Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Alt-Svc
X-Adblock-Key
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
X-Template
X-Language
Status
Timing-Allow-Origin
Content-Encoding
X-Iinfo
X-Content-Security-Policy
X-Buckets
P3p
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Age
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Id-2
X-Amz-Request-Id
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
EagleId
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Server-Id
X-WebKit-CSP
Feature-Policy
Server-Timing
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Host
X-Rq
Report-To
X-Ac
X-Node
Content-Location
X-OneAgent-JS-Injection
X-Request-ID
X-Cnection
X-Response-Time
X-Backend-Server
X-Origin-Cache
X-Cloud-Trace-Context
X-Application-Context
X-Readtime
Request-Id
Allow
EagleEye-TraceId
Surrogate-Control
X-ORACLE-DMS-ECID
X-Country
X-DynaTrace
X-Cdn
X-Cache-Lookup
X-Vhost
X-TTL
Pinterest-Generated-By
X-Url
X-Ua-Compatible
X-Rack-Cache
X-Clacks-Overhead
X-Origin-Upstream-Status
X-FTR-Request-ID
NEL
X-Dns-Prefetch-Control
X-Ruxit-JS-Agent
Rating
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country-Code
X-CST
X-HW
X-ORACLE-DMS-RID
X-Dispatcher
X-Goog-Hash
X-Instart-Request-ID
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
X-DataStream-Cache-Status
Edge-Control
X-PC
X-TtlSet
X-Vname
X-Px
X-DataDome
X-VARITI-CCR
Service-Worker-Allowed
Verso
X-Mod-Pagespeed
X-MS-InvokeApp
X-Recruiting
X-D2id
SPRequestGuid
X-Exp-Variant
X-Exp-Id
X-Kinja-Server
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja
X-Cdn-Fetch
X-Use-Magma
X-Kinja-Revision
RTSS
X-Varnish-TTL
X-Vcap-Request-Id
X-Amz-Server-Side-Encryption
X-Abt-Application-Version
DynaTrace
TCN
X-SharePointHealthScore
X-Navigation-Version
X-GitHub-Request-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Middleton-Response
Display
X-Sol
Response
X-Middleton-Display
X-Akam-SW-Version
X-Powered-By-Plesk
X-RateLimit-Remaining
MS-Author-Via
X-B3-TraceId
Charset
X-ESI
ServerID
X-Shield-Request-Id
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Amz-Rid
X-TEC-API-ORIGIN
Content-MD5
AR-PoweredBy
AR-ATIME
Ar-Sid
AR-CACHE
Realpath
X-Forwarded-Proto
X-Trace
X-Powered-CMS
Nginx-Cache
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
Accept-Ch-Lifetime
Fastly-Restarts
X-Upstream
X-Dw-Request-Base-Id
X-Version
X-Cached
Public-Key-Pins
AR-Request-ID
X-Shard
X-Server-Name
X-DynaTrace-JS-Agent
Accept-Ch
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Mrf-Section-Lastmod
MRF-Tech
Pagespeed
Access-Control-Request-Method
Paypal-Debug-Id
X-MSEdge-Ref
X-Goog-Storage-Class
X-Client-IP
SPRequestDuration
SPIisLatency
X-Grace
S
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Debug
Accept-CH
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Realm
X-Id
X-FTR-Expires
X-FTR-DC
X-FTR-Balancer
X-FTR-Backend
X-FTR-Backend-Server
X-Ezoic-Cdn
Pinterest-Version
X-Pinterest-Rid
X-Amz-Meta-S3cmd-Attrs
X-Upstream-Proxy
X-N
X-Vcache
X-FastCGI-Cache
X-Fastly-Request-ID
X-T
X-DIS-Request-ID
Front-End-Https
X-Amzn-Trace-Id
Arr-Disable-Session-Affinity
MicrosoftSharePointTeamServices
X-NF-Request-ID
X-Content-Type
X-Hits
X-B3-Sampled
X-XRDS-Location
X-FTR-Cache-Host
X-B3-Traceid
X-Ser
X-Varnish-Age
X-Frontend
PB-RID
Arc-Version
X-Mobile-Rewrite
PB-PID
Fastcgi-Cache
X-Acc-Meta-Resource-Type
X-Content-Digest
X-Logged-In
Alternate-Protocol
Server-Name
X-Correlation-Id
X-Srv
Nel
X-Pad
X-Cache-Key
X-VCache
X-Node-Name
X-Forwarded-For
X-Microsite
AMP-Access-Control-Allow-Source-Origin
X-Request-Handler-Origin-Region
Powered-By-ChinaCache
FilterID
Host
TP-Cache
X-Rid
X-User-Agent
X-Type
TP-L2-Cache
Healthy
X-Request-Received
X-LB-Cache
X-Request-Processing-Time
X-IPLB-Instance
X-Kinsta-Cache
Edge-Cache-Tag
X-F-Cache
X-Debug-Info
X-Cache-2
Powered
X-AOL-HN
X-Zen-Fury
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Cached-By
X-Revision
X-GUploader-UploadID
X-XRDS-LOCATION
X-Hostname
Backend-Timing
X-Cache-Age
X-HS-Hub-Id
X-Analytics
X-HS-Content-Id
X-Esi
X-Cache-Rule
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Accel-Expires
X-AppVersion
X-Activity-Id
X-Az
Surrogate-Key
X-Via-JSL
VIX-Pulpo-Node
X-Varnish-Backend
VIX-Pulpo-Upstream-Status
X-Content-Security-Policy-Report-Only
X-Instance
X-Content-Options
X-Varnish-Grace
X-Page-Id
X-Amz-Replication-Status
X-BCube-Filmed-By
X-Tumblr-Pixel-0
X-PHP-Backend
X-Request-Guid
X-Tumblr-Pixel
X-Tumblr-User
X-Akamai-Edgescape
X-Content-Powered-By
X-Jobs
X-Cluster
Source
X-App-Environment
X-TT
X-FB-Debug
Server-Node
X-Fastcgi-Cache
X-RateLimit-Limit
X-Forwarded-Host
X-Signature
Cache-Status
Refresh
X-Framework
X-B-Cache
Cleartype
Accept-CH-Lifetime
Liferay-Portal
X-FW-Serve
X-FW-Server
X-FW-Static
X-FW-Type
X-FW-Hash
X-Varnish-Hostname
DC
Tracecode
X-ATG-Version
Host-Header
WPE-Backend
X-Mobile
Fastcgi-Useragent
Access-Control-Allow-Method
X-Cache-Operation
X-Cache-Control
X-APP-VERSION
X-Edge-Location
X-Cache-Action
Accept-Charset
X-Drupal-Cache-Tags
X-Time
X-Cache-Hit
Actual-Object-TTL
X-Erf-Bev-Bev-Is-Generated
X-Hp-Webp
X-Mobile-URL
X-Response-Served-From
X-Erf-Bev-Bev
X-Accel-Buffering
Payment
X-Storage
X-TX-ID
X-WebKit-CSP-Report-Only
X-WA-Info
X-B
X-Content-Age
X-SS-Set-Cookie
X-Whom
X-NWS-LOG-UUID
X-App-Server
X-TT-TIMESTAMP
Cache-Tv-Group
X-Git-Hash
X-Yottaa-Optimizations
Upgrade-Insecure-Requests
X-Yottaa-Metrics
NGB
X-Handled-By
Filters
X-Tumblr-Pixel-1
X-Cacheable-TTL
X-Tumblr-Pixel-2
X-UA-Device-Type
Eomportal-Instance
X-Adobe-Loc
X-RequestSource
X-Adobe-Content
X-GeoIP
X-Status
X-RemovedCookies
X-ProcessESI
Viewport
X-Geo-Country
X-VG-WebCache
Cache-Tag
Cache
X-Cache-TTL
Xserver
Retry-After
Webserver
X-Presslabs-Stats
X-Server-ID
X-FW-Dynamic
X-TA-CDN-Provider
X-Cache-TTL-Remaining
Server-Info
Datacenter
X-FB-TRIP-ID
X-Seen-By
MS-CV
X-Cache-Enabled
X-Oracle-Dms-Rid
X-Ratelimit-Limit
X-Host-Name
X-Ratelimit-Reset
X-Contextid
X-Generated-By
X-Origin-Server
X-B3-Spanid
From-Origin
Frame-Options
X-Hyper-Cache
S-Cnection
X-RTag
Ms-Operation-Id
Country
X-Mode
X-CF-Powered-By
X-Cache-Var-Map
X-Path-Route
X-Tumblr-Pixel-3
X-RN-RSRV
X-Cache-Var
X-ES-SERVER
X-Cache-Config
Meta-Geo
Machine
Load-Balancing
X-Cache-Grace
X-Proxied
X-Access
Cache-Key
Vix-Hermes-Req-Id
X-Hit
X-Upstream-HT
X-Routing-Service
X-MP-GENERATED-AT
X-Section
X-Upstream-CT
X-Zipkin-Id
Decoy-Debug-Key
X-Guploader-Uploadid
X-Loop
X-Web-Node
X-TNCMS
Decoy-Debug-Status
Decoy-Debug-TTL
X-Labrador-Cache-Channel
X-Varnish-Cache-Hits
X-Backend-Name
X-Human
X-From
X-Magnolia-Registration
X-Varnish-Server
ServedBy
X-Region
X-Origin-Response-Time
X-Drupal-Cache-Contexts
Rt-Fastcgi-Cache
Now
X-R9-Blue-Green-Version
GEO-INFO
X-Upgrade-Enabled
X-Rule
X-OCL
X-Akamai-Request-ID
Mn-Server-Ip
X-RCS-CacheZone
X-VG-TLSProxy
X-VWS-Id
X-Cache-Host
X-LJ-Flow-ID
X-PCL
X-AWS-Id
X-Viewer-Country
X-L-Path
X-Cluster-Node
X-EIG-Tracking-Id
X-NCache
X-Generated
DSUID
X-PressLabs-Stats
X-Debug-Cache
Akamai-GRN
Cache-Name
X-Via-Fastly
X-FC-Vary-Parameters
X-Endurance-Cache-Level
SRV
X-Environment-Context
X-Proto
X-Timing-Wait
X-Proxy-Build
Release
X-JoinUs
X-Hosted-By
We-Hiring
Uber-Trace-Id
X-Goog-Meta-Goog-Reserved-File-Mtime
Mail-Subject
X-Device-Type
X-Rendered-As
OT-Force-Account-Verify
DB-Nickname
X-ShopId
X-Shopify-Stage
X-Sorting-Hat-PodId
X-CCM
X-ShardId
X-Trace-Id
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-S
X-Varnish-Hits
X-Locale
X-Site-Version
X-Xfnlog-Site
X-NewRelic-App-Data
Cteonnt-Length
X-Www-Served-By
CACHE
NGX
X-VCT
ProcessTime
Version
X-Request-Time
X-Redis-Cache
X-BYPASS-REASON
X-ProxyCache-Key
X-IP
X-Time-Microsecs
X-ProxyCache-Status
X-Nginx-Cache
X-UUID
X-Load-Cache
Time
Azure-SlotName
X-Wix-Request-Id
Azure-SiteName
Azure-InstanceId
X-Via-CDN
X-Platform-Server
X-FW-Version
X-Dc
Azure-RegionName
Azure-Version
S-Rt
X-Origin
X-ECACHE
X-Cache-NE
Webcakes-Region
TWC-Connection-Speed
Property-Id
Webcakes-App-Version
TWC-Device-Class
TWC-GeoIP-LatLong
X-MServer
X-Origin-Hint
TWC-Locale-Group
TWC-Privacy
TWC-GeoIP-Country
Webcakes-App-Name
X-Rocket-Nginx-Bypass
X-Akamai-Request-ID2
X-EdgeConnect-Cache-Status
X-RateLimit-Reset
X-Daa-Tunnel
NtCoent-Length
X-Hl-Ver
X-GEO
X-CDN-Forward
X-Proxy
X-No-Session
X-Vgn-Hpd-Reason
X-FireWall-Port
X-IPS-LoggedIn
X-UA
Origin
X-ServerID
X-Cache-Remote
X-HTML-Minification-Powered-By
X-Oneagent-Js-Injection
X-ApacheServer
Odigeo-Trace-Id
X-Akamai-Transformed
X-PERF
X-Cache-Server
X-CS
X-Format
X-Distributor
Fastly-SSL
LB
Ec-Rule-Version
X-Webkit-Csp
Access-Control-Request-Headers
X-Real-IP
Cache-Tags
L5d-Success-Class
X-Unique-ID
X-Cache-Backend
X-SERVER-NAME
X-Pubstack
X-Microcachable
X-Compress-Hint
X-UnsetCookies
X-Tb
Accept-Language
Served-By
Hostname
X-BACKEND-TTL
Fastcgi-X-Cache-Version
IBM-Web2-Location
Origin-Cache-Control
X-Varnish-Cacheable
Origin-Edge-Control
Cdn-Host
Cache-Prefix
Mobile-Detection-Method
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Meta-Geo-Continent
Cache-Cookie-Set-Lfrom
MD5-Digest
BehaviorPad-Version
Cdn-Request-Time
Fastly-SWR
Fly-Cache
Arc-Country
A
AsisCache
Fastly-SIE
Content-Script-Type
Content-Style-Type
Cross-Origin-Window-Policy
Fly-Request-Id
GEO-REGION-INFO
X-Cdn-Srv
X-Rebelmouse-Cache-Control
X-PAYTM-SRV-ID
X-Rebelmouse-Surrogate-Control
X-Region-Sid
X-Rewrite-Enabled
X-Request-UUID
X-Org
X-NU-AKA-ACS-Version
X-G
X-External-Request-Id
X-IN-APIGATEWAY
X-Instart-Info
X-Is-Bot
X-Internal-Host
X-Rojux
X-S-Cookie
X-VG-WebServer
X-Varnish-Url
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-Worker
X-Twitter-Response-Tags
X-Trv-Group
X-ScT
X-S-Maxage
X-Server-Time
X-SRCache-Key
X-Transaction
X-Edge-Server
X-DPWN-IS-SECURE
X-A-Dcw
X-A-Dam
X-A-Dgt
X-A-Wwc
X-Aed
X-Accel-Expires-Debug
X-A
VivaBuild
Rendered-Blocks
Proxy-Firewall
Request-Time
Rt-Proxy-Cache
Viewtype
Server-ID
X-AIR-PT
X-App-Name
X-D
X-Connection-Hash
X-Date
X-Destination
X-Developer
X-Detected-As
X-Cluster-Name
X-CF-Lambda-Version
X-ARC
X-Application
X-B-Cookie
X-Cache-Bucket
X-CF-Lambda-Fn
Node
X-A-Ccd
Proxy-Connection
X-Edge
X-B3-Parentspanid
X-NC
Backend-Name
ServerName
X-Grey
X-Cache-Category-Id
X-ElasticPress-Search
X-We-Are-Hiring
X-HS-Combine-CSS
Gh-Request-Id
HA-Ipaddr
Ha-Gx-Prefs
Section-Io-Cache
X-HS-Cache-Config
Esi-Enabled
Resin-Trace
X-Cdn-Origin
X-Backend-State
X-Location
Request-Country
Request-EU
X-ServiceProvider
On-Server
W
X-Skip-Cache
X-Sn-Servicetimems
X-Nginx-Cache-Key
X-NX-Host
Countrycode
Memcached
Server-Int
X-Cache-Info
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
Apple-News-Services-Request-Url
X-Level-Front-Cache
X-Geo-Header
X-Debug-Cookies
X-Debug-Log
X-Developers
X-Eu-Site
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Fastly-Cache
X-Generated-On
Apple-News-Services-Host
Content-Disposition
REQUESTUUID
X-Core-Mission
X-CGP
AKAMAI
X-Clientip
X-C
X-Amzn-Remapped-Content-Length
X-Powered-By-Defense
User-Cache-Control
X-Distil-CS
X-Request-URI
Server-Host
X-Reqid
UCS
X-Hnp-Log
SS
X-Dispatch
True-Client-Country-4JS
Web-Mar-Node
X-GeoIP-Country-Code
X-Auto-Login
X-Gen-Mode
X-Generation-Time
X-Irp-Debug
X-Block-Status
X-BBXSRF
X-Cache-Id
X-Hash
X-Qloud-Router
X-Key
X-FPC
X-Gannett-Site-Version
X-PHP-Host
X-Processor
X-Reboot
RNT-Time
X-Servername
X-Wikidot-Static-Cache
X-Variation
X-Server-IP
X-Wikidot-Backend
X-Method
Is-Eu
CDCHOST
IsBot
Country-Code
X-Via-NSCOPI
X-TH-Server
N-Cache
X-SIPLIST1
Adler-Geo
Fastly-Soc-X-Request-Id
RNT-Machine
Selected-Fe
X-Nc
X-Epic-Correlation-Id
X-Secret
Platform
X-Via-Edge
X-Via-SSL
X-Cache-FS-Status
X-CDN-Cache
X-Webstats-RespID
X-WebServer
X-WADP-Cache
X-VServer
X-Cms-Context
X-Swa-Ws
X-Served-From
X-Thanos
X-Device-Os
X-TrackingId
X-Dispatcher-Server
X-Fetched-On
X-Proxy-Upstream
X-Li-Fabric
L
X-GeoIP-City
X-Bip
X-Proxy-Cache-Status
X-Crawler
X-Clara-WADP
X-VC-Cache
CF-IPCountry
V-Age
X-Release
PFcat
GW-Server
Who
Powered-By
Pramga
X-Request-Start
X-Response-By
X-SD-PageType
Thinkindot-CacheControl
Thinkindot-Control
Thinkindot-CacheControl-Type
Wxu-Next-Hostname
Wxu-Next-Commit
SD-X-WS
X-LI-Proto
Wxu-Next-Region
X-Azure-Ref
X-Azure-Ref-OriginShield
Heartbleed
X-Li-Pop
X-Amz-Meta-Cache-Control
X-LI-UUID
X-Thinkindot-L3
X-Origin-Expires
X-Origin-Date
X-Matched-Rule
X-Varnish-Ttl
Kp-EeAlive
X-OVcl-Cache
X-FE
X-Pf-Uncompressing
X-Owner
X-OVcl
X-CLOUD-TRACE-CONTEXT
X-CUA
X-Urbn-Context-Path
Locale
X-Urbn-Site-Id
X-Parent-Response-Time
X-Ratelimit-Remaining
Magicmarker
Mime-Version
X-ND-Cache
X-Ua
PageSpeed
X-Dynatrace-Js-Agent
X-Varnish-Beresp-Ttl
X-LAGOON
X-Protected-By
User-Agent
X-ABtesting
X-Hello
X-Flog
X-Fstrz
Memory
Pragrma
X-Origin-CC
X-Be
X-Origin-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
Pagetype
X-URL
X-Backend-Host
X-Geo
X-Ttl
X-Backend-Url
X-Page-Type
X-Generated-In
X-User
X-Cache-Ttl
X-Zone
X-Up
X-MSEdge-Features
X-IN-WAF
X-GoCache-CacheStatus
X-Core-Value
X-MSEdge-Flight
X-Newrelic-Synthetics
X-Tt-Trace-Tag
X-Phone
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-B3-SpanId
X-Backend-TTL
X-Debug-Cache-Store
X-Soup
X-DC
GeoIp-Country-Code
X-Cdn-Forward
X-TT-LOGID
Geoip-Latitude
Geoip-City
X-Litespeed-Cache
X-Birta-Cache-Post
X-Birta-Served
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Server-Time
X-Check-Cacheable
X-Say-Cacheable
X-Say-TTL
X-Servedbyhost
X-Varnish-IP
Cdn
X-Real-Ip
X-ZONE
X-SayCDN-TTL
X-Info
Cache-Hits
Selected-FE
X-MID
HitType
X-Mid
X-Old-Content-Length
X-HS-Status
SN
X-Datadome
X-Akamai-SSL-Client-Sid
Amp-Access-Control-Allow-Source-Origin
X-Ruxit-Js-Agent
X-GRACE
FSS-Cache
X-VCL-Version
FSS-Proxy
X-Vcl-Version
X-Aicache-OS
X-Refresh
X-CSRF-TOKEN
X-Agile-Id
X-Cache-Debug
X-Agile-Age
X-Agile
X-Amzn-Remapped-Connection
X-Tb-Optimization-Total-Bytes-Saved
X-ServedByHost
Fastly-Backend-Name
XServer
X-Amzn-Remapped-Date
CF-Cached-On
X-Bc
X-Cache-Time
X-Node-Id
WZWS-RAY
X-IN-APIGATEWAYSSL
X-Logtrace-Id
Server-Surrogate-Control
Ajk
X-Cache-ASPX
HostName
Server-Cache-Control
Inserted-Into-Cache-At
X-Varnish-Authentication
X-Source
X-Contensis-Viewer-Groups
X-EC-Lua
X-BC
RequestId
X-Web-Server
X-UPSTREAM-Address
X-Via-Ucdn
GeoIP-Country-Code
X-COUNTRY
X-CSRF-Token
Srv
X-FORWARDED-FOR
X-Nananana
GeoIP-City
X-Wa
X-RateLimit-Limit-Second
X-APP
X-RateLimit-Remaining-Second
GeoIP-Latitude
X-App-Version
X-ECache
X-Proxy-Cacherz
X-TIME
X-NWS-UUID-VERIFY
Xkeyrz
X-WR-MODIFICATION
WebServer
Ohc-Cache-HIT
Ohc-File-Size
Group
T-Server
PICS-Label
X-Varnish-Beresp-TTL
Cf-Ipcountry
X-PJAX-URL
X-LiteSpeed-Cache-Control
Xkeynj
Get-Access-Time
X-Unique-Id
URI
HTTPS
X-Micro-Cache
X-GDPR
X-BE
X-Tec-Api-Origin
X-CACHE-KEY
X-SRV
X-Tec-Api-Version
X-Tec-Api-Root
Is-Session-Tracking
X-Render-Time
X-PAGE-TYPE
X-Fastly-Country-Code
X-LB-ID
X-Cache-Tag
MIME-Version
Backend
X-SN
DataCenter
Www
X-Requestid
X-Sedo-Request-Id
X-Cache-Miss-From
X-Edge-IP
X-MCACHE
Dynatrace
X-Instart-Isnd
X-Request-Url
X-Policy
CDN
SID
X-Fastly-Backend-Reqs
Xet-Cookie
X-NGINX-Cache
Lb
X-Uri
Pics-Label
X-Pjax-Url
X-Lb-Id
X-Vct
Requestid
X-Swift-Error
Host-ID
X-Apw-Hits
X-Cache-Expires
Cneonction
X-Apw-Access-Token
X-Apw-Access-Action
X-Apw-Access-Object
X-Dw-Trace-Id
Correlation-Id
X-Ecache
X-Cdn-Request-ID
X-Service
X-Cf-Powered-By
Cache-Provider
X-WA
X-Newrelic-App-Data
X-Varnish-Action
X-Html-Edge-Cache
X-Var-Ttl
X-WPE-Loopback-Upstream-Addr
FNAC-ModuleRouting
X-Serial
Epwk-Cache
X-ServerName
X-RPS
X-RSL
X-Zalando-Child-Request-Id
X-RPM
X-DW
X-DB
X-DI
X-DSS
X-Page-Impression-Id
X-Flow-Id
X-Bug-Bounty
X-PF-Uncompressing
Warning
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Fpc
X-Fastly-Cache-Hits
Lfy