Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Alt-Svc
X-Adblock-Key
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
Content-Encoding
X-Iinfo
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Age
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Request-Id
X-Amz-Id-2
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
EagleId
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Server-Id
Feature-Policy
Server-Timing
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Host
X-Rq
Report-To
X-Ac
X-Node
Content-Location
X-OneAgent-JS-Injection
X-Backend-Server
X-Cnection
X-Response-Time
X-Request-ID
X-Cloud-Trace-Context
X-Origin-Cache
X-Application-Context
X-Readtime
Request-Id
Allow
EagleEye-TraceId
Surrogate-Control
X-Country
X-ORACLE-DMS-ECID
X-Cache-Lookup
X-Vhost
X-TTL
X-DynaTrace
X-Url
X-Cdn
Pinterest-Generated-By
X-Rack-Cache
X-Clacks-Overhead
X-Origin-Upstream-Status
X-Ua-Compatible
NEL
X-Ruxit-JS-Agent
X-FTR-Request-ID
Rating
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country-Code
X-CST
X-Dns-Prefetch-Control
X-HW
X-Dispatcher
X-Goog-Hash
X-Instart-Request-ID
X-ORACLE-DMS-RID
Fusion-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Template-Id
X-DataStream-Cache-Status
Edge-Control
X-PC
X-TtlSet
X-Vname
X-DataDome
X-Px
X-VARITI-CCR
Service-Worker-Allowed
Verso
X-Mod-Pagespeed
X-MS-InvokeApp
X-Recruiting
X-Varnish-TTL
X-D2id
SPRequestGuid
X-Kinja-Server
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-Use-Magma
X-Cdn-Fetch
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
RTSS
X-Vcap-Request-Id
X-Amz-Server-Side-Encryption
X-Abt-Application-Version
DynaTrace
TCN
X-SharePointHealthScore
X-Navigation-Version
X-GitHub-Request-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Sol
X-RateLimit-Remaining
X-Middleton-Display
X-Middleton-Response
Display
Response
X-Akam-SW-Version
X-Powered-By-Plesk
MS-Author-Via
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
Accept-Ch-Lifetime
Charset
X-Shield-Request-Id
Content-MD5
Accept-Ch
ServerID
X-Amz-Rid
AR-PoweredBy
Ar-Sid
AR-CACHE
AR-ATIME
X-Forwarded-Proto
X-B3-TraceId
Realpath
X-Trace
X-Powered-CMS
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Metageneration
Nginx-Cache
X-DynaTrace-JS-Agent
X-Dw-Request-Base-Id
X-Version
X-Upstream
AR-Request-ID
X-Cached
Fastly-Restarts
Public-Key-Pins
X-Shard
X-ESI
X-Mrf-Item-Lastmod
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Server-Name
Pagespeed
Access-Control-Request-Method
Paypal-Debug-Id
X-MSEdge-Ref
X-Goog-Storage-Class
X-Vcache
X-Grace
SPRequestDuration
SPIisLatency
X-Client-IP
S
X-Debug
X-FTR-Balancer
X-FTR-Backend-Server
X-Country-Code-Real
X-DataStream-Origin-MEX-Latency
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-DC
X-FTR-Realm
X-FTR-Expires
X-DataStream-MidMile-RTT
X-Id
Pinterest-Version
X-Pinterest-Rid
X-Ezoic-Cdn
X-Amz-Meta-S3cmd-Attrs
X-Upstream-Proxy
X-FastCGI-Cache
X-N
X-Fastly-Request-ID
X-T
X-DIS-Request-ID
X-Amzn-Trace-Id
Front-End-Https
Arr-Disable-Session-Affinity
X-NF-Request-ID
MicrosoftSharePointTeamServices
X-Content-Type
X-XRDS-Location
X-B3-Traceid
X-Hits
Accept-CH
X-B3-Sampled
X-Varnish-Age
X-FTR-Cache-Host
X-Ser
Arc-Version
X-Mobile-Rewrite
Fastcgi-Cache
PB-RID
PB-PID
X-Frontend
X-Acc-Meta-Resource-Type
Alternate-Protocol
X-Content-Digest
Server-Name
X-Logged-In
X-Correlation-Id
X-Srv
X-Pad
X-Cache-Key
X-Forwarded-For
X-Node-Name
X-Esi
Nel
AMP-Access-Control-Allow-Source-Origin
X-Microsite
Host
X-Request-Handler-Origin-Region
FilterID
Powered-By-ChinaCache
TP-L2-Cache
TP-Cache
X-Type
X-Rid
Healthy
X-Kinsta-Cache
X-LB-Cache
X-User-Agent
X-IPLB-Instance
X-Request-Processing-Time
X-Request-Received
Edge-Cache-Tag
X-Debug-Info
X-AOL-HN
X-F-Cache
X-Cached-By
X-Cache-2
X-GUploader-UploadID
Powered
X-Zen-Fury
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Revision
X-VCache
X-Hostname
X-HS-Content-Id
X-HS-Hub-Id
X-Cache-Age
X-Cache-Rule
X-Analytics
Backend-Timing
X-XRDS-LOCATION
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Accel-Expires
Surrogate-Key
X-Activity-Id
X-AppVersion
X-Az
X-Via-JSL
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Varnish-Backend
X-Content-Security-Policy-Report-Only
X-Page-Id
X-BCube-Filmed-By
X-RateLimit-Limit
X-Instance
X-FB-Debug
X-Cluster
X-Varnish-Grace
X-Amz-Replication-Status
X-Content-Options
X-Tumblr-User
X-Request-Guid
X-Content-Powered-By
X-PHP-Backend
X-Jobs
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Akamai-Edgescape
Source
Cache-Status
X-App-Environment
X-TT
X-Framework
Cleartype
Server-Node
X-Forwarded-Host
Refresh
X-Signature
X-B-Cache
X-Fastcgi-Cache
X-FW-Static
X-FW-Serve
X-FW-Server
X-FW-Type
X-FW-Hash
X-Varnish-Hostname
X-Server-ID
Liferay-Portal
Tracecode
X-ATG-Version
DC
Host-Header
WPE-Backend
Accept-Charset
X-Mobile
X-Cache-Operation
Access-Control-Allow-Method
X-Cache-Control
X-Edge-Location
X-Cache-Action
Fastcgi-Useragent
X-Drupal-Cache-Tags
X-Time
Actual-Object-TTL
X-APP-VERSION
X-Cache-Hit
Accept-CH-Lifetime
X-B
X-Erf-Bev-Bev-Is-Generated
X-Response-Served-From
X-Mobile-URL
X-Erf-Bev-Bev
X-Accel-Buffering
Payment
X-Hp-Webp
X-TX-ID
X-Storage
X-Whom
X-NWS-LOG-UUID
X-Git-Hash
X-App-Server
X-WebKit-CSP-Report-Only
Upgrade-Insecure-Requests
X-Oracle-Dms-Rid
X-Content-Age
X-TT-TIMESTAMP
Cache
Cache-Tv-Group
X-WA-Info
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Handled-By
Filters
X-Cacheable-TTL
X-SS-Set-Cookie
X-UA-Device-Type
X-Adobe-Content
X-GeoIP
Eomportal-Instance
X-Adobe-Loc
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Status
Xserver
X-ProcessESI
X-RemovedCookies
X-RequestSource
NGB
X-Geo-Country
Viewport
X-VG-WebCache
Cache-Tag
Retry-After
Datacenter
Webserver
X-Ratelimit-Reset
X-Cache-TTL-Remaining
X-FW-Dynamic
Server-Info
X-Cache-TTL
X-FB-TRIP-ID
X-Seen-By
X-Cache-Enabled
MS-CV
X-TA-CDN-Provider
X-Host-Name
X-Contextid
X-B3-Spanid
X-Ratelimit-Limit
X-Presslabs-Stats
X-PressLabs-Stats
Frame-Options
S-Cnection
X-Origin-Server
From-Origin
X-Generated-By
Ms-Operation-Id
X-Hyper-Cache
Country
X-RTag
X-Mode
X-Cache-Var
X-Cache-Var-Map
X-ES-SERVER
Machine
Load-Balancing
X-CF-Powered-By
Meta-Geo
X-Tumblr-Pixel-3
X-RN-RSRV
X-Cache-Config
X-Path-Route
Cache-Key
X-Section
X-Upstream-HT
X-Cache-Grace
X-Hit
X-Upstream-CT
X-Zipkin-Id
X-MP-GENERATED-AT
X-Access
X-Routing-Service
X-Proxied
X-Labrador-Cache-Channel
Vix-Hermes-Req-Id
Decoy-Debug-Status
X-TNCMS
X-Human
X-OCL
X-Upgrade-Enabled
X-Backend-Name
X-Loop
X-From
X-RCS-CacheZone
X-Varnish-Cache-Hits
Now
X-Web-Node
Decoy-Debug-TTL
X-PCL
Decoy-Debug-Key
X-Cache-Host
X-Varnish-Server
X-Viewer-Country
X-CCM
Mn-Server-Ip
X-Alternate-Cache-Key
X-AWS-Id
Rt-Fastcgi-Cache
X-Debug-Cache
X-Akamai-Request-ID
ServedBy
X-Magnolia-Registration
X-ShardId
X-Origin-Response-Time
X-LJ-Flow-ID
X-Sorting-Hat-ShopId
X-ShopId
X-VG-TLSProxy
X-R9-Blue-Green-Version
X-Sorting-Hat-PodId
X-VWS-Id
X-Shopify-Stage
X-L-Path
X-Varnish-Hits
X-Endurance-Cache-Level
X-EIG-Tracking-Id
X-Region
X-Rule
X-Environment-Context
Mail-Subject
Cache-Name
X-S
X-Via-Fastly
DB-Nickname
OT-Force-Account-Verify
GEO-INFO
DSUID
X-Rendered-As
We-Hiring
X-Hosted-By
X-JoinUs
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated
X-Drupal-Cache-Contexts
X-FC-Vary-Parameters
X-NCache
SRV
X-Proxy-Build
X-Xfnlog-Site
Akamai-GRN
X-Cluster-Node
X-Proto
X-Timing-Wait
X-Device-Type
Uber-Trace-Id
Release
X-Guploader-Uploadid
X-Trace-Id
X-Site-Version
X-Locale
X-Nginx-Cache
X-BYPASS-REASON
X-ProxyCache-Status
X-Redis-Cache
X-Www-Served-By
X-ProxyCache-Key
Cteonnt-Length
X-VCT
NGX
X-Load-Cache
Version
ProcessTime
X-UUID
X-Request-Time
X-Platform-Server
X-Time-Microsecs
X-IP
Time
X-Cache-NE
X-Daa-Tunnel
X-Via-CDN
X-FW-Version
Azure-SiteName
Azure-RegionName
Azure-InstanceId
Azure-SlotName
Azure-Version
X-Origin
X-ECACHE
S-Rt
X-Wix-Request-Id
X-NewRelic-App-Data
X-EdgeConnect-Cache-Status
X-GEO
X-MServer
Webcakes-App-Version
X-Rocket-Nginx-Bypass
Webcakes-App-Name
Webcakes-Region
TWC-Locale-Group
TWC-Connection-Speed
Property-Id
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Privacy
X-Origin-Hint
X-Hl-Ver
NtCoent-Length
X-Cache-Remote
X-Proxy
X-Dc
X-Vgn-Hpd-Reason
X-FireWall-Port
X-ServerID
X-No-Session
X-IPS-LoggedIn
X-SERVER-NAME
CACHE
X-Akamai-Request-ID2
X-CDN-Forward
Origin
X-HTML-Minification-Powered-By
X-Akamai-Transformed
X-PERF
X-Distributor
X-ApacheServer
X-Real-IP
Odigeo-Trace-Id
X-Format
X-CS
X-Oneagent-Js-Injection
Fastly-SSL
X-Cache-Backend
X-Cache-Server
X-RateLimit-Reset
L5d-Success-Class
Ec-Rule-Version
X-Pubstack
X-UA
Cache-Tags
X-Microcachable
X-Unique-ID
Access-Control-Request-Headers
X-Compress-Hint
LB
Served-By
Origin-Edge-Control
X-UnsetCookies
Hostname
Origin-Cache-Control
X-NC
X-Tb
X-Webkit-Csp
Fastcgi-X-Cache-Version
X-Grey
IBM-Web2-Location
X-Cache-Category-Id
X-B3-Parentspanid
Backend-Name
Accept-Language
X-Varnish-Cacheable
Mobile-Detection-Method
A
Meta-Geo-Continent
Node
MD5-Digest
Cache-Cookie-Set-Idcheck
Fly-Cache
Cache-Cookie-Set-From
Fastly-SWR
Cache-Cookie-Set-Lfrom
Cross-Origin-Window-Policy
Fastly-SIE
Fly-Request-Id
GEO-REGION-INFO
Content-Script-Type
Cdn-Request-Time
Cdn-Host
Content-Style-Type
Cache-Prefix
BehaviorPad-Version
AsisCache
Arc-Country
X-Cache-Bucket
X-Org
X-NU-AKA-ACS-Version
X-PAYTM-SRV-ID
X-Rebelmouse-Cache-Control
X-Region-Sid
X-Rebelmouse-Surrogate-Control
X-Is-Bot
X-Internal-Host
X-Edge-Server
X-DPWN-IS-SECURE
X-External-Request-Id
X-G
X-Instart-Info
X-IN-APIGATEWAY
X-Request-UUID
X-Rewrite-Enabled
X-VG-WebServer
X-Twitter-Response-Tags
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-Worker
X-Trv-Group
X-Transaction
X-S-Cookie
X-Rojux
X-S-Maxage
X-ScT
X-SRCache-Key
X-Server-Time
X-Developer
X-Detected-As
X-A-Ccd
X-A
X-A-Dcw
X-A-Dgt
X-Accel-Expires-Debug
X-A-Wwc
VivaBuild
Viewtype
Request-Country
Rendered-Blocks
Request-EU
Request-Time
Server-ID
Rt-Proxy-Cache
X-Aed
X-AIR-PT
X-Cluster-Name
X-CF-Lambda-Version
X-Connection-Hash
X-D
X-Destination
X-Date
X-CF-Lambda-Fn
X-Cdn-Srv
X-Application
X-App-Name
X-ARC
X-B-Cookie
ServerName
Proxy-Firewall
X-A-Dam
X-Edge
X-BACKEND-TTL
Proxy-Connection
X-ElasticPress-Search
W
X-Backend-State
X-Cache-Id
X-Cache-Info
X-CGP
X-Debug-Log
X-Debug-Cookies
X-Core-Mission
X-Clientip
X-Cdn-Origin
Server-Int
Platform
On-Server
Memcached
Is-Eu
Resin-Trace
RNT-Machine
X-Developers
Section-Io-Cache
RNT-Time
True-Client-Country-4JS
X-Eu-Site
X-Skip-Cache
X-ServiceProvider
X-Request-URI
X-Processor
X-Sn-Servicetimems
X-SVT-ORM-RULES
X-Varnish-Url
X-We-Are-Hiring
X-Variation
X-SVT-ORM-VERSION
X-PHP-Host
X-NX-Host
X-Generated-On
X-Powered-By-Defense
X-Fastly-Cache
HA-Ipaddr
X-Geo-Header
X-GeoIP-Country-Code
X-Location
X-Level-Front-Cache
X-HS-Combine-CSS
X-HS-Cache-Config
X-Epic-Correlation-Id
X-Nginx-Cache-Key
Apple-News-Services-Host
Apple-News-Services-Handled
AKAMAI
Adler-Geo
Apple-News-Services-Request-Url
Content-Disposition
Esi-Enabled
Countrycode
X-C
Gh-Request-Id
Apple-News-Services-Parsed-Url
Ha-Gx-Prefs
X-Ua
X-Hnp-Log
X-Irp-Debug
X-Hash
X-Gen-Mode
X-Gannett-Site-Version
X-Key
X-Generation-Time
X-Li-Fabric
X-Method
Web-Mar-Node
X-WADP-Cache
X-LI-UUID
X-LI-Proto
CDCHOST
X-Li-Pop
V-Age
X-Fetched-On
Country-Code
X-BBXSRF
X-Cms-Context
X-Clara-WADP
X-Block-Status
REQUESTUUID
X-CDN-Cache
IsBot
X-Auto-Login
X-Amz-Meta-Cache-Control
User-Cache-Control
X-Distil-CS
X-Dispatcher-Server
X-Device-Os
X-Dispatch
X-FPC
Fastly-Soc-X-Request-Id
X-Server-IP
X-Servername
X-Served-From
X-Secret
X-Response-By
X-SD-PageType
X-Wikidot-Backend
X-SIPLIST1
X-Via-Edge
X-Via-SSL
X-WebServer
PFcat
X-Via-NSCOPI
X-TH-Server
SD-X-WS
X-Wikidot-Static-Cache
SS
X-Reboot
X-Cache-FS-Status
UCS
X-Reqid
X-Qloud-Router
Server-Host
X-Request-Start
X-Amzn-Remapped-Content-Length
CF-IPCountry
X-Origin-Expires
X-Thinkindot-L3
X-GeoIP-City
X-VServer
X-Nc
X-Owner
X-Crawler
N-Cache
Heartbleed
X-Matched-Rule
X-Webstats-RespID
X-Origin-Date
X-Swa-Ws
X-Thanos
X-Release
Pramga
Powered-By
GW-Server
X-Azure-Ref
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Azure-Ref-OriginShield
L
X-Bip
Who
Wxu-Next-Commit
Selected-Fe
Wxu-Next-Region
Thinkindot-Control
Wxu-Next-Hostname
X-OVcl
X-OVcl-Cache
X-Parent-Response-Time
X-Proxy-Upstream
X-TrackingId
X-CUA
X-Proxy-Cache-Status
X-VC-Cache
X-Varnish-Ttl
Kp-EeAlive
X-CLOUD-TRACE-CONTEXT
X-ND-Cache
X-Pf-Uncompressing
X-FE
Mime-Version
X-Urbn-Context-Path
Locale
X-Urbn-Site-Id
X-Ratelimit-Remaining
User-Agent
X-LAGOON
Magicmarker
X-Protected-By
PageSpeed
X-Varnish-Beresp-Ttl
Pragrma
X-Fstrz
Memory
X-Origin-TTL
X-Origin-CC
X-ABtesting
X-Flog
X-Cache-Ttl
X-Hello
X-Page-Type
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-DC
Pagetype
X-Be
X-URL
X-Geo
X-Backend-Url
X-Core-Value
X-Backend-Host
X-Phone
X-User
X-Generated-In
X-Ttl
X-IN-WAF
X-Zone
X-Dynatrace-Js-Agent
X-Backend-TTL
X-MSEdge-Features
X-Tt-Trace-Tag
X-MSEdge-Flight
X-Varnish-Beresp-Grace
X-Up
X-GoCache-CacheStatus
X-Newrelic-Synthetics
X-Cdn-Forward
X-Varnish-Beresp-Status
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-B3-SpanId
X-Soup
X-Debug-Cache-Expiry
X-Birta-Served
X-Birta-Cache-Post
X-Oss-Request-Id
X-Oss-Server-Time
X-TT-LOGID
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Servedbyhost
Cdn
X-Oss-Storage-Class
X-Varnish-IP
X-Check-Cacheable
X-Info
X-Litespeed-Cache
HitType
GeoIp-Country-Code
Geoip-Latitude
X-ZONE
Selected-FE
Geoip-City
X-MID
X-Say-Cacheable
X-Real-Ip
X-Old-Content-Length
X-SayCDN-TTL
SN
Cache-Hits
X-VCL-Version
X-HS-Status
X-Say-TTL
X-Mid
X-Datadome
X-Tb-Optimization-Total-Bytes-Saved
X-Aicache-OS
X-Ruxit-Js-Agent
X-Akamai-SSL-Client-Sid
CF-Cached-On
X-GRACE
Amp-Access-Control-Allow-Source-Origin
X-Agile-Id
FSS-Cache
X-Agile-Age
X-Agile
FSS-Proxy
X-Cache-Debug
X-Vcl-Version
X-Refresh
X-CSRF-TOKEN
X-Source
Fastly-Backend-Name
GeoIP-Country-Code
X-Node-Id
X-ServedByHost
Inserted-Into-Cache-At
X-Amzn-Remapped-Connection
X-Cache-Time
X-Amzn-Remapped-Date
X-Bc
X-BC
X-Web-Server
X-Logtrace-Id
Server-Surrogate-Control
GeoIP-City
X-IN-APIGATEWAYSSL
HostName
GeoIP-Latitude
X-Cache-ASPX
X-Varnish-Authentication
WZWS-RAY
Ajk
X-Contensis-Viewer-Groups
Server-Cache-Control
X-EC-Lua
X-App-Version
RequestId
X-UPSTREAM-Address
X-Via-Ucdn
X-COUNTRY
XServer
X-APP
X-FORWARDED-FOR
X-CSRF-Token
Srv
X-Nananana
X-RateLimit-Remaining-Second
X-Wa
X-RateLimit-Limit-Second
X-Varnish-Beresp-TTL
Ohc-File-Size
Group
Ohc-Cache-HIT
X-Proxy-Cacherz
X-WR-MODIFICATION
Xkeyrz
X-NWS-UUID-VERIFY
X-TIME
X-ECache
X-BE
X-Dynatrace
WebServer
X-LB-ID
HTTPS
PICS-Label
X-PJAX-URL
T-Server
Cf-Ipcountry
X-LiteSpeed-Cache-Control
Xkeynj
X-CACHE-KEY
URI
X-Unique-Id
X-Cache-Tag
Www
Is-Session-Tracking
Get-Access-Time
Backend
MIME-Version
X-GDPR
X-SRV
X-Micro-Cache
X-Render-Time
X-SN
X-PAGE-TYPE
X-Fastly-Country-Code
X-Cache-Miss-From
X-Requestid
X-Sedo-Request-Id
X-Edge-IP
X-Instart-Isnd
X-Request-Url
X-MCACHE
Dynatrace
X-Fastly-Backend-Reqs
Requestid
Cneonction
SID
X-Policy
Lb
X-Cache-Expires
CDN
X-Uri
Host-ID
Xet-Cookie
DataCenter
X-Apw-Hits
Pics-Label
X-Pjax-Url
X-Vct
X-Apw-Access-Token
X-Apw-Access-Object
X-Apw-Access-Action
X-Swift-Error
X-Dw-Trace-Id
X-NGINX-Cache
X-WA
X-Lb-Id
X-Service
Correlation-Id
Cache-Provider
X-Ecache
X-Varnish-Action
Epwk-Cache
X-Cf-Powered-By
X-Cdn-Request-ID
X-PF-Uncompressing
X-Newrelic-App-Data
X-NGENIX-Cache
X-Serial
X-ServerName
X-Zalando-Child-Request-Id
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Fastly-Cache-Hits
Fastcgi-X-Cache
X-Bug-Bounty
Warning
X-Html-Edge-Cache
X-WPE-Loopback-Upstream-Addr
Lfy
X-Flow-Id
RequestUuid
X-RPM
X-RPS
X-RSL
X-DW
X-DSS
X-Page-Impression-Id
X-DB
X-DI
X-Fpc