Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
X-Powered-By
X-Content-Type-Options
Strict-Transport-Security
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
X-Xss-Protection
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
CF-Ray
Content-Security-Policy-Report-Only
X-Generator
Alt-Svc
X-AspNetMvc-Version
Status
X-Cache-Status
X-DNS-Prefetch-Control
X-Check
X-Iinfo
X-FRAME-OPTIONS
X-Adblock-Key
Timing-Allow-Origin
X-CDN
X-Content-Security-Policy
X-Turbo-Charged-By
X-Permitted-Cross-Domain-Policies
Content-Encoding
X-Template
X-Language
Keep-Alive
X-Via
X-Type
X-AH-Environment
X-Backend
X-Cache-Group
WPE-Backend
X-Nginx-Cache-Status
X-Buckets
X-Pass-Why
X-Server
X-Age
X-Server-Powered-By
Access-Control-Max-Age
X-Pingback
X-Request-ID
Xkey
X-Varnish-Cache
Grace
Access-Control-Expose-Headers
Upgrade
X-Drupal-Dynamic-Cache
X-Hacker
X-UA-Device
P3p
X-Amz-Request-Id
X-Page-Speed
Cf-Railgun
X-Proxy-Cache
X-Amz-Id-2
EagleId
X-Robots-Tag
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Envoy-Upstream-Service-Time
Ali-Swift-Global-Savetime
Request-Context
X-Node
X-Ac
X-Device
Content-Location
X-Host
X-Cnection
X-Amz-Version-Id
X-Cache-Lookup
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Surrogate-Control
X-Backend-Server
X-Server-Id
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Rack-Cache
X-Instart-Request-ID
X-Px
X-CST
X-Response-Time
Request-Id
X-Readtime
Server-Timing
X-Rq
X-HeyJason
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
X-Clacks-Overhead
X-Ua-Compatible
X-Url
EagleEye-TraceId
Pinterest-Generated-By
X-Cloud-Trace-Context
Edge-Control
X-Application-Context
X-Country
X-MS-InvokeApp
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Server-Name
Allow
X-DynaTrace-JS-Agent
Charset
Report-To
SPRequestGuid
X-Country-Code
X-SharePointHealthScore
X-DataDome
X-ESI
X-Ruxit-JS-Agent
X-Cached
X-Varnish-TTL
X-Vname
Rating
X-TtlSet
X-PC
X-Powered-CMS
X-TTL
X-Powered-By-Plesk
X-Recruiting
Public-Key-Pins
X-FTR-Request-ID
X-D2id
NEL
X-Vhost
X-Version
X-Cdn
X-Cdn-Fetch
X-Kinja-Revision
X-Exp-Id
X-Kinja-Server
X-Kinja-Build
X-Exp-Variant
X-Geo-Segment
X-Kinja
X-N
Pinterest-Version
X-Pinterest-Rid
MS-Author-Via
X-Upstream-Env
SPIisLatency
X-F-Cache
SPRequestDuration
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-CF-Powered-By
X-Dw-Request-Base-Id
X-DynaTrace
Cartoon
X-VARITI-CCR
X-GoogleNews-Bot
X-T
X-Mod-Pagespeed
Content-MD5
AR-CACHE
AR-PoweredBy
AR-ATIME
Nginx-Cache
RTSS
X-Abt-Application-Version
X-GitHub-Request-Id
MicrosoftSharePointTeamServices
Feature-Policy
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Shield-Request-Id
Verso
X-Trace
X-Amz-Rid
X-Dispatcher
X-Navigation-Version
X-Forwarded-Proto
X-Client-IP
X-Hits
Realpath
X-Goog-Hash
X-Server-ID
X-Origin-Cache
AR-SID
X-Ttl
Arr-Disable-Session-Affinity
Paypal-Debug-Id
X-Kinsta-Cache
X-Zen-Fury
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Id
X-Content-Options
TCN
X-Grace
X-B
X-Content-Digest
X-Ser
X-Varnish-Age
X-Cache-Key
Alternate-Protocol
Fastcgi-Cache
X-Sol
X-Upstream
DynaTrace
X-Via-JSL
Access-Control-Request-Method
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-Mrf-Item-Lastmod
MRF-Tech
X-Fastly-Request-ID
X-Pad
Display
X-Middleton-Display
X-FastCGI-Cache
X-NF-Request-ID
X-Nf-Srv-Version
X-Vcap-Request-Id
X-DIS-Request-ID
X-IPLB-Instance
PB-PID
PB-RID
X-User-Agent
X-Middleton-Response
Response
X-Mobile-Rewrite
X-SS-Set-Cookie
Front-End-Https
X-Frontend
Rt-Fastcgi-Cache
X-Logged-In
Pagespeed
Eomportal-Instance
X-PressLabs-Stats
X-Cache-Rule
X-MSEdge-Ref
Server-Name
X-Whom
X-Forwarded-For
X-VCache
Host
X-Acc-Meta-Resource-Type
X-Hostname
X-Cache-Hit
S
X-XRDS-LOCATION
X-NWS-LOG-UUID
Tracecode
X-Newrelic-App-Data
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Generation
Cache-Status
X-Debug
Liferay-Portal
Arc-Version
X-HS-Content-Id
X-AOL-HN
X-UUID
X-FTR-Realm
X-FTR-Expires
HitInfo
HitType
X-FTR-Cache-Status
Server-Info
X-FTR-DC
X-FTR-Balancer
X-Request-Received
X-Request-Processing-Time
X-Country-Code-Real
Surrogate-Key
X-FTR-Backend
X-FTR-Backend-Server
FilterID
X-Analytics
Backend-Timing
X-Wix-Server-Artifact-Id
X-Magnolia-Registration
Public-Key-Pins-Report-Only
X-Instance
X-Contextid
Refresh
X-Rid
X-XRDS-Location
TP-L2-Cache
TP-Cache
ServerID
X-Activity-Id
X-Az
X-Proxied
X-Webkit-Csp
X-AppVersion
X-HS-Cache-Config
Edge-Cache-Tag
X-Srv
X-B3-Traceid
X-WPE-Loopback-Upstream-Addr
X-Content-Security-Policy-Report-Only
X-Varnish-Server
X-HW
Service-Worker-Allowed
AMP-Access-Control-Allow-Source-Origin
Cleartype
X-Correlation-Id
X-Mobile
S-Cnection
X-Origin
X-Revision
Served-By
X-APP-VERSION
Source
X-Varnish-Backend
X-FTR-Cache-Host
Fastly-Restarts
X-TT
X-App-Environment
X-Amzn-Trace-Id
X-Geo-Country
X-RateLimit-Remaining
X-B-Cache
X-Framework
Powered-By-ChinaCache
X-PHP-Backend
X-Device-Type
X-Signature
X-Sucuri-ID
X-Varnish-Hostname
X-Tumblr-Pixel
X-Tumblr-Pixel-0
Retry-After
X-Origin-Upstream-Status
X-FB-Debug
X-Tumblr-User
X-Cache-Config
X-Hyper-Cache
X-Cache-Server
X-Cache-Operation
X-Cache-Action
X-PC-Hit
Server-Node
X-Request-Guid
X-Cache-Control
X-PC-AppVer
X-Hail-Hydra
X-PC-Key
X-Handled-By
Host-Header
X-Cache-2
X-Page-Id
X-BCube-Filmed-By
Accept-Charset
MS-CV
X-TT-TIMESTAMP
DC
X-Ocache
X-ATG-Version
Actual-Object-TTL
X-WA-Info
X-Debug-Info
X-Shield-Cache-Expires
X-Origin-Server
X-ADI-VCache
Cache
X-PC-Date
X-PC-Host
X-Content-Powered-By
X-Daa-Tunnel
X-HS-Combine-CSS
NGB
X-Accel-Expires
Upgrade-Insecure-Requests
X-URL
Viewport
X-Microcachable
X-LB-Cache
SRV
X-Cache-NE
X-GeoIP
AsisCache
X-Generated-By
X-Yottaa-Optimizations
X-Cached-By
X-Yottaa-Metrics
X-Drupal-Cache-Tags
ServedBy
X-Jobs
X-Accel-Buffering
X-RequestSource
X-Amz-Server-Side-Encryption
Filters
X-Akamai-Edgescape
X-Sucuri-Cache
X-Cacheable-TTL
X-App-Server
X-Wix-Request-Id
X-Seen-By
X-S
X-WebKit-CSP-Report-Only
X-TX-ID
X-Cluster
X-B3-Sampled
X-Feature
X-Geo
X-Distil-CS
X-Varnish-Hits
From-Origin
Content-Style-Type
Content-Script-Type
X-FW-Server
X-Internal-Host
X-FW-Type
X-Akam-SW-Version
X-RTag
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-FW-Static
X-Locale
X-FW-Serve
X-FW-Hash
X-Varnish-IP
X-Adobe-Content
X-Adobe-Loc
X-Dns-Prefetch-Control
Datacenter
X-Varnish-Cache-Hits
X-Cache-Age
X-Cache-Remote
X-GZip
X-Edge-Cache-Key
X-Storage
X-Varnish-Grace
X-Node-Name
X-Edge-Cache
X-ServedBy
X-Platform-Server
HostName
X-CDN-Forward
X-UA
X-Vg-Webcache
X-Cache-TTL-Remaining
X-Akamai-Transformed
X-Region
X-NewRelic-App-Data
X-RateLimit-Limit
X-Mode
X-Cache-Bucket
Country
X-Kinja-Server-Push
Cache-Tag
X-Amz-Replication-Status
X-Guploader-Uploadid
RATING
X-GUploader-UploadID
X-Distributor
Load-Balancing
X-EIG-Tracking-Id
X-Real-IP
X-Proto
ServerName
Ohc-File-Size
GEO-INFO
Fastly-SSL
X-BB-IP
X-Amz-Apigw-Id
X-Source
X-Amzn-RequestId
Mn-Server-Ip
X-ProcessESI
X-Path-Route
X-Optimization
L5d-Success-Class
X-PERF
X-MP-GENERATED-AT
Healthy
X-ProxyCache-Key
X-ProxyCache-Status
Cache-Key
Cache-Name
X-RemovedCookies
X-TA-CDN-Provider
X-Is-Bot
Meta-Geo
X-Detected-As
X-Akamai-Request-ID
X-Rendered-As
X-Debug-Cache
X-Cache-Var-Map
X-Cache-HT
X-Cache-Var
X-Web-Node
X-Viewer-Country
X-RN-RSRV
X-ApacheServer
X-BYPASS-REASON
Machine
X-Drupal-Cache-Contexts
X-Time-Microsecs
X-NCache
Cache-Hits
X-Cache-Category-Id
X-CCM
X-Request-Time
X-ServerID
X-Grey
X-TWH-CORRELATION-ID
X-Webstats-RespID
X-JoinUs
X-Hit
X-Generated
X-Human
X-Labrador-Cache-Channel
X-OCL
X-Agile-Id
X-Agile-Age
Access-Control-Allow-Method
Backend
Now
X-Agile
X-Original-Request
X-Cluster-Node
X-Port
X-PCL
X-Xfnlog-Site
TWC-Connection-Speed
S-Rt
TWC-Device-Class
TWC-GeoIP-Country
TWC-Locale-Group
TWC-GeoIP-LatLong
Property-Id
TWC-Privacy
X-Www-Served-By
Azure-RegionName
Azure-InstanceId
Azure-SiteName
Azure-SlotName
Webcakes-App-Version
Azure-Version
X-Via-Fastly
X-Upgrade-Enabled
X-Hosted-By
X-Proxy
X-FC-Vary-Parameters
X-Instance-Name
X-OVcl-Cache
X-OVcl
X-NodeID
X-Edge-Location
X-Timing-Wait
X-Render-Type
X-Origin-Hint
X-Pubstack
X-Amz-Meta-Surrogate-Control
X-CDN-Cache
X-CCM-LastModified
Webcakes-Region
Webcakes-App-Name
X-Proxy-Build
Selected-FE
X-Birta-Cache-Post
X-Birta-Served
X-Cache-Enabled
X-Format
X-Generation-Time
X-Newrelic-Synthetics
LB
User-Cache-Control
WP-Super-Cache
X-Access
X-App-Name
X-IP
X-AWS-Id
X-Backend-Name
X-Loop
X-TNCMS
X-Esi
X-Varnish-Cacheable
X-VWS-Id
X-Zipkin-Id
X-Surge-Debug
X-SplitTest
X-Meta-Tbi-Cache-Vertical
DB-Nickname
X-Routing-Service
X-Section
X-Site-Version
X-LJ-Flow-ID
X-Ezoic-Cdn
Fastcgi-Useragent
Countrycode
X-Origin-CC
X-Real-Ip
X-Oracle-Dms-Ecid
X-Nginx-Cache
X-Oracle-Dms-Rid
User-Agent
X-Tumblr-Pixel-3
X-Dc
X-Oneagent-Js-Injection
X-Time
Payment
Origin-Edge-Control
X-Nc
Origin-Cache-Control
X-Litespeed-Cache
X-Environment-Context
X-Tb
X-L-Path
X-UA-Device-Type
Ec-Rule-Version
RequestId
Xserver
X-B3-Spanid
X-Unique-ID
X-DataStream-Cache-Status
X-B3-TraceId
X-Skip-Cache
X-NU-AKA-ACS-Version
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
Access-Control-Request-Headers
X-NGENIX-Cache
X-Servedby
X-CLOUD-TRACE-CONTEXT
X-CACHE-AGE
X-WR-MODIFICATION
NODE
Webserver
X-Upstream-HT
X-Upstream-CT
X-Be
Time
X-Vgn-Hpd-Reason
X-Correlation-ID
X-EdgeConnect-Cache-Status
X-Webkit-CSP
Warning
X-Croise-Owner
Fly-Cache
X-From
X-SRCache-Key
X-ElasticPress-Search
X-ARC
Fly-Request-Id
X-Generated-In
X-S-Cookie
X-Application
X-B-Cookie
X-G
X-A-Dgt
X-A-Wwc
X-DPWN-IS-SECURE
X-A-Dam
X-Debug-Log
X-Destination
X-Debug-Cookies
X-Logtrace-Id
X-Cache-Backend
X-Cache-Expires
X-NX-Host
Request-Time
X-Cache-Id
Resin-Trace
X-Developer
X-Var-Ttl
Ajk
X-Died
Cache-Prefix
X-A
X-A-Ccd
X-CS
X-D
X-A-Dcw
T-Server
Ws
X-Oss-Server-Time
X-Oss-Storage-Class
X-Status
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Request-Id
X-Dynatrace
X-StackifyID
IBM-Web2-Location
Memcached
VivaBuild
X-Cache-Host
X-Device-Os
Sta2Tusw
Proxy-Connection
Viewtype
Meta-Geo-Continent
X-BB-ID
X-Dispatcher-Server
X-CF-Lambda-Version
V-Age
X-Cache-Ttl
Release
X-CF-Lambda-Fn
Host-ID
X-BBXSRF
X-Amz-Meta-Cache-Control
Www
MD5-Digest
X-Cache-Time
X-Connection-Hash
X-Haproxy-Ip
X-Server-Time
X-Server-By
Apple-News-Services-Handled
AKAMAI
X-WebServer
X-Request-URI
X-Release
X-Fstrz
Apple-News-Services-Request-Url
Apple-News-Services-Host
X-Rewrite-Enabled
X-Rojux
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-We-Are-Hiring
X-Via-Edge
X-Wix-Route-ID
Xc-Version
Cneonction
X-Via-CDN
X-VG-WebServer
X-Trv-Group
X-Transaction
X-Twitter-Response-Tags
X-Varnish-Beresp-Ttl
X-User
BehaviorPad-Version
Apple-News-Services-Parsed-Url
X-Region-Sid
Fastly-Soc-X-Request-Id
X-PAYTM-SRV-ID
X-ND-Cache
X-Haproxy-Hostname
X-Hash
X-Fastly-Cache
X-Fastcgi-Cache
X-Planisys-CDN-Cache
X-No-Session
X-Public
Fastcgi-X-Cache-Version
Fastcgi-X-Cache
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Content-Type
X-Yottaa-Sig
UCS
HA-Geolon
HA-Geocountry
X-Sorting-Hat-ShopId
HA-Georegion
HA-Geolat
X-Sorting-Hat-ShopId-Cached
X-UE-Client-Country
Ha-Gx-Prefs
Fastly-SIE
Fastly-SWR
HA-Host
HA-Cloudapp
GW-Server
HA-Geocity
X-Gannett-Site-Version
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Returned-From
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-Phone
X-Passed-To-PostProcessResponse
X-GeoIP-Country-Code
X-Passed-To
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-Returned-From-PostProcessResponse
X-ScT
X-Up
X-UnsetCookies
X-Wikidot-Backend
X-Wikidot-Static-Cache
GMS-Ver
X-Trace-Id
X-Stale
X-Secret
X-Server-IP
X-SIPLIST1
X-Sn-Servicetimems
X-GeoIP-City
X-Sorting-Hat-Section
Pramga
Powered-By
Rendered-Blocks
Server-Host
Server-Int
Origin
NGX
HA-Servedtime
HA-Urlpath
Heartbleed
IsBot
Uber-Trace-Id
X-Actual-URL
X-Eu-Site
X-Epic-Correlation-Id
X-F5-Cache
X-FireWall-Port
X-Forwarded-Host
X-Core-Value
X-CGP
X-Amz-Meta-S3cmd-Attrs
X-Cache-CFC
X-Cache-Debug
X-Cdn-Origin
HA-Ipaddr
X-Via-NSCOPI
Request-EU
X-IN-WAF
Kp-EeAlive
X-RCS-CacheZone
Request-Country
X-CSRF-Token
Version
Dnion-Transfer-Encoding
X-Crawler
X-Sorting-Hat-PrivacyLevel
X-IN-APIGATEWAY
X-IN-SSL-APIGATEWAY
X-S-Maxage
X-Sorting-Hat-FeatureSet
X-Sorting-Hat-PodId
X-Sorting-Hat-PodId-Cached
X-Auto-Login
X-Shopify-Stage
X-ShopId
X-Hl-Ver
X-Alternate-Cache-Key
Server-ID
X-ShardId
X-C
NnCoection
X-TIME
X-Edge-IP
X-Core-Mission
X-Developers
X-Cache-Srv
Web-Mar-Node
Who
Thinkindot-Control
Thinkindot-CacheControl-Type
Pragrma
Thinkindot-CacheControl
Mime-Version
X-Backend-Host
X-Cdn-Srv
X-Ckpd-Fst-Backend
X-Block-Status
X-Backend-Url
X-Backend-State
X-Backend-TTL
X-Content-Age
X-GoCache-CacheStatus
X-Thinkindot-L3
X-TT-LOGID
X-ServiceProvider
X-Servername
X-Server-Group
X-V
X-Ver
X-Accel-Expires-Debug
X-Date
X-Bug-Bounty
X-Worker
X-VServer
X-Served-From
X-Rocket-Nginx-Bypass
Platform
X-Hnp-Log
X-Gen-Mode
X-Frame-Option
X-Fetched-On
X-Matched-Rule
X-MI-In-Market
X-Reboot
X-Response-By
X-Node-Id
X-MSEdge-Flight
X-MSEdge-Features
X-Env
X-Location
Httpd-Identifier
Decoy-Debug-TTL
Country-Code
Decoy-Debug-Status
Decoy-Debug-Key
Cache-Cookie-Set-Lfrom
Odigeo-Trace-Id
CDCHOST
Drupal-Pagecache-Memcache
MI-Cache-Age
X-Origin-Date
Fastly-Backend-Name
X-Info
X-Origin-Expires
Esi-Enabled
MI-Cache
MI-API
Ohc-Response-Time
Content-Disposition
Backend-Name
HTTPS
Cache-Cookie-Set-Idcheck
Is-Eu
X-Page-Type
OT-Force-Account-Verify
PFcat
Cache-Cookie-Set-From
On-Server
Adler-Geo
NtCoent-Length
X-Cache-Control-Set-By
Cteonnt-Length
X-HCF
X-Kong-Upstream-Latency
X-Cache-URL
X-Platform
X-Varnish-Id
X-Clientip
X-Kong-Proxy-Latency
X-Thanos
X-Svr
Cache-Provider
X-Varnish-HitMiss
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
REQUESTUUID
X-Bip
FSS-Cache
FSS-Proxy
X-Refresh
Arc-Country
Ar-Sid
X-Req
Apicache-Store
Apicache-Version
Brightspot-Id
X-Amz-Meta-S3b-Last-Modified
X-LiteSpeed-Cache-Control
X-Origin-TTL
X-P-T
X-Irp-Debug
WebServer
X-Ua
Processtime
X-Pjax-Url
Pagetype
X-App-Version
X-Varnish-Url
X-Pf-Uncompressing
X-LB-CacheStatus
X-LB-Node
X-ROOTCache
Accept-Ch
Sid
COMMERCE-SERVER-SOFTWARE
X-Ratelimit-Limit
X-Ruxit-Js-Agent
Memory
X-EC-Security-Audit
X-From-Cache
X-Request-Start
X-DC
X-Request-UUID
PageType
X-Amz-Meta-Sha256
X-Endurance-Cache-Level
X-Ratelimit-Remaining
If-Modified-Since
X-Load-Cache
Dynatrace
X-Cache-ASPX
X-Fastly-Backend-Reqs
Geoip-City
X-Varnish-Action
GeoIp-Country-Code
Geoip-Latitude
Cdn
X-NC
SN
X-Layer
PICS-Label
X-Redis-Cache
X-Atg-Version
X-Csrf-Token
X-GRACE
PROCESSING-IP
BORDER-IP
Edgecast
X-Cdn-Forward
CF-IPCountry
X-COUNTRY
X-Varnish-Beresp-TTL
X-Rocket-Nginx-Serving-Static
MIME-Version
X-Tid
Frame-Options
X-ServedByHost
X-GDPR
X-Cache-Handler
X-Nananana
X-RequestId
X-TId
X-Requestid
X-Fastly-Cache-Hits
NodeID
X-Servedbyhost
X-Owner
X-Resolver-IP
X-B3-SpanId
X-Key
Dont-Set-Cookie
X-HS-Hub-Id
X-NWS-UUID-VERIFY
X-Cf-Powered-By
X-Cache-TTL
X-BE
X-Rule
X-Sf
X-Wix-Petri-Ex
X-Server-W
Web-Mar-Region
Pics-Label
Cf-Ipcountry
CACHE
ProcessTime
RNT-Time
RNT-Machine
GeoIP-Latitude
X-Sentry-ID
GeoIP-Country-Code
GeoIP-City
X-ABtesting
WZWS-RAY
X-HTML-Minification-Powered-By
X-Flog
X-Tec-Api-Origin
X-SERVER-NAME
CDN
X-Tec-Api-Root
X-Tec-Api-Version
Node
Lfy
X-Powered-By-ANYU
Get-Access-Time
X-FORWARDED-FOR
X-VG-WebCache
We-Hiring
X-DataStream-Origin-MEX-Latency
Is-Session-Tracking
Mail-Subject
X-DataStream-MidMile-RTT
PageSpeed
Max-Age
XServer
X-Shard
X-Dynatrace-Js-Agent
X-CDN-Pop-IP
X-CDN-Pop
X-Varnish-Ttl
X-Use-Magma
X-ByteArk-Cache
X-Mem
X-SRV
Powered
X-GZIP
Accept-CH
X-Cache-FS-Status
Cache-Tags
URI
Magicmarker
X-Powered-By-Defense
X-Front
X-UPSTREAM-Address
X-Check-Cacheable
X-Varnish-URL
X-PF-Uncompressing
DataCenter
X-GEO
X-Unique-Id
Xet-Cookie
X-Dw-Trace-Id
X-PJAX-URL
Amp-Access-Control-Allow-Source-Origin
Hostname
X-NGINX-Cache
X-Trv-Request-Id
X-Micro-Cache
X-Ms-Lease-Status
X-Zalando-Page-Type
X-Ms-Version
X-Oa-Upstreams
X-Zalando-Child-Request-Id
X-Remote-IP
X-Ms-Request-Id
X-Cookie
X-Ms-Blob-Type
X-Gdpr
Group
V-Cache
X-PARISIEN-Cache-Rendered
X-Aicache-OS
RequestUuid
X-Varnish-ID
Requestid
X-HGenerator
X-PAGE-TYPE
Rt-Proxy-Cache
X-VarnCache
X-Safe-Firewall
X-Proxy-Server
X-SB
X-Fe
X-VC
N-Cache
X-VarnPar2
X-VarnPar1
WWW-Authenticate
X-ProxyCache-Args
WS
X-RAMCache
X-M-Reqid
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Qnm-Cache
CF-Cached-On
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-M-Log
X-Hello
X-Alicdn-Da-Ups-Status
X-Litespeed-Tag
SID