Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Alt-Svc
X-Adblock-Key
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Age
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Id-2
X-Amz-Request-Id
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
EagleId
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
X-Request-ID
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Server-Id
X-WebKit-CSP
Feature-Policy
Server-Timing
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Host
X-Rq
Report-To
X-Ac
X-Node
Content-Location
X-OneAgent-JS-Injection
X-Cnection
X-Response-Time
X-Backend-Server
X-Cloud-Trace-Context
X-Origin-Cache
X-Application-Context
X-Readtime
Request-Id
Allow
EagleEye-TraceId
Surrogate-Control
X-ORACLE-DMS-ECID
X-Country
X-DynaTrace
X-Vhost
X-Cache-Lookup
X-TTL
X-Cdn
Pinterest-Generated-By
X-Rack-Cache
X-Clacks-Overhead
X-Origin-Upstream-Status
X-Url
X-Ua-Compatible
NEL
X-FTR-Request-ID
X-Ruxit-JS-Agent
Rating
X-Country-Code
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-CST
X-Dns-Prefetch-Control
X-Dispatcher
X-HW
X-Goog-Hash
X-Instart-Request-ID
X-ORACLE-DMS-RID
Fusion-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Template-Id
X-DataStream-Cache-Status
Edge-Control
X-Vname
X-PC
X-TtlSet
X-DataDome
X-Px
X-VARITI-CCR
Service-Worker-Allowed
Verso
X-Mod-Pagespeed
X-MS-InvokeApp
X-Recruiting
X-Varnish-TTL
X-D2id
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-Use-Magma
X-Kinja-Revision
X-Kinja-Server
X-Kinja
X-Kinja-Build
X-GoogleNews-Bot
SPRequestGuid
RTSS
X-Vcap-Request-Id
X-Amz-Server-Side-Encryption
X-Abt-Application-Version
TCN
X-SharePointHealthScore
X-Navigation-Version
X-GitHub-Request-Id
X-SRCache-Store-Status
X-SRCache-Fetch-Status
DynaTrace
X-Middleton-Response
Response
X-Middleton-Display
Display
X-Sol
X-Akam-SW-Version
X-Powered-By-Plesk
X-RateLimit-Remaining
X-TEC-API-ORIGIN
MS-Author-Via
X-TEC-API-VERSION
X-TEC-API-ROOT
Charset
X-Shield-Request-Id
ServerID
X-Amz-Rid
X-Forwarded-Proto
Content-MD5
AR-ATIME
AR-PoweredBy
Ar-Sid
AR-CACHE
X-B3-TraceId
Realpath
X-Trace
X-Powered-CMS
Accept-Ch-Lifetime
Nginx-Cache
X-Upstream
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Version
X-Cached
Fastly-Restarts
Public-Key-Pins
X-Dw-Request-Base-Id
Accept-Ch
X-Shard
AR-Request-ID
X-DynaTrace-JS-Agent
X-Mrf-Section-Lastmod
MRF-Tech
Mrf-Cache-Status
X-ESI
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
Pagespeed
X-Server-Name
Access-Control-Request-Method
X-MSEdge-Ref
Paypal-Debug-Id
X-Vcache
X-Goog-Storage-Class
SPIisLatency
X-Client-IP
SPRequestDuration
X-Grace
S
X-Debug
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Expires
X-FTR-Backend
X-FTR-Balancer
X-FTR-Realm
X-DataStream-MidMile-RTT
X-Id
X-DataStream-Origin-MEX-Latency
X-Ezoic-Cdn
X-FastCGI-Cache
X-Amz-Meta-S3cmd-Attrs
Accept-CH
X-N
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Proxy
X-Fastly-Request-ID
X-T
Front-End-Https
X-DIS-Request-ID
X-Amzn-Trace-Id
X-NF-Request-ID
Arr-Disable-Session-Affinity
X-B3-Traceid
X-Content-Type
MicrosoftSharePointTeamServices
X-Hits
X-XRDS-Location
X-B3-Sampled
X-FTR-Cache-Host
X-Varnish-Age
X-Ser
X-Frontend
Fastcgi-Cache
PB-RID
PB-PID
Arc-Version
X-Mobile-Rewrite
X-Acc-Meta-Resource-Type
X-Content-Digest
X-Logged-In
Server-Name
Alternate-Protocol
X-Correlation-Id
X-Srv
X-Cache-Key
X-Node-Name
X-Pad
X-Esi
AMP-Access-Control-Allow-Source-Origin
Nel
X-Request-Handler-Origin-Region
X-Microsite
X-Forwarded-For
FilterID
TP-L2-Cache
TP-Cache
Host
X-Type
X-Kinsta-Cache
Healthy
X-User-Agent
X-Rid
X-LB-Cache
Powered-By-ChinaCache
X-Request-Processing-Time
X-Request-Received
X-IPLB-Instance
X-F-Cache
X-Zen-Fury
Edge-Cache-Tag
Powered
X-Debug-Info
X-AOL-HN
X-Cache-2
X-Amz-Apigw-Id
X-Amzn-RequestId
X-GUploader-UploadID
X-Cached-By
X-Revision
X-VCache
X-Hostname
X-HS-Content-Id
X-HS-Hub-Id
Backend-Timing
X-Analytics
X-Cache-Age
X-Kong-Upstream-Latency
X-Cache-Rule
X-Kong-Proxy-Latency
X-Via-JSL
X-Accel-Expires
X-XRDS-LOCATION
X-AppVersion
X-Activity-Id
X-Az
Surrogate-Key
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Varnish-Backend
X-Content-Security-Policy-Report-Only
X-BCube-Filmed-By
X-Content-Options
X-Page-Id
X-Instance
X-RateLimit-Limit
X-Cluster
X-Varnish-Grace
X-FB-Debug
X-Amz-Replication-Status
X-Tumblr-User
X-Tumblr-Pixel-0
X-Content-Powered-By
X-Akamai-Edgescape
X-PHP-Backend
X-Tumblr-Pixel
X-Request-Guid
X-Jobs
Source
Cache-Status
Server-Node
X-App-Environment
X-TT
X-Forwarded-Host
X-Signature
X-B-Cache
Refresh
Cleartype
X-Framework
Liferay-Portal
X-Fastcgi-Cache
X-FW-Server
X-FW-Type
X-FW-Hash
X-FW-Static
X-FW-Serve
Accept-CH-Lifetime
X-Varnish-Hostname
DC
X-ATG-Version
Tracecode
Host-Header
WPE-Backend
Accept-Charset
Access-Control-Allow-Method
Fastcgi-Useragent
X-APP-VERSION
X-Cache-Operation
X-Mobile
X-Cache-Control
X-Cache-Action
X-Edge-Location
X-Drupal-Cache-Tags
X-Time
X-B
X-Cache-Hit
Actual-Object-TTL
X-Erf-Bev-Bev-Is-Generated
X-Hp-Webp
X-Mobile-URL
X-Accel-Buffering
X-Response-Served-From
X-Erf-Bev-Bev
X-Whom
Payment
X-Storage
X-TX-ID
X-App-Server
X-WebKit-CSP-Report-Only
X-Oracle-Dms-Rid
X-WA-Info
X-Content-Age
X-NWS-LOG-UUID
X-Yottaa-Optimizations
Cache-Tv-Group
X-Yottaa-Metrics
X-TT-TIMESTAMP
Upgrade-Insecure-Requests
X-Git-Hash
X-UA-Device-Type
Filters
X-Handled-By
X-Cacheable-TTL
NGB
X-SS-Set-Cookie
X-GeoIP
X-Adobe-Loc
X-Tumblr-Pixel-2
Eomportal-Instance
X-Tumblr-Pixel-1
X-Status
X-Adobe-Content
X-ProcessESI
Cache-Tag
X-RemovedCookies
X-RequestSource
Viewport
X-Geo-Country
X-VG-WebCache
Retry-After
Cache
Xserver
Webserver
Datacenter
X-Cache-TTL-Remaining
X-FW-Dynamic
X-Cache-TTL
X-Presslabs-Stats
X-Seen-By
X-Server-ID
Server-Info
MS-CV
X-Ratelimit-Reset
X-FB-TRIP-ID
X-TA-CDN-Provider
X-Cache-Enabled
X-Host-Name
X-Ratelimit-Limit
X-B3-Spanid
Frame-Options
X-Contextid
X-Generated-By
From-Origin
X-Origin-Server
Ms-Operation-Id
X-RTag
X-Hyper-Cache
S-Cnection
X-Mode
Country
X-CF-Powered-By
X-PressLabs-Stats
X-Cache-Var
X-Cache-Var-Map
X-Path-Route
X-RN-RSRV
Machine
X-Cache-Config
X-Tumblr-Pixel-3
Load-Balancing
Meta-Geo
X-ES-SERVER
X-Zipkin-Id
Cache-Key
X-Routing-Service
X-Cache-Grace
Vix-Hermes-Req-Id
X-Access
X-Section
X-Upstream-CT
X-Proxied
X-MP-GENERATED-AT
X-Upstream-HT
X-Hit
X-Labrador-Cache-Channel
X-OCL
X-TNCMS
GEO-INFO
X-Cache-Host
X-Varnish-Cache-Hits
X-Backend-Name
X-Varnish-Server
Decoy-Debug-Status
X-Human
X-From
Decoy-Debug-Key
X-PCL
X-Viewer-Country
Now
X-Upgrade-Enabled
Decoy-Debug-TTL
X-Web-Node
X-Loop
SRV
ServedBy
Mn-Server-Ip
X-EIG-Tracking-Id
X-Origin-Response-Time
X-LJ-Flow-ID
X-Region
X-L-Path
X-Sorting-Hat-ShopId
X-ShardId
X-ShopId
X-Magnolia-Registration
X-Rule
X-Sorting-Hat-PodId
X-VG-TLSProxy
X-Environment-Context
X-VWS-Id
X-R9-Blue-Green-Version
X-AWS-Id
X-Alternate-Cache-Key
X-CCM
X-Debug-Cache
X-Via-Fastly
X-Endurance-Cache-Level
X-Shopify-Stage
X-Akamai-Request-ID
Rt-Fastcgi-Cache
X-Drupal-Cache-Contexts
X-Rendered-As
DSUID
X-RCS-CacheZone
DB-Nickname
X-Proto
X-Timing-Wait
Mail-Subject
X-Xfnlog-Site
X-FC-Vary-Parameters
X-Proxy-Build
X-S
Cache-Name
X-Hosted-By
We-Hiring
X-Cluster-Node
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated
X-NCache
X-JoinUs
OT-Force-Account-Verify
X-Varnish-Hits
Akamai-GRN
X-Guploader-Uploadid
Release
X-Device-Type
Uber-Trace-Id
Version
X-Trace-Id
X-NewRelic-App-Data
X-Nginx-Cache
X-Site-Version
X-Locale
X-Www-Served-By
Cteonnt-Length
X-ProxyCache-Status
X-BYPASS-REASON
X-Request-Time
X-ProxyCache-Key
ProcessTime
X-VCT
NGX
X-Load-Cache
X-IP
X-Time-Microsecs
X-Platform-Server
Time
X-Redis-Cache
X-UUID
X-Wix-Request-Id
X-Origin
S-Rt
Azure-SiteName
Azure-InstanceId
Azure-RegionName
CACHE
Azure-SlotName
Azure-Version
X-FW-Version
X-Dc
X-Via-CDN
Webcakes-App-Name
TWC-Privacy
X-Origin-Hint
X-ECACHE
TWC-Locale-Group
Webcakes-App-Version
TWC-GeoIP-Country
Property-Id
X-EdgeConnect-Cache-Status
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-LatLong
Webcakes-Region
X-GEO
X-Cache-NE
X-Akamai-Request-ID2
NtCoent-Length
X-MServer
X-No-Session
X-CDN-Forward
X-Rocket-Nginx-Bypass
X-Daa-Tunnel
X-Proxy
X-FireWall-Port
X-Hl-Ver
X-SERVER-NAME
X-Cache-Remote
X-Vgn-Hpd-Reason
X-ServerID
X-IPS-LoggedIn
X-RateLimit-Reset
X-Akamai-Transformed
Origin
X-HTML-Minification-Powered-By
X-PERF
X-ApacheServer
Odigeo-Trace-Id
X-Cache-Server
X-UA
X-Distributor
X-CS
X-Format
X-Oneagent-Js-Injection
Ec-Rule-Version
Fastly-SSL
Cache-Tags
LB
Access-Control-Request-Headers
L5d-Success-Class
X-UnsetCookies
X-Real-IP
X-Pubstack
X-Tb
Accept-Language
X-Microcachable
X-Unique-ID
Hostname
Origin-Edge-Control
Origin-Cache-Control
X-NC
Served-By
X-Webkit-Csp
X-Cache-Backend
Fastcgi-X-Cache-Version
X-Varnish-Cacheable
IBM-Web2-Location
X-Compress-Hint
X-Grey
X-Cache-Category-Id
Content-Style-Type
Content-Script-Type
Fly-Cache
X-G
MD5-Digest
GEO-REGION-INFO
Fly-Request-Id
Fastly-SIE
Fastly-SWR
Cross-Origin-Window-Policy
Cache-Prefix
X-Internal-Host
A
Arc-Country
X-Is-Bot
X-NU-AKA-ACS-Version
X-Worker
X-Org
AsisCache
X-Instart-Info
Meta-Geo-Continent
Cdn-Host
Cdn-Request-Time
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
X-Transaction
Cache-Cookie-Set-From
X-IN-APIGATEWAY
Proxy-Firewall
X-Aed
X-Date
X-AIR-PT
X-Accel-Expires-Debug
X-A-Wwc
X-A-Dam
X-A-Dcw
X-A-Dgt
X-App-Name
X-Application
X-Cdn-Srv
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Connection-Hash
X-Cache-Bucket
X-ARC
X-D
X-B-Cookie
X-A-Ccd
X-A
Request-EU
Request-Time
X-Edge-Server
Request-Country
Rendered-Blocks
Node
X-External-Request-Id
X-PAYTM-SRV-ID
Rt-Proxy-Cache
Server-ID
X-Developer
X-Detected-As
X-Destination
Xc-Version
VivaBuild
X-DPWN-IS-SECURE
Viewtype
Mobile-Detection-Method
BehaviorPad-Version
X-Trv-Group
Backend-Name
X-Twitter-Response-Tags
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-B3-Parentspanid
X-Cluster-Name
X-Request-UUID
X-ScT
X-BACKEND-TTL
X-Rojux
X-Region-Sid
X-Varnish-Url
Proxy-Connection
X-S-Cookie
X-S-Maxage
X-VG-WebServer
X-Rebelmouse-Surrogate-Control
X-Server-Time
X-Rebelmouse-Cache-Control
X-Rewrite-Enabled
X-SRCache-Key
X-ElasticPress-Search
ServerName
X-URL
X-Nginx-Cache-Key
HA-Ipaddr
X-Request-URI
X-Sn-Servicetimems
AKAMAI
Is-Eu
Ha-Gx-Prefs
X-Level-Front-Cache
X-HS-Cache-Config
X-SVT-ORM-RULES
X-Debug-Cookies
X-Debug-Log
X-GeoIP-Country-Code
Gh-Request-Id
X-CGP
Memcached
Platform
X-Variation
X-Clientip
X-Eu-Site
W
X-Epic-Correlation-Id
On-Server
X-Fastly-Cache
X-C
X-NX-Host
True-Client-Country-4JS
X-Edge
X-Developers
X-PHP-Host
X-Amzn-Remapped-Content-Length
X-Cdn-Origin
X-We-Are-Hiring
Section-Io-Cache
X-Backend-State
X-Core-Mission
X-Location
X-ServiceProvider
X-Cache-Id
Server-Int
Apple-News-Services-Handled
Adler-Geo
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-SVT-ORM-VERSION
RNT-Time
X-HS-Combine-CSS
Countrycode
Esi-Enabled
Resin-Trace
X-Skip-Cache
X-Cache-Info
RNT-Machine
REQUESTUUID
X-Geo-Header
Content-Disposition
X-Generated-On
Selected-Fe
X-Device-Os
User-Cache-Control
UCS
V-Age
X-Amz-Meta-Cache-Control
X-Cms-Context
X-Block-Status
X-BBXSRF
X-Cache-FS-Status
X-CDN-Cache
X-Clara-WADP
X-TH-Server
X-SIPLIST1
X-Auto-Login
X-SD-PageType
X-Method
X-Secret
X-Dispatch
X-Servername
X-Server-IP
Web-Mar-Node
X-Fetched-On
Country-Code
CDCHOST
X-Reboot
X-WADP-Cache
X-Dispatcher-Server
X-Hnp-Log
X-Generation-Time
X-GeoIP-City
X-Hash
X-Irp-Debug
X-WebServer
X-Wikidot-Backend
X-Qloud-Router
X-Wikidot-Static-Cache
X-LI-UUID
X-LI-Proto
X-Key
X-Li-Fabric
X-Li-Pop
X-Gen-Mode
Fastly-Soc-X-Request-Id
X-Gannett-Site-Version
PFcat
X-Request-Start
N-Cache
SS
Server-Host
X-FPC
IsBot
X-Reqid
X-Distil-CS
SD-X-WS
X-Response-By
X-Powered-By-Defense
X-SERVER
X-Origin-Date
L
X-Thinkindot-L3
X-Webstats-RespID
X-Processor
X-Matched-Rule
X-TrackingId
X-Proxy-Cache-Status
X-Swa-Ws
X-VServer
X-Proxy-Upstream
X-Bip
X-Owner
X-VC-Cache
X-Origin-Expires
X-Thanos
X-Crawler
X-Release
Who
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
Thinkindot-Control
Thinkindot-CacheControl-Type
Powered-By
X-Via-NSCOPI
Thinkindot-CacheControl
Pramga
Heartbleed
X-Nc
X-Azure-Ref
X-Azure-Ref-OriginShield
GW-Server
CF-IPCountry
X-Via-Edge
X-Via-SSL
X-Ua
X-Pf-Uncompressing
X-OVcl
X-Served-From
X-CUA
Kp-EeAlive
X-OVcl-Cache
X-Urbn-Context-Path
Mime-Version
Locale
X-Varnish-Ttl
X-Urbn-Site-Id
X-Parent-Response-Time
Magicmarker
X-FE
X-Varnish-Beresp-Ttl
X-CLOUD-TRACE-CONTEXT
User-Agent
X-Dynatrace-Js-Agent
X-LAGOON
X-ND-Cache
X-Ratelimit-Remaining
PageSpeed
Memory
X-ABtesting
X-Hello
X-Flog
X-Protected-By
Pagetype
X-Page-Type
X-Cache-Ttl
Pragrma
X-Fstrz
X-Be
X-Origin-CC
X-Origin-TTL
X-Backend-Host
X-Backend-Url
X-User
X-Newrelic-Synthetics
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Generated-In
X-Planisys-CDN-TTL
X-COUNTRY
X-Ttl
X-MSEdge-Flight
X-MSEdge-Features
X-GoCache-CacheStatus
X-Up
X-Tt-Trace-Tag
X-Geo
X-Backend-TTL
X-Zone
X-DC
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Debug-Cache-Store
X-IN-WAF
X-Debug-Cache-Expiry
X-Core-Value
X-Soup
X-Debug-Cache-Fetch
X-Phone
X-Check-Cacheable
X-Oss-Request-Id
X-Oss-Server-Time
X-B3-SpanId
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
Geoip-City
X-TT-LOGID
X-Cdn-Forward
Geoip-Latitude
GeoIp-Country-Code
X-Servedbyhost
X-ZONE
Cache-Hits
X-Litespeed-Cache
X-SayCDN-TTL
X-Say-TTL
X-Say-Cacheable
X-Old-Content-Length
SN
Cdn
X-Birta-Served
X-Birta-Cache-Post
X-Info
X-Real-Ip
X-Varnish-IP
X-Akamai-SSL-Client-Sid
X-VCL-Version
X-MID
Selected-FE
X-Mid
HitType
X-Datadome
X-CSRF-TOKEN
X-HS-Status
X-Cache-Time
Amp-Access-Control-Allow-Source-Origin
X-Ruxit-Js-Agent
X-GRACE
Fastly-Backend-Name
X-FORWARDED-FOR
FSS-Cache
Inserted-Into-Cache-At
X-Aicache-OS
X-Node-Id
FSS-Proxy
X-Vcl-Version
XServer
X-ServedByHost
X-Agile
X-BC
X-Agile-Age
X-Logtrace-Id
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
Ajk
WZWS-RAY
X-Agile-Id
X-IN-APIGATEWAYSSL
X-Tb-Optimization-Total-Bytes-Saved
X-Cache-Debug
CF-Cached-On
X-Refresh
X-EC-Lua
X-Bc
Server-Surrogate-Control
X-Contensis-Viewer-Groups
GeoIP-Country-Code
Server-Cache-Control
X-Varnish-Authentication
HostName
X-UPSTREAM-Address
X-Cache-ASPX
X-Source
X-Web-Server
X-RateLimit-Limit-Second
Dynatrace
GeoIP-City
RequestId
X-Via-Ucdn
X-Wa
X-RateLimit-Remaining-Second
GeoIP-Latitude
Srv
X-CSRF-Token
X-Nananana
X-APP
X-NWS-UUID-VERIFY
X-App-Version
X-WR-MODIFICATION
T-Server
PICS-Label
X-LB-ID
X-PJAX-URL
Xkeyrz
X-Proxy-Cacherz
X-TIME
X-ECache
Ohc-File-Size
WebServer
X-LiteSpeed-Cache-Control
Cf-Ipcountry
URI
X-Render-Time
Ohc-Cache-HIT
X-BE
X-GDPR
X-Micro-Cache
Group
X-Varnish-Beresp-TTL
X-Fastly-Country-Code
X-Unique-Id
MIME-Version
X-SRV
X-Cache-Tag
X-CACHE-KEY
HTTPS
Is-Session-Tracking
Get-Access-Time
Xkeynj
X-PAGE-TYPE
X-Policy
SID
X-Edge-IP
X-SN
X-Uri
X-Requestid
X-Sedo-Request-Id
Www
X-Cache-Miss-From
Backend
CDN
X-MCACHE
X-Instart-Isnd
X-Request-Url
X-Fastly-Backend-Reqs
DataCenter
Xet-Cookie
X-Cache-Expires
X-Cdn-Request-ID
X-Pjax-Url
Requestid
Cache-Provider
Pics-Label
Lb
X-Swift-Error
X-Vct
Cneonction
X-Apw-Access-Action
X-Service
Host-ID
X-Apw-Access-Object
X-Apw-Hits
X-Apw-Access-Token
X-Dw-Trace-Id
X-NGINX-Cache
X-Cf-Powered-By
X-Lb-Id
X-WA
X-Ecache
X-Var-Ttl
Correlation-Id
FNAC-ModuleRouting
X-Newrelic-App-Data
X-Serial
X-Fe
Ohc-Response-Time
X-Zalando-Child-Request-Id
X-Akamai-ERRuleID
X-Fastly-Cache-Hits
Epwk-Cache
X-Flow-Id
X-Akamai-ERPolicy
X-Bug-Bounty
X-Varnish-Action
X-Html-Edge-Cache
Lfy
Warning
X-Page-Impression-Id
X-WPE-Loopback-Upstream-Addr
X-RPS
X-RSL
X-Fpc
X-ServerName
X-RPM
X-DW
X-DB
X-DI
X-DSS
X-PF-Uncompressing