Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Request-Id
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
Alt-Svc
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
P3p
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
X-Template
X-Language
Status
Timing-Allow-Origin
Content-Encoding
X-Iinfo
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Age
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Request-Id
X-Amz-Id-2
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
X-Server-Powered-By
EagleId
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
X-WebKit-CSP
Ali-Swift-Global-Savetime
Feature-Policy
X-Server-Id
X-Device
Server-Timing
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Host
Report-To
X-Ac
X-Rq
Content-Location
X-Node
X-OneAgent-JS-Injection
X-Backend-Server
X-Cnection
X-Response-Time
X-Origin-Cache
X-Cloud-Trace-Context
X-Application-Context
Allow
Request-Id
EagleEye-TraceId
X-Readtime
Surrogate-Control
X-Country
X-ORACLE-DMS-ECID
X-Cache-Lookup
X-TTL
X-Url
X-Vhost
X-DynaTrace
X-Cdn
X-Rack-Cache
Pinterest-Generated-By
X-Clacks-Overhead
X-Origin-Upstream-Status
X-Ua-Compatible
NEL
X-Ruxit-JS-Agent
X-EdgeConnect-Origin-MEX-Latency
Rating
X-EdgeConnect-MidMile-RTT
X-CST
X-FTR-Request-ID
X-Country-Code
X-HW
X-ORACLE-DMS-RID
X-Goog-Hash
X-Dispatcher
X-Instart-Request-ID
Fusion-Content-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Source
Fusion-Component-Id
X-DataStream-Cache-Status
Edge-Control
X-Px
X-Vname
X-PC
X-TtlSet
X-VARITI-CCR
Service-Worker-Allowed
X-DataDome
X-MS-InvokeApp
X-Mod-Pagespeed
Verso
SPRequestGuid
X-Recruiting
X-Request-ID
X-Dns-Prefetch-Control
X-Exp-Variant
X-GoogleNews-Bot
X-Exp-Id
X-Varnish-TTL
X-Cdn-Fetch
X-Kinja
X-Kinja-Build
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-D2id
X-Vcap-Request-Id
RTSS
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
X-SharePointHealthScore
TCN
DynaTrace
X-RateLimit-Remaining
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-GitHub-Request-Id
X-Navigation-Version
X-Powered-By-Plesk
X-Akam-SW-Version
X-Middleton-Display
Response
X-Sol
X-Middleton-Response
Display
X-B3-TraceId
Charset
MS-Author-Via
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
Content-MD5
X-ESI
ServerID
AR-ATIME
AR-PoweredBy
AR-CACHE
Ar-Sid
X-Amz-Rid
X-Shield-Request-Id
X-Trace
X-Powered-CMS
X-Forwarded-Proto
Accept-Ch-Lifetime
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Generation
Nginx-Cache
Realpath
X-Dw-Request-Base-Id
X-DynaTrace-JS-Agent
AR-Request-ID
X-Version
X-Cached
X-Upstream
Accept-Ch
X-Server-Name
Fastly-Restarts
Public-Key-Pins
X-Shard
MRF-Tech
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Mrf-Item-Lastmod
SPIisLatency
Access-Control-Request-Method
SPRequestDuration
X-Goog-Storage-Class
X-MSEdge-Ref
X-Client-IP
Paypal-Debug-Id
Pagespeed
S
X-Grace
X-Pinterest-Rid
X-Upstream-Proxy
Pinterest-Version
X-Debug
X-Amz-Meta-S3cmd-Attrs
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Id
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Backend
X-FTR-DC
X-FTR-Realm
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Expires
X-Vcache
X-Ezoic-Cdn
X-N
X-T
X-DIS-Request-ID
X-Fastly-Request-ID
MicrosoftSharePointTeamServices
Accept-CH
Arr-Disable-Session-Affinity
X-Amzn-Trace-Id
X-NF-Request-ID
Front-End-Https
X-Content-Type
X-XRDS-Location
X-Hits
X-B3-Sampled
X-Ser
X-Varnish-Age
X-FastCGI-Cache
Arc-Version
X-Mobile-Rewrite
PB-PID
PB-RID
Fastcgi-Cache
X-FTR-Cache-Host
X-Acc-Meta-Resource-Type
Alternate-Protocol
X-Frontend
Server-Name
X-Logged-In
X-B3-Traceid
X-Content-Digest
X-Correlation-Id
X-Srv
X-Pad
X-Forwarded-For
Host
AMP-Access-Control-Allow-Source-Origin
X-Node-Name
Nel
Powered-By-ChinaCache
X-Request-Handler-Origin-Region
X-Microsite
FilterID
Healthy
TP-Cache
X-Rid
X-VCache
TP-L2-Cache
X-Kinsta-Cache
X-Cache-Key
X-LB-Cache
X-Type
X-User-Agent
X-IPLB-Instance
Edge-Cache-Tag
X-Request-Processing-Time
X-Request-Received
X-Debug-Info
X-AOL-HN
X-Cached-By
X-GUploader-UploadID
X-Server-ID
X-F-Cache
X-Cache-2
X-Zen-Fury
X-Revision
Powered
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Fastcgi-Cache
X-Hostname
X-HS-Content-Id
X-HS-Hub-Id
X-Cache-Rule
X-Cache-Age
Backend-Timing
X-Analytics
X-XRDS-LOCATION
Surrogate-Key
X-Accel-Expires
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-RateLimit-Limit
X-Esi
X-Via-JSL
X-Varnish-Backend
X-Page-Id
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Instance
X-Az
X-AppVersion
X-Activity-Id
X-Content-Security-Policy-Report-Only
X-Varnish-Grace
X-BCube-Filmed-By
X-Tumblr-Pixel
X-Cluster
X-Content-Options
X-Tumblr-Pixel-0
X-Jobs
Source
X-Tumblr-User
X-FB-Debug
X-App-Environment
X-Akamai-Edgescape
X-Request-Guid
Cache-Status
X-PHP-Backend
X-TT
X-Content-Powered-By
X-Amz-Replication-Status
X-Framework
Cleartype
X-Forwarded-Host
Server-Node
X-Signature
Refresh
X-B-Cache
Tracecode
X-Varnish-Hostname
X-FW-Serve
X-FW-Server
X-FW-Static
X-FW-Type
X-FW-Hash
Liferay-Portal
X-ATG-Version
WPE-Backend
Host-Header
Accept-Charset
X-Time
X-Cache-Operation
X-Cache-Control
DC
X-Edge-Location
Accept-CH-Lifetime
Access-Control-Allow-Method
X-Drupal-Cache-Tags
X-Mobile
X-Cache-Action
Actual-Object-TTL
Fastcgi-Useragent
Cache
X-Cache-Hit
X-NWS-LOG-UUID
X-Accel-Buffering
X-Erf-Bev-Bev
X-Hp-Webp
X-Mobile-URL
X-Erf-Bev-Bev-Is-Generated
X-Response-Served-From
Payment
X-Storage
X-Whom
X-App-Server
X-TX-ID
Upgrade-Insecure-Requests
X-Content-Age
X-UA-Device-Type
Xserver
X-B
X-TT-TIMESTAMP
X-WebKit-CSP-Report-Only
X-Handled-By
X-Tumblr-Pixel-1
X-WA-Info
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Tumblr-Pixel-2
X-SS-Set-Cookie
X-RequestSource
X-Adobe-Content
X-Status
X-Git-Hash
X-GeoIP
X-Cacheable-TTL
X-Adobe-Loc
Eomportal-Instance
Filters
X-Ratelimit-Reset
X-APP-VERSION
X-Cache-TTL
Cache-Tv-Group
X-VG-WebCache
X-Geo-Country
NGB
Viewport
X-ProcessESI
Cache-Tag
X-RemovedCookies
Webserver
X-TA-CDN-Provider
Retry-After
Datacenter
X-Cache-TTL-Remaining
X-FB-TRIP-ID
Server-Info
X-FW-Dynamic
X-Cache-Enabled
X-Seen-By
X-Contextid
MS-CV
X-Oracle-Dms-Rid
X-Presslabs-Stats
X-Host-Name
X-Ratelimit-Limit
S-Cnection
X-Origin-Server
X-PressLabs-Stats
Country
Frame-Options
X-Generated-By
From-Origin
X-CF-Powered-By
X-Mode
X-Hyper-Cache
X-RTag
Ms-Operation-Id
X-ES-SERVER
Load-Balancing
X-AWS-Id
X-Path-Route
X-LJ-Flow-ID
Machine
X-Cache-Var
X-Cache-Var-Map
X-RN-RSRV
X-VWS-Id
X-Cache-Config
Meta-Geo
X-Tumblr-Pixel-3
Mail-Subject
Cache-Key
X-Zipkin-Id
DSUID
X-Hit
X-Backend-Name
We-Hiring
X-Cache-Host
X-Labrador-Cache-Channel
X-Proxied
Vix-Hermes-Req-Id
X-Routing-Service
X-Varnish-Cache-Hits
X-Loop
X-Section
X-Human
X-From
X-MP-GENERATED-AT
X-PCL
X-EIG-Tracking-Id
X-OCL
X-RCS-CacheZone
X-Viewer-Country
Release
X-Upstream-CT
X-Upstream-HT
Now
X-Varnish-Server
X-Access
X-TNCMS
Mn-Server-Ip
X-Debug-Cache
X-Cache-Grace
X-Device-Type
X-Web-Node
X-Varnish-Hits
X-Magnolia-Registration
X-Upgrade-Enabled
ServedBy
X-Alternate-Cache-Key
OT-Force-Account-Verify
GEO-INFO
Decoy-Debug-Status
Decoy-Debug-TTL
X-VG-TLSProxy
X-CCM
X-Rendered-As
X-ShopId
X-Origin-Response-Time
X-Proto
X-Rule
X-ShardId
X-Shopify-Stage
X-L-Path
X-Endurance-Cache-Level
X-Environment-Context
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
Decoy-Debug-Key
X-Akamai-Request-ID
X-R9-Blue-Green-Version
X-Hosted-By
X-Timing-Wait
Uber-Trace-Id
X-Xfnlog-Site
X-JoinUs
X-B3-Spanid
X-Proxy-Build
DB-Nickname
X-Generated
Rt-Fastcgi-Cache
X-FC-Vary-Parameters
X-S
Cache-Name
X-Goog-Meta-Goog-Reserved-File-Mtime
Akamai-GRN
X-Cluster-Node
X-Guploader-Uploadid
X-Region
X-ProxyCache-Status
X-BYPASS-REASON
X-ProxyCache-Key
X-Via-Fastly
X-Drupal-Cache-Contexts
X-NCache
X-VCT
X-Nginx-Cache
SRV
Cteonnt-Length
ProcessTime
X-Redis-Cache
NGX
X-Trace-Id
X-UUID
X-Platform-Server
X-Cache-NE
X-Locale
X-Site-Version
X-Request-Time
X-MServer
X-Www-Served-By
X-Load-Cache
X-EdgeConnect-Cache-Status
X-ECACHE
X-Time-Microsecs
X-IP
Version
X-Hl-Ver
X-Daa-Tunnel
X-NewRelic-App-Data
S-Rt
X-ServerID
Azure-Version
Azure-SlotName
Time
X-GEO
X-Origin
Azure-RegionName
X-Wix-Request-Id
Azure-SiteName
Azure-InstanceId
X-FW-Version
X-Vgn-Hpd-Reason
X-Origin-Hint
TWC-Locale-Group
TWC-Device-Class
TWC-GeoIP-Country
TWC-Connection-Speed
TWC-GeoIP-LatLong
X-Via-CDN
Property-Id
TWC-Privacy
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
X-Rocket-Nginx-Bypass
X-Cache-Remote
X-IPS-LoggedIn
Origin
X-Real-IP
X-Proxy
X-FireWall-Port
X-Akamai-Transformed
X-Akamai-Request-ID2
NtCoent-Length
L5d-Success-Class
Odigeo-Trace-Id
X-No-Session
X-Distributor
X-Dc
X-Cache-Backend
X-Oneagent-Js-Injection
X-ApacheServer
Fastly-SSL
X-PERF
Served-By
CACHE
X-Format
X-CS
X-HTML-Minification-Powered-By
X-Unique-ID
X-RateLimit-Reset
X-Cache-Server
X-Pubstack
Ec-Rule-Version
X-Compress-Hint
Origin-Edge-Control
X-UA
X-CDN-Forward
Origin-Cache-Control
Cache-Tags
Fastcgi-X-Cache-Version
Access-Control-Request-Headers
Hostname
X-UnsetCookies
X-Microcachable
IBM-Web2-Location
X-Cache-Category-Id
X-NC
X-Grey
X-Webkit-Csp
X-SERVER-NAME
X-Edge
X-Tb
X-Is-Bot
Backend-Name
X-Varnish-Cacheable
X-Detected-As
Viewtype
Rendered-Blocks
Request-Country
Request-EU
Rt-Proxy-Cache
Server-ID
VivaBuild
Request-Time
X-A-Dam
X-App-Name
X-AIR-PT
X-Accel-Expires-Debug
X-Aed
X-A-Wwc
Proxy-Firewall
X-A-Ccd
X-A-Dcw
X-A-Dgt
X-A
GEO-REGION-INFO
Cache-Prefix
Cdn-Host
Cdn-Request-Time
Content-Script-Type
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Arc-Country
AsisCache
BehaviorPad-Version
Cache-Cookie-Set-From
Content-Style-Type
Cross-Origin-Window-Policy
HA-Ipaddr
MD5-Digest
Meta-Geo-Continent
Mobile-Detection-Method
Ha-Gx-Prefs
X-Application
Fastly-SIE
Fastly-SWR
Fly-Cache
Fly-Request-Id
Node
X-CGP
X-Request-UUID
X-Rewrite-Enabled
X-Rojux
X-S-Cookie
X-Region-Sid
X-Rebelmouse-Surrogate-Control
X-NX-Host
X-Org
X-PAYTM-SRV-ID
X-Rebelmouse-Cache-Control
X-S-Maxage
X-ScT
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Worker
Xc-Version
X-VG-WebServer
X-Twitter-Response-Tags
X-Server-Time
X-SRCache-Key
X-Transaction
X-Trv-Group
X-NU-AKA-ACS-Version
X-Internal-Host
X-Cluster-Name
X-Connection-Hash
X-Date
X-Debug-Cookies
A
X-CF-Lambda-Version
X-B-Cookie
X-Cache-Bucket
X-Cdn-Srv
X-CF-Lambda-Fn
X-Debug-Log
X-Destination
X-HS-Cache-Config
X-HS-Combine-CSS
X-IN-APIGATEWAY
X-Instart-Info
X-G
X-External-Request-Id
X-Developer
X-DPWN-IS-SECURE
X-Edge-Server
X-Eu-Site
X-ARC
X-D
X-BACKEND-TTL
X-Powered-By-Defense
Proxy-Connection
LB
X-Ua
X-ElasticPress-Search
Server-Int
Section-Io-Cache
SS
True-Client-Country-4JS
X-Nginx-Cache-Key
ServerName
RNT-Machine
X-Reqid
X-Request-URI
Memcached
On-Server
Platform
PageSpeed
Resin-Trace
X-PHP-Host
X-Via-NSCOPI
X-Level-Front-Cache
X-Fastly-Cache
X-Cache-Info
X-Cache-Id
X-Epic-Correlation-Id
X-Dispatcher-Server
X-Core-Mission
X-Clientip
X-Dispatch
X-Backend-State
X-Generated-On
X-Key
Is-Eu
X-Location
X-Irp-Debug
X-Hash
X-Geo-Header
X-GeoIP-Country-Code
W
RNT-Time
X-Skip-Cache
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-We-Are-Hiring
Apple-News-Services-Request-Url
X-TH-Server
X-Variation
Esi-Enabled
Apple-News-Services-Handled
Countrycode
Adler-Geo
Gh-Request-Id
Country-Code
X-B3-Parentspanid
X-C
X-LI-Proto
X-Wikidot-Backend
X-Li-Pop
V-Age
Web-Mar-Node
Wxu-Next-Region
X-Li-Fabric
AKAMAI
Wxu-Next-Commit
Who
Wxu-Next-Hostname
X-LI-UUID
X-Amz-Meta-Cache-Control
X-Cdn-Origin
X-CDN-Cache
X-Cache-FS-Status
X-Distil-CS
X-Varnish-Url
X-Crawler
X-Developers
X-Device-Os
X-FPC
X-Gannett-Site-Version
User-Cache-Control
X-SVT-ORM-RULES
X-Hnp-Log
X-SVT-ORM-VERSION
X-Auto-Login
X-Block-Status
X-Gen-Mode
X-BBXSRF
CDCHOST
X-Wikidot-Static-Cache
X-Request-Start
X-ServiceProvider
X-SIPLIST1
X-Sn-Servicetimems
X-Processor
X-Response-By
Accept-Language
X-Secret
X-Server-IP
X-Servername
IsBot
X-SD-PageType
REQUESTUUID
X-Qloud-Router
X-WebServer
X-Webstats-RespID
Server-Host
SD-X-WS
X-Datadome
Mime-Version
X-Release
X-Clara-WADP
X-Fetched-On
PFcat
X-Nc
X-VServer
X-Origin-Date
X-Served-From
X-CUA
UCS
X-WADP-Cache
Content-Disposition
X-Origin-Expires
X-Reboot
X-Method
X-Generation-Time
Powered-By
X-Swa-Ws
X-Azure-Ref
Pramga
X-Azure-Ref-OriginShield
CF-IPCountry
X-Proxy-Cache-Status
X-Proxy-Upstream
X-ND-Cache
X-Matched-Rule
X-Owner
X-Cms-Context
Fastly-Soc-X-Request-Id
X-OVcl-Cache
X-Via-SSL
X-Via-Edge
X-Thanos
X-Thinkindot-L3
X-GeoIP-City
X-OVcl
X-Bip
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Amzn-Remapped-Content-Length
L
X-Varnish-Ttl
Selected-Fe
X-Varnish-Beresp-Ttl
X-TrackingId
N-Cache
X-FE
X-Protected-By
X-VC-Cache
Heartbleed
X-CLOUD-TRACE-CONTEXT
GW-Server
Kp-EeAlive
X-LAGOON
X-Ratelimit-Remaining
X-Parent-Response-Time
X-Fstrz
Pragrma
X-DC
Magicmarker
User-Agent
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Pf-Uncompressing
Locale
X-Urbn-Context-Path
X-Urbn-Site-Id
X-B3-SpanId
Memory
X-Origin-CC
X-Origin-TTL
X-Zone
X-Page-Type
X-Cdn-Forward
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-IN-WAF
Pagetype
X-Core-Value
X-Phone
X-Be
X-URL
X-User
X-Ttl
X-Generated-In
X-Geo
X-Flog
X-Hello
X-ABtesting
X-Dynatrace-Js-Agent
X-Birta-Served
X-Backend-TTL
X-Backend-Host
X-Birta-Cache-Post
X-Backend-Url
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Debug-Cache-Expiry
X-Varnish-IP
X-Up
X-GoCache-CacheStatus
X-MSEdge-Flight
X-Soup
X-Tt-Trace-Tag
Cdn
X-MSEdge-Features
X-GRACE
X-Info
X-Cache-Ttl
Selected-FE
HitType
X-Servedbyhost
X-Newrelic-Synthetics
X-TT-LOGID
X-Litespeed-Cache
Geoip-Latitude
SN
X-HS-Status
Geoip-City
GeoIp-Country-Code
X-Check-Cacheable
CF-Cached-On
X-MID
X-Mid
X-Oss-Request-Id
X-Real-Ip
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-App-Version
X-VCL-Version
X-Say-TTL
X-SayCDN-TTL
X-Old-Content-Length
X-Source
X-Say-Cacheable
X-Aicache-OS
X-Agile
X-Tb-Optimization-Total-Bytes-Saved
X-Refresh
X-Agile-Id
X-Cache-Debug
X-Agile-Age
X-Ruxit-Js-Agent
Amp-Access-Control-Allow-Source-Origin
FSS-Cache
FSS-Proxy
X-Vcl-Version
Cache-Hits
X-ZONE
X-Web-Server
GeoIP-Country-Code
X-Bc
X-Akamai-SSL-Client-Sid
X-Amzn-Remapped-Connection
GeoIP-Latitude
X-Amzn-Remapped-Date
GeoIP-City
X-ServedByHost
X-CSRF-TOKEN
X-Cache-ASPX
X-Contensis-Viewer-Groups
WZWS-RAY
Server-Surrogate-Control
X-Varnish-Authentication
Server-Cache-Control
X-CACHE-KEY
HostName
X-Node-Id
Fastly-Backend-Name
Inserted-Into-Cache-At
X-Nananana
X-EC-Lua
X-COUNTRY
RequestId
X-UPSTREAM-Address
X-APP
X-Cache-Time
X-Logtrace-Id
X-Via-Ucdn
X-IN-APIGATEWAYSSL
Ajk
Ohc-Cache-HIT
X-CSRF-Token
Ohc-File-Size
Srv
X-NWS-UUID-VERIFY
Group
X-BC
X-RateLimit-Limit-Second
X-Wa
X-ECache
X-RateLimit-Remaining-Second
HTTPS
X-Proxy-Cacherz
Xkeyrz
X-WR-MODIFICATION
WebServer
XServer
X-Dynatrace
X-Varnish-Beresp-TTL
X-SN
Cf-Ipcountry
X-BE
Backend
URI
X-Cache-Tag
Www
Is-Session-Tracking
X-PAGE-TYPE
Cneonction
X-Request-Url
X-Unique-Id
X-TIME
Xkeynj
X-Fastly-Country-Code
Get-Access-Time
X-Instart-Isnd
X-FORWARDED-FOR
T-Server
X-LiteSpeed-Cache-Control
X-MCACHE
X-Requestid
PICS-Label
Requestid
X-LB-ID
X-Sedo-Request-Id
Host-ID
X-GDPR
X-Micro-Cache
X-Edge-IP
X-Render-Time
X-PJAX-URL
X-Cache-Miss-From
Lb
X-Cache-Expires
Dynatrace
X-Fastly-Backend-Reqs
Xet-Cookie
X-SRV
DataCenter
X-Newrelic-App-Data
X-Pjax-Url
SID
X-Vct
Pics-Label
X-Varnish-Action
MIME-Version
X-Apw-Access-Token
X-Swift-Error
X-PF-Uncompressing
X-Policy
X-Uri
Epwk-Cache
X-NGENIX-Cache
X-Apw-Hits
CDN
X-Apw-Access-Object
X-Apw-Access-Action
X-Dw-Trace-Id
X-NGINX-Cache
Fastcgi-X-Cache
X-Cf-Powered-By
Correlation-Id
X-Ecache
X-Lb-Id
X-WA
X-Serial
X-ServerName
X-Fpc
RequestUuid
Lfy
Warning
X-Bug-Bounty
X-Akamai-ERPolicy
X-Html-Edge-Cache
X-WPE-Loopback-Upstream-Addr
X-LiteSpeed-Tag
Ohc-Response-Time
X-Svr
X-Akamai-ERRuleID
X-Fastly-Cache-Hits
X-DSS
X-DW
X-RPM
X-RPS
X-DI
X-DB
X-Flow-Id
X-Page-Impression-Id
X-Zalando-Child-Request-Id
X-RSL