Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Request-Id
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
X-Drupal-Cache
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
P3p
X-Template
Status
X-Language
Timing-Allow-Origin
Content-Encoding
X-Content-Security-Policy
X-Iinfo
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Amz-Id-2
X-Amz-Request-Id
X-Pingback
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
X-Server-Powered-By
EagleId
X-Varnish-Cache
X-UA-Device
X-Nginx-Cache-Status
Request-Context
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-SaveTime
X-Swift-CacheTime
X-WebKit-CSP
Ali-Swift-Global-Savetime
Feature-Policy
X-Device
Server-Timing
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Host
Report-To
X-Ac
X-Rq
X-Server-Id
Content-Location
X-OneAgent-JS-Injection
X-Node
X-Backend-Server
X-Cnection
X-Response-Time
X-Origin-Cache
X-Cloud-Trace-Context
X-Application-Context
EagleEye-TraceId
Allow
Request-Id
X-Readtime
Surrogate-Control
X-Cache-Lookup
X-Country
X-ORACLE-DMS-ECID
X-TTL
X-Url
X-DynaTrace
X-Vhost
X-Cdn
X-Rack-Cache
X-Clacks-Overhead
Pinterest-Generated-By
X-Ruxit-JS-Agent
NEL
X-Origin-Upstream-Status
X-Ua-Compatible
X-CST
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Rating
X-ORACLE-DMS-RID
X-FTR-Request-ID
X-Country-Code
X-HW
X-Goog-Hash
X-Instart-Request-ID
X-Dispatcher
Fusion-Component-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
X-DataStream-Cache-Status
Edge-Control
X-Vname
X-PC
X-TtlSet
X-Px
X-VARITI-CCR
Service-Worker-Allowed
X-MS-InvokeApp
X-Mod-Pagespeed
SPRequestGuid
Verso
X-DataDome
X-Recruiting
X-Request-ID
X-Use-Magma
X-Kinja-Revision
X-GoogleNews-Bot
X-Kinja-Build
X-Cdn-Fetch
X-Exp-Variant
X-Dns-Prefetch-Control
X-Kinja-Server
X-Exp-Id
X-Kinja
X-D2id
X-Varnish-TTL
X-Vcap-Request-Id
X-SharePointHealthScore
X-B3-TraceId
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
RTSS
X-ESI
DynaTrace
TCN
X-Navigation-Version
X-Powered-By-Plesk
X-RateLimit-Remaining
X-GitHub-Request-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Response
Display
X-Middleton-Display
X-Sol
X-Middleton-Response
X-Akam-SW-Version
Accept-Ch-Lifetime
Content-MD5
Charset
X-Server-Name
MS-Author-Via
AR-CACHE
Ar-Sid
AR-PoweredBy
AR-ATIME
ServerID
X-Shield-Request-Id
X-Amz-Rid
X-Trace
Realpath
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-Dw-Request-Base-Id
X-Powered-CMS
AR-Request-ID
X-Cached
X-DynaTrace-JS-Agent
Nginx-Cache
X-Version
X-Server-ID
X-Forwarded-Proto
X-Upstream
X-Shard
Fastly-Restarts
X-B3-TraceId-Primal
MRF-Tech
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-Mrf-Item-Lastmod
Public-Key-Pins
SPIisLatency
SPRequestDuration
X-Goog-Storage-Class
Accept-Ch
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Proxy
Access-Control-Request-Method
X-MSEdge-Ref
Paypal-Debug-Id
X-Client-IP
Pagespeed
S
Accept-CH
X-Debug
X-DataStream-MidMile-RTT
X-Amz-Meta-S3cmd-Attrs
X-DataStream-Origin-MEX-Latency
X-Id
X-FTR-DC
X-FTR-Balancer
X-FTR-Cache-Status
X-Ezoic-Cdn
X-FTR-Backend-Server
X-FTR-Realm
X-Country-Code-Real
X-FTR-Backend
X-FTR-Expires
X-N
X-T
X-DIS-Request-ID
MicrosoftSharePointTeamServices
X-Fastly-Request-ID
X-XRDS-Location
X-Grace
Arr-Disable-Session-Affinity
Front-End-Https
X-VCache
X-NF-Request-ID
PB-RID
PB-PID
X-Varnish-Age
Arc-Version
X-Mobile-Rewrite
X-Amzn-Trace-Id
X-Content-Type
X-Ser
X-Hits
X-B3-Sampled
Alternate-Protocol
X-Acc-Meta-Resource-Type
Fastcgi-Cache
X-Frontend
X-FTR-Cache-Host
X-Logged-In
X-Content-Digest
Server-Name
X-Vcache
X-Pad
X-Correlation-Id
X-Forwarded-For
X-Srv
Host
X-Fastcgi-Cache
AMP-Access-Control-Allow-Source-Origin
X-FastCGI-Cache
X-Node-Name
Powered-By-ChinaCache
Nel
X-Request-Handler-Origin-Region
X-Microsite
FilterID
TP-Cache
TP-L2-Cache
Healthy
X-Rid
Edge-Cache-Tag
X-Kinsta-Cache
X-Type
X-LB-Cache
X-Debug-Info
X-IPLB-Instance
X-Request-Received
X-Request-Processing-Time
X-AOL-HN
X-User-Agent
X-GUploader-UploadID
X-Cached-By
X-Cache-2
X-Hostname
X-B3-Traceid
X-F-Cache
X-Revision
X-HS-Content-Id
X-HS-Hub-Id
X-Cache-Key
X-Cache-Rule
Powered
X-Zen-Fury
X-Amz-Apigw-Id
X-Amzn-RequestId
Surrogate-Key
X-XRDS-LOCATION
X-Cache-Age
Backend-Timing
X-Analytics
X-Accel-Expires
X-RateLimit-Limit
X-Page-Id
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Varnish-Backend
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Content-Security-Policy-Report-Only
X-Content-Options
X-Varnish-Grace
X-BCube-Filmed-By
X-Instance
X-Tumblr-User
X-Tumblr-Pixel
X-Az
Source
X-Tumblr-Pixel-0
X-Jobs
X-AppVersion
X-Activity-Id
X-FB-Debug
X-Cluster
X-Amz-Replication-Status
X-Request-Guid
X-Via-JSL
Cache-Status
X-Content-Powered-By
X-Akamai-Edgescape
X-PHP-Backend
X-App-Environment
X-TT
Cleartype
X-Framework
Tracecode
Server-Node
X-Varnish-Hostname
WPE-Backend
X-Forwarded-Host
Refresh
X-B-Cache
X-Signature
Host-Header
X-FW-Serve
X-FW-Server
X-FW-Hash
X-FW-Type
X-ATG-Version
X-FW-Static
X-Mobile
X-Cache-Operation
X-Cache-Control
X-Time
Liferay-Portal
Accept-Charset
X-NWS-LOG-UUID
DC
Actual-Object-TTL
X-Edge-Location
X-Drupal-Cache-Tags
X-Cache-Action
Access-Control-Allow-Method
X-Cache-TTL
Fastcgi-Useragent
X-Cache-Hit
Upgrade-Insecure-Requests
Cache
X-App-Server
X-Hp-Webp
X-Accel-Buffering
X-Response-Served-From
X-Mobile-URL
X-TX-ID
X-Esi
X-Whom
Payment
X-Storage
X-B
X-WebKit-CSP-Report-Only
X-Content-Age
X-UA-Device-Type
X-TT-TIMESTAMP
X-Handled-By
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-RequestSource
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-SS-Set-Cookie
X-Cacheable-TTL
Filters
Xserver
X-Git-Hash
X-GeoIP
Eomportal-Instance
Cache-Tv-Group
X-VG-WebCache
X-Adobe-Content
X-Adobe-Loc
X-ProcessESI
X-WA-Info
X-Geo-Country
Viewport
X-RemovedCookies
X-Ratelimit-Reset
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Status
Server-Info
Cache-Tag
X-FB-TRIP-ID
X-TA-CDN-Provider
Webserver
Datacenter
NGB
X-Cache-TTL-Remaining
X-Cache-Enabled
Accept-CH-Lifetime
Retry-After
X-APP-VERSION
X-FW-Dynamic
X-Contextid
X-Seen-By
S-Cnection
X-Ratelimit-Limit
X-Presslabs-Stats
X-Host-Name
X-PressLabs-Stats
X-Mode
Country
X-CF-Powered-By
MS-CV
From-Origin
X-Origin-Server
Frame-Options
X-Magnolia-Registration
Machine
Meta-Geo
Load-Balancing
X-Varnish-Hits
X-Tumblr-Pixel-3
X-RN-RSRV
X-VWS-Id
X-Path-Route
X-AWS-Id
X-LJ-Flow-ID
X-ES-SERVER
X-Cache-Var
X-Cache-Var-Map
X-Cache-Config
Vix-Hermes-Req-Id
X-Labrador-Cache-Channel
X-Routing-Service
X-Human
Release
Mail-Subject
DSUID
X-Cache-Host
X-Cache-Grace
Cache-Key
X-Hit
X-Daa-Tunnel
X-Upstream-CT
We-Hiring
GEO-INFO
X-Zipkin-Id
X-Proxied
X-Upstream-HT
X-Hyper-Cache
X-Rendered-As
X-Varnish-Cache-Hits
X-Backend-Name
X-Device-Type
X-RCS-CacheZone
X-OCL
Now
X-Generated-By
X-MP-GENERATED-AT
X-PCL
X-Debug-Cache
X-Loop
X-Section
X-From
X-TNCMS
X-Varnish-Server
X-Viewer-Country
X-Web-Node
X-EIG-Tracking-Id
Mn-Server-Ip
X-Access
Uber-Trace-Id
ServedBy
Decoy-Debug-Status
Decoy-Debug-Key
Akamai-GRN
Decoy-Debug-TTL
X-Alternate-Cache-Key
X-R9-Blue-Green-Version
OT-Force-Account-Verify
X-Akamai-Request-ID
X-Rule
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
Rt-Fastcgi-Cache
X-ShopId
X-VG-TLSProxy
X-ShardId
X-BYPASS-REASON
X-Upgrade-Enabled
Ms-Operation-Id
X-RTag
X-CCM
X-ProxyCache-Status
X-L-Path
X-Environment-Context
X-Origin-Response-Time
X-Cluster-Node
X-Proto
X-ProxyCache-Key
X-Timing-Wait
X-S
X-Region
X-FC-Vary-Parameters
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated
X-Endurance-Cache-Level
X-NCache
X-Xfnlog-Site
X-Proxy-Build
Cache-Name
X-Hosted-By
DB-Nickname
X-JoinUs
X-Guploader-Uploadid
X-Via-Fastly
X-NewRelic-App-Data
X-Cache-NE
NGX
X-Trace-Id
X-Redis-Cache
X-Drupal-Cache-Contexts
X-Locale
X-Nginx-Cache
X-Site-Version
X-UUID
X-Www-Served-By
X-Platform-Server
X-Load-Cache
X-Real-IP
X-VCT
X-MServer
Cteonnt-Length
X-EdgeConnect-Cache-Status
X-Hl-Ver
ProcessTime
X-Vgn-Hpd-Reason
X-Cache-Remote
X-Rocket-Nginx-Bypass
X-ServerID
X-Request-Time
X-ECACHE
Time
X-Oracle-Dms-Rid
X-B3-Spanid
X-Time-Microsecs
X-IP
X-Wix-Request-Id
X-Via-CDN
X-IPS-LoggedIn
Version
Azure-SlotName
Azure-Version
Azure-InstanceId
X-FW-Version
Azure-SiteName
S-Rt
X-Origin
Azure-RegionName
NtCoent-Length
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Privacy
TWC-Device-Class
TWC-Locale-Group
Property-Id
Origin
X-GEO
SRV
Webcakes-App-Name
TWC-Connection-Speed
Webcakes-App-Version
X-Origin-Hint
Webcakes-Region
X-Proxy
L5d-Success-Class
X-Cache-Backend
Served-By
X-FireWall-Port
X-No-Session
X-Distributor
X-Dc
X-Microcachable
X-Unique-ID
X-Oneagent-Js-Injection
Fastly-SSL
Origin-Cache-Control
X-Datadome
Odigeo-Trace-Id
CACHE
Origin-Edge-Control
X-Cache-Server
X-ApacheServer
Fastcgi-X-Cache-Version
X-PERF
X-RateLimit-Reset
X-Pubstack
X-Grey
X-Cache-Category-Id
X-UA
X-Format
X-Akamai-Request-ID2
IBM-Web2-Location
X-CS
Hostname
Cache-Tags
X-Is-Bot
X-Detected-As
X-Webkit-Csp
X-Akamai-Transformed
X-HTML-Minification-Powered-By
Ec-Rule-Version
X-UnsetCookies
X-Powered-By-Defense
X-Edge
Access-Control-Request-Headers
Proxy-Connection
X-GRACE
X-Via-NSCOPI
X-Compress-Hint
X-Ua
X-Varnish-Cacheable
Backend-Name
Content-Style-Type
Request-EU
Request-Time
X-G
Content-Script-Type
Request-Country
Proxy-Firewall
Cdn-Request-Time
X-External-Request-Id
Rendered-Blocks
Cross-Origin-Window-Policy
X-SRCache-Key
GEO-REGION-INFO
Fly-Request-Id
Fly-Cache
Fastly-SIE
X-NU-AKA-ACS-Version
Xc-Version
Rt-Proxy-Cache
Server-ID
ServerName
X-BACKEND-TTL
Cdn-Host
Ha-Gx-Prefs
X-DPWN-IS-SECURE
Viewtype
X-Tb
X-Edge-Server
X-HS-Combine-CSS
X-HS-Cache-Config
A
Meta-Geo-Continent
MD5-Digest
Node
X-IN-APIGATEWAY
X-Instart-Info
X-Internal-Host
Cache-Prefix
X-Eu-Site
HA-Ipaddr
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
AsisCache
BehaviorPad-Version
Cache-Cookie-Set-From
Mobile-Detection-Method
VivaBuild
X-Region-Sid
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-B-Cookie
X-Connection-Hash
X-Cache-Bucket
X-ARC
X-Rebelmouse-Surrogate-Control
X-Processor
X-AIR-PT
X-D
X-App-Name
Fastly-SWR
X-Rebelmouse-Cache-Control
X-Cluster-Name
X-Request-UUID
X-Trv-Group
X-ScT
X-CF-Lambda-Version
X-Twitter-Response-Tags
X-VG-WebServer
X-CGP
X-S-Maxage
X-CF-Lambda-Fn
X-Rewrite-Enabled
X-Cdn-Srv
X-Rojux
X-S-Cookie
X-Transaction
X-PAYTM-SRV-ID
X-Application
X-A-Ccd
X-A-Dam
X-A-Dcw
X-A-Dgt
X-A
X-Destination
X-Developer
X-Server-Time
X-Worker
X-Accel-Expires-Debug
X-A-Wwc
X-Debug-Cookies
X-Aed
X-NX-Host
X-Date
X-Org
X-Debug-Log
Mime-Version
X-CDN-Forward
X-NC
X-ElasticPress-Search
SS
Server-Int
X-Sn-Servicetimems
True-Client-Country-4JS
Platform
X-Dispatcher-Server
Gh-Request-Id
X-Fastly-Cache
X-Cdn-Origin
X-Core-Mission
Is-Eu
X-Backend-State
Memcached
Resin-Trace
RNT-Machine
RNT-Time
On-Server
X-Dispatch
Section-Io-Cache
X-Cache-Info
X-Cache-Id
X-Epic-Correlation-Id
Server-Host
Arc-Country
X-Qloud-Router
X-C
X-PHP-Host
X-Level-Front-Cache
X-Irp-Debug
Apple-News-Services-Handled
X-Reqid
Adler-Geo
X-Location
X-We-Are-Hiring
X-Nc
X-TH-Server
X-ServiceProvider
X-B3-Parentspanid
X-Nginx-Cache-Key
X-Server-IP
X-Clientip
Apple-News-Services-Host
X-Key
Apple-News-Services-Parsed-Url
X-Geo-Header
PageSpeed
Countrycode
X-Variation
X-Generated-On
Esi-Enabled
X-GeoIP-Country-Code
Country-Code
X-Hash
Apple-News-Services-Request-Url
X-Request-URI
Wxu-Next-Region
X-Block-Status
Wxu-Next-Hostname
X-SD-PageType
Wxu-Next-Commit
Web-Mar-Node
X-Servername
Who
X-Request-Start
X-Swa-Ws
X-Wikidot-Static-Cache
X-Webstats-RespID
X-Protected-By
X-Amz-Meta-Cache-Control
X-Crawler
X-Reboot
X-SVT-ORM-VERSION
X-CDN-Cache
X-Served-From
X-Secret
X-Auto-Login
X-Response-By
X-WebServer
X-BBXSRF
X-Wikidot-Backend
X-Device-Os
Powered-By
PFcat
X-Hnp-Log
Pramga
V-Age
X-LI-Proto
X-Li-Pop
AKAMAI
X-Distil-CS
X-FPC
X-Generation-Time
X-Gannett-Site-Version
X-Fetched-On
Content-Disposition
IsBot
CDCHOST
X-LI-UUID
X-Li-Fabric
LB
X-ND-Cache
X-Method
X-SVT-ORM-RULES
X-Gen-Mode
User-Cache-Control
UCS
X-Developers
X-SIPLIST1
SD-X-WS
X-Skip-Cache
REQUESTUUID
Accept-Language
X-GeoIP-City
X-Thinkindot-L3
X-Origin-Expires
W
X-Thanos
X-Origin-Date
X-Via-Edge
X-CUA
X-Release
X-Owner
X-Matched-Rule
X-Cms-Context
X-Via-SSL
X-VServer
Thinkindot-CacheControl
X-Azure-Ref
X-Cache-FS-Status
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Azure-Ref-OriginShield
GW-Server
Heartbleed
X-Bip
Fastly-Soc-X-Request-Id
X-B3-SpanId
X-Cdn-Forward
Pragrma
X-Parent-Response-Time
X-Fstrz
X-Clara-WADP
X-WADP-Cache
X-VC-Cache
X-Varnish-Url
CF-IPCountry
X-Varnish-Ttl
X-CLOUD-TRACE-CONTEXT
L
X-OVcl-Cache
X-OVcl
X-LAGOON
Memory
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Ratelimit-Remaining
X-Proxy-Upstream
N-Cache
X-Proxy-Cache-Status
X-Planisys-CDN-Rules
X-Be
X-DC
X-Origin-CC
X-Origin-TTL
X-IN-WAF
X-Phone
X-FE
X-TrackingId
Kp-EeAlive
X-Core-Value
Selected-Fe
X-Amzn-Remapped-Content-Length
X-Varnish-Beresp-Ttl
X-Birta-Served
X-Geo
X-Page-Type
User-Agent
X-Birta-Cache-Post
X-SERVER-NAME
Locale
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Varnish-IP
Magicmarker
X-Pf-Uncompressing
X-Info
X-App-Version
Selected-FE
HitType
X-URL
X-Ttl
X-Dynatrace-Js-Agent
X-Varnish-Beresp-Status
X-Flog
X-Backend-TTL
Cdn
Pagetype
X-Hello
X-Varnish-Beresp-Grace
X-ABtesting
X-Zone
X-CACHE-KEY
X-Generated-In
X-Newrelic-Synthetics
X-User
X-Servedbyhost
X-Source
X-TT-LOGID
X-Litespeed-Cache
X-Backend-Host
SN
GeoIp-Country-Code
X-Backend-Url
X-GoCache-CacheStatus
Geoip-City
X-Web-Server
X-Agile
X-Soup
X-Agile-Age
X-Agile-Id
X-Cache-Debug
X-Refresh
X-Up
CF-Cached-On
Geoip-Latitude
X-Check-Cacheable
X-MID
X-ZONE
X-Mid
X-Real-Ip
X-Debug-Cache-Expiry
X-HS-Status
X-VCL-Version
X-Debug-Cache-Fetch
X-Tt-Trace-Tag
X-Debug-Cache-Store
X-MSEdge-Features
X-MSEdge-Flight
X-Oss-Server-Time
X-Oss-Request-Id
X-Tb-Optimization-Total-Bytes-Saved
X-Oss-Object-Type
X-Aicache-OS
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Ruxit-Js-Agent
Amp-Access-Control-Allow-Source-Origin
FSS-Proxy
X-Vcl-Version
FSS-Cache
X-UPSTREAM-Address
GeoIP-Country-Code
X-Cache-Ttl
X-SayCDN-TTL
X-Old-Content-Length
X-Say-TTL
X-APP
GeoIP-City
X-ServedByHost
GeoIP-Latitude
Srv
X-Say-Cacheable
Ohc-File-Size
Ohc-Cache-HIT
Group
Server-Cache-Control
WZWS-RAY
Server-Surrogate-Control
HostName
X-Varnish-Authentication
X-Amzn-Remapped-Connection
X-NWS-UUID-VERIFY
X-Amzn-Remapped-Date
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-BC
X-EC-Lua
Cache-Hits
X-Bc
X-Via-Ucdn
X-COUNTRY
HTTPS
RequestId
X-CSRF-Token
Www
X-Akamai-SSL-Client-Sid
Backend
X-Varnish-Beresp-TTL
Fastly-Backend-Name
Inserted-Into-Cache-At
X-SN
X-Node-Id
X-Nananana
Xkeyrz
X-Logtrace-Id
X-Proxy-Cacherz
Ajk
X-CSRF-TOKEN
X-IN-APIGATEWAYSSL
X-ECache
Cf-Ipcountry
URI
Lb
X-Instart-Isnd
WebServer
X-Dynatrace
XServer
X-SRV
X-Cache-Expires
X-Request-Url
Host-ID
X-Cache-Tag
Requestid
X-Cache-Time
X-WR-MODIFICATION
X-TIME
X-PAGE-TYPE
X-Unique-Id
X-PF-Uncompressing
X-NGENIX-Cache
Xkeynj
X-Fastly-Country-Code
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-FORWARDED-FOR
Is-Session-Tracking
Get-Access-Time
X-Wa
X-MCACHE
X-LiteSpeed-Cache-Control
X-Requestid
Epwk-Cache
X-Sedo-Request-Id
X-Varnish-Action
X-Cache-Miss-From
X-Fastly-Backend-Reqs
X-Edge-IP
X-BE
Dynatrace
X-Vct
Cneonction
T-Server
X-Apw-Access-Action
X-Apw-Access-Object
X-Apw-Access-Token
Pics-Label
X-Apw-Hits
X-Pjax-Url
Fastcgi-X-Cache
Xet-Cookie
DataCenter
X-LB-ID
CDN
X-PJAX-URL
PICS-Label
X-Swift-Error
X-AssetVersion
X-Lb-Id
X-Ecache
X-Svr
X-GDPR
Correlation-Id
X-Micro-Cache
X-NGINX-Cache
X-Dw-Trace-Id
FNAC-ModuleRouting
X-Var-Ttl
X-Render-Time
X-Cf-Powered-By
X-WA
X-Sf
X-Html-Edge-Cache
Sid
X-ServerName
X-Akamai-ERRuleID
Lfy
X-Flow-Id
X-LiteSpeed-Tag
X-Serial
X-RSL
X-Page-Impression-Id
RequestUuid
X-Fastly-Cache-Hits
Cache-Provider
X-Akamai-ERPolicy
X-Zalando-Child-Request-Id
Ohc-Response-Time
X-DB
X-DI
X-WPE-Loopback-Upstream-Addr
X-Bug-Bounty
Warning
X-RPS
X-RPM
X-DSS
X-DW
X-Fpc