Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
Referrer-Policy
X-Xss-Protection
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
CF-Ray
Alt-Svc
Status
X-AspNetMvc-Version
X-Cache-Status
X-DNS-Prefetch-Control
X-Check
X-Iinfo
X-Adblock-Key
X-FRAME-OPTIONS
X-CDN
Timing-Allow-Origin
X-Content-Security-Policy
X-Turbo-Charged-By
X-Permitted-Cross-Domain-Policies
Content-Encoding
P3p
X-Template
X-Language
Keep-Alive
X-Type
X-AH-Environment
X-Via
X-Cache-Group
X-Backend
WPE-Backend
X-Request-ID
X-Pass-Why
X-Buckets
X-Age
X-Server
X-Nginx-Cache-Status
Access-Control-Max-Age
X-Server-Powered-By
X-Pingback
Xkey
X-Varnish-Cache
Grace
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Expose-Headers
X-Hacker
X-UA-Device
X-Amz-Request-Id
X-Page-Speed
Cf-Railgun
X-Amz-Id-2
X-Proxy-Cache
X-Robots-Tag
EagleId
X-Envoy-Upstream-Service-Time
Request-Context
X-LiteSpeed-Cache
X-Node
X-Swift-CacheTime
X-Swift-SaveTime
X-Ac
X-Device
X-Cnection
Ali-Swift-Global-Savetime
X-Host
Content-Location
X-Amz-Version-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Server-Id
Surrogate-Control
X-WebKit-CSP
X-Backend-Server
X-Cache-Lookup
X-OneAgent-JS-Injection
X-Rack-Cache
X-Response-Time
X-Px
X-Instart-Request-ID
Request-Id
X-Readtime
X-CST
Server-Timing
X-Rq
X-Clacks-Overhead
X-HeyJason
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
Pinterest-Generated-By
EagleEye-TraceId
X-Ua-Compatible
X-Url
Edge-Control
X-Application-Context
X-Cloud-Trace-Context
X-MS-InvokeApp
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country
Report-To
X-Server-Name
X-DynaTrace-JS-Agent
Charset
SPRequestGuid
X-Country-Code
Allow
X-SharePointHealthScore
X-DataDome
X-Ruxit-JS-Agent
X-ESI
Rating
X-Varnish-TTL
X-Vname
X-PC
X-TtlSet
X-Cached
X-Powered-CMS
X-Powered-By-Plesk
X-Recruiting
X-CF-Powered-By
X-TTL
X-FTR-Request-ID
NEL
X-Vhost
X-D2id
X-DynaTrace
X-Upstream-Env
X-Pinterest-Rid
Public-Key-Pins
Pinterest-Version
X-Kinja-Revision
X-Geo-Segment
X-Kinja-Server
X-Kinja-Build
X-Kinja
X-Exp-Id
X-F-Cache
X-Exp-Variant
X-Cdn-Fetch
X-Version
X-N
SPIisLatency
SPRequestDuration
X-VARITI-CCR
X-T
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
Cartoon
X-GoogleNews-Bot
X-Dw-Request-Base-Id
X-Mod-Pagespeed
X-Abt-Application-Version
MS-Author-Via
Content-MD5
RTSS
Nginx-Cache
Feature-Policy
X-GitHub-Request-Id
Verso
AR-PoweredBy
AR-CACHE
AR-ATIME
X-Dispatcher
MicrosoftSharePointTeamServices
X-Ttl
X-Navigation-Version
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Goog-Hash
X-Client-IP
X-Amz-Rid
Realpath
X-Hits
X-Shield-Request-Id
X-Forwarded-Proto
X-Origin-Cache
X-Trace
X-Cdn
Paypal-Debug-Id
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Content-Options
X-Content-Digest
X-Zen-Fury
X-Id
X-Grace
X-Server-ID
X-Kinsta-Cache
AR-SID
TCN
Arr-Disable-Session-Affinity
X-B
DynaTrace
Alternate-Protocol
X-Varnish-Age
X-Cache-Key
Fastcgi-Cache
X-Sol
X-Upstream
Mrf-Cache-Status
X-Mrf-Item-Lastmod
MRF-Tech
X-Mrf-Section-Lastmod
Access-Control-Request-Method
X-Ser
X-FastCGI-Cache
X-Pad
X-Middleton-Display
X-Fastly-Request-ID
Display
PB-RID
PB-PID
X-Mobile-Rewrite
X-Nf-Srv-Version
X-NF-Request-ID
X-Acc-Meta-Resource-Type
X-Via-JSL
X-DIS-Request-ID
X-Vcap-Request-Id
X-User-Agent
X-Middleton-Response
Response
Pagespeed
X-Forwarded-For
Front-End-Https
X-MSEdge-Ref
Rt-Fastcgi-Cache
X-IPLB-Instance
X-Cache-Rule
X-PressLabs-Stats
X-Frontend
Eomportal-Instance
X-SS-Set-Cookie
X-Logged-In
X-Cache-Hit
Arc-Version
X-Whom
Server-Name
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-VCache
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Hostname
Host
X-XRDS-Location
Tracecode
Surrogate-Key
S
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Expires
X-FTR-DC
X-FTR-Backend
X-FTR-Balancer
X-FTR-Realm
X-FTR-Cache-Status
Cache-Status
Backend-Timing
X-Analytics
X-Request-Processing-Time
X-Request-Received
X-Debug
X-HS-Content-Id
X-Litespeed-Cache
Refresh
TP-Cache
X-Instance
X-AOL-HN
TP-L2-Cache
X-Contextid
X-Proxied
X-AppVersion
X-Az
X-Magnolia-Registration
X-Activity-Id
Public-Key-Pins-Report-Only
X-Rid
FilterID
X-Wix-Server-Artifact-Id
X-XRDS-LOCATION
X-Srv
ServerID
X-UUID
X-B3-Traceid
Server-Info
X-HW
HitInfo
HitType
X-WPE-Loopback-Upstream-Addr
X-Newrelic-App-Data
Cleartype
X-URL
Liferay-Portal
X-APP-VERSION
Service-Worker-Allowed
X-Webkit-Csp
X-Mobile
X-Varnish-Server
X-Content-Security-Policy-Report-Only
X-NWS-LOG-UUID
X-FTR-Cache-Host
X-Varnish-Backend
Served-By
X-Cache-Control
X-Revision
AMP-Access-Control-Allow-Source-Origin
X-Amzn-Trace-Id
X-Geo-Country
X-Cache-Server
Source
X-RateLimit-Remaining
X-PC-Hit
X-PC-AppVer
X-PC-Key
X-PHP-Backend
X-Request-Guid
Host-Header
X-Hail-Hydra
Retry-After
X-App-Environment
Server-Node
X-BCube-Filmed-By
X-TT
X-Varnish-Hostname
X-Handled-By
X-Device-Type
X-Origin
MS-CV
Edge-Cache-Tag
X-HS-Cache-Config
DC
X-Cache-Operation
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-B-Cache
X-Signature
X-Cache-2
X-Cache-Config
Powered-By-ChinaCache
S-Cnection
X-Framework
X-Origin-Upstream-Status
X-FB-Debug
Fastly-Restarts
X-Page-Id
Accept-Charset
X-Correlation-Id
X-Origin-Server
X-Cache-Action
X-Sucuri-ID
X-TT-TIMESTAMP
X-Ocache
X-Debug-Info
Viewport
X-PC-Host
X-PC-Date
Actual-Object-TTL
X-ATG-Version
X-ADI-VCache
X-Shield-Cache-Expires
X-Hyper-Cache
X-B3-Sampled
NGB
X-Content-Powered-By
X-WA-Info
X-Cached-By
X-Accel-Expires
X-Microcachable
X-Drupal-Cache-Tags
X-LB-Cache
Upgrade-Insecure-Requests
X-Akam-SW-Version
SRV
AsisCache
Filters
X-Cache-NE
X-NewRelic-App-Data
Cache
X-Generated-By
X-App-Server
X-Yottaa-Optimizations
ServedBy
X-Yottaa-Metrics
X-FW-Static
X-Cacheable-TTL
X-FW-Type
X-FW-Serve
X-FW-Server
X-FW-Hash
X-Locale
X-S
X-RequestSource
X-Internal-Host
X-RTag
X-Tumblr-Pixel-2
X-Seen-By
X-Distil-CS
X-WebKit-CSP-Report-Only
X-Wix-Request-Id
X-Tumblr-Pixel-1
X-GeoIP
Content-Style-Type
Content-Script-Type
X-TX-ID
X-Amz-Server-Side-Encryption
X-Accel-Buffering
X-Jobs
X-Cluster
X-Varnish-Hits
X-ServedBy
From-Origin
X-Geo
X-Node-Name
X-GUploader-UploadID
X-Varnish-Cache-Hits
X-UA
X-Akamai-Edgescape
X-RateLimit-Limit
X-Adobe-Loc
X-Varnish-Grace
X-Sucuri-Cache
X-Adobe-Content
X-HS-Combine-CSS
X-Cache-Age
X-Varnish-IP
X-CDN-Forward
X-GZip
X-Platform-Server
X-Vg-Webcache
X-CLOUD-TRACE-CONTEXT
X-Cache-TTL-Remaining
X-Dns-Prefetch-Control
X-Edge-Cache
X-Daa-Tunnel
Datacenter
X-Edge-Cache-Key
X-Cache-Remote
X-Real-IP
X-Storage
Cache-Tag
X-Akamai-Transformed
X-Region
X-Mode
X-Drupal-Cache-Contexts
X-Amz-Replication-Status
X-Esi
HostName
X-Distributor
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Source
X-RemovedCookies
X-Path-Route
X-Rendered-As
X-ProcessESI
X-Detected-As
X-MP-GENERATED-AT
X-Is-Bot
X-Cache-Var
X-RN-RSRV
Meta-Geo
Machine
Load-Balancing
X-Cache-Var-Map
Country
X-Amzn-RequestId
ServerName
X-Amz-Apigw-Id
X-NCache
Fastly-SSL
X-Agile
X-Agile-Id
X-Agile-Age
X-PERF
X-Akamai-Request-ID
X-OCL
Cache-Key
X-Time-Microsecs
X-ApacheServer
X-Viewer-Country
X-BB-IP
Mn-Server-Ip
X-TWH-CORRELATION-ID
X-PCL
X-Cache-Category-Id
X-CDN-Cache
X-NodeID
X-Webstats-RespID
X-Upgrade-Enabled
X-Web-Node
X-Grey
GEO-INFO
X-Kinja-Server-Push
X-Via-Fastly
Azure-InstanceId
X-Proto
X-TA-CDN-Provider
X-OVcl
X-OVcl-Cache
X-Amz-Meta-Surrogate-Control
Azure-RegionName
Azure-SiteName
L5d-Success-Class
Ohc-File-Size
X-Instance-Name
S-Rt
Cache-Name
Azure-SlotName
Azure-Version
Backend
X-Original-Request
X-Pubstack
X-Optimization
X-EIG-Tracking-Id
X-Debug-Cache
X-Edge-Location
X-Cache-HT
X-Port
X-Cluster-Node
X-Human
X-Format
X-Meta-Tbi-Cache-Vertical
X-IP
TWC-Device-Class
X-Routing-Service
X-Site-Version
X-Hosted-By
X-Section
Property-Id
X-Generation-Time
X-LJ-Flow-ID
TWC-Connection-Speed
TWC-GeoIP-Country
X-CCM
X-CCM-LastModified
X-SplitTest
X-Origin-Hint
X-App-Name
X-Birta-Served
X-AWS-Id
X-Access
Webcakes-Region
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Privacy
User-Cache-Control
Webcakes-App-Version
Webcakes-App-Name
X-Birta-Cache-Post
X-Labrador-Cache-Channel
Healthy
X-Zipkin-Id
X-Xfnlog-Site
X-Www-Served-By
X-VWS-Id
DB-Nickname
X-FC-Vary-Parameters
X-ServerID
X-BYPASS-REASON
X-Proxy
X-ProxyCache-Key
X-ProxyCache-Status
LB
Now
User-Agent
X-Request-Time
Cache-Hits
X-Loop
X-TNCMS
X-Varnish-Cacheable
Fastcgi-Useragent
X-JoinUs
X-Cache-Bucket
Access-Control-Allow-Method
X-Surge-Debug
X-Generated
X-Tumblr-Pixel-3
X-Backend-Name
X-Tb
X-Guploader-Uploadid
Payment
X-Origin-CC
X-Proxy-Build
X-Timing-Wait
X-Ezoic-Cdn
RATING
Selected-FE
Countrycode
X-Hit
X-Dc
Ec-Rule-Version
X-Render-Type
X-Correlation-ID
X-Cache-Enabled
X-Newrelic-Synthetics
X-Feature
X-B3-Spanid
X-DataStream-Cache-Status
X-Time
WP-Super-Cache
X-Unique-ID
Origin-Cache-Control
Origin-Edge-Control
X-Oneagent-Js-Injection
X-L-Path
X-Nginx-Cache
X-Environment-Context
X-Real-Ip
X-UA-Device-Type
RequestId
X-Nc
NODE
X-Varnish-Beresp-Grace
X-NU-AKA-ACS-Version
X-Varnish-Beresp-Status
X-Skip-Cache
X-CACHE-AGE
X-B3-TraceId
X-NGENIX-Cache
X-Be
Access-Control-Request-Headers
X-WR-MODIFICATION
Webserver
X-Content-Type
X-Status
X-Vgn-Hpd-Reason
X-COUNTRY
X-ElasticPress-Search
X-Servedby
X-Cache-Backend
Xserver
Time
X-Upstream-CT
X-Upstream-HT
X-EdgeConnect-Cache-Status
Warning
Ws
X-Cache-Id
X-We-Are-Hiring
X-Via-CDN
X-Transaction
X-Trv-Group
Xc-Version
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Twitter-Response-Tags
X-G
X-Cache-Host
Resin-Trace
X-VG-WebServer
BehaviorPad-Version
X-User
X-Via-Edge
X-BBXSRF
X-A-Ccd
X-A
X-A-Dam
X-A-Dcw
X-A-Dgt
Www
VivaBuild
T-Server
Ajk
AKAMAI
Viewtype
X-A-Wwc
X-Accel-Expires-Debug
X-BB-ID
Apple-News-Services-Host
X-Connection-Hash
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
X-Wix-Route-ID
X-Amz-Meta-Cache-Control
X-Application
X-ARC
X-B-Cookie
Apple-News-Services-Request-Url
X-SRCache-Key
X-Planisys-CDN-Cache
GMS-Ver
Fly-Request-Id
X-PAYTM-SRV-ID
X-Planisys-CDN-Rules
X-Fastly-Cache
X-DPWN-IS-SECURE
X-Planisys-CDN-TTL
Host-ID
X-TIME
Fastcgi-X-Cache
Fastcgi-X-Cache-Version
Fastly-Soc-X-Request-Id
X-From
X-Haproxy-Hostname
X-Generated-In
X-Haproxy-Ip
Fly-Cache
X-No-Session
X-ND-Cache
X-Logtrace-Id
X-Region-Sid
X-Public
Cache-Prefix
Meta-Geo-Continent
X-Server-Time
X-Date
Sta2Tusw
X-D
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Server-By
X-Destination
X-Rewrite-Enabled
X-Died
MD5-Digest
X-S-Cookie
X-Rojux
X-Developer
Memcached
X-GoCache-CacheStatus
X-Croise-Owner
IBM-Web2-Location
Fastly-SWR
Release
Server-Int
Odigeo-Trace-Id
IsBot
NGX
Request-Time
Origin
X-Up
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Request-URI
X-ScT
X-Debug-Log
X-SIPLIST1
X-F5-Cache
X-FireWall-Port
X-Frame-Option
X-Fstrz
X-NX-Host
X-Forwarded-Host
X-Phone
X-Debug-Cookies
X-Sn-Servicetimems
X-Wikidot-Backend
X-Cache-CFC
X-Wikidot-Static-Cache
V-Age
UCS
X-Cache-Expires
X-Cache-Time
X-Core-Value
X-CS
X-Trace-Id
X-Var-Ttl
X-Cdn-Origin
Uber-Trace-Id
Rendered-Blocks
Fastly-SIE
Apicache-Version
Apicache-Store
X-Webkit-CSP
Cneonction
X-Content-Age
X-Gen-Mode
X-Ckpd-Fst-Backend
X-CGP
X-Cdn-Srv
X-Developers
X-Eu-Site
X-Epic-Correlation-Id
X-Env
X-Cache-Debug
X-Dispatcher-Server
X-Device-Os
X-Edge-IP
X-Bug-Bounty
Who
X-Actual-URL
Web-Mar-Node
Thinkindot-Control
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Amz-Meta-S3cmd-Attrs
X-Backend-Host
X-Block-Status
X-GeoIP-City
X-Backend-Url
X-Backend-TTL
X-Backend-State
X-C
X-Hnp-Log
X-TT-LOGID
X-UE-Client-Country
X-Thinkindot-L3
X-Stale
X-ServiceProvider
X-StackifyID
X-UnsetCookies
X-V
X-IN-SSL-APIGATEWAY
X-IN-WAF
X-IN-APIGATEWAY
X-Worker
X-VServer
X-WebServer
X-Servername
X-Server-IP
X-Passed-To
X-Passed-To-BeforeDispatch
X-MI-In-Market
X-Matched-Rule
OT-Force-Account-Verify
X-Location
X-Passed-To-DLL
X-Reboot
X-Served-From
X-Server-Group
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-Returned-From
X-Returned-From-BeforeDispatch
X-GeoIP-Country-Code
X-Passed-To-PostProcessResponse
On-Server
Decoy-Debug-Status
Httpd-Identifier
HA-Georegion
Ohc-Response-Time
Ha-Gx-Prefs
HA-Geolon
HA-Geolat
Pramga
Proxy-Connection
Pragrma
Powered-By
Platform
Cache-Cookie-Set-Lfrom
HA-Host
Heartbleed
HA-Urlpath
Content-Disposition
Decoy-Debug-TTL
Is-Eu
Decoy-Debug-Key
HA-Servedtime
Esi-Enabled
MI-Cache
MI-Cache-Age
CDCHOST
Fastly-Backend-Name
HA-Ipaddr
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
GW-Server
HA-Cloudapp
HTTPS
Backend-Name
Server-Host
HA-Geocity
Adler-Geo
HA-Geocountry
X-Varnish-Beresp-Ttl
X-Ver
X-Node-Id
X-S-Maxage
X-Sorting-Hat-PrivacyLevel
X-Sorting-Hat-PodId-Cached
REQUESTUUID
X-Sorting-Hat-Section
X-Shopify-Stage
X-Sorting-Hat-ShopId-Cached
X-Fetched-On
NnCoection
Kp-EeAlive
X-MSEdge-Flight
X-MSEdge-Features
X-RCS-CacheZone
X-Hash
X-Release
X-Sorting-Hat-PodId
X-Varnish-Id
X-Hl-Ver
X-Response-By
X-Auto-Login
Server-ID
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
Request-EU
X-Via-NSCOPI
X-Cache-Ttl
X-Rocket-Nginx-Bypass
X-ShardId
X-Cache-Srv
X-Page-Type
PFcat
X-ShopId
X-Sorting-Hat-FeatureSet
X-Core-Mission
Request-Country
X-HS-Hub-Id
X-Cache-Control-Set-By
X-Origin-Expires
X-Clientip
X-Gannett-Site-Version
X-Crawler
Drupal-Pagecache-Memcache
X-Amz-Meta-S3b-Last-Modified
X-Bip
X-Varnish-HitMiss
X-Thanos
X-Svr
X-Secret
X-Cache-URL
MI-API
X-Info
X-HCF
X-Origin-Date
X-Platform
Processtime
NtCoent-Length
Cache-Provider
X-P-T
X-Refresh
Country-Code
X-Fastcgi-Cache
Mime-Version
X-Req
Dnion-Transfer-Encoding
Version
X-Origin-TTL
X-Pf-Uncompressing
Cteonnt-Length
Pagetype
X-Pjax-Url
X-Amz-Meta-Sha256
Accept-Ch
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-NC
X-Csrf-Token
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
Ar-Sid
X-From-Cache
X-Kong-Upstream-Latency
X-Yottaa-Sig
X-EC-Security-Audit
Memory
X-Cache-ASPX
X-Kong-Proxy-Latency
FSS-Cache
WebServer
Geoip-City
X-App-Version
X-CSRF-Token
Geoip-Latitude
FSS-Proxy
GeoIp-Country-Code
Arc-Country
X-Rule
X-Varnish-Url
SN
X-LiteSpeed-Cache-Control
X-Irp-Debug
Brightspot-Id
X-DC
X-Ruxit-Js-Agent
PICS-Label
X-Wix-Petri-Ex
X-Dynatrace
PageType
X-Redis-Cache
Dont-Set-Cookie
X-LB-Node
X-Cache-Handler
CF-IPCountry
MIME-Version
Sid
X-LB-CacheStatus
X-ROOTCache
X-Ua
If-Modified-Since
COMMERCE-SERVER-SOFTWARE
X-Request-Start
Cdn
X-Varnish-Beresp-TTL
X-Request-UUID
X-Endurance-Cache-Level
X-Ratelimit-Remaining
X-Fastly-Backend-Reqs
Edgecast
X-Load-Cache
X-SERVER-NAME
X-Atg-Version
X-Varnish-Action
X-TId
PROCESSING-IP
BORDER-IP
X-Cdn-Forward
X-Requestid
XServer
X-GRACE
X-Layer
X-Servedbyhost
X-Sf
X-Ratelimit-Limit
X-GDPR
RNT-Time
RNT-Machine
X-ServedByHost
X-Tid
Amp-Access-Control-Allow-Source-Origin
Frame-Options
X-RequestId
X-Cache-TTL
X-Rocket-Nginx-Serving-Static
Dynatrace
X-Nananana
X-Resolver-IP
X-Fastly-Cache-Hits
X-B3-SpanId
CDN
Powered
X-BE
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Key
Cf-Ipcountry
Pics-Label
X-Owner
NodeID
Cache-Tags
CACHE
X-HTML-Minification-Powered-By
X-Tec-Api-Version
Node
X-Tec-Api-Root
X-Tec-Api-Origin
Web-Mar-Region
X-Gdpr
X-Server-W
We-Hiring
Mail-Subject
DataCenter
PageSpeed
X-VG-WebCache
X-Varnish-Ttl
X-Dynatrace-Js-Agent
X-ABtesting
X-Flog
X-Shard
GeoIP-City
GeoIP-Latitude
GeoIP-Country-Code
X-Use-Magma
X-UPSTREAM-Address
X-Varnish-URL
Hostname
X-Sentry-ID
Lfy
X-Powered-By-ANYU
WZWS-RAY
X-GZIP
ProcessTime
X-NWS-UUID-VERIFY
Max-Age
Is-Session-Tracking
Accept-CH
Get-Access-Time
X-CDN-Pop
X-CDN-Pop-IP
X-Ms-Blob-Type
X-Ms-Version
X-Ms-Lease-Status
X-Ms-Request-Id
X-NGINX-Cache
X-GEO
X-Aicache-OS
X-Mem
X-PF-Uncompressing
Xet-Cookie
X-Dw-Trace-Id
X-Check-Cacheable
X-Front
X-Cache-FS-Status
X-Edge-Server
X-Powered-By-Defense
X-Remote-IP
Cdn-Request-Time
Cdn-Host
X-Alicdn-Da-Ups-Status
X-PJAX-URL
X-Trv-Request-Id
True-Client-Country-4JS
X-Oa-Upstreams
X-Cookie
URI
X-VG-TLSProxy
Magicmarker
X-Unique-Id
RequestUuid
Requestid
X-Proxy-Server
X-Varnish-ID
X-Ms-Lease-State
X-Swa-Ws
X-ByteArk-Cache
X-Policy
X-PAGE-TYPE
X-RSL
X-RPM
X-DSS
X-DW
X-RPS
X-VID
X-DI
X-DB
X-Acquia-Application-UUID
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Acquia-Application-Trace
X-Micro-Cache
X-Zalando-Child-Request-Id
X-Zalando-Page-Type
X-Hello
CF-Cached-On
WS
X-Fe
X-RAMCache
SID
X-Litespeed-Tag
X-Litespeed-Cache-Control