Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
X-Drupal-Cache
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
P3p
X-Template
Status
X-Language
Timing-Allow-Origin
Content-Encoding
X-Content-Security-Policy
X-Iinfo
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-Turbo-Charged-By
X-CDN
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Amz-Id-2
X-Amz-Request-Id
X-Pingback
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
X-Server-Powered-By
EagleId
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
X-WebKit-CSP
Ali-Swift-Global-Savetime
Feature-Policy
X-Device
Server-Timing
X-Server-Id
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Host
X-Ac
Report-To
X-Rq
Content-Location
X-Node
X-OneAgent-JS-Injection
X-Backend-Server
X-Cnection
X-Response-Time
X-Origin-Cache
X-Cloud-Trace-Context
X-Application-Context
EagleEye-TraceId
Allow
Request-Id
X-Readtime
Surrogate-Control
X-Country
X-Cache-Lookup
X-ORACLE-DMS-ECID
X-Cdn
X-TTL
X-DynaTrace
X-Url
Pinterest-Generated-By
X-Vhost
X-Rack-Cache
X-Clacks-Overhead
X-Ua-Compatible
X-Origin-Upstream-Status
X-Ruxit-JS-Agent
NEL
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-CST
Rating
X-FTR-Request-ID
X-ORACLE-DMS-RID
X-Country-Code
X-HW
X-Goog-Hash
X-Dispatcher
X-Instart-Request-ID
Fusion-Source
Fusion-Content-Source
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Id
X-DataStream-Cache-Status
Edge-Control
X-Vname
X-TtlSet
X-PC
X-Px
X-VARITI-CCR
Service-Worker-Allowed
X-DataDome
X-Mod-Pagespeed
X-MS-InvokeApp
X-Request-ID
X-Dns-Prefetch-Control
Verso
SPRequestGuid
X-Recruiting
X-D2id
X-Kinja-Server
X-Use-Magma
X-Cdn-Fetch
X-Kinja-Revision
X-Exp-Id
X-Kinja
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja-Build
X-Varnish-TTL
X-Vcap-Request-Id
X-Amz-Server-Side-Encryption
X-SharePointHealthScore
RTSS
X-Abt-Application-Version
TCN
DynaTrace
X-Navigation-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Powered-By-Plesk
X-GitHub-Request-Id
X-RateLimit-Remaining
X-Middleton-Display
Response
Display
X-Middleton-Response
X-Sol
X-B3-TraceId
X-Akam-SW-Version
X-ESI
Content-MD5
Charset
MS-Author-Via
AR-ATIME
AR-CACHE
AR-PoweredBy
Ar-Sid
ServerID
X-Trace
X-Shield-Request-Id
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Amz-Rid
Accept-Ch-Lifetime
Realpath
X-Server-Name
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Metageneration
X-Dw-Request-Base-Id
AR-Request-ID
X-Powered-CMS
X-DynaTrace-JS-Agent
Nginx-Cache
X-Forwarded-Proto
X-Cached
X-Version
X-Upstream
X-Shard
Fastly-Restarts
Accept-Ch
Public-Key-Pins
MRF-Tech
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
X-Goog-Storage-Class
SPIisLatency
SPRequestDuration
Access-Control-Request-Method
Paypal-Debug-Id
X-MSEdge-Ref
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Proxy
X-Client-IP
Pagespeed
S
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Debug
X-Amz-Meta-S3cmd-Attrs
Accept-CH
X-Grace
X-FTR-Balancer
X-FTR-Backend
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Realm
X-Ezoic-Cdn
X-FTR-Expires
X-Id
X-N
X-DIS-Request-ID
X-T
X-Fastly-Request-ID
MicrosoftSharePointTeamServices
Arr-Disable-Session-Affinity
X-Amzn-Trace-Id
X-NF-Request-ID
X-Vcache
Front-End-Https
X-Content-Type
X-XRDS-Location
X-Hits
X-Ser
X-B3-Sampled
X-Varnish-Age
Arc-Version
PB-PID
PB-RID
X-Mobile-Rewrite
Alternate-Protocol
X-Server-ID
Fastcgi-Cache
X-Acc-Meta-Resource-Type
X-FTR-Cache-Host
X-Frontend
X-Logged-In
X-FastCGI-Cache
X-Content-Digest
Server-Name
X-Srv
X-Correlation-Id
X-VCache
X-Pad
X-Forwarded-For
Nel
Host
X-B3-Traceid
AMP-Access-Control-Allow-Source-Origin
X-Node-Name
Powered-By-ChinaCache
X-Request-Handler-Origin-Region
X-Microsite
FilterID
Healthy
TP-Cache
TP-L2-Cache
X-Rid
X-Type
Edge-Cache-Tag
X-Kinsta-Cache
X-LB-Cache
X-Cache-Key
X-IPLB-Instance
X-User-Agent
X-Request-Processing-Time
X-Debug-Info
X-Request-Received
X-AOL-HN
X-Cached-By
X-GUploader-UploadID
X-Fastcgi-Cache
X-Cache-2
X-F-Cache
X-Revision
X-Hostname
X-Amzn-RequestId
X-XRDS-LOCATION
Powered
X-Zen-Fury
X-Amz-Apigw-Id
X-Cache-Rule
X-HS-Content-Id
X-HS-Hub-Id
Backend-Timing
X-Cache-Age
X-Analytics
Surrogate-Key
X-Accel-Expires
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Page-Id
X-RateLimit-Limit
X-Varnish-Backend
X-Content-Security-Policy-Report-Only
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Varnish-Grace
X-Instance
X-Az
X-BCube-Filmed-By
X-Activity-Id
X-AppVersion
X-Content-Options
X-Cluster
Source
X-Tumblr-Pixel
X-Jobs
X-FB-Debug
X-Tumblr-Pixel-0
X-Tumblr-User
X-PHP-Backend
X-Request-Guid
X-Via-JSL
X-Content-Powered-By
X-Amz-Replication-Status
X-App-Environment
X-Akamai-Edgescape
Cache-Status
Cleartype
X-TT
X-Framework
Server-Node
X-Esi
X-Varnish-Hostname
Tracecode
X-Forwarded-Host
Refresh
X-Signature
X-B-Cache
WPE-Backend
X-FW-Type
Host-Header
X-FW-Server
X-ATG-Version
X-FW-Hash
X-FW-Serve
X-FW-Static
Liferay-Portal
X-Mobile
X-Cache-Operation
X-Cache-Control
DC
X-Time
Accept-Charset
X-Edge-Location
Actual-Object-TTL
X-NWS-LOG-UUID
X-Cache-Action
X-Drupal-Cache-Tags
Access-Control-Allow-Method
Accept-CH-Lifetime
Fastcgi-Useragent
X-Cache-Hit
Upgrade-Insecure-Requests
Payment
X-Response-Served-From
X-Hp-Webp
X-Mobile-URL
X-App-Server
X-Accel-Buffering
X-Cache-TTL
X-Storage
Cache
X-TX-ID
X-Content-Age
X-WebKit-CSP-Report-Only
X-SS-Set-Cookie
X-Whom
X-UA-Device-Type
X-B
X-TT-TIMESTAMP
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-RequestSource
X-GeoIP
X-Cacheable-TTL
X-Handled-By
X-Git-Hash
Xserver
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Adobe-Content
Cache-Tv-Group
X-Adobe-Loc
X-VG-WebCache
X-WA-Info
X-ProcessESI
Filters
Eomportal-Instance
X-RemovedCookies
Viewport
X-Geo-Country
X-Status
X-Ratelimit-Reset
X-APP-VERSION
NGB
Cache-Tag
Server-Info
X-FB-TRIP-ID
Webserver
Datacenter
X-Cache-TTL-Remaining
X-Cache-Enabled
Retry-After
X-TA-CDN-Provider
X-FW-Dynamic
X-Contextid
X-Ratelimit-Limit
X-Presslabs-Stats
X-Seen-By
S-Cnection
X-Host-Name
X-Origin-Server
MS-CV
Country
X-Mode
Frame-Options
From-Origin
X-PressLabs-Stats
X-Hyper-Cache
Meta-Geo
Load-Balancing
X-Cache-Var-Map
X-RN-RSRV
X-Cache-Config
X-ES-SERVER
X-CF-Powered-By
Machine
X-Tumblr-Pixel-3
X-Cache-Var
X-Path-Route
X-AWS-Id
X-LJ-Flow-ID
X-VWS-Id
X-Generated-By
X-Varnish-Hits
Cache-Key
X-Hit
DSUID
We-Hiring
X-Cache-Grace
X-Backend-Name
X-Upstream-CT
X-Magnolia-Registration
X-Cache-Host
X-Labrador-Cache-Channel
X-Zipkin-Id
X-Proxied
X-Routing-Service
X-Varnish-Cache-Hits
X-Upstream-HT
Mail-Subject
Vix-Hermes-Req-Id
X-Loop
X-RCS-CacheZone
X-Device-Type
X-Debug-Cache
X-TNCMS
X-MP-GENERATED-AT
Decoy-Debug-Key
X-RTag
Ms-Operation-Id
X-EIG-Tracking-Id
X-Section
Decoy-Debug-TTL
Uber-Trace-Id
X-Varnish-Server
X-OCL
Now
Mn-Server-Ip
X-Human
X-Upgrade-Enabled
X-Web-Node
Decoy-Debug-Status
X-PCL
X-Viewer-Country
X-From
X-Access
Release
X-Rendered-As
X-Guploader-Uploadid
GEO-INFO
X-ProxyCache-Key
X-Environment-Context
X-Origin-Response-Time
X-Proto
X-Endurance-Cache-Level
X-CCM
OT-Force-Account-Verify
ServedBy
X-Akamai-Request-ID
X-BYPASS-REASON
X-ProxyCache-Status
X-L-Path
X-VG-TLSProxy
X-Rule
X-Cluster-Node
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
DB-Nickname
X-Timing-Wait
X-R9-Blue-Green-Version
X-Alternate-Cache-Key
X-Xfnlog-Site
Rt-Fastcgi-Cache
X-Via-Fastly
X-Shopify-Stage
X-Daa-Tunnel
X-FC-Vary-Parameters
X-Proxy-Build
X-Region
X-NCache
X-S
X-ShopId
X-JoinUs
X-Hosted-By
X-Generated
X-ShardId
Akamai-GRN
X-Goog-Meta-Goog-Reserved-File-Mtime
Cache-Name
NGX
X-Trace-Id
X-VCT
X-B3-Spanid
X-Redis-Cache
X-Drupal-Cache-Contexts
X-Cache-NE
X-Locale
X-Nginx-Cache
X-UUID
X-Site-Version
X-Platform-Server
X-Load-Cache
X-Www-Served-By
X-NewRelic-App-Data
ProcessTime
Cteonnt-Length
X-MServer
X-EdgeConnect-Cache-Status
X-Hl-Ver
X-ECACHE
X-Oracle-Dms-Rid
SRV
X-Request-Time
X-Cache-Remote
X-Rocket-Nginx-Bypass
X-ServerID
X-Real-IP
X-Vgn-Hpd-Reason
X-IP
X-Time-Microsecs
Time
Azure-Version
S-Rt
Azure-SlotName
Azure-InstanceId
X-GEO
X-IPS-LoggedIn
X-FW-Version
X-Wix-Request-Id
Azure-SiteName
Azure-RegionName
X-Via-CDN
X-Origin
Version
TWC-GeoIP-Country
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Connection-Speed
Webcakes-App-Version
Webcakes-Region
X-Origin-Hint
Webcakes-App-Name
TWC-Device-Class
Property-Id
TWC-Privacy
X-Proxy
Origin
X-Dc
NtCoent-Length
L5d-Success-Class
X-FireWall-Port
X-Oneagent-Js-Injection
X-No-Session
CACHE
X-Cache-Backend
Served-By
X-Distributor
X-RateLimit-Reset
Fastly-SSL
X-Akamai-Transformed
X-UA
X-Pubstack
Odigeo-Trace-Id
X-Unique-ID
X-Microcachable
X-PERF
X-ApacheServer
X-Akamai-Request-ID2
Origin-Edge-Control
Origin-Cache-Control
X-Cache-Server
X-CS
X-Format
Fastcgi-X-Cache-Version
X-Webkit-Csp
X-Cache-Category-Id
X-CDN-Forward
X-Edge
IBM-Web2-Location
X-Grey
X-Powered-By-Defense
Hostname
Ec-Rule-Version
X-HTML-Minification-Powered-By
X-Compress-Hint
X-Via-NSCOPI
X-BACKEND-TTL
X-Is-Bot
X-Detected-As
Access-Control-Request-Headers
Cache-Tags
X-UnsetCookies
X-NC
Backend-Name
X-Varnish-Cacheable
X-Cache-Bucket
X-B-Cookie
X-CF-Lambda-Fn
X-Cdn-Srv
X-CGP
X-CF-Lambda-Version
A
Request-Time
Request-EU
Request-Country
Fastly-SIE
Cross-Origin-Window-Policy
Content-Style-Type
Rt-Proxy-Cache
Cdn-Host
Cdn-Request-Time
Content-Script-Type
Rendered-Blocks
Fastly-SWR
Meta-Geo-Continent
Ha-Gx-Prefs
HA-Ipaddr
MD5-Digest
Mobile-Detection-Method
Node
Fly-Cache
Fly-Request-Id
Proxy-Firewall
GEO-REGION-INFO
Cache-Prefix
Cache-Cookie-Set-Lfrom
X-A-Wwc
X-A-Dgt
X-A-Dcw
X-A-Dam
X-Tb
X-Accel-Expires-Debug
X-Application
X-App-Name
X-AIR-PT
X-Aed
X-A-Ccd
X-A
AsisCache
BehaviorPad-Version
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Arc-Country
Server-ID
VivaBuild
Viewtype
LB
ServerName
X-ARC
X-G
X-Processor
X-PAYTM-SRV-ID
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Request-UUID
X-Region-Sid
X-Org
X-NX-Host
X-IN-APIGATEWAY
X-HS-Combine-CSS
PageSpeed
X-Instart-Info
X-Internal-Host
X-Rewrite-Enabled
X-Rojux
X-VG-WebServer
X-Twitter-Response-Tags
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-Worker
X-Trv-Group
X-Transaction
X-S-Maxage
X-S-Cookie
X-ScT
X-Server-Time
X-SRCache-Key
X-HS-Cache-Config
X-NU-AKA-ACS-Version
X-Eu-Site
X-Debug-Cookies
X-Date
X-Debug-Log
X-Edge-Server
X-Developer
X-Destination
X-DPWN-IS-SECURE
X-D
X-External-Request-Id
X-Cluster-Name
X-Connection-Hash
Proxy-Connection
X-ElasticPress-Search
X-B3-Parentspanid
X-Skip-Cache
X-ServiceProvider
X-Cdn-Origin
Resin-Trace
RNT-Machine
X-Sn-Servicetimems
X-Core-Mission
On-Server
X-Variation
X-Cache-Info
X-TH-Server
Platform
Memcached
X-We-Are-Hiring
X-Backend-State
X-Location
X-Level-Front-Cache
X-Nginx-Cache-Key
X-Clientip
True-Client-Country-4JS
X-Key
X-Irp-Debug
X-GeoIP-Country-Code
X-Geo-Header
X-Generated-On
Is-Eu
X-Fastly-Cache
Server-Int
Section-Io-Cache
X-Hash
X-Dispatch
X-Cache-Id
X-Request-URI
X-Reqid
X-PHP-Host
X-Epic-Correlation-Id
Server-Host
X-Dispatcher-Server
RNT-Time
SS
Apple-News-Services-Request-Url
Country-Code
X-Ua
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-C
Adler-Geo
Apple-News-Services-Handled
Esi-Enabled
Countrycode
Gh-Request-Id
X-Gen-Mode
X-Gannett-Site-Version
X-FPC
X-Generation-Time
X-Nc
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Li-Fabric
X-Hnp-Log
X-Distil-CS
X-Cache-FS-Status
X-Block-Status
X-Auto-Login
W
X-CDN-Cache
X-Device-Os
X-Developers
X-Crawler
X-Webstats-RespID
X-LI-Proto
X-Secret
X-SD-PageType
X-Response-By
X-Served-From
X-Server-IP
X-SVT-ORM-RULES
X-SIPLIST1
X-Servername
X-Request-Start
X-Reboot
X-Method
X-LI-UUID
X-SVT-ORM-VERSION
X-ND-Cache
X-WebServer
Accept-Language
X-Qloud-Router
X-Amz-Meta-Cache-Control
X-Li-Pop
X-Fetched-On
Who
Web-Mar-Node
Content-Disposition
Wxu-Next-Commit
Wxu-Next-Hostname
SD-X-WS
V-Age
AKAMAI
PFcat
CDCHOST
User-Cache-Control
REQUESTUUID
Wxu-Next-Region
Mime-Version
IsBot
X-Datadome
X-Via-SSL
X-Swa-Ws
X-Matched-Rule
X-CUA
X-Thinkindot-L3
Powered-By
X-Cms-Context
Pramga
X-Thanos
X-Protected-By
X-SERVER-NAME
Thinkindot-CacheControl
CF-IPCountry
X-GeoIP-City
Thinkindot-CacheControl-Type
X-Clara-WADP
UCS
Thinkindot-Control
X-Owner
Fastly-Soc-X-Request-Id
X-Via-Edge
X-Origin-Expires
X-BBXSRF
X-WADP-Cache
X-Azure-Ref-OriginShield
X-Azure-Ref
X-Bip
X-Varnish-Url
X-Origin-Date
X-VServer
X-Varnish-Ttl
X-Parent-Response-Time
L
X-OVcl-Cache
X-CLOUD-TRACE-CONTEXT
Pragrma
X-Fstrz
X-OVcl
Heartbleed
X-VC-Cache
GW-Server
X-Release
X-Proxy-Upstream
X-Proxy-Cache-Status
X-Ratelimit-Remaining
N-Cache
X-FE
X-LAGOON
X-Planisys-CDN-TTL
Kp-EeAlive
X-Planisys-CDN-Rules
X-Amzn-Remapped-Content-Length
Memory
X-TrackingId
X-Cdn-Forward
X-Planisys-CDN-Cache
X-Origin-TTL
Selected-Fe
X-GRACE
X-Origin-CC
X-IN-WAF
X-B3-SpanId
X-Pf-Uncompressing
X-Core-Value
X-Phone
User-Agent
X-Varnish-Beresp-Ttl
X-Be
X-Urbn-Site-Id
X-Urbn-Context-Path
Locale
X-DC
Magicmarker
X-Page-Type
X-Birta-Served
X-Birta-Cache-Post
X-URL
X-Zone
X-Ttl
X-Geo
X-Dynatrace-Js-Agent
X-Varnish-IP
X-Info
Selected-FE
X-Hello
HitType
X-Flog
X-ABtesting
Pagetype
X-Backend-TTL
X-Varnish-Beresp-Status
X-User
X-Generated-In
X-Varnish-Beresp-Grace
Cdn
X-Backend-Host
X-Backend-Url
X-TT-LOGID
X-Newrelic-Synthetics
X-Litespeed-Cache
Geoip-City
Geoip-Latitude
X-Servedbyhost
GeoIp-Country-Code
X-Soup
X-Debug-Cache-Store
SN
X-Debug-Cache-Fetch
X-Tt-Trace-Tag
X-Debug-Cache-Expiry
X-MSEdge-Features
X-GoCache-CacheStatus
X-MSEdge-Flight
X-Up
X-Mid
X-Source
X-App-Version
X-MID
X-Cache-Debug
X-Refresh
X-Agile
X-HS-Status
X-Cache-Ttl
X-Agile-Id
CF-Cached-On
X-Agile-Age
X-Real-Ip
X-Web-Server
X-Check-Cacheable
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Aicache-OS
X-Oss-Request-Id
X-VCL-Version
X-Oss-Server-Time
X-Oss-Storage-Class
Amp-Access-Control-Allow-Source-Origin
X-Ruxit-Js-Agent
FSS-Cache
FSS-Proxy
X-Vcl-Version
X-ZONE
X-Tb-Optimization-Total-Bytes-Saved
X-Old-Content-Length
X-Amzn-Remapped-Connection
X-Say-Cacheable
X-Amzn-Remapped-Date
X-ServedByHost
X-Say-TTL
X-UPSTREAM-Address
X-SayCDN-TTL
GeoIP-Country-Code
X-Bc
X-CACHE-KEY
Server-Cache-Control
X-Varnish-Authentication
GeoIP-Latitude
GeoIP-City
HostName
Server-Surrogate-Control
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-APP
X-NWS-UUID-VERIFY
Ohc-File-Size
X-EC-Lua
Ohc-Cache-HIT
Cache-Hits
RequestId
WZWS-RAY
X-COUNTRY
X-Via-Ucdn
Group
Srv
X-CSRF-Token
X-Node-Id
Inserted-Into-Cache-At
X-Akamai-SSL-Client-Sid
Fastly-Backend-Name
HTTPS
X-CSRF-TOKEN
X-Nananana
X-BC
X-ECache
Backend
Www
Xkeyrz
X-Proxy-Cacherz
X-WR-MODIFICATION
Ajk
X-Varnish-Beresp-TTL
X-Logtrace-Id
X-SN
X-IN-APIGATEWAYSSL
X-Dynatrace
XServer
X-Cache-Time
WebServer
X-Instart-Isnd
X-Cache-Tag
URI
Cf-Ipcountry
X-BE
X-Unique-Id
X-RateLimit-Limit-Second
X-Cache-Expires
X-Wa
X-TIME
Xkeynj
Is-Session-Tracking
X-Request-Url
Lb
Get-Access-Time
Requestid
X-Fastly-Country-Code
Host-ID
X-RateLimit-Remaining-Second
X-FORWARDED-FOR
X-PAGE-TYPE
X-MCACHE
X-LiteSpeed-Cache-Control
X-Sedo-Request-Id
X-Requestid
X-Cache-Miss-From
X-Edge-IP
X-NGENIX-Cache
Dynatrace
Epwk-Cache
T-Server
X-PF-Uncompressing
X-LB-ID
X-PJAX-URL
PICS-Label
X-Varnish-Action
X-Fastly-Backend-Reqs
Cneonction
Xet-Cookie
X-SRV
DataCenter
X-Apw-Access-Token
X-Pjax-Url
CDN
X-Apw-Hits
Fastcgi-X-Cache
X-Swift-Error
X-Apw-Access-Object
X-Apw-Access-Action
Pics-Label
X-Vct
X-Micro-Cache
X-Render-Time
X-GDPR
X-NGINX-Cache
X-Dw-Trace-Id
X-Svr
X-WA
X-Lb-Id
X-Cf-Powered-By
X-Ecache
Correlation-Id
MIME-Version
X-AssetVersion
X-WPE-Loopback-Upstream-Addr
X-Fpc
X-ServerName
X-Serial
RequestUuid
X-Policy
SID
X-Uri
X-Html-Edge-Cache
X-Akamai-ERPolicy
X-Page-Impression-Id
X-Zalando-Child-Request-Id
X-Bug-Bounty
X-Akamai-ERRuleID
X-LiteSpeed-Tag
Ohc-Response-Time
X-Flow-Id
X-Fastly-Cache-Hits
Warning
Lfy
X-DSS
X-DW
X-RPM
X-RPS
X-DI
X-DB
FNAC-ModuleRouting
X-Sf
X-Var-Ttl
X-RSL