-PodId
OT-Force-Account-Verify
ServedBy
X-CCM
X-Environment-Context
Uber-Trace-Id
X-Via-Fastly
X-S
X-Cluster-Node
X-Goog-Meta-Goog-Reserved-File-Mtime
X-FC-Vary-Parameters
X-Timing-Wait
X-NCache
X-Hosted-By
X-Proxy-Build
X-JoinUs
X-Generated
DB-Nickname
X-Region
X-Xfnlog-Site
Akamai-GRN
Cache-Name
X-BYPASS-REASON
X-Drupal-Cache-Contexts
X-ProxyCache-Key
X-ProxyCache-Status
X-Guploader-Uploadid
X-VCT
X-Trace-Id
X-Locale
SRV
Cteonnt-Length
X-Redis-Cache
X-Site-Version
X-Nginx-Cache
X-Www-Served-By
ProcessTime
NGX
X-Load-Cache
X-Platform-Server
X-UUID
X-Cache-NE
X-MServer
X-EdgeConnect-Cache-Status
X-Request-Time
X-Hl-Ver
X-ECACHE
X-Time-Microsecs
X-IP
Version
X-Daa-Tunnel
X-Wix-Request-Id
X-FW-Version
X-GEO
X-NewRelic-App-Data
S-Rt
X-ServerID
Azure-Version
Time
X-Origin
X-Via-CDN
Azure-SlotName
Azure-SiteName
Azure-RegionName
Azure-InstanceId
X-Rocket-Nginx-Bypass
Webcakes-App-Version
Webcakes-App-Name
TWC-GeoIP-Country
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Privacy
X-Vgn-Hpd-Reason
Webcakes-Region
Property-Id
X-Origin-Hint
X-IPS-LoggedIn
X-Cache-Remote
Origin
X-Real-IP
X-Proxy
X-FireWall-Port
X-SERVER-NAME
X-No-Session
Odigeo-Trace-Id
X-Akamai-Request-ID2
X-Akamai-Transformed
X-Dc
X-Distributor
NtCoent-Length
L5d-Success-Class
X-ApacheServer
X-Cache-Backend
X-PERF
X-CDN-Forward
Fastly-SSL
X-Oneagent-Js-Injection
CACHE
X-CS
X-Format
X-HTML-Minification-Powered-By
Served-By
X-Pubstack
X-Microcachable
X-RateLimit-Reset
X-Unique-ID
X-Cache-Server
Ec-Rule-Version
X-Compress-Hint
Origin-Edge-Control
Origin-Cache-Control
X-UA
Cache-Tags
Hostname
Access-Control-Request-Headers
Fastcgi-X-Cache-Version
X-UnsetCookies
X-Webkit-Csp
IBM-Web2-Location
X-NC
X-Grey
X-Cache-Category-Id
LB
X-Tb
X-Edge
X-Varnish-Cacheable
X-Is-Bot
Backend-Name
X-Detected-As
X-App-Name
Request-Time
Rt-Proxy-Cache
X-AIR-PT
Request-EU
Rendered-Blocks
Request-Country
Server-ID
X-Aed
Viewtype
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-A-Dam
X-Accel-Expires-Debug
VivaBuild
X-A
X-A-Ccd
Proxy-Firewall
GEO-REGION-INFO
Cache-Prefix
Cdn-Host
Cdn-Request-Time
Content-Script-Type
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Arc-Country
AsisCache
BehaviorPad-Version
Cache-Cookie-Set-From
Content-Style-Type
Cross-Origin-Window-Policy
HA-Ipaddr
MD5-Digest
Meta-Geo-Continent
Mobile-Detection-Method
Ha-Gx-Prefs
X-Application
Fastly-SIE
Fastly-SWR
Fly-Cache
Fly-Request-Id
Node
X-CGP
X-Request-UUID
X-Rewrite-Enabled
X-Rojux
X-S-Cookie
X-Region-Sid
X-Rebelmouse-Surrogate-Control
X-NX-Host
X-Org
X-PAYTM-SRV-ID
X-Rebelmouse-Cache-Control
X-S-Maxage
X-ScT
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Worker
Xc-Version
X-VG-WebServer
X-Twitter-Response-Tags
X-Server-Time
X-SRCache-Key
X-Transaction
X-Trv-Group
X-NU-AKA-ACS-Version
X-Internal-Host
X-Cluster-Name
X-Connection-Hash
X-D
X-Date
A
X-CF-Lambda-Version
X-B-Cookie
X-Cache-Bucket
X-Cdn-Srv
X-CF-Lambda-Fn
X-Debug-Log
X-Destination
X-HS-Cache-Config
X-HS-Combine-CSS
X-IN-APIGATEWAY
X-Instart-Info
X-G
X-External-Request-Id
X-Developer
X-DPWN-IS-SECURE
X-Edge-Server
X-Eu-Site
X-ARC
X-Debug-Cookies
X-Powered-By-Defense
Proxy-Connection
X-BACKEND-TTL
X-Ua
X-B3-Parentspanid
X-ElasticPress-Search
Server-Int
SS
ServerName
True-Client-Country-4JS
X-Nginx-Cache-Key
W
X-PHP-Host
RNT-Time
Platform
On-Server
Accept-Language
Memcached
X-Request-URI
X-Reqid
PageSpeed
RNT-Machine
Resin-Trace
Section-Io-Cache
X-Key
X-Core-Mission
X-Fastly-Cache
X-Clientip
X-Generated-On
X-Via-NSCOPI
X-Epic-Correlation-Id
X-Developers
X-Dispatch
X-Dispatcher-Server
X-Cdn-Origin
X-Cache-Info
X-Irp-Debug
X-ServiceProvider
X-Level-Front-Cache
X-Hash
X-Backend-State
X-Cache-Id
X-Geo-Header
X-GeoIP-Country-Code
X-Location
Server-Host
X-Sn-Servicetimems
Countrycode
X-C
Country-Code
Gh-Request-Id
X-Variation
X-We-Are-Hiring
X-TH-Server
X-Skip-Cache
Esi-Enabled
Is-Eu
Apple-News-Services-Request-Url
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Adler-Geo
AKAMAI
Content-Disposition
Who
X-Amz-Meta-Cache-Control
X-Li-Fabric
Wxu-Next-Commit
X-LI-Proto
X-Hnp-Log
X-Wikidot-Static-Cache
X-Method
Wxu-Next-Hostname
X-LI-UUID
X-Li-Pop
X-SVT-ORM-RULES
X-FPC
X-Gannett-Site-Version
X-Gen-Mode
X-Fetched-On
X-Crawler
X-Varnish-Url
X-Distil-CS
X-CDN-Cache
X-Generation-Time
X-BBXSRF
CDCHOST
X-Block-Status
Web-Mar-Node
X-SVT-ORM-VERSION
X-Cache-FS-Status
X-Auto-Login
Wxu-Next-Region
PFcat
X-Device-Os
X-Processor
X-Response-By
X-SIPLIST1
SD-X-WS
X-Request-Start
REQUESTUUID
X-Reboot
X-Wikidot-Backend
X-Qloud-Router
X-SD-PageType
X-WebServer
User-Cache-Control
V-Age
X-Served-From
X-Server-IP
X-Servername
X-Secret
IsBot
UCS
X-Webstats-RespID
X-Release
X-Via-Edge
X-Nc
X-Via-SSL
X-CUA
X-GeoIP-City
Powered-By
Pramga
X-WADP-Cache
X-Swa-Ws
X-Thinkindot-L3
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Cms-Context
X-Matched-Rule
X-Owner
X-Origin-Expires
X-Origin-Date
L
Fastly-Soc-X-Request-Id
X-VServer
X-Bip
X-Azure-Ref-OriginShield
X-Clara-WADP
X-Azure-Ref
X-Thanos
CF-IPCountry
X-Proxy-Upstream
X-Proxy-Cache-Status
X-OVcl-Cache
X-ND-Cache
X-VC-Cache
GW-Server
Heartbleed
N-Cache
X-OVcl
X-Amzn-Remapped-Content-Length
Mime-Version
X-Varnish-Ttl
Selected-Fe
X-TrackingId
X-Varnish-Beresp-Ttl
X-FE
X-Protected-By
X-CLOUD-TRACE-CONTEXT
Kp-EeAlive
X-LAGOON
X-Pf-Uncompressing
X-Ratelimit-Remaining
User-Agent
X-Parent-Response-Time
Pragrma
X-Fstrz
Locale
X-Urbn-Context-Path
X-Urbn-Site-Id
X-DC
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
Magicmarker
Memory
X-Origin-TTL
X-Zone
X-Page-Type
X-Origin-CC
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Flog
X-ABtesting
X-Phone
X-Core-Value
Pagetype
X-Hello
X-Cdn-Forward
X-IN-WAF
X-Be
X-Datadome
X-URL
X-Cache-Ttl
X-User
X-Generated-In
X-Geo
X-B3-SpanId
X-Ttl
X-Dynatrace-Js-Agent
X-Backend-TTL
X-Backend-Host
X-Backend-Url
X-Birta-Served
X-Birta-Cache-Post
X-GoCache-CacheStatus
X-Soup
X-Tt-Trace-Tag
X-MSEdge-Flight
X-GRACE
X-MSEdge-Features
X-Debug-Cache-Fetch
X-Info
X-Varnish-IP
X-Up
X-Debug-Cache-Store
Cdn
X-Debug-Cache-Expiry
Selected-FE
HitType
X-TT-LOGID
X-Servedbyhost
SN
X-Newrelic-Synthetics
X-Litespeed-Cache
GeoIp-Country-Code
Geoip-Latitude
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Request-Id
Geoip-City
X-Oss-Storage-Class
X-HS-Status
X-Mid
X-MID
X-Check-Cacheable
CF-Cached-On
X-Real-Ip
X-VCL-Version
X-Say-TTL
X-Agile
X-Old-Content-Length
X-Say-Cacheable
X-Aicache-OS
X-Cache-Debug
X-SayCDN-TTL
X-Source
X-Agile-Id
X-Agile-Age
X-Tb-Optimization-Total-Bytes-Saved
X-Refresh
Amp-Access-Control-Allow-Source-Origin
Cache-Hits
X-Ruxit-Js-Agent
FSS-Cache
X-App-Version
FSS-Proxy
X-Vcl-Version
GeoIP-Country-Code
X-ZONE
X-Web-Server
X-Bc
X-Amzn-Remapped-Date
GeoIP-Latitude
X-Akamai-SSL-Client-Sid
GeoIP-City
X-ServedByHost
X-Amzn-Remapped-Connection
X-CSRF-TOKEN
Server-Surrogate-Control
WZWS-RAY
Server-Cache-Control
X-Varnish-Authentication
X-Node-Id
Inserted-Into-Cache-At
HostName
X-Contensis-Viewer-Groups
X-Cache-ASPX
Fastly-Backend-Name
X-EC-Lua
X-Cache-Time
X-Nananana
X-Via-Ucdn
Ajk
X-APP
X-COUNTRY
X-IN-APIGATEWAYSSL
RequestId
X-Logtrace-Id
X-UPSTREAM-Address
Ohc-Cache-HIT
Srv
X-CSRF-Token
Ohc-File-Size
X-NWS-UUID-VERIFY
Group
X-CACHE-KEY
X-BC
X-Proxy-Cacherz
X-Wa
Xkeyrz
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-WR-MODIFICATION
X-BE
X-ECache
HTTPS
XServer
X-Dynatrace
WebServer
X-Varnish-Beresp-TTL
Cf-Ipcountry
X-SN
Backend
X-Cache-Tag
URI
Www
X-TIME
Is-Session-Tracking
Xkeynj
X-FORWARDED-FOR
X-Instart-Isnd
Get-Access-Time
X-Request-Url
X-Unique-Id
Cneonction
T-Server
X-PJAX-URL
X-LB-ID
PICS-Label
X-PAGE-TYPE
X-Fastly-Country-Code
X-MCACHE
X-LiteSpeed-Cache-Control
X-Cache-Miss-From
X-GDPR
X-Requestid
X-Render-Time
X-Micro-Cache
Requestid
X-Sedo-Request-Id
Lb
Host-ID
X-Edge-IP
X-Cache-Expires
MIME-Version
Dynatrace
X-Fastly-Backend-Reqs
X-SRV
Xet-Cookie
DataCenter
X-NGENIX-Cache
X-Pjax-Url
Pics-Label
SID
X-Policy
X-Uri
X-PF-Uncompressing
X-Vct
Epwk-Cache
CDN
X-Newrelic-App-Data
X-Swift-Error
X-Apw-Hits
X-Varnish-Action
X-Apw-Access-Action
X-Apw-Access-Object
X-Apw-Access-Token
X-Dw-Trace-Id
X-NGINX-Cache
Fastcgi-X-Cache
Correlation-Id
X-Ecache
X-Cf-Powered-By
X-WA
X-Lb-Id
X-DSS
X-DI
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-DW
X-LiteSpeed-Tag
X-Html-Edge-Cache
Warning
Lfy
X-Page-Impression-Id
X-Serial
X-WPE-Loopback-Upstream-Addr
X-Fastly-Cache-Hits
X-Fpc
X-RPM
X-Zalando-Child-Request-Id
X-Flow-Id
X-RPS
Ohc-Response-Time
X-Bug-Bounty
X-Svr
RequestUuid
X-DB
X-ServerName
X-RSL