Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Request-Id
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
Alt-Svc
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
Content-Encoding
X-Iinfo
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Id-2
X-Amz-Request-Id
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
EagleId
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
X-WebKit-CSP
Ali-Swift-Global-Savetime
Feature-Policy
X-Server-Id
X-Device
Server-Timing
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Host
Report-To
X-Rq
X-Ac
Content-Location
X-Node
X-OneAgent-JS-Injection
X-Backend-Server
X-Cnection
X-Response-Time
X-Origin-Cache
X-Cloud-Trace-Context
X-Application-Context
EagleEye-TraceId
Allow
Request-Id
X-Readtime
Surrogate-Control
X-Country
X-ORACLE-DMS-ECID
X-Cache-Lookup
X-TTL
X-DynaTrace
X-Vhost
X-Url
X-Cdn
X-Rack-Cache
Pinterest-Generated-By
X-Clacks-Overhead
X-Origin-Upstream-Status
NEL
X-Ua-Compatible
X-Ruxit-JS-Agent
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Rating
X-FTR-Request-ID
X-CST
X-Country-Code
X-HW
X-Goog-Hash
X-Dispatcher
X-Instart-Request-ID
X-ORACLE-DMS-RID
Fusion-Template-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Source
Fusion-Component-Id
X-DataStream-Cache-Status
Edge-Control
X-PC
X-Vname
X-TtlSet
X-Px
X-VARITI-CCR
X-DataDome
Service-Worker-Allowed
X-MS-InvokeApp
X-Mod-Pagespeed
Verso
X-Recruiting
SPRequestGuid
X-Request-ID
X-Dns-Prefetch-Control
X-D2id
X-Varnish-TTL
X-Exp-Variant
X-GoogleNews-Bot
X-Exp-Id
X-Kinja-Revision
X-Kinja-Build
X-Kinja-Server
X-Use-Magma
X-Kinja
X-Cdn-Fetch
X-Vcap-Request-Id
RTSS
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
X-SharePointHealthScore
DynaTrace
TCN
X-Navigation-Version
X-RateLimit-Remaining
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-GitHub-Request-Id
X-Powered-By-Plesk
Response
X-Middleton-Response
X-Middleton-Display
X-Sol
Display
X-Akam-SW-Version
Charset
MS-Author-Via
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
Content-MD5
Accept-Ch-Lifetime
ServerID
X-Shield-Request-Id
AR-ATIME
Ar-Sid
AR-PoweredBy
AR-CACHE
Accept-Ch
X-Amz-Rid
X-Trace
Realpath
X-Powered-CMS
X-B3-TraceId
X-Goog-Generation
X-Goog-Metageneration
X-Forwarded-Proto
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Dw-Request-Base-Id
Nginx-Cache
X-DynaTrace-JS-Agent
X-ESI
AR-Request-ID
X-Version
X-Cached
X-Upstream
Fastly-Restarts
Public-Key-Pins
X-Shard
X-Server-Name
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
Mrf-Cache-Status
MRF-Tech
Access-Control-Request-Method
SPRequestDuration
Paypal-Debug-Id
X-MSEdge-Ref
SPIisLatency
X-Goog-Storage-Class
X-Client-IP
Pagespeed
S
X-Grace
Pinterest-Version
X-Upstream-Proxy
X-Pinterest-Rid
X-Debug
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-FTR-Balancer
X-FTR-Backend
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-DC
X-FTR-Realm
X-Amz-Meta-S3cmd-Attrs
X-FTR-Cache-Status
X-Id
X-Vcache
X-FTR-Expires
X-Ezoic-Cdn
X-N
X-T
X-DIS-Request-ID
X-Fastly-Request-ID
MicrosoftSharePointTeamServices
X-Amzn-Trace-Id
Arr-Disable-Session-Affinity
X-FastCGI-Cache
Front-End-Https
X-XRDS-Location
X-NF-Request-ID
X-Content-Type
X-B3-Traceid
X-Hits
Accept-CH
X-B3-Sampled
X-Varnish-Age
X-Ser
PB-RID
X-Mobile-Rewrite
Arc-Version
PB-PID
X-FTR-Cache-Host
Fastcgi-Cache
Alternate-Protocol
X-Acc-Meta-Resource-Type
X-Frontend
X-Logged-In
X-Content-Digest
Server-Name
X-Srv
X-Correlation-Id
X-Pad
X-Forwarded-For
X-Node-Name
Host
AMP-Access-Control-Allow-Source-Origin
Nel
X-Cache-Key
Powered-By-ChinaCache
X-Microsite
X-Request-Handler-Origin-Region
FilterID
TP-L2-Cache
Healthy
TP-Cache
X-Type
X-VCache
X-Rid
X-Kinsta-Cache
X-LB-Cache
X-User-Agent
Edge-Cache-Tag
X-IPLB-Instance
X-Request-Received
X-Request-Processing-Time
X-AOL-HN
X-Debug-Info
X-Cached-By
X-GUploader-UploadID
X-Server-ID
X-Cache-2
X-Esi
X-F-Cache
X-Zen-Fury
Powered
X-Revision
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Hostname
X-Cache-Rule
X-HS-Content-Id
X-HS-Hub-Id
X-Cache-Age
X-Analytics
Backend-Timing
X-XRDS-LOCATION
X-Accel-Expires
X-Kong-Upstream-Latency
Surrogate-Key
X-Kong-Proxy-Latency
X-RateLimit-Limit
X-Via-JSL
X-Fastcgi-Cache
X-Varnish-Backend
X-Az
X-AppVersion
X-Activity-Id
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Content-Security-Policy-Report-Only
X-Page-Id
X-Varnish-Grace
X-BCube-Filmed-By
X-Instance
X-Content-Options
X-Akamai-Edgescape
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
Source
X-Jobs
X-Cluster
X-FB-Debug
X-Amz-Replication-Status
X-App-Environment
X-Content-Powered-By
X-PHP-Backend
X-Request-Guid
Cache-Status
Cleartype
X-TT
X-Framework
Server-Node
Refresh
X-Forwarded-Host
X-B-Cache
X-Signature
X-Varnish-Hostname
Tracecode
X-FW-Static
X-FW-Type
X-FW-Server
X-FW-Serve
X-FW-Hash
Liferay-Portal
X-ATG-Version
WPE-Backend
Host-Header
DC
X-Mobile
X-Cache-Operation
X-Time
Accept-Charset
X-Cache-Control
X-Edge-Location
Access-Control-Allow-Method
X-Cache-Action
X-Drupal-Cache-Tags
Actual-Object-TTL
X-Cache-Hit
Fastcgi-Useragent
Cache
X-NWS-LOG-UUID
Accept-CH-Lifetime
X-Response-Served-From
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Mobile-URL
X-Accel-Buffering
X-Hp-Webp
Payment
Upgrade-Insecure-Requests
X-Storage
X-TX-ID
X-B
X-Whom
X-App-Server
X-APP-VERSION
X-Oracle-Dms-Rid
X-Content-Age
Xserver
X-WebKit-CSP-Report-Only
X-UA-Device-Type
X-Yottaa-Optimizations
X-TT-TIMESTAMP
X-Yottaa-Metrics
Filters
X-Tumblr-Pixel-1
X-Git-Hash
X-GeoIP
X-Cacheable-TTL
X-WA-Info
X-Tumblr-Pixel-2
X-Handled-By
X-SS-Set-Cookie
X-RequestSource
X-Status
Eomportal-Instance
Cache-Tv-Group
X-Adobe-Loc
X-Adobe-Content
Viewport
X-RemovedCookies
X-Ratelimit-Reset
X-ProcessESI
X-VG-WebCache
X-Geo-Country
NGB
X-Cache-TTL
Cache-Tag
X-TA-CDN-Provider
Webserver
Datacenter
Retry-After
X-Cache-TTL-Remaining
X-FB-TRIP-ID
Server-Info
X-FW-Dynamic
X-Cache-Enabled
X-Seen-By
X-Contextid
MS-CV
X-Host-Name
X-Ratelimit-Limit
X-Presslabs-Stats
X-PressLabs-Stats
S-Cnection
X-Origin-Server
Country
Frame-Options
From-Origin
X-Generated-By
X-Hyper-Cache
X-Mode
X-CF-Powered-By
Ms-Operation-Id
X-B3-Spanid
X-RTag
X-Tumblr-Pixel-3
X-AWS-Id
X-ES-SERVER
X-LJ-Flow-ID
X-Cache-Config
Meta-Geo
Load-Balancing
X-Cache-Var
X-Cache-Var-Map
X-RN-RSRV
X-Path-Route
X-VWS-Id
Machine
X-Access
DSUID
X-Section
X-Cache-Grace
X-Upstream-HT
X-Routing-Service
X-Cache-Host
Vix-Hermes-Req-Id
We-Hiring
Cache-Key
X-Proxied
X-MP-GENERATED-AT
X-Hit
Mail-Subject
X-Labrador-Cache-Channel
X-Upstream-CT
X-Varnish-Cache-Hits
X-Zipkin-Id
X-Backend-Name
X-Upgrade-Enabled
Now
Decoy-Debug-Status
Decoy-Debug-TTL
X-Viewer-Country
Decoy-Debug-Key
X-Web-Node
X-Varnish-Server
Mn-Server-Ip
Release
X-Debug-Cache
X-Loop
X-Human
X-From
X-Magnolia-Registration
X-OCL
X-RCS-CacheZone
X-PCL
X-Varnish-Hits
X-TNCMS
X-EIG-Tracking-Id
X-Device-Type
X-Origin-Response-Time
GEO-INFO
X-Sorting-Hat-ShopId
X-L-Path
X-Proto
X-R9-Blue-Green-Version
X-ShopId
X-Shopify-Stage
X-ShardId
X-Rule
X-VG-TLSProxy
X-Rendered-As
X-Alternate-Cache-Key
X-Akamai-Request-ID
Rt-Fastcgi-Cache
X-Endurance-Cache-Level
X-Sorting-Hat-PodId
OT-Force-Account-Verify
ServedBy
X-CCM
X-Environment-Context
Uber-Trace-Id
X-Via-Fastly
X-S
X-Cluster-Node
X-Goog-Meta-Goog-Reserved-File-Mtime
X-FC-Vary-Parameters
X-Timing-Wait
X-NCache
X-Hosted-By
X-Proxy-Build
X-JoinUs
X-Generated
DB-Nickname
X-Region
X-Xfnlog-Site
Akamai-GRN
Cache-Name
X-BYPASS-REASON
X-Drupal-Cache-Contexts
X-ProxyCache-Key
X-ProxyCache-Status
X-Guploader-Uploadid
X-VCT
X-Trace-Id
X-Locale
SRV
Cteonnt-Length
X-Redis-Cache
X-Site-Version
X-Nginx-Cache
X-Www-Served-By
ProcessTime
NGX
X-Load-Cache
X-Platform-Server
X-UUID
X-Cache-NE
X-MServer
X-EdgeConnect-Cache-Status
X-Request-Time
X-Hl-Ver
X-ECACHE
X-Time-Microsecs
X-IP
Version
X-Daa-Tunnel
X-Wix-Request-Id
X-FW-Version
X-GEO
X-NewRelic-App-Data
S-Rt
X-ServerID
Azure-Version
Time
X-Origin
X-Via-CDN
Azure-SlotName
Azure-SiteName
Azure-RegionName
Azure-InstanceId
X-Rocket-Nginx-Bypass
Webcakes-App-Version
Webcakes-App-Name
TWC-GeoIP-Country
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Privacy
X-Vgn-Hpd-Reason
Webcakes-Region
Property-Id
X-Origin-Hint
X-IPS-LoggedIn
X-Cache-Remote
Origin
X-Real-IP
X-Proxy
X-FireWall-Port
X-SERVER-NAME
X-No-Session
Odigeo-Trace-Id
X-Akamai-Request-ID2
X-Akamai-Transformed
X-Dc
X-Distributor
NtCoent-Length
L5d-Success-Class
X-ApacheServer
X-Cache-Backend
X-PERF
X-CDN-Forward
Fastly-SSL
X-Oneagent-Js-Injection
CACHE
X-CS
X-Format
X-HTML-Minification-Powered-By
Served-By
X-Pubstack
X-Microcachable
X-RateLimit-Reset
X-Unique-ID
X-Cache-Server
Ec-Rule-Version
X-Compress-Hint
Origin-Edge-Control
Origin-Cache-Control
X-UA
Cache-Tags
Hostname
Access-Control-Request-Headers
Fastcgi-X-Cache-Version
X-UnsetCookies
X-Webkit-Csp
IBM-Web2-Location
X-NC
X-Grey
X-Cache-Category-Id
LB
X-Tb
X-Edge
X-Varnish-Cacheable
X-Is-Bot
Backend-Name
X-Detected-As
X-App-Name
Request-Time
Rt-Proxy-Cache
X-AIR-PT
Request-EU
Rendered-Blocks
Request-Country
Server-ID
X-Aed
Viewtype
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-A-Dam
X-Accel-Expires-Debug
VivaBuild
X-A
X-A-Ccd
Proxy-Firewall
GEO-REGION-INFO
Cache-Prefix
Cdn-Host
Cdn-Request-Time
Content-Script-Type
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Arc-Country
AsisCache
BehaviorPad-Version
Cache-Cookie-Set-From
Content-Style-Type
Cross-Origin-Window-Policy
HA-Ipaddr
MD5-Digest
Meta-Geo-Continent
Mobile-Detection-Method
Ha-Gx-Prefs
X-Application
Fastly-SIE
Fastly-SWR
Fly-Cache
Fly-Request-Id
Node
X-CGP
X-Request-UUID
X-Rewrite-Enabled
X-Rojux
X-S-Cookie
X-Region-Sid
X-Rebelmouse-Surrogate-Control
X-NX-Host
X-Org
X-PAYTM-SRV-ID
X-Rebelmouse-Cache-Control
X-S-Maxage
X-ScT
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Worker
Xc-Version
X-VG-WebServer
X-Twitter-Response-Tags
X-Server-Time
X-SRCache-Key
X-Transaction
X-Trv-Group
X-NU-AKA-ACS-Version
X-Internal-Host
X-Cluster-Name
X-Connection-Hash
X-D
X-Date
A
X-CF-Lambda-Version
X-B-Cookie
X-Cache-Bucket
X-Cdn-Srv
X-CF-Lambda-Fn
X-Debug-Log
X-Destination
X-HS-Cache-Config
X-HS-Combine-CSS
X-IN-APIGATEWAY
X-Instart-Info
X-G
X-External-Request-Id
X-Developer
X-DPWN-IS-SECURE
X-Edge-Server
X-Eu-Site
X-ARC
X-Debug-Cookies
X-BACKEND-TTL
Proxy-Connection
X-Powered-By-Defense
X-Ua
X-B3-Parentspanid
X-ElasticPress-Search
Server-Int
ServerName
SS
W
X-PHP-Host
True-Client-Country-4JS
Memcached
X-Dispatch
X-Reqid
X-Request-URI
Accept-Language
Platform
Resin-Trace
RNT-Machine
Section-Io-Cache
PageSpeed
RNT-Time
On-Server
X-Level-Front-Cache
X-Core-Mission
X-Clientip
X-Generated-On
X-Cdn-Origin
X-Fastly-Cache
X-Via-NSCOPI
X-Developers
X-Dispatcher-Server
X-Epic-Correlation-Id
X-Geo-Header
X-Cache-Info
X-Key
X-ServiceProvider
X-Location
X-Irp-Debug
X-Backend-State
X-Cache-Id
X-GeoIP-Country-Code
X-Hash
X-Nginx-Cache-Key
Server-Host
Gh-Request-Id
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Sn-Servicetimems
X-Variation
X-We-Are-Hiring
Countrycode
Country-Code
Esi-Enabled
X-C
X-TH-Server
Apple-News-Services-Handled
Adler-Geo
Apple-News-Services-Host
Is-Eu
X-Skip-Cache
X-LI-Proto
X-LI-UUID
X-Li-Pop
X-Distil-CS
X-Amz-Meta-Cache-Control
X-Li-Fabric
Content-Disposition
X-Method
X-Device-Os
Wxu-Next-Commit
Wxu-Next-Hostname
IsBot
AKAMAI
X-Hnp-Log
Who
CDCHOST
X-Crawler
X-CDN-Cache
X-Generation-Time
X-Gen-Mode
X-FPC
X-Gannett-Site-Version
X-Cache-FS-Status
X-SVT-ORM-VERSION
X-Fetched-On
X-Auto-Login
X-BBXSRF
X-Block-Status
Web-Mar-Node
X-SVT-ORM-RULES
X-Varnish-Url
Wxu-Next-Region
X-SD-PageType
X-Webstats-RespID
X-Secret
X-Reboot
X-Served-From
PFcat
X-WebServer
REQUESTUUID
SD-X-WS
X-Request-Start
X-Response-By
X-Server-IP
X-Qloud-Router
X-Wikidot-Static-Cache
V-Age
X-Servername
X-Processor
User-Cache-Control
X-Wikidot-Backend
X-SIPLIST1
UCS
Mime-Version
X-WADP-Cache
X-Via-Edge
L
X-Via-SSL
X-Swa-Ws
Powered-By
X-Nc
X-CUA
Pramga
X-Release
X-Bip
X-Owner
X-GeoIP-City
X-Clara-WADP
Fastly-Soc-X-Request-Id
Thinkindot-CacheControl
X-Matched-Rule
Thinkindot-Control
Thinkindot-CacheControl-Type
X-VServer
X-Azure-Ref
X-Cms-Context
X-Origin-Expires
X-Origin-Date
X-Thanos
X-Thinkindot-L3
X-Azure-Ref-OriginShield
CF-IPCountry
X-Proxy-Upstream
X-Proxy-Cache-Status
Heartbleed
X-OVcl-Cache
N-Cache
X-VC-Cache
GW-Server
X-ND-Cache
X-OVcl
X-Amzn-Remapped-Content-Length
Selected-Fe
X-Varnish-Ttl
Kp-EeAlive
X-Varnish-Beresp-Ttl
X-FE
X-Protected-By
X-TrackingId
X-CLOUD-TRACE-CONTEXT
X-Pf-Uncompressing
X-Parent-Response-Time
X-LAGOON
X-Ratelimit-Remaining
User-Agent
Pragrma
X-Fstrz
X-DC
X-Urbn-Site-Id
X-Urbn-Context-Path
Locale
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
Magicmarker
X-Page-Type
X-Zone
X-Origin-CC
X-Origin-TTL
Memory
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Core-Value
X-Phone
X-Cdn-Forward
X-IN-WAF
X-ABtesting
X-Hello
Pagetype
X-Flog
X-Datadome
X-URL
X-Be
X-Ttl
X-B3-SpanId
X-Cache-Ttl
X-Geo
X-User
X-Generated-In
X-Dynatrace-Js-Agent
X-Backend-TTL
X-Birta-Served
X-Backend-Host
X-Backend-Url
X-Birta-Cache-Post
X-Up
X-MSEdge-Flight
X-Tt-Trace-Tag
X-Soup
X-Debug-Cache-Expiry
X-Info
X-Varnish-IP
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-GoCache-CacheStatus
X-MSEdge-Features
Cdn
X-GRACE
Selected-FE
HitType
X-TT-LOGID
SN
X-Servedbyhost
X-Newrelic-Synthetics
X-Litespeed-Cache
Geoip-Latitude
X-Oss-Request-Id
Geoip-City
GeoIp-Country-Code
X-Oss-Object-Type
X-Oss-Server-Time
X-HS-Status
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Mid
X-MID
CF-Cached-On
X-Check-Cacheable
X-Real-Ip
X-VCL-Version
X-Refresh
X-Source
X-Say-Cacheable
X-Agile
X-Old-Content-Length
X-Cache-Debug
X-Tb-Optimization-Total-Bytes-Saved
X-Agile-Age
X-SayCDN-TTL
X-Say-TTL
X-Aicache-OS
X-Agile-Id
Amp-Access-Control-Allow-Source-Origin
X-Ruxit-Js-Agent
Cache-Hits
X-ZONE
FSS-Proxy
X-Vcl-Version
X-App-Version
GeoIP-Country-Code
X-Web-Server
FSS-Cache
X-Bc
X-ServedByHost
X-Akamai-SSL-Client-Sid
GeoIP-City
GeoIP-Latitude
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-CSRF-TOKEN
Inserted-Into-Cache-At
Fastly-Backend-Name
WZWS-RAY
X-Varnish-Authentication
X-Node-Id
Server-Cache-Control
HostName
X-Cache-ASPX
Server-Surrogate-Control
X-Contensis-Viewer-Groups
X-Nananana
X-Cache-Time
X-EC-Lua
X-Via-Ucdn
X-UPSTREAM-Address
RequestId
X-APP
X-Logtrace-Id
X-IN-APIGATEWAYSSL
Ajk
X-COUNTRY
Srv
Ohc-File-Size
X-CSRF-Token
Ohc-Cache-HIT
X-NWS-UUID-VERIFY
Group
X-CACHE-KEY
X-BC
X-BE
X-Proxy-Cacherz
Xkeyrz
HTTPS
X-RateLimit-Limit-Second
X-WR-MODIFICATION
X-ECache
X-Wa
X-RateLimit-Remaining-Second
WebServer
X-Dynatrace
XServer
URI
X-Varnish-Beresp-TTL
Www
Cf-Ipcountry
X-Cache-Tag
X-SN
Backend
X-Request-Url
Is-Session-Tracking
X-Fastly-Country-Code
X-Instart-Isnd
X-FORWARDED-FOR
X-TIME
Xkeynj
Get-Access-Time
X-PAGE-TYPE
X-PJAX-URL
Cneonction
X-Unique-Id
PICS-Label
T-Server
X-LB-ID
X-LiteSpeed-Cache-Control
X-MCACHE
X-Render-Time
X-Micro-Cache
X-GDPR
X-Requestid
X-Sedo-Request-Id
X-Cache-Miss-From
Host-ID
X-Edge-IP
Requestid
Lb
X-Cache-Expires
Dynatrace
X-Fastly-Backend-Reqs
DataCenter
Xet-Cookie
X-SRV
CDN
X-Policy
Pics-Label
X-Uri
X-Vct
X-Varnish-Action
X-Swift-Error
X-Pjax-Url
MIME-Version
X-Newrelic-App-Data
X-Apw-Access-Action
Epwk-Cache
SID
X-NGENIX-Cache
X-Apw-Access-Object
X-PF-Uncompressing
X-Apw-Hits
X-Apw-Access-Token
X-Dw-Trace-Id
X-NGINX-Cache
X-Lb-Id
X-WA
X-Ecache
Fastcgi-X-Cache
X-Cf-Powered-By
Correlation-Id
X-Svr
Ohc-Response-Time
X-Serial
X-LiteSpeed-Tag
X-ServerName
RequestUuid
X-Akamai-ERPolicy
X-Bug-Bounty
Warning
X-Akamai-ERRuleID
X-Zalando-Child-Request-Id
X-Flow-Id
X-Page-Impression-Id
X-Fastly-Cache-Hits
Lfy
X-Html-Edge-Cache
X-RPM
X-RPS
X-RSL
X-DW
X-DSS
X-WPE-Loopback-Upstream-Addr
X-DB
X-DI
X-Fpc