Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
CF-RAY
Link
ETag
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Xss-Protection
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
X-Drupal-Cache
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
P3p
X-Template
Status
X-Language
Timing-Allow-Origin
Content-Encoding
X-Content-Security-Policy
X-Iinfo
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-Turbo-Charged-By
X-CDN
CF-Ray
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Amz-Id-2
X-Amz-Request-Id
X-Pingback
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
X-Server-Powered-By
EagleId
X-UA-Device
X-Varnish-Cache
X-Nginx-Cache-Status
Request-Context
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
X-WebKit-CSP
Ali-Swift-Global-Savetime
Feature-Policy
X-Device
Server-Timing
X-Server-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Host
Report-To
X-Ac
X-Rq
Content-Location
X-Node
X-OneAgent-JS-Injection
X-Backend-Server
X-Response-Time
X-Cnection
X-Origin-Cache
X-Cloud-Trace-Context
X-Application-Context
EagleEye-TraceId
Allow
Request-Id
X-Readtime
Surrogate-Control
X-Cache-Lookup
X-Country
X-ORACLE-DMS-ECID
X-Cdn
X-TTL
X-DynaTrace
X-Url
X-Vhost
Pinterest-Generated-By
X-Rack-Cache
X-Clacks-Overhead
X-Ua-Compatible
X-Ruxit-JS-Agent
X-Origin-Upstream-Status
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-CST
Rating
X-FTR-Request-ID
X-ORACLE-DMS-RID
X-Country-Code
NEL
X-HW
X-Goog-Hash
X-Dispatcher
X-Instart-Request-ID
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Source
Fusion-Content-Id
X-DataStream-Cache-Status
Edge-Control
X-Vname
X-TtlSet
X-PC
X-Px
X-VARITI-CCR
Service-Worker-Allowed
X-DataDome
X-MS-InvokeApp
X-Mod-Pagespeed
X-Request-ID
X-Dns-Prefetch-Control
Verso
SPRequestGuid
X-Recruiting
X-Cdn-Fetch
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Use-Magma
X-Exp-Variant
X-Kinja
X-D2id
X-Varnish-TTL
X-Vcap-Request-Id
X-SharePointHealthScore
RTSS
X-B3-TraceId
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
TCN
DynaTrace
X-ESI
X-Navigation-Version
X-GitHub-Request-Id
X-SRCache-Store-Status
X-Powered-By-Plesk
X-SRCache-Fetch-Status
X-RateLimit-Remaining
Response
X-Middleton-Display
X-Middleton-Response
X-Sol
Display
X-Akam-SW-Version
Accept-Ch-Lifetime
Content-MD5
Charset
X-Server-Name
MS-Author-Via
AR-CACHE
Ar-Sid
AR-PoweredBy
AR-ATIME
ServerID
X-Trace
X-Shield-Request-Id
X-Amz-Rid
Realpath
X-Dw-Request-Base-Id
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
Accept-Ch
X-Powered-CMS
AR-Request-ID
X-DynaTrace-JS-Agent
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
Nginx-Cache
X-Forwarded-Proto
X-Cached
X-Version
X-Upstream
Fastly-Restarts
X-Shard
X-B3-TraceId-Primal
Public-Key-Pins
MRF-Tech
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Mrf-Cache-Status
SPIisLatency
SPRequestDuration
X-Goog-Storage-Class
Access-Control-Request-Method
Paypal-Debug-Id
X-MSEdge-Ref
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Proxy
X-Client-IP
Pagespeed
S
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Debug
X-Amz-Meta-S3cmd-Attrs
X-Grace
X-Id
X-FTR-DC
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Backend
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Realm
X-Ezoic-Cdn
X-FTR-Expires
X-N
X-T
X-DIS-Request-ID
X-Fastly-Request-ID
MicrosoftSharePointTeamServices
Arr-Disable-Session-Affinity
X-Amzn-Trace-Id
Accept-CH
X-NF-Request-ID
Front-End-Https
X-Content-Type
X-Ser
X-Hits
X-Varnish-Age
X-B3-Sampled
Arc-Version
PB-PID
PB-RID
X-Mobile-Rewrite
Nel
Alternate-Protocol
X-Server-ID
X-VCache
Fastcgi-Cache
X-Acc-Meta-Resource-Type
X-FTR-Cache-Host
X-Frontend
X-Logged-In
X-FastCGI-Cache
X-Content-Digest
Server-Name
X-XRDS-Location
X-Vcache
X-Srv
X-Pad
X-Correlation-Id
X-Forwarded-For
Host
Powered-By-ChinaCache
AMP-Access-Control-Allow-Source-Origin
X-Node-Name
X-Request-Handler-Origin-Region
X-Microsite
FilterID
Healthy
TP-L2-Cache
TP-Cache
X-Rid
X-Kinsta-Cache
Edge-Cache-Tag
X-LB-Cache
X-XRDS-LOCATION
X-Type
X-Cache-Key
X-IPLB-Instance
X-Request-Processing-Time
X-Debug-Info
X-Request-Received
X-User-Agent
X-AOL-HN
X-Cached-By
X-B3-Traceid
X-GUploader-UploadID
X-Fastcgi-Cache
X-Cache-2
X-Revision
X-F-Cache
X-Hostname
X-Amzn-RequestId
Powered
X-Amz-Apigw-Id
X-Zen-Fury
X-Cache-Rule
X-HS-Content-Id
X-HS-Hub-Id
Surrogate-Key
X-Cache-Age
X-Analytics
Backend-Timing
X-Accel-Expires
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Page-Id
X-AppVersion
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Az
X-Activity-Id
X-Varnish-Backend
X-Content-Security-Policy-Report-Only
X-BCube-Filmed-By
X-Instance
X-Content-Options
X-Varnish-Grace
X-Cluster
Source
X-Via-JSL
X-Jobs
X-Tumblr-User
X-FB-Debug
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Content-Powered-By
X-Request-Guid
Cache-Status
X-App-Environment
X-Akamai-Edgescape
X-Amz-Replication-Status
X-PHP-Backend
X-TT
Cleartype
X-Framework
Server-Node
X-RateLimit-Limit
X-Varnish-Hostname
Tracecode
Refresh
X-Forwarded-Host
WPE-Backend
X-B-Cache
X-Signature
X-FW-Server
X-FW-Type
Host-Header
X-FW-Static
X-FW-Serve
X-FW-Hash
X-ATG-Version
Liferay-Portal
X-Mobile
X-Cache-Operation
X-Time
DC
X-Cache-Control
Accept-Charset
X-Edge-Location
X-NWS-LOG-UUID
X-Drupal-Cache-Tags
Actual-Object-TTL
X-Cache-Action
Access-Control-Allow-Method
X-Cache-TTL
Fastcgi-Useragent
X-Esi
X-Cache-Hit
X-Mobile-URL
X-Response-Served-From
Upgrade-Insecure-Requests
X-Hp-Webp
X-Accel-Buffering
X-App-Server
Payment
X-Whom
X-Storage
X-TX-ID
X-B
X-SS-Set-Cookie
X-Content-Age
X-UA-Device-Type
X-WebKit-CSP-Report-Only
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Handled-By
X-TT-TIMESTAMP
X-Erf-Bev-Bev
X-GeoIP
X-Erf-Bev-Bev-Is-Generated
Xserver
Filters
X-Git-Hash
X-Cacheable-TTL
X-Tumblr-Pixel-1
X-RequestSource
X-Tumblr-Pixel-2
X-VG-WebCache
X-WA-Info
X-Adobe-Loc
Cache-Tv-Group
Eomportal-Instance
X-Adobe-Content
Viewport
Cache
X-RemovedCookies
X-ProcessESI
X-Geo-Country
X-Status
X-APP-VERSION
NGB
Server-Info
Accept-CH-Lifetime
Cache-Tag
X-Ratelimit-Limit
Webserver
X-FB-TRIP-ID
Datacenter
X-Presslabs-Stats
X-Cache-TTL-Remaining
X-Cache-Enabled
Retry-After
X-Ratelimit-Reset
X-TA-CDN-Provider
X-FW-Dynamic
X-Contextid
X-Seen-By
S-Cnection
X-Host-Name
X-Origin-Server
MS-CV
Country
From-Origin
X-Mode
Frame-Options
X-Hyper-Cache
Meta-Geo
X-Tumblr-Pixel-3
X-LJ-Flow-ID
Machine
Load-Balancing
X-AWS-Id
X-CF-Powered-By
X-VWS-Id
X-ES-SERVER
X-Cache-Config
X-Cache-Var
X-Generated-By
X-RN-RSRV
X-Cache-Var-Map
X-Path-Route
X-Labrador-Cache-Channel
We-Hiring
X-Varnish-Hits
Release
Mail-Subject
Vix-Hermes-Req-Id
Cache-Key
X-RTag
Ms-Operation-Id
X-Zipkin-Id
X-Hit
X-Varnish-Cache-Hits
X-Upstream-CT
X-Upstream-HT
DSUID
X-Backend-Name
X-Human
X-Cache-Grace
X-Cache-Host
X-Routing-Service
X-Magnolia-Registration
X-Proxied
X-Loop
X-Guploader-Uploadid
Decoy-Debug-Key
Decoy-Debug-Status
X-Varnish-Server
X-Device-Type
X-EIG-Tracking-Id
X-PCL
X-Web-Node
Decoy-Debug-TTL
X-Upgrade-Enabled
X-TNCMS
ServedBy
Uber-Trace-Id
X-Rendered-As
X-OCL
Now
X-Debug-Cache
X-RCS-CacheZone
Mn-Server-Ip
X-Access
X-Viewer-Country
X-Section
GEO-INFO
X-MP-GENERATED-AT
X-From
X-BYPASS-REASON
X-Akamai-Request-ID
X-CCM
X-Alternate-Cache-Key
X-Shopify-Stage
X-Sorting-Hat-PodId
X-ProxyCache-Key
X-ShardId
Rt-Fastcgi-Cache
X-Daa-Tunnel
OT-Force-Account-Verify
X-Rule
X-VG-TLSProxy
X-ProxyCache-Status
X-ShopId
X-Cluster-Node
Akamai-GRN
X-Sorting-Hat-ShopId
X-R9-Blue-Green-Version
X-Proto
X-Origin-Response-Time
X-Endurance-Cache-Level
X-L-Path
X-Environment-Context
X-Region
X-Generated
X-Via-Fastly
DB-Nickname
X-Xfnlog-Site
X-JoinUs
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Timing-Wait
X-Hosted-By
X-Proxy-Build
X-FC-Vary-Parameters
X-S
X-NCache
Cache-Name
X-VCT
NGX
X-Drupal-Cache-Contexts
X-B3-Spanid
X-Trace-Id
X-PressLabs-Stats
X-Redis-Cache
X-Cache-NE
X-Platform-Server
X-Load-Cache
X-UUID
X-Www-Served-By
X-Site-Version
X-Nginx-Cache
X-Locale
Cteonnt-Length
X-NewRelic-App-Data
X-MServer
ProcessTime
X-EdgeConnect-Cache-Status
X-Hl-Ver
X-Oracle-Dms-Rid
X-Vgn-Hpd-Reason
X-ECACHE
X-ServerID
X-Rocket-Nginx-Bypass
X-Real-IP
SRV
X-Cache-Remote
X-Request-Time
Time
X-Time-Microsecs
X-IP
CACHE
X-Dc
Azure-SiteName
Azure-RegionName
Azure-InstanceId
X-Via-CDN
X-RateLimit-Reset
Azure-SlotName
X-Wix-Request-Id
X-Origin
X-FW-Version
S-Rt
X-GEO
Azure-Version
Version
X-IPS-LoggedIn
TWC-Privacy
TWC-GeoIP-Country
TWC-Device-Class
TWC-Locale-Group
Webcakes-App-Name
X-Origin-Hint
Webcakes-Region
Webcakes-App-Version
TWC-Connection-Speed
TWC-GeoIP-LatLong
Property-Id
X-Proxy
X-UA
Origin
NtCoent-Length
L5d-Success-Class
X-No-Session
X-Oneagent-Js-Injection
X-FireWall-Port
X-Cache-Backend
X-Distributor
Served-By
Fastly-SSL
X-Pubstack
X-Akamai-Transformed
Odigeo-Trace-Id
X-Unique-ID
X-Cache-Server
X-Microcachable
X-PERF
X-ApacheServer
Origin-Edge-Control
X-Akamai-Request-ID2
Origin-Cache-Control
Fastcgi-X-Cache-Version
X-CS
X-Format
X-Webkit-Csp
IBM-Web2-Location
X-CDN-Forward
X-Grey
X-Cache-Category-Id
X-Powered-By-Defense
X-Edge
X-HTML-Minification-Powered-By
Ec-Rule-Version
X-Compress-Hint
Proxy-Connection
X-BACKEND-TTL
Access-Control-Request-Headers
X-Via-NSCOPI
Cache-Tags
X-UnsetCookies
X-Detected-As
X-Is-Bot
Backend-Name
X-Varnish-Cacheable
X-G
X-A
X-Cluster-Name
HA-Ipaddr
Ha-Gx-Prefs
X-CF-Lambda-Fn
Mobile-Detection-Method
Meta-Geo-Continent
X-Internal-Host
Node
X-Cache-Bucket
Rendered-Blocks
Proxy-Firewall
X-Instart-Info
X-IN-APIGATEWAY
X-Connection-Hash
X-CF-Lambda-Version
X-Cdn-Srv
MD5-Digest
X-HS-Combine-CSS
X-HS-Cache-Config
X-CGP
X-Eu-Site
Cache-Prefix
Fastly-SIE
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
BehaviorPad-Version
Cache-Cookie-Set-From
X-Debug-Log
Cdn-Host
Content-Style-Type
X-Destination
Content-Script-Type
X-Developer
Cdn-Request-Time
X-Debug-Cookies
AsisCache
X-DPWN-IS-SECURE
A
X-Edge-Server
X-NU-AKA-ACS-Version
X-External-Request-Id
X-D
GEO-REGION-INFO
Fastly-SWR
Arc-Country
Fly-Cache
Fly-Request-Id
X-Date
X-Tb
PageSpeed
Server-ID
X-Aed
Cross-Origin-Window-Policy
X-Twitter-Response-Tags
ServerName
X-ScT
X-Accel-Expires-Debug
X-Rojux
X-S-Cookie
X-S-Maxage
X-VG-WebServer
X-Server-Time
X-B-Cookie
X-App-Name
X-Nc
X-AIR-PT
Viewtype
X-SRCache-Key
VivaBuild
X-Trv-Group
X-ARC
X-Transaction
X-Application
LB
X-Rewrite-Enabled
Request-Country
X-Processor
Request-EU
X-Vtex-Processado-Em
X-A-Ccd
X-Worker
X-NX-Host
X-Org
X-PAYTM-SRV-ID
Xc-Version
Request-Time
X-A-Dam
X-Rebelmouse-Cache-Control
X-A-Dcw
X-A-Dgt
Rt-Proxy-Cache
X-Region-Sid
Hostname
X-Rebelmouse-Surrogate-Control
X-Request-UUID
X-Vtex-Remote-Cache
X-A-Wwc
Mime-Version
X-B3-Parentspanid
X-ElasticPress-Search
Esi-Enabled
Gh-Request-Id
Resin-Trace
RNT-Machine
RNT-Time
Memcached
On-Server
X-Cache-Id
Platform
X-Cache-Info
X-Cdn-Origin
Is-Eu
Server-Int
SS
X-Core-Mission
Server-Host
Section-Io-Cache
X-Backend-State
X-Clientip
True-Client-Country-4JS
X-Fastly-Cache
X-Level-Front-Cache
X-Sn-Servicetimems
X-Skip-Cache
X-Key
X-Irp-Debug
X-Geo-Header
X-GeoIP-Country-Code
X-C
X-Location
Countrycode
X-Server-IP
X-Reqid
X-Request-URI
X-Qloud-Router
X-PHP-Host
X-ServiceProvider
X-Nginx-Cache-Key
X-TH-Server
X-Hash
Apple-News-Services-Handled
Apple-News-Services-Request-Url
X-Epic-Correlation-Id
Adler-Geo
X-Dispatcher-Server
X-Dispatch
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Generated-On
Country-Code
X-We-Are-Hiring
X-Variation
X-NC
Accept-Language
X-Servername
X-Secret
X-SD-PageType
X-Wikidot-Static-Cache
X-Served-From
X-SIPLIST1
X-WebServer
X-Amz-Meta-Cache-Control
X-SVT-ORM-VERSION
X-Webstats-RespID
X-SVT-ORM-RULES
X-Wikidot-Backend
X-Swa-Ws
X-Auto-Login
X-Method
X-Gen-Mode
X-Developers
X-Generation-Time
X-Hnp-Log
X-Gannett-Site-Version
X-FPC
X-Device-Os
X-Distil-CS
W
X-Fetched-On
X-CDN-Cache
X-Li-Fabric
X-Block-Status
X-BBXSRF
X-Reboot
X-Request-Start
X-Protected-By
X-ND-Cache
X-Li-Pop
X-LI-Proto
X-LI-UUID
X-Cache-FS-Status
X-Response-By
X-Crawler
Pramga
REQUESTUUID
SD-X-WS
UCS
PFcat
IsBot
AKAMAI
CDCHOST
Content-Disposition
User-Cache-Control
Powered-By
V-Age
Wxu-Next-Region
Who
Wxu-Next-Commit
Wxu-Next-Hostname
Web-Mar-Node
X-Datadome
X-Release
X-Matched-Rule
X-Thanos
X-Clara-WADP
X-Ua
X-VServer
Fastly-Soc-X-Request-Id
X-Cms-Context
GW-Server
X-Via-SSL
Heartbleed
X-Thinkindot-L3
Thinkindot-CacheControl
X-Azure-Ref
Thinkindot-CacheControl-Type
Thinkindot-Control
X-GeoIP-City
X-WADP-Cache
X-Azure-Ref-OriginShield
X-Varnish-Url
X-Origin-Expires
X-Origin-Date
X-Bip
X-Owner
X-Via-Edge
X-CUA
X-Varnish-Ttl
X-Parent-Response-Time
CF-IPCountry
Pragrma
X-OVcl-Cache
X-OVcl
X-VC-Cache
X-CLOUD-TRACE-CONTEXT
L
X-Fstrz
N-Cache
X-Proxy-Upstream
X-Proxy-Cache-Status
X-Ratelimit-Remaining
Kp-EeAlive
X-LAGOON
X-Amzn-Remapped-Content-Length
X-TrackingId
X-Planisys-CDN-Cache
X-Cdn-Forward
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-FE
Memory
X-GRACE
X-Be
Selected-Fe
X-Origin-CC
X-Origin-TTL
X-Phone
User-Agent
X-Pf-Uncompressing
X-B3-SpanId
X-IN-WAF
X-Core-Value
X-Varnish-Beresp-Ttl
X-SERVER-NAME
X-Urbn-Site-Id
X-Urbn-Context-Path
Locale
Magicmarker
X-URL
X-Birta-Served
X-Birta-Cache-Post
X-Page-Type
X-Geo
X-Zone
X-Ttl
X-Dynatrace-Js-Agent
X-Info
X-Varnish-IP
X-DC
HitType
Selected-FE
Pagetype
X-Flog
X-ABtesting
X-Hello
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Generated-In
X-User
Cdn
X-Backend-TTL
Geoip-Latitude
X-Backend-Url
X-TT-LOGID
X-Backend-Host
X-Newrelic-Synthetics
Geoip-City
GeoIp-Country-Code
X-Litespeed-Cache
SN
X-GoCache-CacheStatus
X-MSEdge-Features
X-MSEdge-Flight
X-Soup
X-Tt-Trace-Tag
X-Debug-Cache-Store
X-Up
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-Mid
X-Source
X-Check-Cacheable
X-App-Version
X-MID
X-Cache-Debug
X-Agile-Age
X-Agile
X-Agile-Id
X-Servedbyhost
CF-Cached-On
X-Real-Ip
X-Refresh
X-Web-Server
X-HS-Status
X-Aicache-OS
X-Vcl-Version
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Ruxit-Js-Agent
Amp-Access-Control-Allow-Source-Origin
X-ServedByHost
FSS-Cache
FSS-Proxy
X-ZONE
X-VCL-Version
X-Tb-Optimization-Total-Bytes-Saved
HostName
X-Cache-Ttl
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-Say-TTL
X-UPSTREAM-Address
X-Old-Content-Length
X-Say-Cacheable
X-SayCDN-TTL
X-Bc
X-CACHE-KEY
GeoIP-Country-Code
X-Varnish-Authentication
X-APP
X-Contensis-Viewer-Groups
Server-Surrogate-Control
X-Cache-ASPX
Server-Cache-Control
X-NWS-UUID-VERIFY
Ohc-File-Size
X-EC-Lua
Cache-Hits
Ohc-Cache-HIT
X-CSRF-Token
GeoIP-Latitude
Group
X-Via-Ucdn
X-COUNTRY
GeoIP-City
RequestId
WZWS-RAY
Srv
Inserted-Into-Cache-At
Fastly-Backend-Name
X-Akamai-SSL-Client-Sid
X-Varnish-Beresp-TTL
X-Node-Id
HTTPS
X-BC
X-Nananana
Backend
URI
X-WR-MODIFICATION
X-Logtrace-Id
Xkeyrz
X-ECache
Www
X-Proxy-Cacherz
X-IN-APIGATEWAYSSL
X-SN
Ajk
X-Cache-Time
X-Dynatrace
WebServer
XServer
X-Instart-Isnd
X-PAGE-TYPE
Cf-Ipcountry
X-Cache-Tag
X-CSRF-TOKEN
Requestid
X-Unique-Id
X-Wa
Lb
Get-Access-Time
Is-Session-Tracking
Host-ID
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Cache-Expires
X-Tec-Api-Origin
X-FORWARDED-FOR
Xkeynj
X-Fastly-Country-Code
X-Tec-Api-Version
X-Request-Url
X-Tec-Api-Root
X-TIME
X-MCACHE
X-LiteSpeed-Cache-Control
X-BE
X-Edge-IP
X-Requestid
X-Cache-Miss-From
X-Sedo-Request-Id
X-NGENIX-Cache
Dynatrace
X-PJAX-URL
X-Apw-Access-Object
X-Varnish-Action
X-Apw-Access-Action
X-Fastly-Backend-Reqs
X-Apw-Access-Token
PICS-Label
X-PF-Uncompressing
Epwk-Cache
Cneonction
T-Server
X-Apw-Hits
Xet-Cookie
X-SRV
DataCenter
Pics-Label
X-Lb-Id
X-Pjax-Url
X-Vct
Fastcgi-X-Cache
X-Micro-Cache
X-Render-Time
CDN
X-LB-ID
X-GDPR
X-Swift-Error
X-NGINX-Cache
X-Dw-Trace-Id
X-WA
X-Svr
X-Cf-Powered-By
X-Ecache
Correlation-Id
X-AssetVersion
X-Uri
X-Policy
SID
X-ServerName
X-Serial
X-Fpc
X-Var-Ttl
X-Html-Edge-Cache
Lfy
Warning
X-Bug-Bounty
X-WPE-Loopback-Upstream-Addr
RequestUuid
FNAC-ModuleRouting
X-Sf
Ohc-Response-Time
X-LiteSpeed-Tag
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-DSS
X-DW
X-RPM
X-RPS
X-DI
X-DB
X-Fastly-Cache-Hits
X-Flow-Id
X-Page-Impression-Id
X-Zalando-Child-Request-Id
X-RSL