Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
CF-RAY
Link
ETag
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Xss-Protection
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
X-Drupal-Cache
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
P3p
X-Template
Status
X-Language
Timing-Allow-Origin
Content-Encoding
X-Content-Security-Policy
X-Iinfo
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
CF-Ray
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Amz-Id-2
X-Amz-Request-Id
X-Pingback
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
X-Server-Powered-By
EagleId
X-UA-Device
X-Varnish-Cache
X-Nginx-Cache-Status
Request-Context
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
X-WebKit-CSP
Ali-Swift-Global-Savetime
Feature-Policy
X-Device
Server-Timing
X-Server-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Host
Report-To
X-Ac
X-Rq
Content-Location
X-Node
X-OneAgent-JS-Injection
X-Backend-Server
X-Response-Time
X-Cnection
X-Origin-Cache
X-Cloud-Trace-Context
X-Application-Context
EagleEye-TraceId
Allow
Request-Id
X-Readtime
Surrogate-Control
X-Cache-Lookup
X-Country
X-ORACLE-DMS-ECID
X-Cdn
X-TTL
X-DynaTrace
X-Url
X-Vhost
Pinterest-Generated-By
X-Rack-Cache
X-Clacks-Overhead
X-Ua-Compatible
X-Ruxit-JS-Agent
X-Origin-Upstream-Status
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-CST
Rating
X-FTR-Request-ID
X-ORACLE-DMS-RID
X-Country-Code
NEL
X-HW
X-Goog-Hash
X-Dispatcher
X-Instart-Request-ID
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Source
Fusion-Content-Id
X-DataStream-Cache-Status
Edge-Control
X-Vname
X-TtlSet
X-PC
X-Px
X-VARITI-CCR
Service-Worker-Allowed
X-DataDome
X-MS-InvokeApp
X-Mod-Pagespeed
X-Request-ID
X-Dns-Prefetch-Control
Verso
SPRequestGuid
X-Recruiting
X-Cdn-Fetch
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Use-Magma
X-Exp-Variant
X-Kinja
X-D2id
X-Varnish-TTL
X-Vcap-Request-Id
X-SharePointHealthScore
RTSS
X-B3-TraceId
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
TCN
DynaTrace
X-ESI
X-Navigation-Version
X-GitHub-Request-Id
X-SRCache-Store-Status
X-Powered-By-Plesk
X-SRCache-Fetch-Status
X-RateLimit-Remaining
X-Middleton-Display
Response
Display
X-Middleton-Response
X-Sol
X-Akam-SW-Version
Accept-Ch-Lifetime
Content-MD5
Charset
X-Server-Name
MS-Author-Via
Ar-Sid
AR-ATIME
AR-CACHE
AR-PoweredBy
X-Trace
ServerID
X-Shield-Request-Id
X-Amz-Rid
Realpath
X-Dw-Request-Base-Id
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Powered-CMS
Accept-Ch
AR-Request-ID
X-DynaTrace-JS-Agent
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
Nginx-Cache
X-Forwarded-Proto
X-Cached
X-Version
X-Upstream
X-Shard
Fastly-Restarts
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
Public-Key-Pins
SPRequestDuration
SPIisLatency
X-Goog-Storage-Class
Paypal-Debug-Id
Access-Control-Request-Method
X-MSEdge-Ref
X-Upstream-Proxy
X-Pinterest-Rid
Pinterest-Version
X-Client-IP
Pagespeed
S
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Amz-Meta-S3cmd-Attrs
X-Debug
X-Grace
X-Id
X-FTR-Balancer
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Realm
X-Country-Code-Real
X-FTR-Backend
X-Ezoic-Cdn
X-FTR-Expires
X-N
X-T
X-DIS-Request-ID
X-Fastly-Request-ID
MicrosoftSharePointTeamServices
Arr-Disable-Session-Affinity
X-Amzn-Trace-Id
Accept-CH
X-NF-Request-ID
Front-End-Https
X-Content-Type
X-Ser
X-Hits
X-Varnish-Age
X-B3-Sampled
Arc-Version
PB-PID
PB-RID
X-Mobile-Rewrite
Nel
Alternate-Protocol
X-Server-ID
X-VCache
Fastcgi-Cache
X-Acc-Meta-Resource-Type
X-FTR-Cache-Host
X-Frontend
X-Logged-In
X-FastCGI-Cache
X-Content-Digest
Server-Name
X-XRDS-Location
X-Vcache
X-Srv
X-Pad
X-Correlation-Id
X-Forwarded-For
Host
Powered-By-ChinaCache
AMP-Access-Control-Allow-Source-Origin
X-Node-Name
X-Request-Handler-Origin-Region
X-Microsite
FilterID
Healthy
TP-L2-Cache
TP-Cache
X-Rid
X-Kinsta-Cache
Edge-Cache-Tag
X-LB-Cache
X-XRDS-LOCATION
X-Type
X-Cache-Key
X-IPLB-Instance
X-Request-Processing-Time
X-Debug-Info
X-Request-Received
X-User-Agent
X-AOL-HN
X-Cached-By
X-B3-Traceid
X-GUploader-UploadID
X-Fastcgi-Cache
X-Cache-2
X-Revision
X-F-Cache
X-Hostname
X-Amzn-RequestId
Powered
X-Amz-Apigw-Id
X-Zen-Fury
X-Cache-Rule
X-HS-Content-Id
X-HS-Hub-Id
Surrogate-Key
X-Cache-Age
X-Analytics
Backend-Timing
X-Accel-Expires
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Page-Id
X-AppVersion
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Az
X-Activity-Id
X-Varnish-Backend
X-Content-Security-Policy-Report-Only
X-BCube-Filmed-By
X-Instance
X-Content-Options
X-Varnish-Grace
X-Cluster
Source
X-Via-JSL
X-Jobs
X-Tumblr-User
X-FB-Debug
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Content-Powered-By
X-Request-Guid
Cache-Status
X-App-Environment
X-Akamai-Edgescape
X-Amz-Replication-Status
X-PHP-Backend
X-TT
Cleartype
X-Framework
Server-Node
X-RateLimit-Limit
X-Varnish-Hostname
Tracecode
Refresh
X-Forwarded-Host
WPE-Backend
X-B-Cache
X-Signature
X-FW-Server
X-FW-Type
Host-Header
X-FW-Static
X-FW-Serve
X-FW-Hash
X-ATG-Version
Liferay-Portal
X-Mobile
X-Cache-Operation
X-Time
DC
X-Cache-Control
X-Edge-Location
X-NWS-LOG-UUID
Accept-Charset
X-Drupal-Cache-Tags
Actual-Object-TTL
X-Cache-Action
Access-Control-Allow-Method
X-Cache-TTL
Fastcgi-Useragent
X-Esi
X-Cache-Hit
X-Mobile-URL
X-Response-Served-From
Upgrade-Insecure-Requests
X-Hp-Webp
X-Accel-Buffering
X-App-Server
Payment
X-Whom
X-Storage
X-TX-ID
X-B
X-SS-Set-Cookie
X-Content-Age
X-UA-Device-Type
X-WebKit-CSP-Report-Only
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Handled-By
X-TT-TIMESTAMP
X-Erf-Bev-Bev
X-GeoIP
X-Erf-Bev-Bev-Is-Generated
Xserver
Filters
X-Git-Hash
X-Cacheable-TTL
X-Tumblr-Pixel-1
X-RequestSource
X-Tumblr-Pixel-2
X-VG-WebCache
X-WA-Info
X-Adobe-Loc
Cache-Tv-Group
Eomportal-Instance
X-Adobe-Content
Viewport
Cache
X-RemovedCookies
X-ProcessESI
X-Geo-Country
X-Status
X-APP-VERSION
NGB
Server-Info
Accept-CH-Lifetime
Cache-Tag
X-Ratelimit-Limit
Webserver
X-FB-TRIP-ID
Datacenter
X-Presslabs-Stats
X-Cache-TTL-Remaining
X-Cache-Enabled
Retry-After
X-Ratelimit-Reset
X-TA-CDN-Provider
X-FW-Dynamic
X-Seen-By
X-Contextid
S-Cnection
X-Host-Name
X-Origin-Server
MS-CV
Country
X-Mode
From-Origin
X-Hyper-Cache
Meta-Geo
X-Tumblr-Pixel-3
Machine
X-LJ-Flow-ID
Load-Balancing
X-Cache-Var-Map
X-AWS-Id
X-CF-Powered-By
X-VWS-Id
X-ES-SERVER
X-Cache-Config
X-Cache-Var
X-Generated-By
X-RN-RSRV
Frame-Options
X-Path-Route
X-Labrador-Cache-Channel
We-Hiring
X-Varnish-Hits
Release
Mail-Subject
Vix-Hermes-Req-Id
Cache-Key
X-RTag
Ms-Operation-Id
X-Zipkin-Id
X-Hit
X-Varnish-Cache-Hits
X-Upstream-CT
X-Upstream-HT
DSUID
X-Backend-Name
X-Human
X-Cache-Grace
X-Cache-Host
X-Routing-Service
X-Magnolia-Registration
X-Proxied
X-Loop
X-Guploader-Uploadid
Decoy-Debug-Key
Decoy-Debug-Status
X-Varnish-Server
X-Device-Type
X-EIG-Tracking-Id
X-PCL
X-Web-Node
Decoy-Debug-TTL
X-Upgrade-Enabled
X-TNCMS
ServedBy
Uber-Trace-Id
X-Rendered-As
X-OCL
Now
X-Debug-Cache
X-RCS-CacheZone
Mn-Server-Ip
X-Access
X-Viewer-Country
X-Section
GEO-INFO
X-MP-GENERATED-AT
X-From
X-BYPASS-REASON
X-Akamai-Request-ID
X-CCM
X-Alternate-Cache-Key
X-Shopify-Stage
X-Sorting-Hat-PodId
X-ProxyCache-Key
X-ShardId
Rt-Fastcgi-Cache
X-Daa-Tunnel
OT-Force-Account-Verify
X-Rule
X-VG-TLSProxy
X-ProxyCache-Status
X-ShopId
X-Cluster-Node
Akamai-GRN
X-Sorting-Hat-ShopId
X-R9-Blue-Green-Version
X-Proto
X-Origin-Response-Time
X-Endurance-Cache-Level
X-L-Path
X-Environment-Context
X-Region
X-Generated
X-Via-Fastly
DB-Nickname
X-Xfnlog-Site
X-JoinUs
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Timing-Wait
X-Hosted-By
X-Proxy-Build
X-FC-Vary-Parameters
X-S
X-NCache
Cache-Name
X-VCT
NGX
X-Drupal-Cache-Contexts
X-B3-Spanid
X-Trace-Id
X-PressLabs-Stats
X-Redis-Cache
X-Cache-NE
X-Platform-Server
X-Load-Cache
X-UUID
X-Www-Served-By
X-Site-Version
X-Nginx-Cache
X-Locale
Cteonnt-Length
X-NewRelic-App-Data
X-MServer
ProcessTime
X-EdgeConnect-Cache-Status
X-Hl-Ver
X-Oracle-Dms-Rid
X-Vgn-Hpd-Reason
X-ECACHE
X-Real-IP
X-ServerID
X-Request-Time
X-Cache-Remote
X-Rocket-Nginx-Bypass
X-Time-Microsecs
SRV
Time
X-IP
CACHE
X-Dc
Azure-SiteName
Azure-RegionName
Azure-InstanceId
X-Via-CDN
X-RateLimit-Reset
Azure-SlotName
X-Wix-Request-Id
X-Origin
X-FW-Version
S-Rt
X-GEO
Azure-Version
Version
X-IPS-LoggedIn
TWC-Privacy
TWC-GeoIP-Country
TWC-Device-Class
TWC-Locale-Group
Webcakes-App-Name
X-Origin-Hint
Webcakes-Region
Webcakes-App-Version
TWC-Connection-Speed
TWC-GeoIP-LatLong
Property-Id
X-Proxy
X-UA
Origin
NtCoent-Length
L5d-Success-Class
X-No-Session
X-Oneagent-Js-Injection
X-FireWall-Port
X-Cache-Backend
X-Distributor
Served-By
Fastly-SSL
X-Pubstack
X-Akamai-Transformed
Odigeo-Trace-Id
X-Unique-ID
X-Cache-Server
X-Microcachable
X-PERF
X-ApacheServer
Origin-Edge-Control
X-Akamai-Request-ID2
Origin-Cache-Control
Fastcgi-X-Cache-Version
X-CS
X-Format
X-Webkit-Csp
IBM-Web2-Location
X-CDN-Forward
X-Grey
X-Cache-Category-Id
X-Powered-By-Defense
X-Edge
X-HTML-Minification-Powered-By
Ec-Rule-Version
X-Compress-Hint
Proxy-Connection
X-BACKEND-TTL
Access-Control-Request-Headers
X-Via-NSCOPI
Cache-Tags
X-UnsetCookies
X-Detected-As
X-Is-Bot
Backend-Name
X-Varnish-Cacheable
X-G
X-A
X-Cluster-Name
HA-Ipaddr
Ha-Gx-Prefs
X-CF-Lambda-Fn
Mobile-Detection-Method
Meta-Geo-Continent
X-Internal-Host
Node
X-Cache-Bucket
Rendered-Blocks
Proxy-Firewall
X-Instart-Info
X-IN-APIGATEWAY
X-Connection-Hash
X-CF-Lambda-Version
X-Cdn-Srv
MD5-Digest
X-HS-Combine-CSS
X-HS-Cache-Config
X-CGP
X-Eu-Site
Cache-Prefix
Fastly-SIE
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
BehaviorPad-Version
Cache-Cookie-Set-From
X-Debug-Log
Cdn-Host
Content-Style-Type
X-Destination
Content-Script-Type
X-Developer
Cdn-Request-Time
X-Debug-Cookies
AsisCache
X-DPWN-IS-SECURE
A
X-Edge-Server
X-NU-AKA-ACS-Version
X-External-Request-Id
X-D
GEO-REGION-INFO
Fastly-SWR
Arc-Country
Fly-Cache
Fly-Request-Id
X-Date
X-Tb
PageSpeed
Server-ID
X-Aed
Cross-Origin-Window-Policy
X-Twitter-Response-Tags
ServerName
X-ScT
X-Accel-Expires-Debug
X-Rojux
X-S-Cookie
X-S-Maxage
X-VG-WebServer
X-Server-Time
X-B-Cookie
X-App-Name
X-Nc
X-AIR-PT
Viewtype
X-SRCache-Key
VivaBuild
X-Trv-Group
X-ARC
X-Transaction
X-Application
LB
X-Rewrite-Enabled
Request-Country
X-Processor
Request-EU
X-Vtex-Processado-Em
X-A-Ccd
X-Worker
X-NX-Host
X-Org
X-PAYTM-SRV-ID
Xc-Version
Request-Time
X-A-Dam
X-Rebelmouse-Cache-Control
X-A-Dcw
X-A-Dgt
Rt-Proxy-Cache
X-Region-Sid
Hostname
X-Rebelmouse-Surrogate-Control
X-Request-UUID
X-Vtex-Remote-Cache
X-A-Wwc
Mime-Version
X-B3-Parentspanid
X-ElasticPress-Search
Esi-Enabled
Gh-Request-Id
Resin-Trace
RNT-Machine
RNT-Time
Memcached
On-Server
X-Cache-Id
Platform
X-Cache-Info
X-Cdn-Origin
Is-Eu
Server-Int
SS
X-Core-Mission
Server-Host
Section-Io-Cache
X-Backend-State
X-Clientip
True-Client-Country-4JS
X-Fastly-Cache
X-Level-Front-Cache
X-Sn-Servicetimems
X-Skip-Cache
X-Key
X-Irp-Debug
X-Geo-Header
X-GeoIP-Country-Code
X-C
X-Location
Countrycode
X-Server-IP
X-Reqid
X-Request-URI
X-Qloud-Router
X-PHP-Host
X-ServiceProvider
X-Nginx-Cache-Key
X-TH-Server
X-Hash
Apple-News-Services-Handled
Apple-News-Services-Request-Url
X-Epic-Correlation-Id
Adler-Geo
X-Dispatcher-Server
X-Dispatch
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Generated-On
Country-Code
X-We-Are-Hiring
X-Variation
X-NC
Accept-Language
X-Servername
X-Secret
X-SD-PageType
X-Wikidot-Static-Cache
X-Served-From
X-SIPLIST1
X-WebServer
X-Amz-Meta-Cache-Control
X-SVT-ORM-VERSION
X-Webstats-RespID
X-SVT-ORM-RULES
X-Wikidot-Backend
X-Swa-Ws
X-Auto-Login
X-Method
X-Gen-Mode
X-Developers
X-Generation-Time
X-Hnp-Log
X-Gannett-Site-Version
X-FPC
X-Device-Os
X-Distil-CS
W
X-Fetched-On
X-CDN-Cache
X-Li-Fabric
X-Block-Status
X-BBXSRF
X-Reboot
X-Request-Start
X-Protected-By
X-ND-Cache
X-Li-Pop
X-LI-Proto
X-LI-UUID
X-Cache-FS-Status
X-Response-By
X-Crawler
Pramga
REQUESTUUID
SD-X-WS
UCS
PFcat
IsBot
AKAMAI
CDCHOST
Content-Disposition
User-Cache-Control
Powered-By
V-Age
Wxu-Next-Region
Who
Wxu-Next-Commit
Wxu-Next-Hostname
Web-Mar-Node
X-Datadome
X-Release
X-Matched-Rule
X-Thanos
X-Clara-WADP
X-Ua
X-VServer
Fastly-Soc-X-Request-Id
X-Cms-Context
GW-Server
X-Via-SSL
Heartbleed
X-Thinkindot-L3
Thinkindot-CacheControl
X-Azure-Ref
Thinkindot-CacheControl-Type
Thinkindot-Control
X-GeoIP-City
X-WADP-Cache
X-Azure-Ref-OriginShield
X-Varnish-Url
X-Origin-Expires
X-Origin-Date
X-Bip
X-Owner
X-Via-Edge
X-CUA
X-Varnish-Ttl
X-Parent-Response-Time
CF-IPCountry
Pragrma
X-OVcl-Cache
X-OVcl
X-VC-Cache
X-CLOUD-TRACE-CONTEXT
L
X-Fstrz
N-Cache
X-Proxy-Upstream
X-Proxy-Cache-Status
X-Ratelimit-Remaining
Kp-EeAlive
X-LAGOON
X-Amzn-Remapped-Content-Length
X-TrackingId
X-Planisys-CDN-Cache
X-Cdn-Forward
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-FE
Memory
X-GRACE
X-Be
Selected-Fe
X-Origin-CC
X-Origin-TTL
X-Phone
User-Agent
X-Pf-Uncompressing
X-B3-SpanId
X-IN-WAF
X-Core-Value
X-Varnish-Beresp-Ttl
X-SERVER-NAME
X-Urbn-Site-Id
X-Urbn-Context-Path
Locale
Magicmarker
X-URL
X-Birta-Served
X-Birta-Cache-Post
X-Page-Type
X-Geo
X-Zone
X-Ttl
X-Dynatrace-Js-Agent
X-Info
X-Varnish-IP
X-DC
HitType
Selected-FE
Pagetype
X-Flog
X-ABtesting
X-Hello
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Generated-In
X-User
Cdn
X-Backend-TTL
Geoip-Latitude
X-Backend-Url
X-TT-LOGID
X-Backend-Host
X-Newrelic-Synthetics
Geoip-City
GeoIp-Country-Code
X-Litespeed-Cache
SN
X-GoCache-CacheStatus
X-MSEdge-Features
X-MSEdge-Flight
X-Soup
X-Tt-Trace-Tag
X-Debug-Cache-Store
X-Up
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-Mid
X-Source
X-Check-Cacheable
X-App-Version
X-MID
X-Cache-Debug
X-Agile-Age
X-Agile
X-Agile-Id
X-Servedbyhost
CF-Cached-On
X-Real-Ip
X-Refresh
X-Web-Server
X-HS-Status
X-Aicache-OS
X-Vcl-Version
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Ruxit-Js-Agent
Amp-Access-Control-Allow-Source-Origin
X-ServedByHost
FSS-Cache
FSS-Proxy
X-ZONE
X-VCL-Version
X-Tb-Optimization-Total-Bytes-Saved
HostName
X-Cache-Ttl
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-Say-TTL
X-UPSTREAM-Address
X-Old-Content-Length
X-Say-Cacheable
X-SayCDN-TTL
X-Bc
X-CACHE-KEY
GeoIP-Country-Code
X-Varnish-Authentication
X-APP
X-Contensis-Viewer-Groups
Server-Surrogate-Control
X-Cache-ASPX
Server-Cache-Control
X-NWS-UUID-VERIFY
Ohc-File-Size
X-EC-Lua
Cache-Hits
Ohc-Cache-HIT
X-CSRF-Token
X-COUNTRY
GeoIP-Latitude
Group
X-Via-Ucdn
RequestId
GeoIP-City
WZWS-RAY
Srv
Inserted-Into-Cache-At
Fastly-Backend-Name
HTTPS
X-Varnish-Beresp-TTL
X-Akamai-SSL-Client-Sid
X-Node-Id
X-Nananana
X-BC
URI
Backend
X-Logtrace-Id
Www
X-IN-APIGATEWAYSSL
Xkeyrz
X-WR-MODIFICATION
Ajk
X-Proxy-Cacherz
X-SN
X-ECache
X-Dynatrace
X-Cache-Time
WebServer
XServer
X-Instart-Isnd
X-PAGE-TYPE
Cf-Ipcountry
X-Cache-Tag
X-CSRF-TOKEN
Xkeynj
Requestid
X-Unique-Id
Lb
Host-ID
Is-Session-Tracking
Get-Access-Time
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Cache-Expires
X-Tec-Api-Root
X-TIME
X-Tec-Api-Version
X-FORWARDED-FOR
X-Fastly-Country-Code
X-Request-Url
X-Tec-Api-Origin
X-LiteSpeed-Cache-Control
X-MCACHE
X-Wa
X-Requestid
X-Cache-Miss-From
X-Sedo-Request-Id
X-Edge-IP
X-BE
X-NGENIX-Cache
Dynatrace
X-Apw-Hits
Cneonction
X-Varnish-Action
X-Apw-Access-Token
X-PF-Uncompressing
T-Server
X-Apw-Access-Object
Epwk-Cache
X-Fastly-Backend-Reqs
PICS-Label
X-Apw-Access-Action
DataCenter
Xet-Cookie
X-SRV
Pics-Label
X-Render-Time
X-Pjax-Url
X-Vct
Fastcgi-X-Cache
X-Lb-Id
X-Micro-Cache
X-LB-ID
CDN
X-Swift-Error
X-GDPR
X-PJAX-URL
X-Dw-Trace-Id
X-NGINX-Cache
X-WA
X-Svr
X-Cf-Powered-By
X-Ecache
Correlation-Id
X-AssetVersion
X-Uri
X-Policy
SID
X-ServerName
X-Serial
X-Fpc
X-Var-Ttl
X-Html-Edge-Cache
Lfy
Warning
X-Bug-Bounty
X-WPE-Loopback-Upstream-Addr
RequestUuid
FNAC-ModuleRouting
X-Sf
Ohc-Response-Time
X-LiteSpeed-Tag
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-DSS
X-DW
X-RPM
X-RPS
X-DI
X-DB
X-Fastly-Cache-Hits
X-Flow-Id
X-Page-Impression-Id
X-Zalando-Child-Request-Id
X-RSL