Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
Alt-Svc
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
Content-Encoding
X-Iinfo
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Id-2
X-Amz-Request-Id
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
X-Server-Powered-By
EagleId
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
X-WebKit-CSP
Ali-Swift-Global-Savetime
Feature-Policy
X-Server-Id
X-Device
Server-Timing
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Host
Report-To
X-Ac
X-Rq
Content-Location
X-Node
X-OneAgent-JS-Injection
X-Backend-Server
X-Request-ID
X-Response-Time
X-Cnection
X-Origin-Cache
X-Cloud-Trace-Context
X-Application-Context
EagleEye-TraceId
Allow
Request-Id
X-Readtime
Surrogate-Control
X-Country
X-ORACLE-DMS-ECID
X-Cache-Lookup
X-Cdn
X-TTL
X-DynaTrace
X-Url
X-Vhost
Pinterest-Generated-By
X-Rack-Cache
X-Ua-Compatible
X-Clacks-Overhead
X-Origin-Upstream-Status
X-Ruxit-JS-Agent
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Rating
X-CST
X-ORACLE-DMS-RID
X-FTR-Request-ID
X-Country-Code
NEL
X-HW
X-Goog-Hash
X-Dispatcher
X-Instart-Request-ID
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Template-Id
Fusion-Source
X-DataStream-Cache-Status
Edge-Control
X-Vname
X-PC
X-TtlSet
X-Px
X-DataDome
X-VARITI-CCR
Service-Worker-Allowed
X-MS-InvokeApp
X-Dns-Prefetch-Control
X-Mod-Pagespeed
Verso
SPRequestGuid
X-Recruiting
X-D2id
X-Kinja-Revision
X-Exp-Id
X-Kinja-Build
X-Exp-Variant
X-Cdn-Fetch
X-Kinja-Server
X-Kinja
X-GoogleNews-Bot
X-Use-Magma
X-Varnish-TTL
X-Vcap-Request-Id
RTSS
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
X-SharePointHealthScore
TCN
DynaTrace
X-Navigation-Version
X-GitHub-Request-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-RateLimit-Remaining
X-Powered-By-Plesk
Display
X-Middleton-Response
X-Sol
X-Middleton-Display
Response
X-Akam-SW-Version
X-ESI
Charset
MS-Author-Via
Content-MD5
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-B3-TraceId
AR-PoweredBy
AR-CACHE
Ar-Sid
X-Shield-Request-Id
AR-ATIME
ServerID
Accept-Ch-Lifetime
X-Trace
X-Amz-Rid
Realpath
X-Goog-Generation
X-Powered-CMS
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Dw-Request-Base-Id
X-Server-Name
Accept-Ch
AR-Request-ID
X-Forwarded-Proto
Nginx-Cache
X-DynaTrace-JS-Agent
X-Cached
X-Version
X-Upstream
Fastly-Restarts
X-Shard
Public-Key-Pins
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
MRF-Tech
Mrf-Cache-Status
X-Mrf-Section-Lastmod
Access-Control-Request-Method
X-Goog-Storage-Class
Paypal-Debug-Id
X-MSEdge-Ref
SPIisLatency
SPRequestDuration
S
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Proxy
X-Client-IP
X-Grace
X-DataStream-MidMile-RTT
X-Debug
X-DataStream-Origin-MEX-Latency
Pagespeed
X-Amz-Meta-S3cmd-Attrs
X-Id
X-FTR-Backend
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Realm
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Expires
X-Ezoic-Cdn
X-N
X-T
X-Fastly-Request-ID
X-DIS-Request-ID
MicrosoftSharePointTeamServices
Accept-CH
X-Amzn-Trace-Id
Front-End-Https
Arr-Disable-Session-Affinity
X-NF-Request-ID
X-Content-Type
X-Vcache
X-Hits
X-Ser
X-Varnish-Age
X-B3-Sampled
Arc-Version
Nel
PB-RID
PB-PID
X-Mobile-Rewrite
Alternate-Protocol
X-Acc-Meta-Resource-Type
X-B3-Traceid
Fastcgi-Cache
X-FTR-Cache-Host
X-Frontend
X-FastCGI-Cache
X-Logged-In
X-XRDS-Location
X-Content-Digest
Server-Name
X-Srv
X-Correlation-Id
X-VCache
X-Pad
X-Forwarded-For
Host
X-Node-Name
Powered-By-ChinaCache
X-Cache-Key
AMP-Access-Control-Allow-Source-Origin
X-Microsite
X-Request-Handler-Origin-Region
FilterID
Healthy
X-Rid
TP-L2-Cache
TP-Cache
X-Type
X-XRDS-LOCATION
X-LB-Cache
X-Kinsta-Cache
X-Server-ID
X-IPLB-Instance
Edge-Cache-Tag
X-User-Agent
X-Request-Processing-Time
X-Debug-Info
X-Request-Received
X-AOL-HN
X-Fastcgi-Cache
X-Cached-By
X-F-Cache
X-Revision
X-Cache-2
X-Zen-Fury
X-Amz-Apigw-Id
X-Amzn-RequestId
Powered
X-HS-Content-Id
X-Hostname
X-HS-Hub-Id
X-GUploader-UploadID
X-Cache-Rule
X-Cache-Age
X-Accel-Expires
Surrogate-Key
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-AppVersion
Backend-Timing
X-Az
X-Activity-Id
X-Analytics
VIX-Pulpo-Node
X-Via-JSL
VIX-Pulpo-Upstream-Status
X-Page-Id
X-Content-Security-Policy-Report-Only
X-Varnish-Backend
X-Instance
X-Content-Options
X-Varnish-Grace
X-BCube-Filmed-By
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Cluster
Source
X-FB-Debug
X-Tumblr-User
X-Akamai-Edgescape
X-App-Environment
X-Amz-Replication-Status
X-PHP-Backend
X-Content-Powered-By
X-Jobs
X-Request-Guid
Cache-Status
X-Framework
Cleartype
X-TT
Server-Node
X-Esi
X-Forwarded-Host
X-RateLimit-Limit
Refresh
X-Signature
X-B-Cache
X-Varnish-Hostname
WPE-Backend
Tracecode
Liferay-Portal
X-ATG-Version
X-FW-Type
X-FW-Serve
X-FW-Server
Host-Header
X-FW-Static
X-FW-Hash
X-Mobile
DC
X-Time
X-Cache-Operation
Accept-Charset
X-Cache-Control
X-Edge-Location
X-Drupal-Cache-Tags
X-Cache-Action
Access-Control-Allow-Method
Accept-CH-Lifetime
Actual-Object-TTL
Fastcgi-Useragent
X-Cache-Hit
X-NWS-LOG-UUID
Cache
X-Mobile-URL
X-Response-Served-From
X-Accel-Buffering
X-Erf-Bev-Bev-Is-Generated
Payment
X-Erf-Bev-Bev
X-Hp-Webp
X-B
X-Whom
X-Cache-TTL
X-Storage
X-App-Server
X-WebKit-CSP-Report-Only
X-UA-Device-Type
X-TX-ID
Upgrade-Insecure-Requests
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Handled-By
X-SS-Set-Cookie
X-GeoIP
X-Git-Hash
X-Cacheable-TTL
Xserver
X-TT-TIMESTAMP
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
Filters
X-APP-VERSION
Cache-Tv-Group
X-WA-Info
X-ProcessESI
X-Content-Age
X-RemovedCookies
Viewport
X-RequestSource
X-VG-WebCache
Eomportal-Instance
X-Geo-Country
X-Adobe-Content
X-Adobe-Loc
X-Status
NGB
Cache-Tag
X-Ratelimit-Limit
Webserver
X-FB-TRIP-ID
Retry-After
Datacenter
X-Ratelimit-Reset
X-Presslabs-Stats
X-TA-CDN-Provider
X-Cache-TTL-Remaining
Server-Info
X-Cache-Enabled
X-FW-Dynamic
X-Seen-By
MS-CV
X-Contextid
X-Host-Name
X-Guploader-Uploadid
S-Cnection
Country
X-Origin-Server
From-Origin
X-Hyper-Cache
Frame-Options
Ms-Operation-Id
X-Generated-By
X-RTag
X-ES-SERVER
Load-Balancing
X-Tumblr-Pixel-3
X-RN-RSRV
X-CF-Powered-By
X-Cache-Config
X-Path-Route
X-Cache-Var
Machine
X-Cache-Var-Map
Meta-Geo
Vix-Hermes-Req-Id
X-Cache-Grace
X-AWS-Id
DSUID
We-Hiring
X-Human
X-Hit
X-Cache-Host
X-VWS-Id
Mail-Subject
Cache-Key
X-Varnish-Cache-Hits
Release
X-Mode
X-LJ-Flow-ID
X-Backend-Name
X-MP-GENERATED-AT
X-Labrador-Cache-Channel
X-Upgrade-Enabled
Decoy-Debug-Key
X-Web-Node
X-Varnish-Server
Now
X-Viewer-Country
Decoy-Debug-Status
Decoy-Debug-TTL
Uber-Trace-Id
ServedBy
X-Access
X-Debug-Cache
X-B3-Spanid
X-Varnish-Hits
X-OCL
X-PCL
X-Section
X-RCS-CacheZone
X-From
X-Loop
X-TNCMS
X-Device-Type
X-Magnolia-Registration
Rt-Fastcgi-Cache
X-R9-Blue-Green-Version
X-Environment-Context
X-Cluster-Node
X-ProxyCache-Status
X-ProxyCache-Key
X-Shopify-Stage
X-L-Path
OT-Force-Account-Verify
X-Rendered-As
X-EIG-Tracking-Id
X-CCM
X-BYPASS-REASON
X-ShardId
X-Alternate-Cache-Key
X-Rule
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-ShopId
GEO-INFO
X-Proxy-Build
X-Proxied
X-S
X-VG-TLSProxy
X-Routing-Service
X-NCache
X-Generated
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Akamai-Request-ID
X-Endurance-Cache-Level
X-FC-Vary-Parameters
X-Timing-Wait
X-Hosted-By
X-Origin-Response-Time
X-Upstream-HT
X-Upstream-CT
X-JoinUs
X-Proto
DB-Nickname
Akamai-GRN
X-Zipkin-Id
X-Region
X-Via-Fastly
X-Xfnlog-Site
X-PressLabs-Stats
Mn-Server-Ip
X-Drupal-Cache-Contexts
Cache-Name
X-VCT
X-Trace-Id
X-Locale
X-Redis-Cache
X-Site-Version
X-Nginx-Cache
X-Daa-Tunnel
X-Www-Served-By
X-Load-Cache
Cteonnt-Length
ProcessTime
X-Platform-Server
X-NewRelic-App-Data
X-Cache-NE
NGX
X-EdgeConnect-Cache-Status
X-MServer
SRV
X-UUID
X-Oracle-Dms-Rid
X-Hl-Ver
X-Request-Time
X-Vgn-Hpd-Reason
X-Time-Microsecs
X-IP
Version
Time
X-ServerID
X-Rocket-Nginx-Bypass
X-ECACHE
X-Wix-Request-Id
X-FW-Version
S-Rt
X-Dc
X-Origin
X-Via-CDN
Azure-SiteName
X-IPS-LoggedIn
Azure-Version
Azure-SlotName
X-Cache-Remote
Azure-RegionName
Azure-InstanceId
Property-Id
X-Real-IP
Webcakes-App-Version
TWC-Privacy
TWC-Locale-Group
Webcakes-App-Name
Webcakes-Region
TWC-Connection-Speed
X-Origin-Hint
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-RateLimit-Reset
TWC-Device-Class
X-Proxy
X-FireWall-Port
Origin
X-UA
X-No-Session
NtCoent-Length
X-GEO
X-Oneagent-Js-Injection
L5d-Success-Class
X-Akamai-Request-ID2
CACHE
Odigeo-Trace-Id
PageSpeed
X-Akamai-Transformed
X-Distributor
Served-By
X-Cache-Backend
X-HTML-Minification-Powered-By
X-ApacheServer
X-Pubstack
X-PERF
Fastly-SSL
X-Cache-Server
X-Compress-Hint
X-Format
X-CS
Origin-Cache-Control
Origin-Edge-Control
X-Webkit-Csp
Fastcgi-X-Cache-Version
X-Edge
X-Unique-ID
X-CDN-Forward
X-Microcachable
X-UnsetCookies
Ec-Rule-Version
Hostname
X-Cache-Category-Id
X-Grey
Proxy-Connection
X-BACKEND-TTL
LB
X-Powered-By-Defense
Cache-Tags
Backend-Name
X-Varnish-Cacheable
IBM-Web2-Location
X-Detected-As
X-Is-Bot
Server-ID
Rt-Proxy-Cache
Request-Time
Node
Rendered-Blocks
Request-Country
Request-EU
X-A-Ccd
X-A-Wwc
X-A-Dgt
X-Accel-Expires-Debug
X-Aed
X-AIR-PT
X-A-Dcw
X-A-Dam
Viewtype
VivaBuild
X-A
Mobile-Detection-Method
ServerName
Ha-Gx-Prefs
Cache-Cookie-Set-Lfrom
Cache-Prefix
Cdn-Host
Cdn-Request-Time
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Arc-Country
AsisCache
BehaviorPad-Version
Content-Script-Type
Content-Style-Type
GEO-REGION-INFO
X-Application
HA-Ipaddr
MD5-Digest
Fly-Request-Id
Fly-Cache
Cross-Origin-Window-Policy
Fastly-SIE
Fastly-SWR
Meta-Geo-Continent
X-CGP
X-Request-UUID
X-Rewrite-Enabled
X-Rojux
X-S-Cookie
X-Region-Sid
X-Rebelmouse-Surrogate-Control
X-NX-Host
X-Org
X-PAYTM-SRV-ID
X-Rebelmouse-Cache-Control
X-S-Maxage
X-ScT
X-Worker
X-VG-WebServer
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Twitter-Response-Tags
X-Trv-Group
X-Server-Time
X-SRCache-Key
Xc-Version
X-Transaction
X-NU-AKA-ACS-Version
X-Instart-Info
X-Connection-Hash
A
X-D
X-Debug-Cookies
X-Cluster-Name
X-CF-Lambda-Version
X-B-Cookie
X-Cache-Bucket
X-Cdn-Srv
X-CF-Lambda-Fn
X-Debug-Log
X-Destination
X-G
X-HS-Cache-Config
X-HS-Combine-CSS
X-IN-APIGATEWAY
X-External-Request-Id
X-Eu-Site
X-Developer
X-DPWN-IS-SECURE
X-Edge-Server
X-ARC
X-Date
X-Via-NSCOPI
X-Tb
Access-Control-Request-Headers
X-Nc
X-B3-Parentspanid
X-ElasticPress-Search
X-Server-IP
X-Irp-Debug
Memcached
Is-Eu
X-Key
X-Level-Front-Cache
X-Internal-Host
Gh-Request-Id
X-Backend-State
X-Sn-Servicetimems
X-Skip-Cache
X-ServiceProvider
Accept-Language
X-App-Name
Platform
SS
True-Client-Country-4JS
X-PHP-Host
X-Dispatch
X-Processor
Server-Host
Resin-Trace
W
X-Variation
On-Server
X-Reqid
X-Location
Proxy-Firewall
X-Request-URI
X-TH-Server
Adler-Geo
X-Cache-Id
Country-Code
X-Cdn-Origin
X-Geo-Header
X-Clientip
X-Generated-On
Countrycode
X-Cache-Info
X-Dispatcher-Server
X-Epic-Correlation-Id
X-Hash
X-GeoIP-Country-Code
X-We-Are-Hiring
X-NC
Mime-Version
X-Crawler
V-Age
Web-Mar-Node
X-Nginx-Cache-Key
X-Device-Os
X-Fetched-On
X-FPC
X-Fastly-Cache
X-Developers
UCS
User-Cache-Control
X-Li-Pop
X-Cache-FS-Status
X-Amz-Meta-Cache-Control
X-Hnp-Log
Server-Int
X-Block-Status
X-Auto-Login
X-CDN-Cache
X-Generation-Time
X-LI-UUID
X-Gannett-Site-Version
X-Gen-Mode
X-LI-Proto
X-Li-Fabric
X-BBXSRF
X-Core-Mission
Section-Io-Cache
IsBot
X-Servername
X-SIPLIST1
X-C
X-Secret
X-SD-PageType
Powered-By
PFcat
X-Request-Start
X-Response-By
X-WebServer
Esi-Enabled
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-Varnish-Url
Apple-News-Services-Request-Url
X-SVT-ORM-VERSION
X-Webstats-RespID
AKAMAI
Content-Disposition
X-SVT-ORM-RULES
Pramga
X-Swa-Ws
RNT-Machine
REQUESTUUID
X-Qloud-Router
RNT-Time
X-Reboot
SD-X-WS
X-SERVER-NAME
Heartbleed
CDCHOST
GW-Server
X-Owner
X-Wikidot-Static-Cache
X-GeoIP-City
X-Clara-WADP
X-Cms-Context
X-Via-SSL
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Via-Edge
X-WADP-Cache
X-Distil-CS
X-Matched-Rule
Thinkindot-CacheControl
X-Wikidot-Backend
X-Thanos
X-Azure-Ref
Wxu-Next-Hostname
Wxu-Next-Commit
X-Served-From
Who
X-Azure-Ref-OriginShield
Wxu-Next-Region
X-Method
X-Origin-Expires
X-VServer
X-Bip
X-Thinkindot-L3
X-ND-Cache
X-Origin-Date
CF-IPCountry
X-Varnish-Ttl
X-Ua
X-Proxy-Cache-Status
X-Proxy-Upstream
X-OVcl-Cache
N-Cache
X-Release
X-Protected-By
Fastly-Soc-X-Request-Id
X-OVcl
X-CLOUD-TRACE-CONTEXT
X-CUA
L
X-Amzn-Remapped-Content-Length
Pragrma
X-Ratelimit-Remaining
X-FE
X-Parent-Response-Time
X-Fstrz
Selected-Fe
X-TrackingId
Kp-EeAlive
X-VC-Cache
X-Varnish-Beresp-Ttl
X-Planisys-CDN-Rules
X-Pf-Uncompressing
X-LAGOON
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
User-Agent
X-Urbn-Site-Id
X-Urbn-Context-Path
Locale
Memory
X-Geo
X-Be
X-Page-Type
X-Phone
X-Origin-CC
Magicmarker
X-Cdn-Forward
X-Core-Value
X-IN-WAF
X-Origin-TTL
X-URL
X-Datadome
X-Zone
X-Flog
X-Varnish-Beresp-Status
X-Ttl
Pagetype
X-Varnish-Beresp-Grace
X-ABtesting
X-Hello
X-B3-SpanId
X-DC
X-Dynatrace-Js-Agent
X-Birta-Served
X-User
X-Generated-In
X-Birta-Cache-Post
X-Info
X-GRACE
X-Backend-TTL
Cdn
X-Backend-Url
X-Backend-Host
X-Varnish-IP
HitType
Selected-FE
GeoIp-Country-Code
Geoip-Latitude
X-Debug-Cache-Expiry
X-Newrelic-Synthetics
Geoip-City
X-Tt-Trace-Tag
X-Soup
X-TT-LOGID
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Litespeed-Cache
X-Up
X-GoCache-CacheStatus
SN
X-MSEdge-Features
X-MSEdge-Flight
X-MID
X-Mid
X-Oss-Server-Time
X-Servedbyhost
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Object-Type
X-HS-Status
X-Real-Ip
X-Cache-Ttl
CF-Cached-On
X-Agile
X-Vcl-Version
X-Cache-Debug
X-Aicache-OS
X-Agile-Age
X-Agile-Id
X-Refresh
X-Source
X-Ruxit-Js-Agent
X-Check-Cacheable
Amp-Access-Control-Allow-Source-Origin
X-ZONE
X-VCL-Version
X-SayCDN-TTL
X-Say-TTL
X-Web-Server
FSS-Proxy
FSS-Cache
X-Old-Content-Length
X-Say-Cacheable
X-App-Version
X-ServedByHost
X-Tb-Optimization-Total-Bytes-Saved
X-Amzn-Remapped-Connection
Cache-Hits
X-Amzn-Remapped-Date
X-Bc
Server-Surrogate-Control
X-CSRF-Token
HostName
Server-Cache-Control
GeoIP-Country-Code
X-Contensis-Viewer-Groups
X-Varnish-Authentication
X-Cache-ASPX
WZWS-RAY
X-EC-Lua
X-Via-Ucdn
Fastly-Backend-Name
RequestId
GeoIP-Latitude
GeoIP-City
X-Node-Id
X-COUNTRY
X-APP
Inserted-Into-Cache-At
X-UPSTREAM-Address
Ohc-Cache-HIT
Srv
Ohc-File-Size
X-Cache-Time
X-Akamai-SSL-Client-Sid
X-NWS-UUID-VERIFY
Ajk
X-Logtrace-Id
X-IN-APIGATEWAYSSL
Group
X-Nananana
X-CSRF-TOKEN
X-CACHE-KEY
X-BC
X-Proxy-Cacherz
Xkeyrz
HTTPS
X-ECache
X-WR-MODIFICATION
WebServer
X-Dynatrace
XServer
X-Unique-Id
X-SN
X-Varnish-Beresp-TTL
X-Cache-Tag
Backend
Cf-Ipcountry
X-RateLimit-Limit-Second
Www
URI
X-RateLimit-Remaining-Second
X-TIME
X-Wa
Get-Access-Time
X-Request-Url
Xkeynj
X-BE
X-Fastly-Country-Code
Is-Session-Tracking
X-PAGE-TYPE
X-FORWARDED-FOR
X-Instart-Isnd
X-MCACHE
X-LiteSpeed-Cache-Control
Lb
Host-ID
X-Requestid
X-Cache-Expires
T-Server
PICS-Label
X-Edge-IP
Requestid
X-Sedo-Request-Id
X-Cache-Miss-From
Dynatrace
Cneonction
X-GDPR
X-LB-ID
X-Fastly-Backend-Reqs
X-PJAX-URL
X-Micro-Cache
X-Pjax-Url
X-Render-Time
X-SRV
DataCenter
Xet-Cookie
X-PF-Uncompressing
X-WA
X-NGENIX-Cache
X-Lb-Id
Pics-Label
X-Varnish-Action
X-Apw-Access-Action
X-Vct
CDN
X-Swift-Error
X-Apw-Access-Object
Epwk-Cache
X-Apw-Hits
X-Apw-Access-Token
X-NGINX-Cache
X-Dw-Trace-Id
X-Policy
X-Cf-Powered-By
SID
X-Ecache
Fastcgi-X-Cache
X-Uri
Correlation-Id
MIME-Version
X-Serial
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-ServerName
X-LiteSpeed-Tag
X-Zalando-Child-Request-Id
RequestUuid
X-Svr
X-Flow-Id
X-Bug-Bounty
X-Page-Impression-Id
Lfy
X-Html-Edge-Cache
X-WPE-Loopback-Upstream-Addr
Ohc-Response-Time
X-Fastly-Cache-Hits
X-RPM
X-RPS
X-RSL
X-DW
X-DSS
Warning
X-DB
X-DI
X-Fpc