Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
X-Xss-Protection
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
CF-Ray
X-Generator
Content-Security-Policy-Report-Only
Alt-Svc
Status
X-AspNetMvc-Version
X-Cache-Status
X-DNS-Prefetch-Control
X-Check
X-Iinfo
X-FRAME-OPTIONS
X-Adblock-Key
X-CDN
Timing-Allow-Origin
X-Content-Security-Policy
X-Turbo-Charged-By
X-Permitted-Cross-Domain-Policies
P3p
Content-Encoding
X-Template
X-Language
Keep-Alive
X-Type
X-AH-Environment
X-Via
X-Request-ID
X-Cache-Group
X-Backend
WPE-Backend
X-Pass-Why
X-Age
X-Buckets
X-Server
X-Nginx-Cache-Status
Access-Control-Max-Age
X-Server-Powered-By
X-Pingback
Xkey
X-Varnish-Cache
Grace
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Expose-Headers
X-Hacker
X-UA-Device
X-Amz-Request-Id
X-Page-Speed
Cf-Railgun
X-Amz-Id-2
X-Proxy-Cache
X-Robots-Tag
X-Ua-Compatible
X-LiteSpeed-Cache
EagleId
X-Envoy-Upstream-Service-Time
Request-Context
X-Node
X-Swift-SaveTime
X-Swift-CacheTime
X-Ac
X-Device
X-Host
X-Cnection
Ali-Swift-Global-Savetime
Content-Location
X-Amz-Version-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Surrogate-Control
X-Server-Id
X-WebKit-CSP
X-Backend-Server
X-Cache-Lookup
X-OneAgent-JS-Injection
X-Rack-Cache
X-Instart-Request-ID
X-Response-Time
X-Px
Request-Id
X-CST
X-Readtime
X-Rq
Server-Timing
X-Clacks-Overhead
Permitted-Cross-Domain-Policies
X-HeyJason
X-Do-Not-Hack
Pinterest-Generated-By
EagleEye-TraceId
X-Cloud-Trace-Context
Edge-Control
X-Url
X-Application-Context
X-MS-InvokeApp
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country
Report-To
X-Server-Name
Charset
X-DynaTrace-JS-Agent
SPRequestGuid
X-Country-Code
Allow
X-SharePointHealthScore
X-DataDome
X-Ruxit-JS-Agent
X-ESI
Rating
X-Varnish-TTL
X-PC
X-TtlSet
X-Vname
X-TTL
X-Cached
X-Powered-CMS
X-Powered-By-Plesk
X-Recruiting
X-CF-Powered-By
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-FTR-Request-ID
NEL
X-D2id
X-Vhost
X-DynaTrace
Public-Key-Pins
Pinterest-Version
X-Upstream-Env
X-Pinterest-Rid
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-Exp-Variant
X-Geo-Segment
X-Exp-Id
X-F-Cache
X-Cdn-Fetch
X-Kinja-Server
X-Version
SPIisLatency
X-N
SPRequestDuration
X-T
X-Dw-Request-Base-Id
X-VARITI-CCR
X-GoogleNews-Bot
Cartoon
X-Mod-Pagespeed
Content-MD5
MS-Author-Via
RTSS
X-Abt-Application-Version
Nginx-Cache
Feature-Policy
X-GitHub-Request-Id
Verso
MicrosoftSharePointTeamServices
AR-CACHE
AR-PoweredBy
AR-ATIME
X-Navigation-Version
X-Dispatcher
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Goog-Hash
X-Shield-Request-Id
X-Amz-Rid
Realpath
X-Hits
X-Cdn
X-Forwarded-Proto
X-Client-IP
X-Trace
X-Origin-Cache
Paypal-Debug-Id
X-Server-ID
X-Content-Options
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Ttl
X-Content-Digest
X-Zen-Fury
X-Kinsta-Cache
X-Id
X-Grace
AR-SID
X-B
Arr-Disable-Session-Affinity
TCN
Alternate-Protocol
DynaTrace
X-Varnish-Age
X-Cache-Key
Fastcgi-Cache
X-Sol
X-Upstream
X-Mrf-Item-Lastmod
Mrf-Cache-Status
MRF-Tech
X-Mrf-Section-Lastmod
X-Ser
Access-Control-Request-Method
X-Pad
X-Fastly-Request-ID
X-Middleton-Display
Display
X-FastCGI-Cache
PB-PID
PB-RID
X-Nf-Srv-Version
X-NF-Request-ID
X-Mobile-Rewrite
X-Via-JSL
X-Acc-Meta-Resource-Type
X-DIS-Request-ID
X-Vcap-Request-Id
Response
X-Middleton-Response
X-User-Agent
X-Forwarded-For
Pagespeed
Front-End-Https
Rt-Fastcgi-Cache
X-IPLB-Instance
X-SS-Set-Cookie
X-Cache-Rule
X-MSEdge-Ref
X-Frontend
X-PressLabs-Stats
Eomportal-Instance
X-Logged-In
X-Cache-Hit
Arc-Version
Server-Name
X-Whom
X-VCache
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Storage-Class
X-XRDS-LOCATION
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Hostname
Host
Tracecode
Surrogate-Key
S
X-FTR-Realm
X-Country-Code-Real
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-DC
Cache-Status
X-FTR-Expires
X-FTR-Balancer
X-Request-Processing-Time
X-Analytics
X-Request-Received
Backend-Timing
X-Debug
X-Newrelic-App-Data
X-HS-Content-Id
X-Instance
TP-Cache
Refresh
TP-L2-Cache
X-Contextid
X-AOL-HN
X-Activity-Id
X-Magnolia-Registration
X-Az
X-AppVersion
X-Rid
Public-Key-Pins-Report-Only
FilterID
X-Srv
X-XRDS-Location
X-Wix-Server-Artifact-Id
X-Proxied
Server-Info
HitType
ServerID
HitInfo
X-UUID
X-WPE-Loopback-Upstream-Addr
X-URL
X-HW
X-B3-Traceid
Liferay-Portal
X-Webkit-Csp
Cleartype
AMP-Access-Control-Allow-Source-Origin
Service-Worker-Allowed
X-Mobile
X-Varnish-Server
X-Content-Security-Policy-Report-Only
X-APP-VERSION
X-Varnish-Backend
Served-By
X-FTR-Cache-Host
X-NWS-LOG-UUID
X-Correlation-Id
X-Cache-Control
Edge-Cache-Tag
X-HS-Cache-Config
X-Revision
X-Amzn-Trace-Id
Source
X-PC-Hit
Retry-After
X-Cache-Server
Host-Header
X-Origin
X-BCube-Filmed-By
X-PC-AppVer
X-App-Environment
X-PHP-Backend
X-Geo-Country
X-PC-Key
Server-Node
X-Device-Type
X-Hail-Hydra
X-Handled-By
X-Request-Guid
X-Tumblr-Pixel-0
X-TT
X-Cache-Operation
X-Tumblr-User
X-Varnish-Hostname
X-Tumblr-Pixel
S-Cnection
DC
MS-CV
Fastly-Restarts
X-Origin-Upstream-Status
X-Framework
X-B-Cache
X-RateLimit-Remaining
X-Signature
X-Cache-Config
X-Cache-2
Powered-By-ChinaCache
X-Page-Id
X-FB-Debug
Accept-Charset
X-Cache-Action
X-TT-TIMESTAMP
X-Sucuri-ID
X-Origin-Server
X-Ocache
X-Debug-Info
Actual-Object-TTL
X-PC-Date
X-PC-Host
Viewport
X-ATG-Version
X-ADI-VCache
X-Hyper-Cache
X-Shield-Cache-Expires
X-WA-Info
NGB
X-Content-Powered-By
X-Cached-By
X-Microcachable
X-B3-Sampled
X-Accel-Expires
X-LB-Cache
X-Drupal-Cache-Tags
SRV
X-Akam-SW-Version
X-Cache-NE
AsisCache
Filters
Cache
Upgrade-Insecure-Requests
X-Generated-By
X-Yottaa-Optimizations
X-Yottaa-Metrics
ServedBy
X-Cacheable-TTL
X-Locale
X-RTag
X-S
Content-Style-Type
X-Internal-Host
Content-Script-Type
X-Tumblr-Pixel-2
X-App-Server
X-Amz-Server-Side-Encryption
X-WebKit-CSP-Report-Only
X-GeoIP
X-Tumblr-Pixel-1
X-TX-ID
X-FW-Hash
X-FW-Static
X-RequestSource
X-Distil-CS
X-FW-Server
X-FW-Serve
X-Accel-Buffering
X-FW-Type
X-Varnish-Hits
X-Seen-By
From-Origin
X-Wix-Request-Id
X-Cluster
X-Jobs
X-Geo
X-Node-Name
X-Akamai-Edgescape
X-Sucuri-Cache
X-HS-Combine-CSS
X-Varnish-Cache-Hits
X-Litespeed-Cache
X-Adobe-Content
X-Adobe-Loc
X-UA
X-Varnish-IP
X-Varnish-Grace
X-Dns-Prefetch-Control
X-Platform-Server
X-GZip
X-RateLimit-Limit
X-Cache-Age
X-ServedBy
X-NewRelic-App-Data
Datacenter
X-Edge-Cache
X-Daa-Tunnel
X-Edge-Cache-Key
X-Vg-Webcache
X-Cache-TTL-Remaining
X-CDN-Forward
X-Storage
X-Cache-Remote
HostName
X-Region
X-GUploader-UploadID
X-Esi
X-Akamai-Transformed
Cache-Tag
X-Mode
X-Amz-Replication-Status
X-Drupal-Cache-Contexts
X-Guploader-Uploadid
X-Kinja-Server-Push
X-Source
X-Distributor
X-Real-IP
Load-Balancing
X-RN-RSRV
Machine
Meta-Geo
X-Path-Route
X-Detected-As
X-Is-Bot
X-Cache-Var-Map
X-Cache-Var
X-TA-CDN-Provider
X-Rendered-As
X-MP-GENERATED-AT
X-ProcessESI
X-RemovedCookies
X-Amzn-RequestId
X-Agile
X-Amz-Apigw-Id
X-NCache
X-Agile-Age
X-Agile-Id
Fastly-SSL
X-NodeID
X-OCL
Country
X-Akamai-Request-ID
X-BB-IP
X-Grey
ServerName
X-CDN-Cache
X-Cache-Category-Id
X-Upgrade-Enabled
X-PCL
X-Webstats-RespID
Cache-Key
GEO-INFO
X-Web-Node
X-Viewer-Country
X-Instance-Name
X-ApacheServer
X-Via-Fastly
X-Human
Backend
X-Edge-Location
X-Cache-HT
Cache-Name
X-Debug-Cache
X-EIG-Tracking-Id
L5d-Success-Class
X-Optimization
X-Proto
X-Pubstack
X-Time-Microsecs
X-OVcl-Cache
X-PERF
X-OVcl
X-Original-Request
User-Cache-Control
S-Rt
X-Amz-Meta-Surrogate-Control
DB-Nickname
Ohc-File-Size
X-Birta-Cache-Post
Healthy
X-CCM
X-AWS-Id
X-Labrador-Cache-Channel
X-BYPASS-REASON
X-Www-Served-By
X-VWS-Id
X-FC-Vary-Parameters
X-Proxy
X-ProxyCache-Status
X-ProxyCache-Key
X-SplitTest
X-Site-Version
X-Hosted-By
X-Generation-Time
X-Cluster-Node
X-IP
X-LJ-Flow-ID
X-Request-Time
X-Meta-Tbi-Cache-Vertical
X-CCM-LastModified
X-Birta-Served
X-Port
TWC-Privacy
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
TWC-Locale-Group
X-Access
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Connection-Speed
X-Origin-Hint
X-Xfnlog-Site
Now
X-ServerID
X-Varnish-Cacheable
X-TWH-CORRELATION-ID
X-TNCMS
Property-Id
X-Cache-Bucket
X-Section
X-Format
X-Loop
Cache-Hits
Mn-Server-Ip
Azure-InstanceId
Azure-SiteName
X-JoinUs
Access-Control-Allow-Method
Azure-RegionName
User-Agent
Azure-SlotName
X-Surge-Debug
Azure-Version
LB
RATING
X-Zipkin-Id
X-Routing-Service
X-App-Name
X-Generated
Fastcgi-Useragent
X-Tumblr-Pixel-3
X-Backend-Name
X-Ezoic-Cdn
Payment
X-Real-Ip
X-Render-Type
X-Feature
X-Timing-Wait
X-Tb
Selected-FE
X-Origin-CC
X-Proxy-Build
Ec-Rule-Version
Countrycode
X-Cache-Enabled
X-Hit
X-Time
X-Newrelic-Synthetics
X-Dc
X-Nginx-Cache
X-DataStream-Cache-Status
X-B3-Spanid
X-Oneagent-Js-Injection
X-Nc
Origin-Cache-Control
Origin-Edge-Control
X-Unique-ID
WP-Super-Cache
X-Environment-Context
X-L-Path
RequestId
X-UA-Device-Type
X-Servedby
X-NU-AKA-ACS-Version
X-CACHE-AGE
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Skip-Cache
Xserver
X-B3-TraceId
NODE
X-NGENIX-Cache
X-Correlation-ID
X-WR-MODIFICATION
X-CLOUD-TRACE-CONTEXT
X-COUNTRY
Access-Control-Request-Headers
X-Be
X-Content-Type
X-Vgn-Hpd-Reason
Webserver
X-ElasticPress-Search
X-Upstream-HT
X-Upstream-CT
X-Cache-Backend
Time
X-EdgeConnect-Cache-Status
X-Status
Ws
Warning
Ajk
X-No-Session
Resin-Trace
VivaBuild
Sta2Tusw
X-ND-Cache
X-G
X-Haproxy-Hostname
X-Logtrace-Id
X-Generated-In
X-Wix-Route-ID
X-From
Viewtype
T-Server
Cache-Prefix
Xc-Version
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Developer
X-PAYTM-SRV-ID
BehaviorPad-Version
AKAMAI
X-DPWN-IS-SECURE
Www
X-Died
X-Public
X-Via-CDN
Fly-Request-Id
X-SVT-ORM-RULES
X-Application
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-SVT-ORM-VERSION
X-Haproxy-Ip
X-Accel-Expires-Debug
Fastly-Soc-X-Request-Id
Fly-Cache
X-Amz-Meta-Cache-Control
Host-ID
X-Server-Time
GMS-Ver
X-ARC
X-Rojux
X-S-Cookie
X-Cache-Id
X-Server-By
X-Rewrite-Enabled
X-SRCache-Key
X-BBXSRF
X-Cache-Host
X-A-Wwc
X-Connection-Hash
X-BB-ID
X-VG-WebServer
X-A-Dam
X-User
X-A-Dcw
X-B-Cookie
X-Via-Edge
X-We-Are-Hiring
X-A-Ccd
X-Cache-Ttl
X-Destination
X-Date
X-D
Fastcgi-X-Cache-Version
X-Trv-Group
X-Region-Sid
X-Transaction
MD5-Digest
Memcached
Meta-Geo-Continent
X-A-Dgt
X-Twitter-Response-Tags
Fastcgi-X-Cache
X-A
X-Webkit-CSP
X-Rebelmouse-Surrogate-Control
X-CS
X-Core-Value
Fastly-SIE
X-Debug-Cookies
X-Debug-Log
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Odigeo-Trace-Id
X-Rebelmouse-Cache-Control
X-Request-URI
Fastly-SWR
X-Cache-Expires
IBM-Web2-Location
X-Sn-Servicetimems
X-SIPLIST1
X-ScT
X-Cache-Time
X-Trace-Id
IsBot
X-Cdn-Origin
Apple-News-Services-Host
X-Var-Ttl
Apple-News-Services-Handled
UCS
Uber-Trace-Id
X-Fastly-Cache
X-Forwarded-Host
X-FireWall-Port
X-Frame-Option
Release
Rendered-Blocks
Request-Time
V-Age
X-NX-Host
X-Oracle-Dms-Rid
X-Varnish-Beresp-Ttl
Apicache-Version
Cneonction
X-GoCache-CacheStatus
Apicache-Store
X-Croise-Owner
X-Oracle-Dms-Ecid
X-Stale
X-Wikidot-Static-Cache
Who
X-IN-APIGATEWAY
Web-Mar-Node
X-Worker
X-Backend-Host
X-Backend-State
X-ServiceProvider
X-IN-WAF
X-IN-SSL-APIGATEWAY
Thinkindot-CacheControl
X-Actual-URL
X-Backend-TTL
Thinkindot-Control
X-Up
X-UnsetCookies
Thinkindot-CacheControl-Type
X-UE-Client-Country
X-Thinkindot-L3
X-WebServer
X-TT-LOGID
X-VServer
X-Wikidot-Backend
X-Returned-From-PostProcessResponse
X-Epic-Correlation-Id
X-Passed-To
X-Eu-Site
X-Env
X-Passed-To-BeforeDispatch
X-Dispatcher-Server
X-Passed-To-DLL
X-Edge-IP
X-F5-Cache
X-MSEdge-Flight
X-GeoIP-City
X-GeoIP-Country-Code
X-Location
X-Matched-Rule
X-Gen-Mode
X-Fstrz
X-MSEdge-Features
X-MI-In-Market
X-Passed-To-PostProcessResponse
X-Phone
X-Cache-Debug
X-Server-Group
X-Served-From
X-Cache-CFC
X-Bug-Bounty
X-Servername
X-Server-IP
X-Block-Status
X-Cdn-Srv
X-Hnp-Log
X-Reboot
Server-Int
X-Device-Os
X-Returned-From
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-CGP
X-Ckpd-Fst-Backend
X-Backend-Url
On-Server
Httpd-Identifier
Heartbleed
HA-Urlpath
HA-Servedtime
HTTPS
Decoy-Debug-TTL
X-StackifyID
Is-Eu
Decoy-Debug-Key
Decoy-Debug-Status
HA-Ipaddr
HA-Host
HA-Geocity
Esi-Enabled
HA-Cloudapp
Fastly-Backend-Name
HA-Geocountry
HA-Geolat
Ha-Gx-Prefs
HA-Georegion
HA-Geolon
CDCHOST
Content-Disposition
Adler-Geo
Origin
Powered-By
Pragrma
Server-Host
Proxy-Connection
Cache-Cookie-Set-From
Platform
NGX
MI-Cache
MI-Cache-Age
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
OT-Force-Account-Verify
Mime-Version
X-Sorting-Hat-PrivacyLevel
X-Developers
X-Sorting-Hat-PodId
X-RCS-CacheZone
X-Sorting-Hat-PodId-Cached
X-Node-Id
X-Sorting-Hat-ShopId
X-Content-Age
Drupal-Pagecache-Memcache
Backend-Name
X-Varnish-Id
X-Ver
X-V
X-TIME
X-Sorting-Hat-Section
X-Sorting-Hat-FeatureSet
X-Sorting-Hat-ShopId-Cached
X-C
Ohc-Response-Time
X-Release
X-Hash
MI-API
X-Response-By
X-Rocket-Nginx-Bypass
X-Page-Type
PFcat
Request-EU
REQUESTUUID
Request-Country
Pramga
X-Via-NSCOPI
X-Shopify-Stage
Kp-EeAlive
X-Cache-Srv
GW-Server
X-Gannett-Site-Version
X-Secret
X-ShopId
X-ShardId
NnCoection
X-Fetched-On
X-Alternate-Cache-Key
X-Hl-Ver
Server-ID
X-Amz-Meta-S3cmd-Attrs
X-S-Maxage
X-Fastcgi-Cache
X-Bip
X-Info
X-Amz-Meta-S3b-Last-Modified
X-HCF
X-Platform
X-Svr
X-Varnish-HitMiss
X-Thanos
NtCoent-Length
X-Crawler
X-Core-Mission
X-Auto-Login
X-Origin-Date
X-Cache-Control-Set-By
X-Cache-URL
X-Origin-Expires
Version
Dnion-Transfer-Encoding
X-P-T
Country-Code
X-Refresh
X-Clientip
X-Req
Processtime
Cache-Provider
X-Origin-TTL
X-HS-Hub-Id
Cteonnt-Length
X-CSRF-Token
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
Accept-Ch
X-Pf-Uncompressing
X-RateLimit-Remaining-Second
Ar-Sid
X-RateLimit-Limit-Second
X-Kong-Upstream-Latency
X-Amz-Meta-Sha256
X-Pjax-Url
X-Yottaa-Sig
X-Kong-Proxy-Latency
Pagetype
Memory
X-Varnish-Url
X-App-Version
FSS-Cache
FSS-Proxy
X-Cache-ASPX
X-EC-Security-Audit
Arc-Country
WebServer
X-From-Cache
Brightspot-Id
X-LiteSpeed-Cache-Control
X-Irp-Debug
X-DC
X-Csrf-Token
X-Ruxit-Js-Agent
GeoIp-Country-Code
Geoip-City
Geoip-Latitude
PageType
SN
X-Dynatrace
X-NC
X-LB-Node
X-LB-CacheStatus
X-Ua
X-ROOTCache
Sid
Cdn
COMMERCE-SERVER-SOFTWARE
X-Cache-Handler
X-Redis-Cache
PICS-Label
X-Request-Start
X-Request-UUID
X-Rule
X-Ratelimit-Remaining
CF-IPCountry
X-Endurance-Cache-Level
X-Fastly-Backend-Reqs
If-Modified-Since
Edgecast
X-Wix-Petri-Ex
X-Varnish-Beresp-TTL
X-Load-Cache
X-SERVER-NAME
X-Atg-Version
X-Cdn-Forward
X-Varnish-Action
PROCESSING-IP
BORDER-IP
MIME-Version
Dont-Set-Cookie
X-GRACE
X-ServedByHost
X-Layer
X-GDPR
X-Ratelimit-Limit
X-Sf
X-Requestid
X-Tid
X-TId
X-Servedbyhost
X-RequestId
X-Rocket-Nginx-Serving-Static
Dynatrace
Frame-Options
X-Nananana
X-Fastly-Cache-Hits
X-Resolver-IP
X-B3-SpanId
RNT-Time
RNT-Machine
XServer
Cf-Ipcountry
X-BE
X-DataStream-Origin-MEX-Latency
Pics-Label
X-DataStream-MidMile-RTT
NodeID
Powered
X-Owner
X-Key
CDN
CACHE
X-HTML-Minification-Powered-By
X-Cache-TTL
X-Tec-Api-Version
Node
X-Tec-Api-Root
X-Tec-Api-Origin
X-Server-W
Cache-Tags
Mail-Subject
Web-Mar-Region
We-Hiring
PageSpeed
DataCenter
X-ABtesting
X-Dynatrace-Js-Agent
GeoIP-Latitude
X-Flog
GeoIP-Country-Code
X-Varnish-Ttl
X-VG-WebCache
GeoIP-City
X-Shard
Amp-Access-Control-Allow-Source-Origin
X-Use-Magma
WZWS-RAY
X-Sentry-ID
X-Ms-Lease-Status
X-Powered-By-ANYU
X-Gdpr
X-Ms-Blob-Type
X-Ms-Request-Id
X-Ms-Version
Lfy
X-NWS-UUID-VERIFY
X-GZIP
ProcessTime
X-CDN-Pop-IP
X-CDN-Pop
Get-Access-Time
X-UPSTREAM-Address
Accept-CH
Max-Age
Is-Session-Tracking
X-Mem
X-Varnish-URL
X-PF-Uncompressing
X-GEO
Xet-Cookie
X-Dw-Trace-Id
X-Oa-Upstreams
X-Cookie
X-Powered-By-Defense
X-Trv-Request-Id
X-Cache-FS-Status
X-PJAX-URL
X-Check-Cacheable
X-Remote-IP
Hostname
URI
X-NGINX-Cache
X-Unique-Id
Magicmarker
Requestid
X-Varnish-ID
RequestUuid
X-Aicache-OS
X-DI
X-ByteArk-Cache
Cdn-Request-Time
Cdn-Host
X-Alicdn-Da-Ups-Status
X-DSS
X-DB
X-PAGE-TYPE
X-Ms-Lease-State
X-RPM
X-Front
X-Proxy-Server
X-Edge-Server
True-Client-Country-4JS
X-RPS
X-RSL
X-VID
X-DW
X-Policy
X-VG-TLSProxy
X-Swa-Ws
SID
X-Akamai-ERRuleID
X-Zalando-Child-Request-Id
X-Akamai-ERPolicy
X-Zalando-Page-Type
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Hello
CF-Cached-On
WS
X-Fe
X-RAMCache
X-Micro-Cache
X-Litespeed-Tag
X-Litespeed-Cache-Control