Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
X-Powered-By
X-Content-Type-Options
Strict-Transport-Security
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
X-Xss-Protection
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
CF-Ray
Content-Security-Policy-Report-Only
X-Generator
Alt-Svc
X-AspNetMvc-Version
Status
X-Cache-Status
X-DNS-Prefetch-Control
X-Check
X-Iinfo
X-FRAME-OPTIONS
X-Adblock-Key
Timing-Allow-Origin
X-CDN
X-Content-Security-Policy
X-Turbo-Charged-By
X-Permitted-Cross-Domain-Policies
Content-Encoding
X-Template
X-Language
Keep-Alive
X-Via
X-Type
X-AH-Environment
X-Backend
X-Cache-Group
WPE-Backend
X-Nginx-Cache-Status
X-Buckets
X-Pass-Why
X-Server
X-Age
X-Server-Powered-By
Access-Control-Max-Age
X-Pingback
X-Request-ID
Xkey
X-Varnish-Cache
Grace
Access-Control-Expose-Headers
Upgrade
X-Drupal-Dynamic-Cache
X-Hacker
X-UA-Device
P3p
X-Amz-Request-Id
X-Page-Speed
Cf-Railgun
X-Proxy-Cache
X-Amz-Id-2
EagleId
X-LiteSpeed-Cache
X-Robots-Tag
X-Swift-CacheTime
X-Swift-SaveTime
X-Envoy-Upstream-Service-Time
Ali-Swift-Global-Savetime
Request-Context
X-Node
X-Device
X-Ac
Content-Location
X-Host
X-Cnection
X-Amz-Version-Id
X-Cache-Lookup
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Surrogate-Control
X-Backend-Server
X-Server-Id
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Rack-Cache
X-Instart-Request-ID
X-Px
X-CST
X-Response-Time
Request-Id
X-Readtime
X-Rq
Server-Timing
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
X-HeyJason
X-Clacks-Overhead
X-Ua-Compatible
X-Cloud-Trace-Context
X-Url
EagleEye-TraceId
Pinterest-Generated-By
Edge-Control
X-Application-Context
X-Country
X-MS-InvokeApp
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Server-Name
Allow
X-DynaTrace-JS-Agent
Charset
Report-To
SPRequestGuid
X-Country-Code
X-SharePointHealthScore
X-DataDome
X-ESI
X-Ruxit-JS-Agent
X-Cached
X-Varnish-TTL
X-TTL
X-TtlSet
X-PC
Rating
X-Vname
X-Powered-CMS
X-Powered-By-Plesk
X-Recruiting
Public-Key-Pins
X-FTR-Request-ID
X-D2id
X-Vhost
NEL
X-Cdn
X-Version
X-Cdn-Fetch
X-Exp-Variant
X-Exp-Id
X-Kinja
X-Kinja-Build
X-Kinja-Server
X-Geo-Segment
X-Kinja-Revision
MS-Author-Via
X-N
X-Upstream-Env
Pinterest-Version
X-F-Cache
X-Pinterest-Rid
SPRequestDuration
SPIisLatency
X-CF-Powered-By
X-Dw-Request-Base-Id
X-DynaTrace
X-VARITI-CCR
Cartoon
X-T
X-GoogleNews-Bot
X-Mod-Pagespeed
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
Content-MD5
AR-CACHE
AR-PoweredBy
AR-ATIME
Nginx-Cache
RTSS
X-Abt-Application-Version
X-GitHub-Request-Id
MicrosoftSharePointTeamServices
Feature-Policy
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Shield-Request-Id
Verso
X-Trace
X-Amz-Rid
X-Dispatcher
X-Navigation-Version
X-Forwarded-Proto
X-Client-IP
X-Hits
Realpath
X-Goog-Hash
X-Server-ID
X-Origin-Cache
AR-SID
Arr-Disable-Session-Affinity
Paypal-Debug-Id
X-Kinsta-Cache
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Zen-Fury
X-Id
X-Content-Options
TCN
X-Grace
X-B
X-Content-Digest
X-Ser
X-Ttl
X-Varnish-Age
X-Cache-Key
Alternate-Protocol
Fastcgi-Cache
X-Sol
X-Upstream
DynaTrace
X-Via-JSL
Access-Control-Request-Method
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Mrf-Section-Lastmod
MRF-Tech
X-Fastly-Request-ID
X-Pad
Display
X-Middleton-Display
X-NF-Request-ID
X-Vcap-Request-Id
X-FastCGI-Cache
X-Nf-Srv-Version
X-DIS-Request-ID
X-IPLB-Instance
PB-RID
PB-PID
X-Middleton-Response
Response
X-User-Agent
X-Mobile-Rewrite
Front-End-Https
X-SS-Set-Cookie
Pagespeed
Rt-Fastcgi-Cache
X-Frontend
X-Logged-In
Eomportal-Instance
X-XRDS-LOCATION
X-Cache-Rule
X-PressLabs-Stats
X-MSEdge-Ref
X-Newrelic-App-Data
X-Whom
Server-Name
X-Forwarded-For
X-VCache
X-Acc-Meta-Resource-Type
Host
S
X-Hostname
X-Cache-Hit
X-NWS-LOG-UUID
Tracecode
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
Cache-Status
X-Debug
Liferay-Portal
Arc-Version
X-UUID
X-AOL-HN
X-HS-Content-Id
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-DC
X-FTR-Expires
X-Request-Processing-Time
X-FTR-Realm
X-FTR-Backend-Server
Surrogate-Key
X-Country-Code-Real
X-FTR-Backend
HitType
X-Request-Received
Server-Info
HitInfo
Backend-Timing
X-Analytics
FilterID
TP-Cache
TP-L2-Cache
Public-Key-Pins-Report-Only
X-Wix-Server-Artifact-Id
X-Magnolia-Registration
X-Instance
Refresh
X-Contextid
X-Rid
ServerID
X-Proxied
X-AppVersion
X-Activity-Id
X-Az
X-Webkit-Csp
Edge-Cache-Tag
X-HS-Cache-Config
X-Correlation-Id
X-Srv
X-B3-Traceid
X-WPE-Loopback-Upstream-Addr
X-Varnish-Server
Service-Worker-Allowed
X-HW
X-Content-Security-Policy-Report-Only
X-XRDS-Location
AMP-Access-Control-Allow-Source-Origin
Cleartype
X-Mobile
X-Origin
S-Cnection
X-Revision
Served-By
X-APP-VERSION
Source
X-Varnish-Backend
X-FTR-Cache-Host
Fastly-Restarts
X-Amzn-Trace-Id
X-RateLimit-Remaining
X-App-Environment
X-Geo-Country
X-TT
X-B-Cache
X-Sucuri-ID
X-Device-Type
X-PHP-Backend
Powered-By-ChinaCache
X-Framework
X-Signature
X-Tumblr-Pixel-0
X-Tumblr-User
X-Cache-Config
X-Varnish-Hostname
X-Tumblr-Pixel
X-Origin-Upstream-Status
X-FB-Debug
Retry-After
X-Cache-Action
X-Cache-Operation
X-Cache-Server
X-Hyper-Cache
X-PC-Hit
X-PC-Key
X-Cache-Control
X-BCube-Filmed-By
X-Hail-Hydra
X-PC-AppVer
X-Request-Guid
Host-Header
X-Handled-By
Server-Node
Accept-Charset
MS-CV
X-Page-Id
X-Cache-2
X-TT-TIMESTAMP
DC
X-Ocache
Actual-Object-TTL
X-ATG-Version
X-Debug-Info
X-WA-Info
X-Shield-Cache-Expires
X-ADI-VCache
X-Origin-Server
Cache
X-Content-Powered-By
X-PC-Date
X-PC-Host
X-Daa-Tunnel
X-Accel-Expires
NGB
X-HS-Combine-CSS
X-URL
Upgrade-Insecure-Requests
Viewport
X-Microcachable
X-LB-Cache
X-Cache-NE
SRV
X-Cached-By
AsisCache
X-GeoIP
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Generated-By
X-Amz-Server-Side-Encryption
Filters
X-Accel-Buffering
X-Jobs
X-Drupal-Cache-Tags
ServedBy
X-RequestSource
X-Akamai-Edgescape
X-Sucuri-Cache
X-Cacheable-TTL
X-App-Server
X-Akam-SW-Version
X-WebKit-CSP-Report-Only
X-Wix-Request-Id
X-TX-ID
X-S
X-Seen-By
X-Feature
X-Cluster
X-B3-Sampled
X-FW-Static
X-FW-Serve
X-FW-Hash
X-Adobe-Content
From-Origin
X-Geo
X-FW-Type
Content-Script-Type
Content-Style-Type
X-Adobe-Loc
X-Distil-CS
X-FW-Server
X-Locale
X-Tumblr-Pixel-2
X-Internal-Host
X-Tumblr-Pixel-1
X-Varnish-Hits
X-RTag
X-Varnish-IP
X-Dns-Prefetch-Control
Datacenter
X-Varnish-Cache-Hits
X-Cache-Age
X-Cache-Remote
HostName
X-GZip
X-Storage
X-Node-Name
X-Edge-Cache-Key
X-Varnish-Grace
X-Edge-Cache
X-ServedBy
X-Platform-Server
X-Guploader-Uploadid
X-UA
X-CDN-Forward
X-Cache-TTL-Remaining
X-Vg-Webcache
X-Akamai-Transformed
X-Region
X-RateLimit-Limit
X-Mode
X-Cache-Bucket
Country
Cache-Tag
X-Kinja-Server-Push
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
X-Amz-Replication-Status
RATING
X-Distributor
X-EIG-Tracking-Id
Load-Balancing
X-Proto
X-Amzn-RequestId
X-Amz-Apigw-Id
Ohc-File-Size
ServerName
X-Source
Fastly-SSL
X-Agile
X-BB-IP
GEO-INFO
Mn-Server-Ip
X-Agile-Id
X-Agile-Age
X-RN-RSRV
Cache-Key
X-Cache-Category-Id
X-Time-Microsecs
X-Viewer-Country
X-Web-Node
X-Is-Bot
X-Akamai-Request-ID
X-Grey
X-BYPASS-REASON
X-ProxyCache-Key
X-ApacheServer
X-Debug-Cache
X-ProxyCache-Status
X-Detected-As
X-Cache-Var
Machine
X-PERF
X-Path-Route
X-Drupal-Cache-Contexts
X-ProcessESI
X-RemovedCookies
Meta-Geo
X-Rendered-As
X-Optimization
Healthy
X-Cache-HT
L5d-Success-Class
Cache-Name
X-MP-GENERATED-AT
X-Cache-Var-Map
X-JoinUs
X-TA-CDN-Provider
X-NewRelic-App-Data
X-Real-Ip
X-ServerID
X-Request-Time
X-CCM
X-TWH-CORRELATION-ID
X-NCache
Cache-Hits
X-Webstats-RespID
X-Human
X-Hit
X-Labrador-Cache-Channel
X-OCL
X-NodeID
Now
X-Generated
X-CDN-Cache
Access-Control-Allow-Method
X-Cluster-Node
X-Xfnlog-Site
X-Upgrade-Enabled
X-Original-Request
Backend
X-Port
X-PCL
X-Www-Served-By
X-Edge-Location
X-FC-Vary-Parameters
TWC-Device-Class
Selected-FE
TWC-GeoIP-Country
Azure-SlotName
TWC-Connection-Speed
Azure-SiteName
Property-Id
Azure-InstanceId
X-CCM-LastModified
X-Timing-Wait
X-Amz-Meta-Surrogate-Control
S-Rt
X-Proxy-Build
TWC-Locale-Group
X-Real-IP
Webcakes-App-Name
Webcakes-App-Version
X-Pubstack
X-Proxy
X-OVcl
X-Origin-Hint
Webcakes-Region
Azure-RegionName
X-Via-Fastly
X-Hosted-By
X-OVcl-Cache
X-Instance-Name
Azure-Version
X-Render-Type
TWC-Privacy
TWC-GeoIP-LatLong
X-Newrelic-Synthetics
User-Cache-Control
X-Access
X-Backend-Name
X-App-Name
X-AWS-Id
X-Format
X-Section
X-Routing-Service
X-Esi
X-Varnish-Cacheable
X-Site-Version
X-TNCMS
X-Surge-Debug
X-SplitTest
X-Nginx-Cache
X-VWS-Id
X-Generation-Time
X-Zipkin-Id
X-Cache-Enabled
X-IP
X-LJ-Flow-ID
X-Meta-Tbi-Cache-Vertical
X-Loop
X-Birta-Served
X-Birta-Cache-Post
LB
WP-Super-Cache
DB-Nickname
X-GUploader-UploadID
X-Time
Fastcgi-Useragent
Countrycode
X-Ezoic-Cdn
X-Origin-CC
X-Nc
User-Agent
X-Oneagent-Js-Injection
X-Dc
X-Tumblr-Pixel-3
Origin-Cache-Control
Origin-Edge-Control
Payment
X-L-Path
X-Tb
Xserver
X-Environment-Context
X-UA-Device-Type
Ec-Rule-Version
RequestId
X-Unique-ID
X-B3-Spanid
X-DataStream-Cache-Status
X-Skip-Cache
X-B3-TraceId
X-Varnish-Beresp-Grace
X-NU-AKA-ACS-Version
X-Varnish-Beresp-Status
X-Servedby
Access-Control-Request-Headers
X-NGENIX-Cache
X-CACHE-AGE
X-WR-MODIFICATION
NODE
Webserver
X-Be
X-Upstream-CT
Time
X-Upstream-HT
X-Vgn-Hpd-Reason
X-EdgeConnect-Cache-Status
X-Croise-Owner
Warning
X-Webkit-CSP
X-Developer
X-ElasticPress-Search
X-DPWN-IS-SECURE
X-Destination
X-NX-Host
X-Logtrace-Id
X-Generated-In
X-From
X-G
X-Died
X-Debug-Cookies
V-Age
X-B-Cookie
X-Cache-Expires
Ajk
X-Cache-Backend
X-Cache-Host
X-A
X-A-Ccd
X-Application
X-A-Wwc
X-A-Dcw
X-ARC
X-A-Dam
X-A-Dgt
T-Server
X-SRCache-Key
X-D
X-S-Cookie
Fly-Cache
Fly-Request-Id
X-Debug-Log
Request-Time
Resin-Trace
X-Cache-Ttl
X-Var-Ttl
Cache-Prefix
X-Cache-Id
X-CS
IBM-Web2-Location
X-Oss-Object-Type
X-Oss-Server-Time
Ws
X-Oss-Storage-Class
X-CSRF-Token
X-Oss-Request-Id
X-StackifyID
X-Dynatrace
X-Oss-Hash-Crc64ecma
X-Status
X-Dispatcher-Server
X-Device-Os
X-Wix-Route-ID
X-Fstrz
X-Cache-Time
Xc-Version
X-SVT-ORM-RULES
BehaviorPad-Version
Apple-News-Services-Request-Url
Fastcgi-X-Cache
X-CF-Lambda-Fn
Fastcgi-X-Cache-Version
X-CF-Lambda-Version
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
AKAMAI
Proxy-Connection
Apple-News-Services-Host
X-Connection-Hash
X-BBXSRF
X-BB-ID
Release
Sta2Tusw
Meta-Geo-Continent
MD5-Digest
Memcached
Viewtype
VivaBuild
X-Amz-Meta-Cache-Control
Fastly-Soc-X-Request-Id
Www
Host-ID
X-Fastly-Cache
X-WebServer
X-SVT-ORM-VERSION
X-Transaction
X-Server-Time
X-Server-By
X-Release
X-Hash
X-Trv-Group
X-Via-CDN
X-Via-Edge
X-VG-WebServer
X-User
X-Twitter-Response-Tags
X-Rojux
X-Rewrite-Enabled
X-No-Session
X-PAYTM-SRV-ID
X-ND-Cache
X-Haproxy-Ip
X-Haproxy-Hostname
X-Request-URI
X-Planisys-CDN-Cache
X-Region-Sid
X-Public
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-We-Are-Hiring
X-UE-Client-Country
X-Varnish-Beresp-Ttl
Cneonction
X-Fastcgi-Cache
X-Content-Type
X-Yottaa-Sig
Mime-Version
UCS
HA-Ipaddr
Powered-By
HA-Host
Pramga
Ha-Gx-Prefs
Origin
HA-Servedtime
HA-Georegion
X-Server-IP
Heartbleed
Odigeo-Trace-Id
HA-Urlpath
NGX
HA-Geocountry
X-Correlation-ID
Drupal-Pagecache-Memcache
X-Stale
X-Via-NSCOPI
X-Sorting-Hat-ShopId-Cached
X-Sorting-Hat-Section
X-Sorting-Hat-ShopId
Fastly-SIE
X-Sn-Servicetimems
HA-Geocity
X-Secret
HA-Geolat
HA-Cloudapp
GW-Server
Fastly-SWR
X-SIPLIST1
HA-Geolon
Server-Host
X-Frame-Option
X-Gannett-Site-Version
X-GeoIP-City
X-Forwarded-Host
X-FireWall-Port
X-Eu-Site
X-F5-Cache
X-GeoIP-Country-Code
X-Rebelmouse-Surrogate-Control
X-Passed-To-PostProcessResponse
X-Phone
X-Passed-To-DLL
X-Passed-To-BeforeDispatch
X-Rebelmouse-Cache-Control
X-Passed-To
X-Epic-Correlation-Id
X-Core-Value
X-Returned-From-PostProcessResponse
X-Actual-URL
X-Amz-Meta-S3cmd-Attrs
Uber-Trace-Id
Server-Int
X-ScT
X-Sorting-Hat-PrivacyLevel
X-Cache-CFC
X-Cache-Debug
Dnion-Transfer-Encoding
X-CGP
X-Returned-From
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-Cdn-Origin
Rendered-Blocks
IsBot
X-RCS-CacheZone
X-UnsetCookies
X-S-Maxage
X-Crawler
Server-ID
X-Auto-Login
X-Sorting-Hat-PodId-Cached
X-IN-WAF
X-Up
Request-EU
Version
X-Hl-Ver
X-IN-SSL-APIGATEWAY
X-IN-APIGATEWAY
X-ShardId
X-Trace-Id
X-Shopify-Stage
Request-Country
X-Alternate-Cache-Key
X-Sorting-Hat-FeatureSet
X-Wikidot-Static-Cache
X-Wikidot-Backend
GMS-Ver
Kp-EeAlive
X-ShopId
X-Sorting-Hat-PodId
NnCoection
NtCoent-Length
X-C
PFcat
Platform
X-V
Thinkindot-Control
X-Matched-Rule
On-Server
Web-Mar-Node
X-Worker
Pragrma
Country-Code
X-Reboot
X-Location
Thinkindot-CacheControl
X-Date
Thinkindot-CacheControl-Type
X-Fetched-On
X-Accel-Expires-Debug
X-Ckpd-Fst-Backend
X-Response-By
X-Cdn-Srv
X-GoCache-CacheStatus
X-Env
X-Content-Age
X-Gen-Mode
X-Edge-IP
X-VServer
X-Core-Mission
X-Ver
X-Cache-Srv
X-Backend-Host
X-Hnp-Log
X-Developers
X-Rocket-Nginx-Bypass
X-Backend-State
X-Backend-TTL
X-Block-Status
Ohc-Response-Time
X-Backend-Url
Who
OT-Force-Account-Verify
X-Servername
X-ServiceProvider
Backend-Name
Cache-Cookie-Set-From
X-TT-LOGID
X-Origin-Date
X-Bug-Bounty
Adler-Geo
X-Node-Id
Fastly-Backend-Name
Cache-Cookie-Set-Idcheck
Decoy-Debug-Key
Content-Disposition
CDCHOST
Decoy-Debug-Status
Decoy-Debug-TTL
Esi-Enabled
Cache-Cookie-Set-Lfrom
X-Thinkindot-L3
X-Info
X-Origin-Expires
X-MI-In-Market
X-Server-Group
X-MSEdge-Flight
MI-API
MI-Cache
X-Served-From
MI-Cache-Age
Is-Eu
X-MSEdge-Features
HTTPS
Httpd-Identifier
X-Kong-Proxy-Latency
X-Svr
X-RateLimit-Limit-Second
X-Cache-URL
X-Cache-Control-Set-By
X-Platform
Cache-Provider
Cteonnt-Length
X-Thanos
X-Varnish-Id
X-RateLimit-Remaining-Second
X-Kong-Upstream-Latency
X-Bip
X-HCF
X-Page-Type
REQUESTUUID
X-Clientip
X-Varnish-HitMiss
X-TIME
FSS-Cache
FSS-Proxy
Ar-Sid
Arc-Country
Brightspot-Id
Apicache-Store
X-Req
X-Refresh
X-Amz-Meta-S3b-Last-Modified
X-LiteSpeed-Cache-Control
Apicache-Version
X-Origin-TTL
X-Varnish-Url
X-Irp-Debug
X-P-T
WebServer
X-Ua
X-CLOUD-TRACE-CONTEXT
X-Pjax-Url
Processtime
X-Pf-Uncompressing
X-LB-CacheStatus
X-LB-Node
X-App-Version
PageType
X-From-Cache
X-ROOTCache
Accept-Ch
Sid
COMMERCE-SERVER-SOFTWARE
X-Ratelimit-Limit
Pagetype
X-Ruxit-Js-Agent
Memory
X-DC
X-EC-Security-Audit
X-Request-UUID
X-Request-Start
X-Amz-Meta-Sha256
X-Ratelimit-Remaining
Cdn
X-Endurance-Cache-Level
Dynatrace
X-Load-Cache
Geoip-City
X-Litespeed-Cache
GeoIp-Country-Code
If-Modified-Since
Geoip-Latitude
X-Cache-ASPX
X-Varnish-Action
X-Fastly-Backend-Reqs
PICS-Label
SN
X-Layer
X-Redis-Cache
X-GRACE
X-COUNTRY
X-Cdn-Forward
BORDER-IP
X-Atg-Version
CF-IPCountry
PROCESSING-IP
Edgecast
X-NC
X-Rocket-Nginx-Serving-Static
X-GDPR
X-Tid
X-Varnish-Beresp-TTL
X-ServedByHost
X-Csrf-Token
X-Cache-Handler
X-RequestId
Frame-Options
NodeID
MIME-Version
X-Fastly-Cache-Hits
X-Nananana
X-Requestid
X-Resolver-IP
X-Key
X-TId
X-Owner
X-B3-SpanId
X-NWS-UUID-VERIFY
Dont-Set-Cookie
X-HS-Hub-Id
X-Cf-Powered-By
X-Servedbyhost
X-BE
X-Server-W
X-Wix-Petri-Ex
Pics-Label
Cf-Ipcountry
X-Rule
Web-Mar-Region
X-Sf
X-Cache-TTL
ProcessTime
CACHE
RNT-Time
RNT-Machine
X-Sentry-ID
X-HTML-Minification-Powered-By
GeoIP-Country-Code
WZWS-RAY
GeoIP-City
X-ABtesting
GeoIP-Latitude
X-Flog
X-Tec-Api-Origin
Node
X-Tec-Api-Root
X-Tec-Api-Version
X-SERVER-NAME
X-DataStream-MidMile-RTT
X-VG-WebCache
X-DataStream-Origin-MEX-Latency
Get-Access-Time
Is-Session-Tracking
Lfy
X-FORWARDED-FOR
X-Powered-By-ANYU
Mail-Subject
We-Hiring
CDN
PageSpeed
X-Shard
Max-Age
X-Dynatrace-Js-Agent
X-Varnish-Ttl
X-CDN-Pop
X-CDN-Pop-IP
X-Use-Magma
X-SRV
X-ByteArk-Cache
X-Mem
Powered
XServer
X-GZIP
X-Cache-FS-Status
URI
Accept-CH
Cache-Tags
Magicmarker
X-UPSTREAM-Address
X-PF-Uncompressing
X-Powered-By-Defense
X-Check-Cacheable
X-GEO
X-Front
DataCenter
Xet-Cookie
X-Dw-Trace-Id
X-Unique-Id
Amp-Access-Control-Allow-Source-Origin
X-PJAX-URL
X-PAGE-TYPE
X-Varnish-URL
X-Zalando-Page-Type
X-Cookie
X-Oa-Upstreams
X-Micro-Cache
X-Aicache-OS
X-Remote-IP
X-Ms-Lease-Status
X-Ms-Blob-Type
X-Ms-Request-Id
X-Zalando-Child-Request-Id
X-Trv-Request-Id
X-Ms-Version
V-Cache
Group
Rt-Proxy-Cache
X-VarnPar2
X-VC
X-Fe
X-HGenerator
X-VarnPar1
N-Cache
RequestUuid
X-PARISIEN-Cache-Rendered
X-Gdpr
X-Safe-Firewall
X-Varnish-ID
Requestid
X-VarnCache
X-Proxy-Server
X-SB
X-NGINX-Cache
Hostname
SID
X-RAMCache
WS
X-Akamai-ERPolicy
X-M-Reqid
X-M-Log
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Qnm-Cache
X-Akamai-ERRuleID
X-Alicdn-Da-Ups-Status
X-ProxyCache-Args
WWW-Authenticate
CF-Cached-On
X-Hello
X-Litespeed-Tag