Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Alt-Svc
X-Adblock-Key
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Age
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Id-2
X-Amz-Request-Id
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
EagleId
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
X-Request-ID
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Server-Id
X-WebKit-CSP
Feature-Policy
Server-Timing
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Host
X-Rq
Report-To
X-Ac
X-Node
Content-Location
X-OneAgent-JS-Injection
X-Cnection
X-Response-Time
X-Backend-Server
X-Cloud-Trace-Context
X-Origin-Cache
X-Application-Context
X-Readtime
Request-Id
Allow
EagleEye-TraceId
Surrogate-Control
X-ORACLE-DMS-ECID
X-Country
X-DynaTrace
X-Vhost
X-Cache-Lookup
X-TTL
X-Cdn
Pinterest-Generated-By
X-Rack-Cache
X-Clacks-Overhead
X-Origin-Upstream-Status
X-Url
X-Ua-Compatible
NEL
X-FTR-Request-ID
X-Ruxit-JS-Agent
Rating
X-Country-Code
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-CST
X-Dns-Prefetch-Control
X-Dispatcher
X-HW
X-Goog-Hash
X-Instart-Request-ID
X-ORACLE-DMS-RID
Fusion-Component-Id
Fusion-Content-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
X-DataStream-Cache-Status
Edge-Control
X-PC
X-TtlSet
X-Vname
X-DataDome
X-Px
X-VARITI-CCR
Service-Worker-Allowed
Verso
X-Mod-Pagespeed
X-MS-InvokeApp
X-Recruiting
X-Varnish-TTL
X-D2id
X-Exp-Variant
X-Exp-Id
X-Kinja
X-Cdn-Fetch
X-Kinja-Build
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-GoogleNews-Bot
SPRequestGuid
RTSS
X-Vcap-Request-Id
X-Amz-Server-Side-Encryption
X-Abt-Application-Version
TCN
X-SharePointHealthScore
X-Navigation-Version
X-SRCache-Store-Status
X-GitHub-Request-Id
X-SRCache-Fetch-Status
DynaTrace
X-Middleton-Response
X-Sol
X-Middleton-Display
Display
Response
X-Akam-SW-Version
X-Powered-By-Plesk
X-RateLimit-Remaining
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
MS-Author-Via
Charset
X-Shield-Request-Id
ServerID
X-Amz-Rid
X-Forwarded-Proto
Content-MD5
AR-PoweredBy
AR-ATIME
AR-CACHE
Ar-Sid
X-B3-TraceId
X-Trace
X-Powered-CMS
Realpath
Accept-Ch-Lifetime
Nginx-Cache
X-Upstream
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-Version
X-Cached
Fastly-Restarts
Public-Key-Pins
X-Dw-Request-Base-Id
Accept-Ch
AR-Request-ID
X-Shard
X-DynaTrace-JS-Agent
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
Mrf-Cache-Status
X-ESI
MRF-Tech
Pagespeed
X-Server-Name
Access-Control-Request-Method
Paypal-Debug-Id
X-MSEdge-Ref
X-Vcache
X-Goog-Storage-Class
X-Grace
X-Client-IP
SPIisLatency
SPRequestDuration
S
X-Debug
X-FTR-Cache-Status
X-FTR-Expires
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-FTR-Realm
X-FTR-DC
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Id
X-Ezoic-Cdn
X-FastCGI-Cache
X-Amz-Meta-S3cmd-Attrs
Accept-CH
X-N
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Proxy
X-Fastly-Request-ID
X-T
Front-End-Https
X-Amzn-Trace-Id
X-DIS-Request-ID
X-NF-Request-ID
Arr-Disable-Session-Affinity
X-Content-Type
X-B3-Traceid
MicrosoftSharePointTeamServices
X-Hits
X-XRDS-Location
X-B3-Sampled
X-FTR-Cache-Host
X-Varnish-Age
X-Ser
X-Mobile-Rewrite
PB-RID
PB-PID
Fastcgi-Cache
Arc-Version
X-Frontend
X-Acc-Meta-Resource-Type
X-Content-Digest
Server-Name
X-Logged-In
Alternate-Protocol
X-Correlation-Id
X-Srv
X-Cache-Key
X-Node-Name
X-Pad
X-Esi
AMP-Access-Control-Allow-Source-Origin
Nel
X-Microsite
X-Request-Handler-Origin-Region
FilterID
X-Forwarded-For
TP-L2-Cache
TP-Cache
Host
X-Type
X-Kinsta-Cache
Healthy
X-User-Agent
X-Rid
X-LB-Cache
Powered-By-ChinaCache
X-Request-Processing-Time
X-Request-Received
X-IPLB-Instance
X-F-Cache
X-Zen-Fury
Edge-Cache-Tag
Powered
X-Debug-Info
X-AOL-HN
X-Cache-2
X-Amz-Apigw-Id
X-Amzn-RequestId
X-GUploader-UploadID
X-Cached-By
X-Revision
X-VCache
X-Hostname
X-HS-Content-Id
X-HS-Hub-Id
Backend-Timing
X-Analytics
X-Cache-Age
X-Kong-Upstream-Latency
X-Cache-Rule
X-Kong-Proxy-Latency
X-Via-JSL
X-Accel-Expires
X-XRDS-LOCATION
X-AppVersion
X-Activity-Id
X-Az
Surrogate-Key
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Varnish-Backend
X-Content-Security-Policy-Report-Only
X-BCube-Filmed-By
X-Content-Options
X-Page-Id
X-Instance
X-RateLimit-Limit
X-Cluster
X-Varnish-Grace
X-FB-Debug
X-Amz-Replication-Status
X-Tumblr-User
X-Tumblr-Pixel-0
X-Content-Powered-By
X-Akamai-Edgescape
X-PHP-Backend
X-Tumblr-Pixel
X-Request-Guid
X-Jobs
Source
Cache-Status
Server-Node
X-App-Environment
X-TT
X-Forwarded-Host
X-Signature
X-B-Cache
Refresh
Cleartype
X-Framework
X-Fastcgi-Cache
Liferay-Portal
X-FW-Server
X-FW-Type
X-FW-Hash
X-FW-Static
X-FW-Serve
Accept-CH-Lifetime
X-Varnish-Hostname
DC
X-ATG-Version
Tracecode
Host-Header
WPE-Backend
Accept-Charset
Access-Control-Allow-Method
Fastcgi-Useragent
X-APP-VERSION
X-Cache-Operation
X-Mobile
X-Cache-Control
X-Cache-Action
X-Edge-Location
X-Drupal-Cache-Tags
X-Time
X-B
Actual-Object-TTL
X-Cache-Hit
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Hp-Webp
X-Response-Served-From
Payment
X-Accel-Buffering
X-Whom
X-Mobile-URL
X-Storage
X-App-Server
X-TX-ID
X-WebKit-CSP-Report-Only
X-WA-Info
X-Oracle-Dms-Rid
X-Content-Age
X-Yottaa-Optimizations
X-Yottaa-Metrics
Cache-Tv-Group
Upgrade-Insecure-Requests
X-TT-TIMESTAMP
X-Git-Hash
X-NWS-LOG-UUID
X-UA-Device-Type
X-Handled-By
Filters
NGB
X-Cacheable-TTL
X-SS-Set-Cookie
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Status
X-GeoIP
X-Adobe-Loc
X-Adobe-Content
Eomportal-Instance
X-RequestSource
X-RemovedCookies
X-ProcessESI
Cache-Tag
X-Geo-Country
Viewport
X-VG-WebCache
Cache
Retry-After
Xserver
Webserver
Datacenter
X-FW-Dynamic
X-Cache-TTL-Remaining
X-Cache-TTL
X-Presslabs-Stats
X-Seen-By
X-Server-ID
Server-Info
MS-CV
X-Ratelimit-Reset
X-FB-TRIP-ID
X-Cache-Enabled
X-TA-CDN-Provider
X-Host-Name
Frame-Options
X-Ratelimit-Limit
X-B3-Spanid
X-Contextid
X-Generated-By
From-Origin
X-Origin-Server
X-RTag
Ms-Operation-Id
X-Hyper-Cache
S-Cnection
X-Mode
Country
X-CF-Powered-By
X-RN-RSRV
Machine
X-Path-Route
Meta-Geo
X-Cache-Var-Map
X-Cache-Var
X-PressLabs-Stats
Load-Balancing
X-Cache-Config
X-ES-SERVER
X-Tumblr-Pixel-3
X-Zipkin-Id
X-Cache-Grace
X-Proxied
X-Section
Vix-Hermes-Req-Id
X-MP-GENERATED-AT
Cache-Key
X-Access
X-Routing-Service
X-Upstream-CT
X-Hit
X-Labrador-Cache-Channel
X-Upstream-HT
X-Varnish-Server
X-Cache-Host
X-Human
SRV
GEO-INFO
Decoy-Debug-Key
X-Varnish-Cache-Hits
X-Backend-Name
X-Viewer-Country
Decoy-Debug-TTL
X-OCL
X-TNCMS
X-Upgrade-Enabled
Decoy-Debug-Status
X-From
X-Loop
X-PCL
X-Web-Node
Now
Mn-Server-Ip
ServedBy
X-EIG-Tracking-Id
X-ShardId
X-Origin-Response-Time
X-LJ-Flow-ID
X-Region
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShopId
X-Magnolia-Registration
X-Rule
X-L-Path
X-VG-TLSProxy
X-VWS-Id
X-R9-Blue-Green-Version
X-AWS-Id
X-Alternate-Cache-Key
X-CCM
X-Debug-Cache
X-Via-Fastly
X-Environment-Context
X-Endurance-Cache-Level
X-Akamai-Request-ID
Rt-Fastcgi-Cache
X-Drupal-Cache-Contexts
X-Rendered-As
DSUID
X-RCS-CacheZone
DB-Nickname
X-Proto
X-Timing-Wait
Mail-Subject
X-Xfnlog-Site
X-FC-Vary-Parameters
X-Proxy-Build
X-S
Cache-Name
X-Hosted-By
We-Hiring
X-Cluster-Node
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated
X-NCache
X-JoinUs
OT-Force-Account-Verify
X-Varnish-Hits
Akamai-GRN
X-Guploader-Uploadid
Release
X-Device-Type
Uber-Trace-Id
Version
X-Trace-Id
X-NewRelic-App-Data
X-Nginx-Cache
X-Site-Version
X-Locale
X-Www-Served-By
Cteonnt-Length
X-ProxyCache-Status
X-BYPASS-REASON
X-Request-Time
X-ProxyCache-Key
ProcessTime
X-VCT
NGX
X-Load-Cache
X-IP
X-Time-Microsecs
X-Platform-Server
Time
X-Redis-Cache
X-UUID
X-Wix-Request-Id
X-Origin
S-Rt
Azure-SiteName
Azure-InstanceId
Azure-RegionName
CACHE
Azure-SlotName
Azure-Version
X-FW-Version
X-Dc
X-Via-CDN
Webcakes-App-Name
TWC-Privacy
X-Origin-Hint
X-ECACHE
TWC-Locale-Group
Webcakes-App-Version
TWC-GeoIP-Country
Property-Id
X-EdgeConnect-Cache-Status
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-LatLong
Webcakes-Region
X-GEO
X-Cache-NE
NtCoent-Length
X-Akamai-Request-ID2
X-MServer
X-CDN-Forward
X-No-Session
X-Rocket-Nginx-Bypass
X-Proxy
X-FireWall-Port
X-Hl-Ver
X-SERVER-NAME
X-Cache-Remote
X-ServerID
X-Vgn-Hpd-Reason
X-IPS-LoggedIn
X-Daa-Tunnel
X-RateLimit-Reset
X-Akamai-Transformed
Origin
X-HTML-Minification-Powered-By
X-PERF
X-ApacheServer
X-UA
X-Cache-Server
Odigeo-Trace-Id
X-CS
X-Format
X-Distributor
X-Oneagent-Js-Injection
Fastly-SSL
Ec-Rule-Version
Cache-Tags
LB
Access-Control-Request-Headers
L5d-Success-Class
X-UnsetCookies
X-Real-IP
Accept-Language
X-Pubstack
X-Microcachable
Hostname
X-Unique-ID
Origin-Edge-Control
Origin-Cache-Control
X-NC
X-Webkit-Csp
X-Tb
Served-By
X-Cache-Backend
Fastcgi-X-Cache-Version
X-Varnish-Cacheable
IBM-Web2-Location
X-Compress-Hint
X-Grey
X-Cache-Category-Id
Cross-Origin-Window-Policy
Content-Style-Type
Fly-Cache
MD5-Digest
X-G
GEO-REGION-INFO
Fly-Request-Id
Fastly-SIE
Fastly-SWR
X-IN-APIGATEWAY
Cdn-Host
A
Arc-Country
AsisCache
X-Is-Bot
X-NU-AKA-ACS-Version
X-Worker
X-Org
X-Internal-Host
BehaviorPad-Version
Meta-Geo-Continent
Cdn-Request-Time
X-Instart-Info
Cache-Prefix
Cache-Cookie-Set-Lfrom
X-Transaction
Cache-Cookie-Set-Idcheck
Content-Script-Type
Proxy-Firewall
X-Aed
X-Date
X-AIR-PT
X-Accel-Expires-Debug
X-A-Wwc
X-A-Dam
X-A-Dcw
X-A-Dgt
X-App-Name
X-Application
X-Cdn-Srv
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Connection-Hash
X-Cache-Bucket
X-ARC
X-D
X-B-Cookie
X-A-Ccd
X-A
Request-EU
Request-Time
X-Edge-Server
Request-Country
Rendered-Blocks
Node
X-External-Request-Id
X-PAYTM-SRV-ID
Rt-Proxy-Cache
Server-ID
X-Developer
X-Detected-As
X-Destination
Xc-Version
VivaBuild
X-DPWN-IS-SECURE
Viewtype
Mobile-Detection-Method
Cache-Cookie-Set-From
X-Trv-Group
Backend-Name
X-Twitter-Response-Tags
X-Rebelmouse-Cache-Control
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Rebelmouse-Surrogate-Control
X-B3-Parentspanid
X-Cluster-Name
X-Server-Time
X-ScT
X-BACKEND-TTL
X-Region-Sid
X-Varnish-Url
X-Request-UUID
X-Rewrite-Enabled
X-Rojux
X-S-Cookie
X-S-Maxage
X-SRCache-Key
X-VG-WebServer
Proxy-Connection
ServerName
X-URL
X-ElasticPress-Search
AKAMAI
Memcached
X-CGP
X-NX-Host
X-Fastly-Cache
X-Developers
X-C
X-Nginx-Cache-Key
X-Cdn-Origin
X-GeoIP-Country-Code
X-Debug-Log
Ha-Gx-Prefs
X-Core-Mission
Is-Eu
X-Cache-Info
On-Server
X-Variation
X-PHP-Host
RNT-Time
RNT-Machine
Section-Io-Cache
Server-Int
True-Client-Country-4JS
X-Clientip
Resin-Trace
X-Level-Front-Cache
X-Epic-Correlation-Id
X-Eu-Site
Platform
W
X-Geo-Header
X-Request-URI
X-Edge
Gh-Request-Id
HA-Ipaddr
Apple-News-Services-Request-Url
Content-Disposition
X-Generated-On
Apple-News-Services-Parsed-Url
Countrycode
REQUESTUUID
X-Debug-Cookies
X-Backend-State
X-Skip-Cache
X-Sn-Servicetimems
X-ServiceProvider
X-We-Are-Hiring
Apple-News-Services-Host
X-Location
X-Amzn-Remapped-Content-Length
X-SVT-ORM-RULES
X-HS-Combine-CSS
X-HS-Cache-Config
Adler-Geo
X-SVT-ORM-VERSION
Esi-Enabled
X-Cache-Id
Apple-News-Services-Handled
Selected-Fe
X-BBXSRF
V-Age
X-Block-Status
User-Cache-Control
UCS
X-Device-Os
X-Servername
X-Amz-Meta-Cache-Control
X-Cache-FS-Status
X-CDN-Cache
X-Dispatch
X-Secret
X-SD-PageType
X-TH-Server
X-Server-IP
Web-Mar-Node
X-SIPLIST1
X-Auto-Login
X-Cms-Context
X-Method
X-Clara-WADP
X-Fetched-On
Country-Code
X-Reboot
CDCHOST
X-WADP-Cache
X-Dispatcher-Server
X-Hnp-Log
X-Generation-Time
X-GeoIP-City
X-Hash
X-Irp-Debug
X-WebServer
X-Wikidot-Backend
X-Qloud-Router
X-Wikidot-Static-Cache
X-LI-UUID
X-LI-Proto
X-Key
X-Li-Fabric
X-Li-Pop
X-Gen-Mode
Fastly-Soc-X-Request-Id
IsBot
PFcat
X-Request-Start
N-Cache
SS
Server-Host
X-FPC
X-Gannett-Site-Version
X-Reqid
X-Distil-CS
SD-X-WS
X-Response-By
X-Powered-By-Defense
X-SERVER
X-Origin-Date
L
X-Thinkindot-L3
X-Webstats-RespID
X-Processor
X-Matched-Rule
X-TrackingId
X-Proxy-Cache-Status
X-Swa-Ws
X-VServer
X-Proxy-Upstream
X-Bip
X-Owner
X-VC-Cache
X-Origin-Expires
X-Thanos
X-Crawler
X-Release
Who
Thinkindot-CacheControl-Type
Heartbleed
Wxu-Next-Commit
Wxu-Next-Hostname
Thinkindot-CacheControl
Pramga
GW-Server
X-Nc
Powered-By
Wxu-Next-Region
Thinkindot-Control
X-Azure-Ref
X-Azure-Ref-OriginShield
X-Via-NSCOPI
CF-IPCountry
X-Via-SSL
X-Ua
X-Served-From
X-OVcl
X-Pf-Uncompressing
X-Via-Edge
X-CUA
X-OVcl-Cache
Kp-EeAlive
Locale
X-Urbn-Context-Path
X-Parent-Response-Time
X-Urbn-Site-Id
X-Varnish-Ttl
X-Varnish-Beresp-Ttl
X-CLOUD-TRACE-CONTEXT
Magicmarker
X-FE
Mime-Version
X-Dynatrace-Js-Agent
X-LAGOON
X-Ratelimit-Remaining
X-ND-Cache
User-Agent
PageSpeed
X-Protected-By
Memory
X-ABtesting
X-Flog
X-Hello
X-Page-Type
X-Cache-Ttl
Pagetype
Pragrma
X-Fstrz
X-Origin-TTL
X-Be
X-Origin-CC
X-Backend-Host
X-Backend-Url
X-User
X-Generated-In
X-Newrelic-Synthetics
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-COUNTRY
X-Ttl
X-MSEdge-Flight
X-MSEdge-Features
X-GoCache-CacheStatus
X-Up
X-Tt-Trace-Tag
X-Geo
X-Backend-TTL
X-Zone
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-DC
X-Debug-Cache-Store
X-Debug-Cache-Expiry
X-Core-Value
X-Soup
X-Debug-Cache-Fetch
X-IN-WAF
X-Phone
X-Check-Cacheable
X-Oss-Request-Id
X-Oss-Server-Time
X-B3-SpanId
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
Geoip-City
X-TT-LOGID
X-Cdn-Forward
Geoip-Latitude
GeoIp-Country-Code
X-Servedbyhost
X-ZONE
Cache-Hits
X-Litespeed-Cache
X-SayCDN-TTL
X-Say-TTL
X-Say-Cacheable
X-Old-Content-Length
SN
Cdn
X-Birta-Served
X-Birta-Cache-Post
X-Info
X-Real-Ip
X-Varnish-IP
X-Akamai-SSL-Client-Sid
X-VCL-Version
X-MID
Selected-FE
X-Mid
HitType
X-Datadome
X-CSRF-TOKEN
X-HS-Status
X-Cache-Time
Amp-Access-Control-Allow-Source-Origin
X-Ruxit-Js-Agent
X-GRACE
Fastly-Backend-Name
X-FORWARDED-FOR
FSS-Cache
FSS-Proxy
X-Aicache-OS
X-Node-Id
Inserted-Into-Cache-At
X-Vcl-Version
XServer
X-ServedByHost
X-Agile
X-BC
X-Agile-Age
X-Logtrace-Id
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
Ajk
WZWS-RAY
X-Agile-Id
X-IN-APIGATEWAYSSL
X-Tb-Optimization-Total-Bytes-Saved
X-Cache-Debug
CF-Cached-On
X-Refresh
X-EC-Lua
X-Bc
Server-Surrogate-Control
GeoIP-Country-Code
X-UPSTREAM-Address
Server-Cache-Control
X-Varnish-Authentication
X-Contensis-Viewer-Groups
HostName
X-Cache-ASPX
X-Source
X-RateLimit-Limit-Second
RequestId
X-Web-Server
GeoIP-Latitude
X-Via-Ucdn
X-Wa
X-RateLimit-Remaining-Second
GeoIP-City
Dynatrace
X-CSRF-Token
X-Nananana
Srv
X-APP
X-App-Version
X-WR-MODIFICATION
T-Server
PICS-Label
X-LB-ID
X-PJAX-URL
X-Proxy-Cacherz
Xkeyrz
X-NWS-UUID-VERIFY
X-TIME
X-ECache
Ohc-File-Size
X-LiteSpeed-Cache-Control
WebServer
URI
X-Render-Time
Cf-Ipcountry
X-Varnish-Beresp-TTL
X-GDPR
X-BE
Group
Ohc-Cache-HIT
X-Fastly-Country-Code
X-Unique-Id
MIME-Version
X-SRV
X-Cache-Tag
X-Micro-Cache
X-CACHE-KEY
Is-Session-Tracking
HTTPS
Get-Access-Time
Xkeynj
X-PAGE-TYPE
CDN
X-SN
X-Edge-IP
Www
X-Uri
X-Requestid
X-Sedo-Request-Id
SID
X-Cache-Miss-From
X-Policy
Backend
X-MCACHE
X-Request-Url
X-Fastly-Backend-Reqs
X-Instart-Isnd
DataCenter
Xet-Cookie
X-Cache-Expires
X-Cdn-Request-ID
X-Pjax-Url
Requestid
Cache-Provider
Pics-Label
Lb
X-Swift-Error
X-Vct
Cneonction
X-Apw-Access-Action
X-Service
Host-ID
X-Apw-Access-Object
X-Apw-Hits
X-Apw-Access-Token
X-Dw-Trace-Id
X-NGINX-Cache
X-Cf-Powered-By
X-Lb-Id
X-WA
X-Ecache
X-Var-Ttl
Correlation-Id
FNAC-ModuleRouting
X-Newrelic-App-Data
X-Serial
X-Fe
Ohc-Response-Time
X-Zalando-Child-Request-Id
X-Akamai-ERRuleID
X-Fastly-Cache-Hits
Epwk-Cache
X-Flow-Id
X-Akamai-ERPolicy
X-Bug-Bounty
X-Varnish-Action
X-Html-Edge-Cache
Lfy
Warning
X-Page-Impression-Id
X-WPE-Loopback-Upstream-Addr
X-RPS
X-RSL
X-Fpc
X-ServerName
X-RPM
X-DW
X-DB
X-DI
X-DSS
X-PF-Uncompressing