Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Request-Id
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
Alt-Svc
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
Content-Encoding
X-Iinfo
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Age
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Id-2
X-Amz-Request-Id
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
EagleId
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
X-WebKit-CSP
Ali-Swift-Global-Savetime
Feature-Policy
X-Server-Id
X-Device
Server-Timing
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Host
Report-To
X-Rq
X-Ac
Content-Location
X-Node
X-OneAgent-JS-Injection
X-Backend-Server
X-Cnection
X-Response-Time
X-Origin-Cache
X-Cloud-Trace-Context
X-Application-Context
Allow
EagleEye-TraceId
Request-Id
X-Readtime
Surrogate-Control
X-Country
X-ORACLE-DMS-ECID
X-Cache-Lookup
X-TTL
X-DynaTrace
X-Vhost
X-Url
X-Cdn
Pinterest-Generated-By
X-Rack-Cache
X-Clacks-Overhead
X-Origin-Upstream-Status
X-Ua-Compatible
NEL
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Rating
X-FTR-Request-ID
X-CST
X-Ruxit-JS-Agent
X-Country-Code
X-HW
X-ORACLE-DMS-RID
X-Goog-Hash
X-Dispatcher
X-Instart-Request-ID
Fusion-Content-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Component-Id
X-DataStream-Cache-Status
Edge-Control
X-Vname
X-PC
X-TtlSet
X-Px
X-VARITI-CCR
X-DataDome
Service-Worker-Allowed
X-MS-InvokeApp
X-Mod-Pagespeed
Verso
X-Recruiting
SPRequestGuid
X-Request-ID
X-D2id
X-Dns-Prefetch-Control
X-Kinja-Revision
X-Varnish-TTL
X-Kinja-Server
X-Kinja-Build
X-GoogleNews-Bot
X-Exp-Id
X-Exp-Variant
X-Cdn-Fetch
X-Kinja
X-Use-Magma
X-Vcap-Request-Id
RTSS
X-Amz-Server-Side-Encryption
X-Abt-Application-Version
X-SharePointHealthScore
DynaTrace
TCN
X-Navigation-Version
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-RateLimit-Remaining
X-GitHub-Request-Id
X-Powered-By-Plesk
Response
Display
X-Middleton-Display
X-Middleton-Response
X-Sol
X-Akam-SW-Version
X-B3-TraceId
Charset
MS-Author-Via
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
Content-MD5
X-ESI
Accept-Ch-Lifetime
AR-CACHE
X-Shield-Request-Id
AR-ATIME
ServerID
AR-PoweredBy
Ar-Sid
X-Amz-Rid
X-Trace
Realpath
X-Powered-CMS
X-Forwarded-Proto
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Metageneration
X-Dw-Request-Base-Id
Nginx-Cache
X-DynaTrace-JS-Agent
AR-Request-ID
X-Version
X-Upstream
X-Cached
X-Server-Name
Accept-Ch
Fastly-Restarts
Public-Key-Pins
X-Shard
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-Mrf-Section-Lastmod
Access-Control-Request-Method
SPIisLatency
SPRequestDuration
X-MSEdge-Ref
Paypal-Debug-Id
X-Goog-Storage-Class
Pagespeed
X-Client-IP
S
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Proxy
X-Debug
X-FTR-DC
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Cache-Status
X-Id
X-Country-Code-Real
X-FTR-Realm
X-Amz-Meta-S3cmd-Attrs
X-FTR-Expires
X-Grace
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Ezoic-Cdn
Accept-CH
X-N
X-T
X-Fastly-Request-ID
X-DIS-Request-ID
MicrosoftSharePointTeamServices
X-Vcache
X-Amzn-Trace-Id
Arr-Disable-Session-Affinity
Front-End-Https
X-XRDS-Location
X-NF-Request-ID
X-Content-Type
X-Hits
X-B3-Sampled
X-Varnish-Age
X-Ser
X-FastCGI-Cache
Arc-Version
PB-PID
PB-RID
X-Mobile-Rewrite
Fastcgi-Cache
Alternate-Protocol
X-Acc-Meta-Resource-Type
X-Frontend
X-Logged-In
X-Content-Digest
Server-Name
X-FTR-Cache-Host
X-B3-Traceid
X-Srv
X-Pad
X-Forwarded-For
X-Correlation-Id
X-VCache
X-Node-Name
Host
AMP-Access-Control-Allow-Source-Origin
Nel
X-Request-Handler-Origin-Region
X-Microsite
Powered-By-ChinaCache
FilterID
TP-L2-Cache
Healthy
TP-Cache
X-Rid
X-Type
X-Cache-Key
X-Kinsta-Cache
X-LB-Cache
Edge-Cache-Tag
X-User-Agent
X-IPLB-Instance
X-Request-Received
X-Request-Processing-Time
X-Debug-Info
X-AOL-HN
X-Server-ID
X-Cached-By
X-F-Cache
X-Cache-2
X-Zen-Fury
Powered
X-Revision
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Fastcgi-Cache
X-GUploader-UploadID
X-Hostname
X-Cache-Rule
X-HS-Content-Id
X-HS-Hub-Id
X-Analytics
X-Cache-Age
Backend-Timing
X-XRDS-LOCATION
X-Accel-Expires
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Surrogate-Key
X-RateLimit-Limit
X-Esi
X-AppVersion
X-Varnish-Backend
X-Activity-Id
X-Az
X-Via-JSL
VIX-Pulpo-Upstream-Status
X-Content-Security-Policy-Report-Only
VIX-Pulpo-Node
X-Page-Id
X-Varnish-Grace
X-Content-Options
X-BCube-Filmed-By
X-Instance
X-FB-Debug
X-Tumblr-User
Source
X-Cluster
X-Akamai-Edgescape
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Jobs
X-App-Environment
X-Content-Powered-By
X-Amz-Replication-Status
X-PHP-Backend
X-Request-Guid
Cache-Status
Cleartype
X-TT
X-Framework
Server-Node
X-Forwarded-Host
Refresh
X-B-Cache
X-Signature
X-Varnish-Hostname
Tracecode
X-FW-Hash
X-FW-Serve
X-FW-Server
X-FW-Type
X-FW-Static
Liferay-Portal
X-ATG-Version
WPE-Backend
Host-Header
DC
X-Mobile
Accept-Charset
X-Cache-Operation
X-Time
X-Cache-Control
X-Edge-Location
Access-Control-Allow-Method
X-Drupal-Cache-Tags
X-Cache-Action
Actual-Object-TTL
Cache
X-Cache-Hit
Fastcgi-Useragent
X-NWS-LOG-UUID
Accept-CH-Lifetime
Payment
X-Erf-Bev-Bev
X-Accel-Buffering
X-Erf-Bev-Bev-Is-Generated
X-Mobile-URL
X-Response-Served-From
X-Hp-Webp
X-TX-ID
X-B
X-Whom
X-App-Server
Upgrade-Insecure-Requests
X-Storage
X-WebKit-CSP-Report-Only
X-UA-Device-Type
X-Content-Age
Xserver
X-Yottaa-Optimizations
X-TT-TIMESTAMP
X-Yottaa-Metrics
X-SS-Set-Cookie
X-WA-Info
X-Cacheable-TTL
X-Git-Hash
X-Tumblr-Pixel-1
X-GeoIP
X-Tumblr-Pixel-2
X-RequestSource
Filters
X-Handled-By
X-Status
X-Adobe-Content
Cache-Tv-Group
Eomportal-Instance
X-Adobe-Loc
X-Cache-TTL
Viewport
X-Ratelimit-Reset
X-RemovedCookies
X-ProcessESI
X-VG-WebCache
X-APP-VERSION
X-Geo-Country
NGB
Cache-Tag
Webserver
X-TA-CDN-Provider
Datacenter
Retry-After
X-Cache-TTL-Remaining
Server-Info
X-FB-TRIP-ID
X-FW-Dynamic
X-Cache-Enabled
X-Seen-By
X-Contextid
MS-CV
X-Host-Name
X-Presslabs-Stats
X-Oracle-Dms-Rid
X-Ratelimit-Limit
S-Cnection
X-PressLabs-Stats
X-Oneagent-Js-Injection
X-Origin-Server
Country
X-Generated-By
From-Origin
Frame-Options
X-Guploader-Uploadid
X-Mode
X-Hyper-Cache
X-CF-Powered-By
X-RTag
Ms-Operation-Id
X-ES-SERVER
X-RN-RSRV
X-Cache-Var-Map
X-Path-Route
X-LJ-Flow-ID
X-Tumblr-Pixel-3
Meta-Geo
Machine
Load-Balancing
X-AWS-Id
X-Cache-Config
X-Cache-Var
X-VWS-Id
X-Upstream-HT
Mail-Subject
X-Upstream-CT
X-Varnish-Cache-Hits
DSUID
X-Proxied
X-Zipkin-Id
X-MP-GENERATED-AT
Vix-Hermes-Req-Id
X-Cache-Host
X-Labrador-Cache-Channel
X-Cache-Grace
X-Backend-Name
We-Hiring
X-Access
X-Hit
Cache-Key
X-Section
X-Routing-Service
X-Human
Release
X-Device-Type
X-Loop
X-PCL
X-From
X-Magnolia-Registration
Now
Mn-Server-Ip
X-Upgrade-Enabled
X-Debug-Cache
X-Web-Node
X-Varnish-Hits
X-Viewer-Country
X-TNCMS
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
X-Varnish-Server
X-RCS-CacheZone
X-EIG-Tracking-Id
X-OCL
X-Endurance-Cache-Level
X-VG-TLSProxy
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Origin-Response-Time
X-Environment-Context
GEO-INFO
X-ShopId
OT-Force-Account-Verify
X-Akamai-Request-ID
X-Rule
X-Alternate-Cache-Key
X-Shopify-Stage
X-R9-Blue-Green-Version
X-Rendered-As
X-L-Path
X-ShardId
Rt-Fastcgi-Cache
X-Proto
X-CCM
ServedBy
X-B3-Spanid
X-Timing-Wait
X-NCache
DB-Nickname
Uber-Trace-Id
X-S
X-Cluster-Node
X-FC-Vary-Parameters
X-Via-Fastly
X-Xfnlog-Site
X-Generated
X-Goog-Meta-Goog-Reserved-File-Mtime
Cache-Name
X-Region
X-Proxy-Build
X-Hosted-By
Akamai-GRN
X-JoinUs
X-BYPASS-REASON
X-ProxyCache-Status
X-ProxyCache-Key
X-Drupal-Cache-Contexts
X-Trace-Id
X-VCT
X-Nginx-Cache
X-Locale
X-Redis-Cache
X-Site-Version
NGX
X-Www-Served-By
ProcessTime
Cteonnt-Length
X-UUID
X-Load-Cache
X-Platform-Server
X-Cache-NE
X-EdgeConnect-Cache-Status
X-Request-Time
X-MServer
X-Time-Microsecs
X-IP
X-NewRelic-App-Data
X-ECACHE
Version
SRV
X-Daa-Tunnel
X-Hl-Ver
Time
S-Rt
X-Wix-Request-Id
Azure-RegionName
Azure-SlotName
Azure-InstanceId
X-Via-CDN
X-Origin
X-FW-Version
Azure-Version
Azure-SiteName
X-Rocket-Nginx-Bypass
X-ServerID
Webcakes-App-Name
TWC-Connection-Speed
X-Origin-Hint
Webcakes-Region
TWC-Device-Class
Property-Id
TWC-Privacy
Webcakes-App-Version
X-Vgn-Hpd-Reason
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Locale-Group
X-IPS-LoggedIn
X-Cache-Remote
X-Real-IP
X-Dc
Origin
X-Proxy
X-No-Session
X-FireWall-Port
X-GEO
NtCoent-Length
X-Akamai-Request-ID2
X-Distributor
X-Akamai-Transformed
Odigeo-Trace-Id
L5d-Success-Class
X-Cache-Backend
X-ApacheServer
X-PERF
Fastly-SSL
X-HTML-Minification-Powered-By
X-CS
CACHE
Served-By
X-Format
X-RateLimit-Reset
X-Microcachable
X-Pubstack
X-Unique-ID
X-Cache-Server
Ec-Rule-Version
X-Compress-Hint
Origin-Edge-Control
Origin-Cache-Control
X-CDN-Forward
X-UA
X-UnsetCookies
Fastcgi-X-Cache-Version
Access-Control-Request-Headers
Cache-Tags
Hostname
IBM-Web2-Location
X-Webkit-Csp
X-Grey
X-Cache-Category-Id
X-Tb
X-Edge
X-SERVER-NAME
X-Is-Bot
X-Detected-As
X-Varnish-Cacheable
Backend-Name
Server-ID
Viewtype
Proxy-Firewall
Request-Country
Rendered-Blocks
Request-EU
Request-Time
Rt-Proxy-Cache
X-A-Wwc
X-Accel-Expires-Debug
X-Aed
X-AIR-PT
X-App-Name
X-A-Dgt
X-A-Dcw
X-A
X-A-Ccd
X-A-Dam
VivaBuild
GEO-REGION-INFO
Cache-Prefix
Cdn-Host
Cdn-Request-Time
Content-Script-Type
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Arc-Country
AsisCache
BehaviorPad-Version
Cache-Cookie-Set-From
Content-Style-Type
Cross-Origin-Window-Policy
HA-Ipaddr
MD5-Digest
Meta-Geo-Continent
Mobile-Detection-Method
Ha-Gx-Prefs
X-Application
Fastly-SIE
Fastly-SWR
Fly-Cache
Fly-Request-Id
Node
X-CGP
X-Request-UUID
X-Rewrite-Enabled
X-Rojux
X-S-Cookie
X-Region-Sid
X-Rebelmouse-Surrogate-Control
X-NX-Host
X-Org
X-PAYTM-SRV-ID
X-Rebelmouse-Cache-Control
X-S-Maxage
X-ScT
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Worker
Xc-Version
X-VG-WebServer
X-Twitter-Response-Tags
X-Server-Time
X-SRCache-Key
X-Transaction
X-Trv-Group
X-NU-AKA-ACS-Version
X-Internal-Host
X-Cluster-Name
X-Connection-Hash
X-D
X-Debug-Cookies
A
X-CF-Lambda-Version
X-B-Cookie
X-Cache-Bucket
X-Cdn-Srv
X-CF-Lambda-Fn
X-Debug-Log
X-Destination
X-HS-Cache-Config
X-HS-Combine-CSS
X-IN-APIGATEWAY
X-Instart-Info
X-G
X-External-Request-Id
X-Developer
X-DPWN-IS-SECURE
X-Edge-Server
X-Eu-Site
X-ARC
X-Date
LB
Proxy-Connection
X-BACKEND-TTL
X-Powered-By-Defense
X-B3-Parentspanid
X-Ua
X-ElasticPress-Search
X-NC
Server-Host
Section-Io-Cache
ServerName
True-Client-Country-4JS
Server-Int
SS
X-PHP-Host
X-Developers
X-Processor
X-Reqid
X-Request-URI
Accept-Language
Memcached
On-Server
Platform
RNT-Machine
Resin-Trace
X-Nc
RNT-Time
X-Nginx-Cache-Key
X-Fastly-Cache
X-Clientip
X-Cdn-Origin
X-Cache-Info
X-Core-Mission
X-Epic-Correlation-Id
X-Via-NSCOPI
X-Dispatch
X-Dispatcher-Server
X-Cache-Id
X-Generated-On
X-Key
X-Level-Front-Cache
X-Location
Is-Eu
X-Irp-Debug
X-Hash
X-Geo-Header
X-Backend-State
X-GeoIP-Country-Code
W
PageSpeed
X-TH-Server
X-Sn-Servicetimems
X-Skip-Cache
Apple-News-Services-Request-Url
Country-Code
X-C
Esi-Enabled
X-We-Are-Hiring
Countrycode
X-Variation
Gh-Request-Id
Apple-News-Services-Parsed-Url
Adler-Geo
Apple-News-Services-Handled
Apple-News-Services-Host
X-ServiceProvider
Wxu-Next-Region
Who
CDCHOST
IsBot
Wxu-Next-Commit
X-Wikidot-Static-Cache
X-Li-Pop
X-Hnp-Log
Content-Disposition
X-LI-UUID
AKAMAI
X-Method
X-LI-Proto
X-Li-Fabric
X-BBXSRF
X-Fetched-On
X-Gannett-Site-Version
X-CDN-Cache
X-Crawler
X-Distil-CS
X-Device-Os
X-Varnish-Url
X-Gen-Mode
X-Cache-FS-Status
X-SVT-ORM-RULES
X-Auto-Login
Web-Mar-Node
X-Block-Status
X-Generation-Time
X-SVT-ORM-VERSION
X-Amz-Meta-Cache-Control
Wxu-Next-Hostname
SD-X-WS
X-Reboot
X-WebServer
X-Server-IP
X-Qloud-Router
X-SIPLIST1
PFcat
X-Response-By
UCS
X-Served-From
V-Age
REQUESTUUID
X-Webstats-RespID
User-Cache-Control
X-Secret
X-Wikidot-Backend
X-SD-PageType
X-Request-Start
Mime-Version
X-Via-Edge
X-CUA
X-Swa-Ws
L
X-WADP-Cache
Pramga
X-Servername
Powered-By
X-Via-SSL
X-Release
X-FPC
X-Thanos
Thinkindot-CacheControl
X-Owner
X-Bip
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Origin-Date
X-Origin-Expires
X-Matched-Rule
X-VServer
Fastly-Soc-X-Request-Id
X-Azure-Ref-OriginShield
X-GeoIP-City
X-Azure-Ref
X-Cms-Context
X-Thinkindot-L3
X-Clara-WADP
X-Proxy-Upstream
X-Proxy-Cache-Status
X-ND-Cache
N-Cache
X-VC-Cache
Heartbleed
GW-Server
X-OVcl-Cache
X-OVcl
X-Amzn-Remapped-Content-Length
CF-IPCountry
X-Varnish-Ttl
Selected-Fe
X-TrackingId
Kp-EeAlive
X-Protected-By
X-Varnish-Beresp-Ttl
X-CLOUD-TRACE-CONTEXT
X-FE
Pragrma
X-Ratelimit-Remaining
User-Agent
X-Parent-Response-Time
X-LAGOON
X-Fstrz
Locale
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Planisys-CDN-Rules
Magicmarker
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
Memory
X-Pf-Uncompressing
X-Cdn-Forward
X-B3-SpanId
X-GRACE
X-Origin-CC
X-Page-Type
X-Zone
X-Geo
X-Origin-TTL
X-Be
X-Varnish-Beresp-Status
X-DC
X-Varnish-Beresp-Grace
X-Phone
X-Core-Value
X-IN-WAF
X-Flog
X-Hello
Pagetype
X-ABtesting
X-Ruxit-Js-Agent
X-URL
X-Datadome
X-User
X-Ttl
X-Generated-In
X-Backend-TTL
X-Dynatrace-Js-Agent
X-Backend-Url
X-Backend-Host
X-Birta-Served
X-Birta-Cache-Post
X-Tt-Trace-Tag
X-Up
X-Soup
X-Varnish-IP
Cdn
X-Debug-Cache-Fetch
X-MSEdge-Flight
X-Debug-Cache-Expiry
X-GoCache-CacheStatus
X-MSEdge-Features
X-Newrelic-Synthetics
X-Debug-Cache-Store
X-Info
Selected-FE
HitType
X-Cache-Ttl
X-Servedbyhost
X-TT-LOGID
Geoip-City
GeoIp-Country-Code
Geoip-Latitude
X-Litespeed-Cache
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Oss-Server-Time
SN
X-HS-Status
X-Oss-Object-Type
X-Check-Cacheable
X-Mid
X-App-Version
CF-Cached-On
X-MID
X-Real-Ip
X-SayCDN-TTL
X-Say-TTL
X-Agile-Id
X-Say-Cacheable
X-Agile-Age
X-VCL-Version
X-Agile
X-Aicache-OS
X-Vcl-Version
X-Refresh
X-Old-Content-Length
X-Cache-Debug
X-Tb-Optimization-Total-Bytes-Saved
X-Source
Cache-Hits
Amp-Access-Control-Allow-Source-Origin
X-Bc
X-ZONE
FSS-Proxy
X-Web-Server
FSS-Cache
X-Amzn-Remapped-Date
Srv
X-CACHE-KEY
X-Amzn-Remapped-Connection
X-ServedByHost
GeoIP-Country-Code
X-Akamai-SSL-Client-Sid
X-CSRF-TOKEN
X-Varnish-Authentication
Server-Surrogate-Control
GeoIP-Latitude
HostName
X-Cache-ASPX
Server-Cache-Control
GeoIP-City
WZWS-RAY
X-Node-Id
Inserted-Into-Cache-At
X-Contensis-Viewer-Groups
Fastly-Backend-Name
X-Nananana
X-EC-Lua
X-Cache-Time
X-Via-Ucdn
RequestId
X-IN-APIGATEWAYSSL
X-Logtrace-Id
Ajk
X-COUNTRY
X-UPSTREAM-Address
X-APP
Ohc-Cache-HIT
X-CSRF-Token
Ohc-File-Size
Group
X-NWS-UUID-VERIFY
X-BC
X-Proxy-Cacherz
Cf-Ipcountry
X-ECache
X-WR-MODIFICATION
HTTPS
X-Wa
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
Xkeyrz
XServer
WebServer
X-Dynatrace
URI
X-SN
Backend
X-BE
Www
X-Varnish-Beresp-TTL
X-Cache-Tag
Is-Session-Tracking
X-TIME
X-Fastly-Country-Code
Cneonction
X-Instart-Isnd
X-FORWARDED-FOR
T-Server
X-PAGE-TYPE
Get-Access-Time
Lb
Xkeynj
X-Request-Url
X-Unique-Id
X-LiteSpeed-Cache-Control
X-MCACHE
X-Requestid
X-Sedo-Request-Id
X-Cache-Miss-From
Requestid
PICS-Label
X-Edge-IP
X-LB-ID
X-PJAX-URL
X-GDPR
X-Cache-Expires
X-Render-Time
X-Micro-Cache
Host-ID
Dynatrace
Xet-Cookie
X-PF-Uncompressing
X-Ftr-Cache-Host
Pics-Label
X-Fastly-Backend-Reqs
X-Pjax-Url
DataCenter
X-SRV
X-Correlation-ID
X-Lb-Id
SID
X-Policy
X-Varnish-Action
X-Uri
X-Apw-Access-Action
Epwk-Cache
CDN
X-Vct
X-Apw-Hits
X-NGENIX-Cache
X-Swift-Error
MIME-Version
X-Apw-Access-Token
X-Apw-Access-Object
X-Dw-Trace-Id
X-NGINX-Cache
X-Ecache
Correlation-Id
X-WA
X-Fpc
Fastcgi-X-Cache
X-ServerName
X-Cf-Powered-By
X-Newrelic-App-Data
X-Fastly-Cache-Hits
X-Akamai-ERPolicy
Cache-Provider
X-Cdn-Request-ID
X-Service
Warning
Lfy
X-Svr
X-LiteSpeed-Tag
X-Serial
X-Akamai-ERRuleID
X-Page-Impression-Id
X-Zalando-Child-Request-Id
X-DB
RequestUuid
X-Html-Edge-Cache
Ohc-Response-Time
X-Bug-Bounty
X-DI
X-DSS
X-RSL
X-Flow-Id
X-RPS
X-RPM
X-DW
X-WPE-Loopback-Upstream-Addr