Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Alt-Svc
X-Adblock-Key
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
Content-Encoding
X-Iinfo
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Age
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Request-Id
X-Amz-Id-2
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
EagleId
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Server-Id
Feature-Policy
Server-Timing
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Host
X-Rq
Report-To
X-Ac
Content-Location
X-Node
X-OneAgent-JS-Injection
X-Backend-Server
X-Cnection
X-Response-Time
X-Request-ID
X-Cloud-Trace-Context
X-Origin-Cache
X-Application-Context
X-Readtime
Request-Id
Allow
EagleEye-TraceId
Surrogate-Control
X-Country
X-ORACLE-DMS-ECID
X-Cache-Lookup
X-Vhost
X-TTL
X-DynaTrace
X-Url
X-Cdn
Pinterest-Generated-By
X-Rack-Cache
X-Clacks-Overhead
X-Origin-Upstream-Status
X-Ua-Compatible
NEL
X-Ruxit-JS-Agent
X-FTR-Request-ID
Rating
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country-Code
X-CST
X-Dns-Prefetch-Control
X-HW
X-Dispatcher
X-Goog-Hash
X-Instart-Request-ID
X-ORACLE-DMS-RID
Fusion-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Template-Id
X-DataStream-Cache-Status
Edge-Control
X-PC
X-TtlSet
X-Vname
X-DataDome
X-Px
X-VARITI-CCR
Service-Worker-Allowed
Verso
X-Mod-Pagespeed
X-MS-InvokeApp
X-Recruiting
X-Varnish-TTL
X-D2id
SPRequestGuid
X-Kinja-Server
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-Use-Magma
X-Cdn-Fetch
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Vcap-Request-Id
RTSS
X-Amz-Server-Side-Encryption
X-Abt-Application-Version
DynaTrace
TCN
X-SharePointHealthScore
X-Navigation-Version
X-GitHub-Request-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Sol
X-RateLimit-Remaining
X-Middleton-Display
X-Middleton-Response
Display
Response
X-Akam-SW-Version
X-Powered-By-Plesk
MS-Author-Via
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
Accept-Ch-Lifetime
Charset
X-Shield-Request-Id
Content-MD5
Accept-Ch
ServerID
X-Amz-Rid
AR-PoweredBy
Ar-Sid
AR-CACHE
AR-ATIME
X-Forwarded-Proto
X-B3-TraceId
Realpath
X-Trace
X-Powered-CMS
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Metageneration
Nginx-Cache
X-DynaTrace-JS-Agent
X-Dw-Request-Base-Id
X-Version
X-Upstream
AR-Request-ID
X-Cached
Fastly-Restarts
Public-Key-Pins
X-Shard
X-ESI
X-Mrf-Item-Lastmod
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Server-Name
Pagespeed
Access-Control-Request-Method
Paypal-Debug-Id
X-MSEdge-Ref
X-Goog-Storage-Class
X-Vcache
X-Grace
SPRequestDuration
SPIisLatency
X-Client-IP
S
X-Debug
X-FTR-Balancer
X-FTR-Backend-Server
X-Country-Code-Real
X-DataStream-Origin-MEX-Latency
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-DC
X-FTR-Realm
X-FTR-Expires
X-DataStream-MidMile-RTT
X-Id
Pinterest-Version
X-Pinterest-Rid
X-Ezoic-Cdn
X-Amz-Meta-S3cmd-Attrs
X-Upstream-Proxy
X-FastCGI-Cache
X-N
X-Fastly-Request-ID
X-T
X-DIS-Request-ID
X-Amzn-Trace-Id
Front-End-Https
Arr-Disable-Session-Affinity
X-NF-Request-ID
MicrosoftSharePointTeamServices
X-Content-Type
X-XRDS-Location
X-B3-Traceid
X-Hits
Accept-CH
X-B3-Sampled
X-Varnish-Age
X-FTR-Cache-Host
X-Ser
Arc-Version
X-Mobile-Rewrite
Fastcgi-Cache
PB-RID
PB-PID
X-Frontend
X-Acc-Meta-Resource-Type
Alternate-Protocol
X-Content-Digest
Server-Name
X-Logged-In
X-Correlation-Id
X-Srv
X-Pad
X-Cache-Key
X-Forwarded-For
X-Node-Name
X-Esi
Nel
AMP-Access-Control-Allow-Source-Origin
X-Microsite
Host
X-Request-Handler-Origin-Region
FilterID
Powered-By-ChinaCache
TP-L2-Cache
TP-Cache
X-Type
X-Rid
Healthy
X-Kinsta-Cache
X-LB-Cache
X-User-Agent
X-IPLB-Instance
X-Request-Processing-Time
X-Request-Received
Edge-Cache-Tag
X-Debug-Info
X-AOL-HN
X-F-Cache
X-Cached-By
X-Cache-2
X-GUploader-UploadID
Powered
X-Zen-Fury
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Revision
X-VCache
X-Hostname
X-HS-Content-Id
X-HS-Hub-Id
X-Cache-Age
X-Cache-Rule
X-Analytics
Backend-Timing
X-XRDS-LOCATION
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Accel-Expires
Surrogate-Key
X-Activity-Id
X-AppVersion
X-Az
X-Via-JSL
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Varnish-Backend
X-Content-Security-Policy-Report-Only
X-Page-Id
X-BCube-Filmed-By
X-RateLimit-Limit
X-Instance
X-FB-Debug
X-Cluster
X-Varnish-Grace
X-Amz-Replication-Status
X-Content-Options
X-Tumblr-User
X-Request-Guid
X-Content-Powered-By
X-PHP-Backend
X-Jobs
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Akamai-Edgescape
Source
Cache-Status
X-App-Environment
X-TT
X-Framework
Cleartype
Server-Node
X-Forwarded-Host
Refresh
X-Signature
X-B-Cache
X-Fastcgi-Cache
X-FW-Static
X-FW-Serve
X-FW-Server
X-FW-Type
X-FW-Hash
X-Varnish-Hostname
X-Server-ID
Liferay-Portal
Tracecode
X-ATG-Version
DC
Host-Header
WPE-Backend
Accept-Charset
X-Mobile
X-Cache-Operation
Access-Control-Allow-Method
X-Cache-Control
X-Edge-Location
X-Cache-Action
Fastcgi-Useragent
X-Drupal-Cache-Tags
X-Time
Actual-Object-TTL
X-APP-VERSION
X-Cache-Hit
Accept-CH-Lifetime
X-B
X-Erf-Bev-Bev-Is-Generated
X-Response-Served-From
X-Mobile-URL
X-Erf-Bev-Bev
X-Accel-Buffering
Payment
X-Hp-Webp
X-TX-ID
X-Storage
X-Whom
X-NWS-LOG-UUID
X-Git-Hash
X-App-Server
X-WebKit-CSP-Report-Only
Upgrade-Insecure-Requests
X-Oracle-Dms-Rid
X-Content-Age
X-TT-TIMESTAMP
Cache
Cache-Tv-Group
X-WA-Info
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Handled-By
Filters
X-Cacheable-TTL
X-SS-Set-Cookie
X-UA-Device-Type
X-Adobe-Content
X-GeoIP
Eomportal-Instance
X-Adobe-Loc
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Status
Xserver
X-ProcessESI
X-RemovedCookies
X-RequestSource
NGB
X-Geo-Country
Viewport
X-VG-WebCache
Cache-Tag
Retry-After
Datacenter
Webserver
X-Ratelimit-Reset
X-Cache-TTL-Remaining
X-FW-Dynamic
Server-Info
X-Cache-TTL
X-FB-TRIP-ID
X-Seen-By
X-Cache-Enabled
MS-CV
X-TA-CDN-Provider
X-Host-Name
X-Contextid
X-B3-Spanid
X-Ratelimit-Limit
X-Presslabs-Stats
X-PressLabs-Stats
Frame-Options
S-Cnection
X-Origin-Server
From-Origin
X-Generated-By
Ms-Operation-Id
X-Hyper-Cache
Country
X-RTag
X-Mode
X-Cache-Var
X-Cache-Var-Map
X-ES-SERVER
Machine
Load-Balancing
X-CF-Powered-By
Meta-Geo
X-Tumblr-Pixel-3
X-RN-RSRV
X-Cache-Config
X-Path-Route
Cache-Key
X-Section
X-Upstream-HT
X-Cache-Grace
X-Hit
X-Upstream-CT
X-Zipkin-Id
X-MP-GENERATED-AT
X-Access
X-Routing-Service
X-Proxied
X-Labrador-Cache-Channel
Vix-Hermes-Req-Id
Decoy-Debug-Status
X-TNCMS
X-Human
X-OCL
X-Upgrade-Enabled
X-Backend-Name
X-Loop
X-From
X-RCS-CacheZone
X-Varnish-Cache-Hits
Now
X-Web-Node
Decoy-Debug-TTL
X-PCL
Decoy-Debug-Key
X-Cache-Host
X-Varnish-Server
X-Viewer-Country
X-CCM
Mn-Server-Ip
X-Alternate-Cache-Key
X-AWS-Id
Rt-Fastcgi-Cache
X-Debug-Cache
X-Akamai-Request-ID
ServedBy
X-Magnolia-Registration
X-ShardId
X-Origin-Response-Time
X-LJ-Flow-ID
X-Sorting-Hat-ShopId
X-ShopId
X-VG-TLSProxy
X-R9-Blue-Green-Version
X-Sorting-Hat-PodId
X-VWS-Id
X-Shopify-Stage
X-L-Path
X-Varnish-Hits
X-Endurance-Cache-Level
X-EIG-Tracking-Id
X-Region
X-Rule
X-Environment-Context
Mail-Subject
Cache-Name
X-S
X-Via-Fastly
DB-Nickname
OT-Force-Account-Verify
GEO-INFO
DSUID
X-Rendered-As
We-Hiring
X-Hosted-By
X-JoinUs
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated
X-Drupal-Cache-Contexts
X-FC-Vary-Parameters
X-NCache
SRV
X-Proxy-Build
X-Xfnlog-Site
Akamai-GRN
X-Cluster-Node
X-Proto
X-Timing-Wait
X-Device-Type
Uber-Trace-Id
Release
X-Guploader-Uploadid
X-Trace-Id
X-Site-Version
X-Locale
X-Nginx-Cache
X-BYPASS-REASON
X-ProxyCache-Status
X-Redis-Cache
X-Www-Served-By
X-ProxyCache-Key
Cteonnt-Length
X-VCT
NGX
X-Load-Cache
Version
ProcessTime
X-UUID
X-Request-Time
X-Platform-Server
X-Time-Microsecs
X-IP
Time
X-Cache-NE
X-Daa-Tunnel
X-Via-CDN
X-FW-Version
Azure-SiteName
Azure-RegionName
Azure-InstanceId
Azure-SlotName
Azure-Version
X-Origin
X-ECACHE
S-Rt
X-Wix-Request-Id
X-NewRelic-App-Data
X-EdgeConnect-Cache-Status
X-GEO
X-MServer
Webcakes-App-Version
X-Rocket-Nginx-Bypass
Webcakes-App-Name
Webcakes-Region
TWC-Locale-Group
TWC-Connection-Speed
Property-Id
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Privacy
X-Origin-Hint
X-Hl-Ver
NtCoent-Length
X-Cache-Remote
X-Proxy
X-Dc
X-Vgn-Hpd-Reason
X-FireWall-Port
X-ServerID
X-No-Session
X-IPS-LoggedIn
X-SERVER-NAME
CACHE
X-Akamai-Request-ID2
X-CDN-Forward
Origin
X-HTML-Minification-Powered-By
X-Akamai-Transformed
X-PERF
X-Distributor
X-ApacheServer
X-Real-IP
Odigeo-Trace-Id
X-Format
X-CS
X-Oneagent-Js-Injection
Fastly-SSL
X-Cache-Backend
X-Cache-Server
X-RateLimit-Reset
L5d-Success-Class
Ec-Rule-Version
X-Compress-Hint
X-Unique-ID
X-Pubstack
X-UA
Cache-Tags
Access-Control-Request-Headers
X-Microcachable
Served-By
Hostname
Origin-Cache-Control
X-UnsetCookies
Origin-Edge-Control
LB
X-NC
X-Webkit-Csp
Fastcgi-X-Cache-Version
X-Tb
X-Grey
IBM-Web2-Location
X-Cache-Category-Id
X-B3-Parentspanid
X-Varnish-Cacheable
Accept-Language
Backend-Name
A
Meta-Geo-Continent
Mobile-Detection-Method
Node
MD5-Digest
Cache-Cookie-Set-Idcheck
Fly-Cache
Cache-Cookie-Set-From
Fastly-SWR
Cache-Cookie-Set-Lfrom
Cross-Origin-Window-Policy
Fastly-SIE
Fly-Request-Id
GEO-REGION-INFO
Content-Script-Type
Cdn-Request-Time
Cdn-Host
Content-Style-Type
Cache-Prefix
BehaviorPad-Version
AsisCache
Arc-Country
X-Cache-Bucket
X-Org
X-NU-AKA-ACS-Version
X-PAYTM-SRV-ID
X-Rebelmouse-Cache-Control
X-Region-Sid
X-Rebelmouse-Surrogate-Control
X-Is-Bot
X-Internal-Host
X-Edge-Server
X-DPWN-IS-SECURE
X-External-Request-Id
X-G
X-Instart-Info
X-IN-APIGATEWAY
X-Request-UUID
X-Rewrite-Enabled
X-VG-WebServer
X-Twitter-Response-Tags
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-Worker
X-Trv-Group
X-Transaction
X-S-Cookie
X-Rojux
X-S-Maxage
X-ScT
X-SRCache-Key
X-Server-Time
X-Developer
X-Detected-As
X-A-Ccd
X-A
X-A-Dcw
X-A-Dgt
X-Accel-Expires-Debug
X-A-Wwc
VivaBuild
Viewtype
Request-Country
Rendered-Blocks
Request-EU
Request-Time
Server-ID
Rt-Proxy-Cache
X-Aed
X-AIR-PT
X-Cluster-Name
X-CF-Lambda-Version
X-Connection-Hash
X-D
X-Destination
X-Date
X-CF-Lambda-Fn
X-Cdn-Srv
X-Application
X-App-Name
X-ARC
X-B-Cookie
ServerName
Proxy-Firewall
X-A-Dam
X-Edge
X-BACKEND-TTL
Proxy-Connection
X-ElasticPress-Search
W
X-Backend-State
X-Cache-Id
X-Cache-Info
X-CGP
X-Debug-Log
X-Debug-Cookies
X-Core-Mission
X-Clientip
X-Cdn-Origin
Server-Int
Platform
On-Server
Memcached
Is-Eu
Resin-Trace
RNT-Machine
X-Developers
Section-Io-Cache
RNT-Time
True-Client-Country-4JS
X-Eu-Site
X-Skip-Cache
X-ServiceProvider
X-Request-URI
X-Processor
X-Sn-Servicetimems
X-SVT-ORM-RULES
X-Varnish-Url
X-We-Are-Hiring
X-Variation
X-SVT-ORM-VERSION
X-PHP-Host
X-NX-Host
X-Generated-On
X-Powered-By-Defense
X-Fastly-Cache
HA-Ipaddr
X-Geo-Header
X-GeoIP-Country-Code
X-Location
X-Level-Front-Cache
X-HS-Combine-CSS
X-HS-Cache-Config
X-Epic-Correlation-Id
X-Nginx-Cache-Key
Apple-News-Services-Host
Apple-News-Services-Handled
AKAMAI
Adler-Geo
Apple-News-Services-Request-Url
Content-Disposition
Esi-Enabled
Countrycode
X-C
Gh-Request-Id
Apple-News-Services-Parsed-Url
Ha-Gx-Prefs
X-Ua
X-Hnp-Log
X-Irp-Debug
X-Hash
X-Gen-Mode
X-Gannett-Site-Version
X-Key
X-Generation-Time
X-Li-Fabric
X-Method
Web-Mar-Node
X-WADP-Cache
X-LI-UUID
X-LI-Proto
CDCHOST
X-Li-Pop
V-Age
X-Fetched-On
Country-Code
X-BBXSRF
X-Cms-Context
X-Clara-WADP
X-Block-Status
REQUESTUUID
X-CDN-Cache
IsBot
X-Auto-Login
X-Amz-Meta-Cache-Control
User-Cache-Control
X-Distil-CS
X-Dispatcher-Server
X-Device-Os
X-Dispatch
X-FPC
Fastly-Soc-X-Request-Id
X-Server-IP
X-Servername
X-Served-From
X-Secret
X-Response-By
X-SD-PageType
X-Wikidot-Backend
X-SIPLIST1
X-Via-Edge
X-Via-SSL
X-WebServer
PFcat
X-Via-NSCOPI
X-TH-Server
SD-X-WS
X-Wikidot-Static-Cache
SS
X-Reboot
X-Cache-FS-Status
UCS
X-Reqid
X-Qloud-Router
Server-Host
X-Request-Start
X-Amzn-Remapped-Content-Length
CF-IPCountry
X-Origin-Expires
X-Thinkindot-L3
X-GeoIP-City
X-VServer
X-Nc
X-Owner
X-Crawler
N-Cache
Heartbleed
X-Matched-Rule
X-Webstats-RespID
X-Origin-Date
X-Swa-Ws
X-Thanos
X-Release
Selected-Fe
Wxu-Next-Region
Pramga
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Azure-Ref-OriginShield
Thinkindot-Control
X-Bip
Powered-By
X-Azure-Ref
Wxu-Next-Hostname
Wxu-Next-Commit
Who
GW-Server
L
X-OVcl
X-Parent-Response-Time
X-TrackingId
X-Proxy-Upstream
X-Proxy-Cache-Status
X-VC-Cache
X-OVcl-Cache
Mime-Version
X-CUA
X-Varnish-Ttl
X-ND-Cache
X-FE
X-CLOUD-TRACE-CONTEXT
Kp-EeAlive
X-Pf-Uncompressing
X-Urbn-Site-Id
X-Urbn-Context-Path
Locale
X-Protected-By
X-Ratelimit-Remaining
PageSpeed
Magicmarker
User-Agent
X-LAGOON
X-Varnish-Beresp-Ttl
Memory
X-Fstrz
Pragrma
X-Origin-CC
X-Origin-TTL
X-Flog
X-ABtesting
X-Planisys-CDN-TTL
X-Page-Type
X-Hello
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Cache-Ttl
X-DC
Pagetype
X-URL
X-Be
X-Ttl
X-Phone
X-Backend-Url
X-Geo
X-User
X-Backend-Host
X-Core-Value
X-Generated-In
X-IN-WAF
X-Backend-TTL
X-Dynatrace-Js-Agent
X-Zone
X-Varnish-Beresp-Status
X-MSEdge-Flight
X-Up
X-Tt-Trace-Tag
X-MSEdge-Features
X-Newrelic-Synthetics
X-Cdn-Forward
X-GoCache-CacheStatus
X-Varnish-Beresp-Grace
X-Soup
X-Debug-Cache-Expiry
X-Debug-Cache-Store
X-B3-SpanId
X-Debug-Cache-Fetch
X-Birta-Served
X-Birta-Cache-Post
Cdn
X-Oss-Object-Type
X-Servedbyhost
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-TT-LOGID
X-Litespeed-Cache
X-Check-Cacheable
X-Varnish-IP
X-Info
Selected-FE
Geoip-City
Geoip-Latitude
HitType
GeoIp-Country-Code
X-ZONE
X-MID
X-HS-Status
X-VCL-Version
Cache-Hits
X-Say-Cacheable
X-Old-Content-Length
X-Say-TTL
X-SayCDN-TTL
SN
X-Real-Ip
X-Mid
X-Aicache-OS
X-Tb-Optimization-Total-Bytes-Saved
X-Datadome
CF-Cached-On
X-Akamai-SSL-Client-Sid
Amp-Access-Control-Allow-Source-Origin
X-Ruxit-Js-Agent
X-GRACE
FSS-Proxy
X-Agile-Id
X-Vcl-Version
X-Agile
X-Refresh
X-Agile-Age
FSS-Cache
X-Cache-Debug
X-Source
X-CSRF-TOKEN
GeoIP-Country-Code
X-Amzn-Remapped-Date
X-ServedByHost
X-Amzn-Remapped-Connection
Inserted-Into-Cache-At
Fastly-Backend-Name
X-Node-Id
X-Cache-Time
X-Bc
X-Web-Server
X-BC
X-Varnish-Authentication
Server-Cache-Control
Server-Surrogate-Control
X-Logtrace-Id
GeoIP-Latitude
Ajk
WZWS-RAY
X-IN-APIGATEWAYSSL
HostName
GeoIP-City
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-App-Version
X-EC-Lua
XServer
X-UPSTREAM-Address
RequestId
X-Via-Ucdn
X-APP
X-COUNTRY
X-CSRF-Token
X-Nananana
X-FORWARDED-FOR
Srv
X-Wa
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Proxy-Cacherz
Group
X-BE
Ohc-Cache-HIT
Ohc-File-Size
X-NWS-UUID-VERIFY
X-ECache
X-Varnish-Beresp-TTL
Xkeyrz
X-WR-MODIFICATION
X-TIME
X-Dynatrace
WebServer
PICS-Label
HTTPS
T-Server
Cf-Ipcountry
X-LB-ID
X-PJAX-URL
X-LiteSpeed-Cache-Control
X-SN
Www
X-Unique-Id
X-SRV
X-CACHE-KEY
X-GDPR
Backend
X-PAGE-TYPE
Is-Session-Tracking
Xkeynj
X-Fastly-Country-Code
X-Cache-Tag
URI
Get-Access-Time
X-Render-Time
X-Requestid
X-Micro-Cache
X-Edge-IP
X-Cache-Miss-From
X-Request-Url
X-Sedo-Request-Id
X-Instart-Isnd
X-MCACHE
MIME-Version
Dynatrace
CDN
Host-ID
X-Fastly-Backend-Reqs
Requestid
X-Cache-Expires
Lb
SID
Cneonction
X-Uri
X-Policy
Xet-Cookie
DataCenter
Pics-Label
X-Vct
X-Pjax-Url
X-Apw-Access-Object
X-Apw-Access-Action
X-Apw-Access-Token
X-Apw-Hits
X-Swift-Error
X-Dw-Trace-Id
X-NGINX-Cache
Cache-Provider
Correlation-Id
X-WA
X-Varnish-Action
X-Cdn-Request-ID
X-Service
X-Lb-Id
X-Cf-Powered-By
Epwk-Cache
X-PF-Uncompressing
X-Ecache
X-Newrelic-App-Data
X-NGENIX-Cache
X-Serial
RequestUuid
Fastcgi-X-Cache
X-DSS
X-Bug-Bounty
Warning
Lfy
X-Zalando-Child-Request-Id
X-Akamai-ERPolicy
X-Fastly-Cache-Hits
X-Page-Impression-Id
X-Akamai-ERRuleID
X-Html-Edge-Cache
X-WPE-Loopback-Upstream-Addr
X-RPS
X-RSL
X-Fpc
X-RPM
X-DW
X-DB
X-DI
X-Flow-Id
X-ServerName