Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
Alt-Svc
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
Content-Encoding
X-Iinfo
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Id-2
X-Amz-Request-Id
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
EagleId
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Server-Id
X-WebKit-CSP
Feature-Policy
Server-Timing
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Host
X-Ac
X-Rq
Report-To
Content-Location
X-Node
X-OneAgent-JS-Injection
X-Backend-Server
X-Cnection
X-Response-Time
X-Origin-Cache
X-Cloud-Trace-Context
X-Application-Context
Request-Id
X-Readtime
EagleEye-TraceId
Allow
Surrogate-Control
X-Country
X-ORACLE-DMS-ECID
X-Cache-Lookup
X-Cdn
X-DynaTrace
X-Vhost
X-TTL
Pinterest-Generated-By
X-Url
X-Ua-Compatible
X-Rack-Cache
X-Clacks-Overhead
X-Origin-Upstream-Status
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Ruxit-JS-Agent
NEL
X-FTR-Request-ID
Rating
X-Country-Code
X-CST
X-HW
X-ORACLE-DMS-RID
X-Goog-Hash
X-Dispatcher
X-Instart-Request-ID
Fusion-Component-Id
Fusion-Source
Fusion-Content-Source
Fusion-Template-Id
Fusion-Content-Id
X-DataStream-Cache-Status
Edge-Control
X-TtlSet
X-PC
X-Vname
X-Px
X-DataDome
X-VARITI-CCR
Service-Worker-Allowed
X-MS-InvokeApp
X-Request-ID
X-Dns-Prefetch-Control
X-Mod-Pagespeed
Verso
X-Recruiting
SPRequestGuid
X-D2id
X-Varnish-TTL
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Vcap-Request-Id
RTSS
X-Amz-Server-Side-Encryption
DynaTrace
X-SharePointHealthScore
X-Navigation-Version
TCN
X-Abt-Application-Version
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-GitHub-Request-Id
Display
X-Middleton-Response
X-Sol
X-Middleton-Display
Response
X-Akam-SW-Version
X-Powered-By-Plesk
X-RateLimit-Remaining
MS-Author-Via
Charset
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
Content-MD5
X-B3-TraceId
ServerID
X-Shield-Request-Id
Ar-Sid
AR-PoweredBy
AR-CACHE
AR-ATIME
X-Amz-Rid
X-ESI
X-Trace
Realpath
X-Forwarded-Proto
Accept-Ch
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Powered-CMS
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-DynaTrace-JS-Agent
X-Dw-Request-Base-Id
Accept-Ch-Lifetime
AR-Request-ID
Nginx-Cache
X-Version
X-Upstream
X-Cached
Fastly-Restarts
X-Server-Name
Public-Key-Pins
X-Shard
Pagespeed
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
MRF-Tech
X-Mrf-Section-Lastmod
Access-Control-Request-Method
Paypal-Debug-Id
X-MSEdge-Ref
SPIisLatency
X-Goog-Storage-Class
SPRequestDuration
X-Grace
X-Client-IP
S
X-Vcache
X-Debug
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Proxy
X-Amz-Meta-S3cmd-Attrs
X-FTR-Expires
X-FTR-DC
X-FTR-Realm
X-Id
X-Ezoic-Cdn
X-FTR-Balancer
X-FTR-Cache-Status
X-DataStream-Origin-MEX-Latency
X-FTR-Backend
X-Country-Code-Real
X-FTR-Backend-Server
X-DataStream-MidMile-RTT
X-N
X-Fastly-Request-ID
X-T
X-DIS-Request-ID
MicrosoftSharePointTeamServices
X-Amzn-Trace-Id
Arr-Disable-Session-Affinity
X-NF-Request-ID
Accept-CH
X-Content-Type
Front-End-Https
X-Hits
X-FastCGI-Cache
X-B3-Sampled
X-Ser
X-FTR-Cache-Host
PB-PID
PB-RID
Arc-Version
X-Varnish-Age
X-Mobile-Rewrite
Fastcgi-Cache
Alternate-Protocol
X-B3-Traceid
X-Frontend
X-Acc-Meta-Resource-Type
X-Logged-In
X-XRDS-Location
Server-Name
X-Content-Digest
X-Srv
X-Correlation-Id
X-Forwarded-For
X-Pad
Nel
X-Cache-Key
X-Node-Name
Host
Powered-By-ChinaCache
X-Request-Handler-Origin-Region
X-Microsite
AMP-Access-Control-Allow-Source-Origin
FilterID
Healthy
X-Kinsta-Cache
X-Type
X-LB-Cache
X-Rid
TP-Cache
TP-L2-Cache
X-User-Agent
X-IPLB-Instance
Edge-Cache-Tag
X-XRDS-LOCATION
X-Request-Received
X-Request-Processing-Time
X-AOL-HN
X-Cached-By
X-VCache
X-F-Cache
X-Debug-Info
X-Cache-2
X-Zen-Fury
X-Revision
X-Amzn-RequestId
X-Amz-Apigw-Id
Powered
X-GUploader-UploadID
Backend-Timing
X-HS-Hub-Id
X-HS-Content-Id
X-Analytics
X-Esi
X-Cache-Age
X-Hostname
X-Cache-Rule
X-Fastcgi-Cache
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Accel-Expires
Surrogate-Key
X-Activity-Id
X-AppVersion
X-Az
X-Varnish-Backend
X-Via-JSL
X-Content-Security-Policy-Report-Only
VIX-Pulpo-Upstream-Status
X-Page-Id
VIX-Pulpo-Node
X-Tumblr-User
X-Akamai-Edgescape
X-Amz-Replication-Status
Source
X-Instance
X-Jobs
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Varnish-Grace
X-Content-Powered-By
X-FB-Debug
X-Request-Guid
X-Content-Options
X-App-Environment
X-Cluster
Cache-Status
X-PHP-Backend
X-BCube-Filmed-By
X-Framework
Cleartype
X-TT
Refresh
Server-Node
X-Server-ID
Accept-CH-Lifetime
X-Forwarded-Host
X-RateLimit-Limit
X-Signature
X-B-Cache
X-Varnish-Hostname
X-FW-Type
Tracecode
X-FW-Hash
Liferay-Portal
X-FW-Server
X-FW-Serve
X-FW-Static
X-ATG-Version
DC
WPE-Backend
Host-Header
X-Mobile
Accept-Charset
X-Cache-Control
X-Time
X-Edge-Location
X-Cache-Action
Access-Control-Allow-Method
X-Drupal-Cache-Tags
X-Cache-Operation
Actual-Object-TTL
X-Cache-Hit
X-Response-Served-From
X-Accel-Buffering
X-Erf-Bev-Bev-Is-Generated
X-B
X-Hp-Webp
Fastcgi-Useragent
X-Erf-Bev-Bev
X-Mobile-URL
X-NWS-LOG-UUID
Cache
Xserver
X-UA-Device-Type
X-TX-ID
Payment
X-Content-Age
X-WebKit-CSP-Report-Only
Upgrade-Insecure-Requests
X-APP-VERSION
X-GeoIP
X-Storage
X-Whom
X-WA-Info
X-TT-TIMESTAMP
X-RequestSource
X-Tumblr-Pixel-1
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-SS-Set-Cookie
X-Tumblr-Pixel-2
Cache-Tv-Group
Filters
X-App-Server
X-Adobe-Loc
X-Cacheable-TTL
X-Git-Hash
Eomportal-Instance
X-Status
X-Adobe-Content
X-ProcessESI
X-RemovedCookies
X-Handled-By
Viewport
NGB
X-VG-WebCache
X-Cache-TTL
X-Ratelimit-Reset
X-Geo-Country
X-Ratelimit-Limit
Cache-Tag
Datacenter
Webserver
X-Cache-TTL-Remaining
Retry-After
X-FB-TRIP-ID
Server-Info
X-TA-CDN-Provider
X-FW-Dynamic
X-Cache-Enabled
X-Oracle-Dms-Rid
X-Seen-By
X-Presslabs-Stats
MS-CV
X-Contextid
X-Host-Name
X-Guploader-Uploadid
X-Origin-Server
X-Webkit-Csp
Country
X-Generated-By
S-Cnection
X-Hyper-Cache
Frame-Options
X-RTag
Ms-Operation-Id
X-PressLabs-Stats
X-Mode
From-Origin
X-AWS-Id
X-LJ-Flow-ID
X-RN-RSRV
X-VWS-Id
X-ES-SERVER
X-Cache-Var-Map
Machine
Load-Balancing
Meta-Geo
X-Path-Route
X-Tumblr-Pixel-3
X-Cache-Var
Mail-Subject
X-Zipkin-Id
X-B3-Spanid
X-Routing-Service
X-Backend-Name
X-CF-Powered-By
DSUID
X-Cache-Host
We-Hiring
X-Upstream-CT
X-Cache-Grace
X-Proxied
X-Upstream-HT
X-Cache-Config
X-Debug-Cache
X-Hit
X-From
X-EIG-Tracking-Id
X-Viewer-Country
Mn-Server-Ip
Now
X-MP-GENERATED-AT
Cache-Key
Decoy-Debug-Key
Decoy-Debug-TTL
Decoy-Debug-Status
X-Section
Release
X-Access
X-Labrador-Cache-Channel
Vix-Hermes-Req-Id
X-Varnish-Cache-Hits
X-Alternate-Cache-Key
X-Rule
ServedBy
X-CCM
X-L-Path
X-Magnolia-Registration
X-Region
X-Upgrade-Enabled
X-Loop
X-Web-Node
X-TNCMS
X-Sorting-Hat-ShopId
X-OCL
X-Proto
X-R9-Blue-Green-Version
X-Sorting-Hat-PodId
X-RCS-CacheZone
X-Shopify-Stage
X-Varnish-Server
X-PCL
X-ShardId
X-Endurance-Cache-Level
X-Environment-Context
X-Human
X-Device-Type
X-Varnish-Hits
X-ShopId
X-Generated
X-S
X-Origin-Response-Time
GEO-INFO
X-Proxy-Build
X-Goog-Meta-Goog-Reserved-File-Mtime
X-NCache
X-Cluster-Node
X-Via-Fastly
X-Akamai-Request-ID
X-Rendered-As
Rt-Fastcgi-Cache
X-Xfnlog-Site
X-JoinUs
X-Timing-Wait
OT-Force-Account-Verify
Akamai-GRN
Cache-Name
DB-Nickname
X-BYPASS-REASON
X-FC-Vary-Parameters
X-ProxyCache-Status
X-ProxyCache-Key
X-Hosted-By
X-VG-TLSProxy
Uber-Trace-Id
X-Trace-Id
X-Site-Version
X-Drupal-Cache-Contexts
X-Locale
X-VCT
X-Www-Served-By
ProcessTime
X-Redis-Cache
X-Nginx-Cache
NGX
X-Load-Cache
Cteonnt-Length
Version
X-Request-Time
X-Cache-NE
X-Platform-Server
SRV
X-Via-CDN
X-IP
X-UUID
X-Hl-Ver
X-Time-Microsecs
X-EdgeConnect-Cache-Status
X-NewRelic-App-Data
Azure-InstanceId
X-Daa-Tunnel
X-MServer
Azure-SiteName
Azure-RegionName
Azure-SlotName
Time
Azure-Version
Webcakes-App-Version
Webcakes-Region
X-FW-Version
X-Origin-Hint
X-Origin
X-Rocket-Nginx-Bypass
TWC-Device-Class
TWC-Connection-Speed
S-Rt
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Privacy
TWC-Locale-Group
X-ServerID
Webcakes-App-Name
Property-Id
X-ECACHE
X-Dc
X-IPS-LoggedIn
X-Vgn-Hpd-Reason
NtCoent-Length
X-Wix-Request-Id
X-Proxy
X-Cache-Remote
Origin
X-No-Session
X-Akamai-Request-ID2
X-FireWall-Port
X-Akamai-Transformed
X-UA
X-GEO
X-Oneagent-Js-Injection
X-Real-IP
Odigeo-Trace-Id
CACHE
X-Distributor
Fastly-SSL
X-RateLimit-Reset
X-ApacheServer
X-PERF
X-Cache-Backend
X-CS
X-CDN-Forward
X-Cache-Server
X-Format
X-HTML-Minification-Powered-By
L5d-Success-Class
Ec-Rule-Version
X-Pubstack
X-Microcachable
X-Compress-Hint
X-SERVER-NAME
X-UnsetCookies
Cache-Tags
Origin-Edge-Control
Origin-Cache-Control
Served-By
Access-Control-Request-Headers
X-Unique-ID
Fastcgi-X-Cache-Version
Hostname
X-Edge
X-BACKEND-TTL
LB
X-Tb
X-Ratelimit-Remaining
BehaviorPad-Version
Cache-Cookie-Set-From
IBM-Web2-Location
Cache-Cookie-Set-Idcheck
X-Destination
VivaBuild
AsisCache
X-Instart-Info
X-CF-Lambda-Fn
Cache-Cookie-Set-Lfrom
X-Cdn-Srv
X-Worker
X-Transaction
X-Trv-Group
X-Debug-Cookies
X-Debug-Log
Arc-Country
X-Is-Bot
Xc-Version
Cache-Prefix
X-IN-APIGATEWAY
X-DPWN-IS-SECURE
Content-Style-Type
A
Fly-Cache
X-A-Ccd
X-G
Cross-Origin-Window-Policy
X-Edge-Server
X-Connection-Hash
Fly-Request-Id
Content-Script-Type
Cdn-Request-Time
X-Developer
X-External-Request-Id
X-CF-Lambda-Version
X-Cluster-Name
X-D
X-Date
GEO-REGION-INFO
X-Detected-As
MD5-Digest
Rt-Proxy-Cache
X-Aed
X-Accel-Expires-Debug
X-Region-Sid
Server-ID
X-A-Wwc
X-AIR-PT
X-PAYTM-SRV-ID
X-SRCache-Key
Request-Time
X-NU-AKA-ACS-Version
X-NX-Host
Viewtype
X-Twitter-Response-Tags
X-Request-UUID
X-A-Dcw
X-Powered-By-Defense
X-Server-Time
X-A-Dam
X-VG-WebServer
X-A-Dgt
X-ScT
X-Rojux
X-Rewrite-Enabled
X-A
X-S-Cookie
X-S-Maxage
X-Grey
X-Org
X-Cache-Category-Id
Mobile-Detection-Method
Meta-Geo-Continent
Node
Proxy-Connection
X-Application
Cdn-Host
X-B-Cookie
X-Vtex-Remote-Cache
X-ARC
Proxy-Firewall
X-Cache-Bucket
Request-Country
Request-EU
Rendered-Blocks
Accept-Language
X-Vtex-Processado-Em
X-Varnish-Cacheable
Backend-Name
X-ElasticPress-Search
X-B3-Parentspanid
X-Cache-Id
Memcached
X-Cache-Info
X-Cdn-Origin
SS
ServerName
True-Client-Country-4JS
X-Core-Mission
Fastly-SIE
HA-Ipaddr
Fastly-SWR
W
Gh-Request-Id
Ha-Gx-Prefs
Resin-Trace
RNT-Machine
Server-Host
Country-Code
X-CGP
X-App-Name
RNT-Time
Esi-Enabled
Server-Int
X-C
X-Via-NSCOPI
X-Location
X-Nginx-Cache-Key
X-PHP-Host
X-Level-Front-Cache
X-Developers
X-HS-Combine-CSS
X-Internal-Host
X-Irp-Debug
X-Varnish-Url
X-Nc
X-Processor
X-Sn-Servicetimems
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-TH-Server
X-ServiceProvider
X-Request-URI
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Reqid
X-HS-Cache-Config
X-Key
X-Geo-Header
X-Fastly-Cache
X-Eu-Site
X-Hash
X-Dispatcher-Server
X-Dispatch
AKAMAI
X-Generated-On
X-NC
X-Request-Start
X-Epic-Correlation-Id
X-Fetched-On
X-Gen-Mode
X-Crawler
X-Qloud-Router
X-Reboot
X-Via-SSL
X-Skip-Cache
X-SIPLIST1
Wxu-Next-Region
Wxu-Next-Commit
X-Device-Os
X-Variation
X-Distil-CS
X-Cms-Context
X-SD-PageType
X-Served-From
X-Via-Edge
X-Response-By
X-Generation-Time
X-Cache-FS-Status
X-Wikidot-Backend
Who
X-Webstats-RespID
X-WebServer
X-Wikidot-Static-Cache
X-CDN-Cache
X-Hnp-Log
X-Clara-WADP
REQUESTUUID
X-Clientip
X-We-Are-Hiring
X-Block-Status
X-Li-Pop
X-Amz-Meta-Cache-Control
X-LI-Proto
X-LI-UUID
X-Li-Fabric
X-Auto-Login
X-WADP-Cache
X-BBXSRF
X-Backend-State
X-GeoIP-Country-Code
X-Method
Wxu-Next-Hostname
Web-Mar-Node
Countrycode
Is-Eu
IsBot
PFcat
On-Server
Content-Disposition
CDCHOST
Apple-News-Services-Handled
Adler-Geo
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Platform
Fastly-Soc-X-Request-Id
UCS
V-Age
Section-Io-Cache
User-Cache-Control
SD-X-WS
X-Release
X-VServer
GW-Server
X-Gannett-Site-Version
X-Thinkindot-L3
X-FPC
Heartbleed
X-Thanos
Thinkindot-CacheControl-Type
X-Servername
Thinkindot-Control
X-CUA
Thinkindot-CacheControl
X-Swa-Ws
X-Server-IP
X-Secret
L
Powered-By
X-Azure-Ref
X-Azure-Ref-OriginShield
X-Proxy-Cache-Status
Pramga
X-Matched-Rule
X-Proxy-Upstream
X-Owner
X-Origin-Date
X-GeoIP-City
N-Cache
X-Origin-Expires
Mime-Version
X-Bip
Selected-Fe
X-Amzn-Remapped-Content-Length
X-Varnish-Ttl
X-OVcl-Cache
X-CLOUD-TRACE-CONTEXT
X-OVcl
X-ND-Cache
X-Ua
X-VC-Cache
X-TrackingId
X-FE
Kp-EeAlive
CF-IPCountry
X-Protected-By
X-Parent-Response-Time
X-Varnish-Beresp-Ttl
PageSpeed
X-Urbn-Site-Id
Locale
X-Urbn-Context-Path
Magicmarker
X-Fstrz
User-Agent
Pragrma
X-Pf-Uncompressing
Memory
X-LAGOON
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Geo
X-Planisys-CDN-TTL
X-Be
X-ABtesting
X-Hello
Pagetype
X-Origin-CC
X-Origin-TTL
X-Zone
X-Page-Type
X-Flog
X-B3-SpanId
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-URL
X-Cdn-Forward
X-Generated-In
X-IN-WAF
X-Ttl
X-Phone
X-Core-Value
X-DC
X-Dynatrace-Js-Agent
X-User
X-Backend-Url
X-Backend-Host
X-Tt-Trace-Tag
X-Newrelic-Synthetics
X-Backend-TTL
X-Debug-Cache-Expiry
X-MSEdge-Flight
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-GoCache-CacheStatus
X-MSEdge-Features
X-Birta-Served
X-Cache-Ttl
X-Birta-Cache-Post
Cdn
X-Up
X-TT-LOGID
Geoip-Latitude
Geoip-City
X-Soup
GeoIp-Country-Code
X-Litespeed-Cache
X-Info
X-Varnish-IP
Selected-FE
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Request-Id
HitType
X-MID
X-Check-Cacheable
X-Servedbyhost
SN
X-Real-Ip
X-Mid
X-Datadome
X-Say-TTL
X-SayCDN-TTL
X-Aicache-OS
X-Vcl-Version
X-Say-Cacheable
X-Old-Content-Length
X-HS-Status
Amp-Access-Control-Allow-Source-Origin
X-GRACE
CF-Cached-On
X-Ruxit-Js-Agent
Cache-Hits
X-Cache-Debug
FSS-Cache
X-VCL-Version
X-Agile
X-ZONE
FSS-Proxy
X-Bc
X-Refresh
X-Agile-Id
X-Agile-Age
X-App-Version
X-Source
X-Amzn-Remapped-Date
X-ServedByHost
X-Amzn-Remapped-Connection
X-Tb-Optimization-Total-Bytes-Saved
X-Akamai-SSL-Client-Sid
Srv
X-Web-Server
HostName
X-Varnish-Authentication
GeoIP-Country-Code
Server-Surrogate-Control
Inserted-Into-Cache-At
Server-Cache-Control
X-Cache-ASPX
Fastly-Backend-Name
X-Contensis-Viewer-Groups
X-Cache-Time
X-CSRF-Token
X-EC-Lua
Ajk
X-COUNTRY
WZWS-RAY
X-CSRF-TOKEN
X-Logtrace-Id
X-IN-APIGATEWAYSSL
X-Node-Id
X-APP
X-Via-Ucdn
RequestId
GeoIP-City
X-UPSTREAM-Address
GeoIP-Latitude
X-Nananana
X-BC
Cf-Ipcountry
X-ECache
Group
Ohc-File-Size
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-WR-MODIFICATION
X-NWS-UUID-VERIFY
X-Proxy-Cacherz
Xkeyrz
Ohc-Cache-HIT
X-Dynatrace
WebServer
XServer
HTTPS
X-BE
X-Wa
X-Varnish-Beresp-TTL
T-Server
X-Unique-Id
Is-Session-Tracking
Xkeynj
Get-Access-Time
Www
X-FORWARDED-FOR
X-Fastly-Country-Code
URI
X-Cache-Tag
X-CACHE-KEY
X-TIME
Backend
X-SN
X-PAGE-TYPE
X-LB-ID
PICS-Label
Cneonction
X-PJAX-URL
X-Requestid
X-Edge-IP
X-Request-Url
X-Micro-Cache
X-Render-Time
X-Instart-Isnd
X-Sedo-Request-Id
X-GDPR
X-Cache-Miss-From
Xet-Cookie
Dynatrace
X-LiteSpeed-Cache-Control
X-MCACHE
Lb
X-Pjax-Url
Host-ID
Requestid
X-Fastly-Backend-Reqs
X-Cache-Expires
DataCenter
X-SRV
SID
Pics-Label
X-Policy
X-Uri
X-Vct
X-Lb-Id
X-Apw-Hits
MIME-Version
X-Swift-Error
X-Apw-Access-Action
X-Apw-Access-Token
X-Apw-Access-Object
CDN
X-NGINX-Cache
X-Dw-Trace-Id
X-Ecache
X-WA
X-Varnish-Action
X-Cf-Powered-By
Epwk-Cache
Correlation-Id
X-HostName
X-PF-Uncompressing
X-Newrelic-App-Data
X-NGENIX-Cache
Lfy
X-Bug-Bounty
X-Flow-Id
Warning
X-Serial
Cache-Provider
X-Cdn-Request-ID
X-Service
X-Akamai-ERRuleID
X-Fastly-Cache-Hits
X-Html-Edge-Cache
X-Akamai-ERPolicy
RequestUuid
X-Zalando-Child-Request-Id
X-RSL
X-DI
X-RPS
X-RPM
X-DW
X-DB
X-Fpc
X-WPE-Loopback-Upstream-Addr
X-DSS
X-ServerName
Fastcgi-X-Cache
X-Page-Impression-Id