Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Request-Id
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
Alt-Svc
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
Content-Encoding
X-Iinfo
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Age
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Id-2
X-Amz-Request-Id
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
EagleId
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-SaveTime
X-Swift-CacheTime
X-WebKit-CSP
Ali-Swift-Global-Savetime
Feature-Policy
X-Device
Server-Timing
X-Server-Id
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Host
Report-To
X-Rq
X-Ac
Content-Location
X-Node
X-OneAgent-JS-Injection
X-Backend-Server
X-Cnection
X-Response-Time
X-Origin-Cache
X-Cloud-Trace-Context
X-Application-Context
EagleEye-TraceId
Allow
Request-Id
X-Readtime
Surrogate-Control
X-Country
X-ORACLE-DMS-ECID
X-Cache-Lookup
X-TTL
X-DynaTrace
X-Vhost
X-Url
X-Cdn
Pinterest-Generated-By
X-Rack-Cache
X-Clacks-Overhead
X-Origin-Upstream-Status
NEL
X-Ua-Compatible
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-FTR-Request-ID
X-CST
Rating
X-Ruxit-JS-Agent
X-Country-Code
X-HW
X-ORACLE-DMS-RID
X-Goog-Hash
X-Dispatcher
X-Instart-Request-ID
Fusion-Content-Source
Fusion-Component-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Id
X-DataStream-Cache-Status
Edge-Control
X-Px
X-TtlSet
X-PC
X-Vname
X-VARITI-CCR
X-DataDome
Service-Worker-Allowed
X-Mod-Pagespeed
Verso
X-MS-InvokeApp
X-Recruiting
SPRequestGuid
X-Request-ID
X-Dns-Prefetch-Control
X-D2id
X-Kinja
X-Kinja-Build
X-Kinja-Server
X-Kinja-Revision
X-Use-Magma
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Varnish-TTL
X-Vcap-Request-Id
RTSS
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
X-SharePointHealthScore
DynaTrace
TCN
X-Navigation-Version
X-RateLimit-Remaining
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-GitHub-Request-Id
X-Powered-By-Plesk
X-Middleton-Response
X-Middleton-Display
Response
X-Sol
Display
X-Akam-SW-Version
X-B3-TraceId
Charset
MS-Author-Via
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
Accept-Ch-Lifetime
Content-MD5
X-ESI
Ar-Sid
AR-CACHE
AR-ATIME
AR-PoweredBy
X-Shield-Request-Id
ServerID
X-Amz-Rid
Realpath
X-Trace
X-Powered-CMS
X-Goog-Metageneration
X-Goog-Generation
X-Forwarded-Proto
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Dw-Request-Base-Id
X-DynaTrace-JS-Agent
AR-Request-ID
Nginx-Cache
X-Version
X-Upstream
Accept-Ch
X-Cached
X-Server-Name
Fastly-Restarts
Public-Key-Pins
X-Shard
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
Mrf-Cache-Status
MRF-Tech
Access-Control-Request-Method
Paypal-Debug-Id
X-MSEdge-Ref
SPRequestDuration
SPIisLatency
X-Goog-Storage-Class
Pagespeed
X-Client-IP
S
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Proxy
X-Debug
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Balancer
X-Amz-Meta-S3cmd-Attrs
X-FTR-Realm
X-Id
X-Country-Code-Real
X-Grace
X-FTR-Expires
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Ezoic-Cdn
Accept-CH
X-N
X-T
X-DIS-Request-ID
X-Fastly-Request-ID
X-Vcache
MicrosoftSharePointTeamServices
Arr-Disable-Session-Affinity
Front-End-Https
X-Amzn-Trace-Id
X-NF-Request-ID
X-XRDS-Location
X-Content-Type
X-B3-Sampled
X-Hits
X-Varnish-Age
X-Ser
X-FastCGI-Cache
X-Mobile-Rewrite
Arc-Version
PB-PID
PB-RID
X-FTR-Cache-Host
X-Acc-Meta-Resource-Type
Alternate-Protocol
X-Frontend
Fastcgi-Cache
X-Server-ID
Server-Name
X-Logged-In
X-Content-Digest
X-B3-Traceid
X-Srv
X-Pad
X-Forwarded-For
X-Correlation-Id
X-VCache
X-Node-Name
Host
AMP-Access-Control-Allow-Source-Origin
Nel
X-Microsite
Powered-By-ChinaCache
X-Request-Handler-Origin-Region
TP-L2-Cache
TP-Cache
Healthy
FilterID
X-Type
X-Rid
X-Cache-Key
X-Kinsta-Cache
Edge-Cache-Tag
X-LB-Cache
X-IPLB-Instance
X-User-Agent
X-Request-Processing-Time
X-Request-Received
X-AOL-HN
X-Debug-Info
X-Cached-By
X-F-Cache
X-Cache-2
X-Zen-Fury
X-Revision
Powered
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Fastcgi-Cache
X-GUploader-UploadID
X-Hostname
X-HS-Content-Id
X-HS-Hub-Id
X-Cache-Rule
X-Cache-Age
Backend-Timing
X-Analytics
X-XRDS-LOCATION
X-Accel-Expires
Surrogate-Key
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-RateLimit-Limit
X-Esi
X-Varnish-Backend
X-AppVersion
X-Az
X-Activity-Id
X-Via-JSL
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Content-Security-Policy-Report-Only
X-BCube-Filmed-By
X-Instance
X-Content-Options
X-Page-Id
X-Akamai-Edgescape
Source
X-Cluster
X-FB-Debug
X-Varnish-Grace
X-Jobs
X-Tumblr-User
X-Amz-Replication-Status
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Content-Powered-By
Cache-Status
X-App-Environment
X-Request-Guid
X-Framework
X-TT
X-PHP-Backend
Cleartype
Server-Node
X-Forwarded-Host
Refresh
X-Signature
X-B-Cache
X-Varnish-Hostname
X-FW-Serve
X-FW-Hash
X-FW-Server
X-FW-Type
X-FW-Static
Liferay-Portal
Tracecode
WPE-Backend
X-ATG-Version
DC
Host-Header
X-Mobile
Accept-Charset
X-Cache-Operation
X-Time
X-Edge-Location
Access-Control-Allow-Method
X-Cache-Control
X-Drupal-Cache-Tags
X-Cache-Action
Actual-Object-TTL
Cache
Accept-CH-Lifetime
Fastcgi-Useragent
X-NWS-LOG-UUID
X-Hp-Webp
X-Mobile-URL
X-Response-Served-From
X-Erf-Bev-Bev
X-Cache-Hit
X-Accel-Buffering
X-Erf-Bev-Bev-Is-Generated
Payment
X-B
Upgrade-Insecure-Requests
X-TX-ID
X-Storage
X-Whom
X-App-Server
Xserver
X-WebKit-CSP-Report-Only
X-Content-Age
X-UA-Device-Type
X-TT-TIMESTAMP
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Git-Hash
X-GeoIP
X-RequestSource
X-Handled-By
Filters
X-SS-Set-Cookie
Eomportal-Instance
X-Tumblr-Pixel-1
X-Adobe-Loc
X-Cache-TTL
X-Cacheable-TTL
X-Tumblr-Pixel-2
X-Status
X-Adobe-Content
Cache-Tv-Group
X-WA-Info
Viewport
X-Ratelimit-Reset
X-ProcessESI
X-RemovedCookies
X-APP-VERSION
X-Geo-Country
X-VG-WebCache
NGB
X-TA-CDN-Provider
Cache-Tag
Webserver
Datacenter
Retry-After
X-FB-TRIP-ID
X-Cache-TTL-Remaining
Server-Info
X-FW-Dynamic
X-Cache-Enabled
X-Seen-By
X-Contextid
MS-CV
X-Host-Name
X-Ratelimit-Limit
X-Oracle-Dms-Rid
X-Presslabs-Stats
X-PressLabs-Stats
S-Cnection
X-Origin-Server
Country
From-Origin
Frame-Options
X-Generated-By
X-Hyper-Cache
X-Guploader-Uploadid
X-Mode
X-CF-Powered-By
X-RTag
Ms-Operation-Id
Meta-Geo
X-Cache-Var
X-RN-RSRV
X-Cache-Config
X-AWS-Id
X-LJ-Flow-ID
X-Path-Route
X-ES-SERVER
Machine
X-Cache-Var-Map
Load-Balancing
X-VWS-Id
X-Proxied
X-Labrador-Cache-Channel
We-Hiring
X-Section
X-Routing-Service
DSUID
X-Backend-Name
X-Upstream-HT
Cache-Key
Vix-Hermes-Req-Id
X-Tumblr-Pixel-3
X-Varnish-Cache-Hits
X-Zipkin-Id
X-Access
X-MP-GENERATED-AT
X-Upstream-CT
X-Hit
X-Cache-Host
Mail-Subject
X-Cache-Grace
Release
Mn-Server-Ip
X-Upgrade-Enabled
X-EIG-Tracking-Id
X-RCS-CacheZone
Now
X-Varnish-Server
X-Viewer-Country
X-From
X-Device-Type
X-Loop
X-Magnolia-Registration
X-Varnish-Hits
X-TNCMS
GEO-INFO
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
X-OCL
X-ShopId
X-ShardId
X-R9-Blue-Green-Version
X-Proto
X-Web-Node
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-VG-TLSProxy
X-PCL
X-Origin-Response-Time
X-CCM
X-Alternate-Cache-Key
X-Akamai-Request-ID
ServedBy
X-Debug-Cache
X-Endurance-Cache-Level
X-L-Path
X-Human
X-Environment-Context
Rt-Fastcgi-Cache
OT-Force-Account-Verify
X-JoinUs
X-Hosted-By
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Cluster-Node
X-B3-Spanid
X-Proxy-Build
X-Region
X-Via-Fastly
X-Timing-Wait
Uber-Trace-Id
X-Xfnlog-Site
Akamai-GRN
DB-Nickname
Cache-Name
X-Drupal-Cache-Contexts
X-Generated
X-S
X-FC-Vary-Parameters
X-ProxyCache-Status
X-NCache
X-BYPASS-REASON
X-ProxyCache-Key
X-Rendered-As
X-VCT
X-Trace-Id
X-Rule
X-Locale
X-Nginx-Cache
X-Site-Version
X-Www-Served-By
X-Redis-Cache
ProcessTime
NGX
X-Load-Cache
X-UUID
Cteonnt-Length
X-Platform-Server
X-Cache-NE
X-EdgeConnect-Cache-Status
X-Request-Time
X-MServer
X-NewRelic-App-Data
X-Daa-Tunnel
X-Hl-Ver
SRV
Version
X-ECACHE
X-Time-Microsecs
Time
Azure-RegionName
X-Wix-Request-Id
X-FW-Version
Azure-SiteName
X-ServerID
X-Rocket-Nginx-Bypass
Azure-Version
Azure-SlotName
Azure-InstanceId
X-Origin
X-GEO
TWC-Device-Class
TWC-GeoIP-LatLong
X-Origin-Hint
Property-Id
TWC-Connection-Speed
X-Vgn-Hpd-Reason
S-Rt
X-IP
TWC-Locale-Group
TWC-GeoIP-Country
Webcakes-Region
Webcakes-App-Version
TWC-Privacy
X-Via-CDN
Webcakes-App-Name
X-Cache-Remote
Origin
X-IPS-LoggedIn
X-No-Session
X-Dc
X-Proxy
X-Real-IP
NtCoent-Length
X-FireWall-Port
X-Akamai-Transformed
X-Akamai-Request-ID2
Odigeo-Trace-Id
L5d-Success-Class
X-Distributor
X-PERF
Fastly-SSL
X-Oneagent-Js-Injection
X-ApacheServer
X-Cache-Backend
X-Format
X-CS
CACHE
Served-By
X-Pubstack
X-RateLimit-Reset
X-Unique-ID
X-HTML-Minification-Powered-By
X-Microcachable
X-Cache-Server
X-Compress-Hint
X-CDN-Forward
X-UA
Ec-Rule-Version
Hostname
Fastcgi-X-Cache-Version
Access-Control-Request-Headers
Cache-Tags
X-UnsetCookies
X-Webkit-Csp
X-Cache-Category-Id
X-Grey
Origin-Cache-Control
Origin-Edge-Control
IBM-Web2-Location
X-Edge
X-Tb
X-SERVER-NAME
X-Detected-As
X-Is-Bot
X-Varnish-Cacheable
Backend-Name
Meta-Geo-Continent
Mobile-Detection-Method
HA-Ipaddr
Content-Style-Type
Content-Script-Type
Ha-Gx-Prefs
MD5-Digest
GEO-REGION-INFO
Fastly-SIE
Fly-Request-Id
Fly-Cache
Fastly-SWR
Proxy-Firewall
X-CF-Lambda-Version
Request-Country
Rendered-Blocks
Cross-Origin-Window-Policy
Node
Cdn-Host
Cache-Cookie-Set-From
X-A-Ccd
X-A-Dam
Cache-Cookie-Set-Idcheck
X-A-Dcw
Cache-Cookie-Set-Lfrom
X-A
VivaBuild
Rt-Proxy-Cache
A
Arc-Country
Viewtype
BehaviorPad-Version
AsisCache
X-A-Dgt
X-A-Wwc
Server-ID
X-ARC
X-B-Cookie
X-Cache-Bucket
Request-EU
Cdn-Request-Time
X-Application
X-App-Name
X-Aed
X-Accel-Expires-Debug
X-AIR-PT
Cache-Prefix
Request-Time
X-CF-Lambda-Fn
X-Powered-By-Defense
Xc-Version
X-PAYTM-SRV-ID
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Worker
X-Region-Sid
Proxy-Connection
X-NX-Host
X-IN-APIGATEWAY
X-HS-Combine-CSS
X-Instart-Info
X-Internal-Host
X-NU-AKA-ACS-Version
X-Request-UUID
X-Rewrite-Enabled
X-Twitter-Response-Tags
X-Trv-Group
LB
X-BACKEND-TTL
X-Vtex-Processado-Em
X-VG-WebServer
X-Transaction
X-SRCache-Key
X-S-Cookie
X-Rojux
X-S-Maxage
X-ScT
X-Server-Time
X-HS-Cache-Config
X-Org
X-Debug-Log
X-Debug-Cookies
X-Edge-Server
X-DPWN-IS-SECURE
X-Developer
X-Destination
X-Vtex-Remote-Cache
X-Date
X-Connection-Hash
X-Cluster-Name
X-CGP
X-D
X-G
X-Eu-Site
X-External-Request-Id
X-B3-Parentspanid
X-NC
X-Ua
X-ElasticPress-Search
On-Server
X-Sn-Servicetimems
Platform
X-Nginx-Cache-Key
X-We-Are-Hiring
X-Epic-Correlation-Id
X-ServiceProvider
X-TH-Server
X-Skip-Cache
X-Location
X-Geo-Header
X-Clientip
X-Hash
Memcached
X-Generated-On
X-Level-Front-Cache
X-Core-Mission
X-Variation
Is-Eu
True-Client-Country-4JS
RNT-Time
X-Dispatcher-Server
X-Dispatch
X-Backend-State
Section-Io-Cache
X-PHP-Host
X-Processor
Server-Host
RNT-Machine
X-GeoIP-Country-Code
SS
X-Cdn-Origin
X-Cdn-Srv
Resin-Trace
X-Developers
X-Cache-Id
X-Request-URI
ServerName
Server-Int
W
Country-Code
X-Nc
X-Via-NSCOPI
Esi-Enabled
PageSpeed
Apple-News-Services-Request-Url
Adler-Geo
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Accept-Language
Countrycode
Gh-Request-Id
X-C
X-Server-IP
X-Webstats-RespID
X-Auto-Login
Wxu-Next-Commit
Who
X-Distil-CS
X-Fastly-Cache
X-Fetched-On
V-Age
X-Served-From
X-Reboot
X-WebServer
Wxu-Next-Region
X-Crawler
X-Secret
X-Cache-Info
X-CDN-Cache
Content-Disposition
X-Cache-FS-Status
UCS
X-SVT-ORM-VERSION
AKAMAI
X-SVT-ORM-RULES
X-Device-Os
X-Qloud-Router
Wxu-Next-Hostname
X-Generation-Time
PFcat
X-LI-Proto
X-Li-Pop
X-Li-Fabric
X-Gannett-Site-Version
X-Key
X-Request-Start
X-Response-By
IsBot
X-Servername
X-Method
X-SIPLIST1
X-LI-UUID
X-Reqid
X-Irp-Debug
X-SD-PageType
SD-X-WS
X-Varnish-Url
REQUESTUUID
CDCHOST
Mime-Version
X-Bip
X-Matched-Rule
X-Origin-Date
X-Block-Status
X-FPC
X-Gen-Mode
X-GeoIP-City
X-Thanos
X-Thinkindot-L3
X-CUA
X-VServer
X-Swa-Ws
X-Hnp-Log
X-Owner
X-Origin-Expires
X-Wikidot-Backend
X-WADP-Cache
Powered-By
X-Clara-WADP
Web-Mar-Node
Fastly-Soc-X-Request-Id
X-Release
X-Cms-Context
Pramga
User-Cache-Control
X-BBXSRF
L
X-Wikidot-Static-Cache
X-Azure-Ref
X-Azure-Ref-OriginShield
Thinkindot-CacheControl
Thinkindot-Control
X-Amz-Meta-Cache-Control
Thinkindot-CacheControl-Type
X-Proxy-Upstream
X-Proxy-Cache-Status
X-Via-Edge
X-Via-SSL
GW-Server
X-ND-Cache
X-Amzn-Remapped-Content-Length
X-VC-Cache
Heartbleed
N-Cache
Selected-Fe
X-Varnish-Ttl
CF-IPCountry
X-CLOUD-TRACE-CONTEXT
Kp-EeAlive
X-FE
X-OVcl
X-Protected-By
X-OVcl-Cache
X-Varnish-Beresp-Ttl
X-LAGOON
X-Ratelimit-Remaining
Pragrma
X-TrackingId
X-Parent-Response-Time
User-Agent
X-Fstrz
X-Urbn-Context-Path
Locale
X-Urbn-Site-Id
X-Planisys-CDN-TTL
Memory
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Pf-Uncompressing
Magicmarker
X-Cdn-Forward
X-B3-SpanId
X-Origin-CC
X-Origin-TTL
X-Page-Type
X-GRACE
X-Be
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-DC
X-Hello
X-Flog
X-ABtesting
Pagetype
X-IN-WAF
X-Phone
X-Core-Value
X-Zone
X-Ruxit-Js-Agent
X-Datadome
X-URL
X-Geo
X-User
X-Generated-In
X-Ttl
X-Dynatrace-Js-Agent
X-Backend-TTL
X-Backend-Url
X-Birta-Served
X-Birta-Cache-Post
X-Backend-Host
X-Up
X-GoCache-CacheStatus
X-Info
Cdn
X-Debug-Cache-Store
X-Soup
X-MSEdge-Features
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Varnish-IP
X-MSEdge-Flight
X-Newrelic-Synthetics
X-Tt-Trace-Tag
HitType
Selected-FE
X-Cache-Ttl
X-TT-LOGID
X-Servedbyhost
X-Litespeed-Cache
Geoip-Latitude
GeoIp-Country-Code
Geoip-City
X-HS-Status
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
SN
X-App-Version
X-Mid
X-MID
CF-Cached-On
X-Check-Cacheable
X-Real-Ip
X-VCL-Version
X-Cache-Debug
X-Aicache-OS
X-Vcl-Version
X-Old-Content-Length
X-Agile
X-Agile-Id
X-Agile-Age
X-Refresh
X-Tb-Optimization-Total-Bytes-Saved
X-Source
Cache-Hits
Amp-Access-Control-Allow-Source-Origin
X-Say-Cacheable
X-ZONE
X-Say-TTL
X-Web-Server
X-SayCDN-TTL
GeoIP-Country-Code
FSS-Cache
FSS-Proxy
GeoIP-Latitude
X-Amzn-Remapped-Connection
GeoIP-City
X-ServedByHost
Srv
X-Amzn-Remapped-Date
X-CACHE-KEY
X-Akamai-SSL-Client-Sid
X-CSRF-TOKEN
X-Bc
X-Node-Id
Server-Surrogate-Control
Inserted-Into-Cache-At
WZWS-RAY
HostName
X-Varnish-Authentication
X-Cache-ASPX
X-Contensis-Viewer-Groups
Server-Cache-Control
X-Cache-Time
X-Nananana
X-EC-Lua
X-UPSTREAM-Address
RequestId
Ajk
Fastly-Backend-Name
X-COUNTRY
X-IN-APIGATEWAYSSL
X-Logtrace-Id
X-Via-Ucdn
X-APP
Ohc-Cache-HIT
Ohc-File-Size
X-CSRF-Token
Group
X-NWS-UUID-VERIFY
X-BC
X-Wa
X-RateLimit-Remaining-Second
X-WR-MODIFICATION
X-RateLimit-Limit-Second
Xkeyrz
X-ECache
HTTPS
Cf-Ipcountry
X-Proxy-Cacherz
WebServer
X-Dynatrace
XServer
Backend
X-SN
X-BE
URI
X-Varnish-Beresp-TTL
X-Cache-Tag
Www
Cneonction
X-Request-Url
X-Fastly-Country-Code
X-FORWARDED-FOR
Xkeynj
Is-Session-Tracking
X-Unique-Id
X-Instart-Isnd
Get-Access-Time
X-TIME
X-PAGE-TYPE
Lb
T-Server
X-LiteSpeed-Cache-Control
X-MCACHE
X-PJAX-URL
X-GDPR
X-Requestid
X-Render-Time
X-Cache-Miss-From
X-Sedo-Request-Id
PICS-Label
X-Cache-Expires
X-LB-ID
Requestid
Host-ID
X-Edge-IP
Dynatrace
X-Fastly-Backend-Reqs
X-Micro-Cache
Pics-Label
X-Pjax-Url
X-PF-Uncompressing
DataCenter
Xet-Cookie
X-Correlation-ID
X-SRV
X-Lb-Id
X-Vct
MIME-Version
X-Policy
X-Uri
Epwk-Cache
X-Apw-Access-Object
X-Apw-Hits
CDN
X-Swift-Error
X-NGENIX-Cache
X-Varnish-Action
X-Apw-Access-Action
X-Apw-Access-Token
X-NGINX-Cache
X-Dw-Trace-Id
X-Fpc
Fastcgi-X-Cache
X-Cf-Powered-By
X-Ecache
Correlation-Id
X-WA
SID
X-Newrelic-App-Data
Sid
X-Akamai-ERRuleID
X-Cdn-Request-ID
X-Service
X-Bug-Bounty
X-Akamai-ERPolicy
X-WPE-Loopback-Upstream-Addr
X-Html-Edge-Cache
X-Serial
Lfy
Warning
X-ServerName
X-DSS
X-DW
X-DI
X-DB
X-Page-Impression-Id
X-LiteSpeed-Tag
X-RPM
X-RPS
RequestUuid
Ohc-Response-Time
X-Zalando-Child-Request-Id
X-Svr
X-RSL
X-Flow-Id
X-Fastly-Cache-Hits