Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Xss-Protection
X-Served-By
X-Varnish
X-Amz-Cf-Id
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
X-Generator
Content-Security-Policy-Report-Only
CF-Ray
Alt-Svc
X-AspNetMvc-Version
Status
X-Cache-Status
X-DNS-Prefetch-Control
X-Check
X-Iinfo
X-Adblock-Key
X-FRAME-OPTIONS
Timing-Allow-Origin
X-CDN
X-Content-Security-Policy
X-Turbo-Charged-By
X-Permitted-Cross-Domain-Policies
P3p
Content-Encoding
X-Template
Keep-Alive
X-Language
X-Type
X-Via
X-AH-Environment
X-Request-ID
X-Cache-Group
X-Backend
WPE-Backend
X-Pass-Why
X-Age
X-Server
X-Nginx-Cache-Status
X-Buckets
Access-Control-Max-Age
X-Server-Powered-By
X-Pingback
Xkey
X-Varnish-Cache
Grace
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
Upgrade
X-Hacker
X-UA-Device
X-Amz-Request-Id
X-Page-Speed
Cf-Railgun
X-Amz-Id-2
X-Proxy-Cache
X-Robots-Tag
X-LiteSpeed-Cache
EagleId
X-Envoy-Upstream-Service-Time
Request-Context
X-Node
X-Swift-CacheTime
X-Swift-SaveTime
X-Device
X-Ac
Ali-Swift-Global-Savetime
X-Cnection
X-Host
Content-Location
X-Amz-Version-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Lookup
X-Server-Id
Surrogate-Control
X-WebKit-CSP
X-Backend-Server
X-OneAgent-JS-Injection
X-Rack-Cache
X-Instart-Request-ID
X-Response-Time
X-Px
Request-Id
X-Readtime
X-CST
X-Rq
Server-Timing
X-Clacks-Overhead
Permitted-Cross-Domain-Policies
X-Do-Not-Hack
X-HeyJason
X-Cloud-Trace-Context
Pinterest-Generated-By
EagleEye-TraceId
X-Ua-Compatible
Edge-Control
X-Url
X-Application-Context
X-MS-InvokeApp
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country
Report-To
X-DynaTrace-JS-Agent
X-Server-Name
Charset
SPRequestGuid
Allow
X-Country-Code
X-SharePointHealthScore
X-DataDome
X-TTL
X-Ruxit-JS-Agent
Rating
X-Varnish-TTL
X-Cached
X-TtlSet
X-Vname
X-PC
X-ESI
X-Powered-CMS
X-Powered-By-Plesk
X-Recruiting
X-FTR-Request-ID
NEL
X-D2id
X-Vhost
X-CF-Powered-By
Public-Key-Pins
X-Pinterest-Rid
X-Upstream-Env
Pinterest-Version
X-Version
X-Exp-Variant
X-Exp-Id
X-Geo-Segment
X-Cdn-Fetch
X-F-Cache
X-Kinja-Revision
X-Kinja-Server
X-Kinja-Build
X-Kinja
X-DynaTrace
X-N
SPRequestDuration
SPIisLatency
X-T
X-Dw-Request-Base-Id
X-VARITI-CCR
X-GoogleNews-Bot
Cartoon
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Mod-Pagespeed
MS-Author-Via
Content-MD5
Nginx-Cache
X-Abt-Application-Version
RTSS
AR-PoweredBy
AR-ATIME
AR-CACHE
Feature-Policy
X-GitHub-Request-Id
MicrosoftSharePointTeamServices
Verso
X-SRCache-Store-Status
X-Dispatcher
X-Navigation-Version
X-SRCache-Fetch-Status
X-Shield-Request-Id
X-Amz-Rid
X-Client-IP
X-Hits
Realpath
X-Goog-Hash
X-Forwarded-Proto
X-Cdn
X-Trace
X-Origin-Cache
Paypal-Debug-Id
X-Server-ID
AR-SID
X-Content-Options
Arr-Disable-Session-Affinity
X-Content-Digest
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Id
X-Zen-Fury
X-Kinsta-Cache
TCN
X-Grace
X-B
X-Varnish-Age
Alternate-Protocol
X-Cache-Key
Fastcgi-Cache
X-Sol
DynaTrace
X-Ttl
X-Upstream
X-Ser
X-Mrf-Section-Lastmod
MRF-Tech
X-Mrf-Item-Lastmod
Mrf-Cache-Status
Access-Control-Request-Method
X-Pad
X-FastCGI-Cache
X-Fastly-Request-ID
X-Middleton-Display
Display
PB-RID
PB-PID
X-NF-Request-ID
X-Via-JSL
X-Nf-Srv-Version
X-Mobile-Rewrite
X-DIS-Request-ID
X-Vcap-Request-Id
X-Middleton-Response
Response
X-IPLB-Instance
X-User-Agent
Front-End-Https
X-SS-Set-Cookie
Rt-Fastcgi-Cache
X-Acc-Meta-Resource-Type
Pagespeed
X-MSEdge-Ref
X-Cache-Rule
X-PressLabs-Stats
X-Frontend
Eomportal-Instance
X-Logged-In
X-Forwarded-For
X-Cache-Hit
X-Whom
Server-Name
X-Hostname
X-VCache
Arc-Version
Host
X-XRDS-LOCATION
X-Newrelic-App-Data
X-Goog-Storage-Class
Tracecode
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
Cache-Status
Surrogate-Key
S
X-Country-Code-Real
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-Balancer
X-Debug
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Expires
X-Request-Processing-Time
X-Request-Received
Backend-Timing
X-Analytics
Refresh
X-HS-Content-Id
TP-Cache
X-Instance
TP-L2-Cache
X-AOL-HN
X-Proxied
X-AppVersion
X-Az
X-Contextid
X-Magnolia-Registration
X-Activity-Id
X-Rid
Public-Key-Pins-Report-Only
FilterID
X-UUID
X-Wix-Server-Artifact-Id
X-XRDS-Location
HitType
HitInfo
Server-Info
ServerID
Liferay-Portal
X-URL
AMP-Access-Control-Allow-Source-Origin
X-Srv
X-HW
X-B3-Traceid
X-NWS-LOG-UUID
X-WPE-Loopback-Upstream-Addr
X-Webkit-Csp
Service-Worker-Allowed
Cleartype
X-Varnish-Server
X-APP-VERSION
X-Mobile
X-Content-Security-Policy-Report-Only
X-Varnish-Backend
X-FTR-Cache-Host
X-Correlation-Id
X-HS-Cache-Config
Edge-Cache-Tag
Served-By
X-Cache-Control
X-Origin
X-Revision
X-Geo-Country
X-Amzn-Trace-Id
X-Cache-Server
X-App-Environment
X-BCube-Filmed-By
S-Cnection
Fastly-Restarts
X-PHP-Backend
X-Request-Guid
X-RateLimit-Remaining
Host-Header
X-Handled-By
X-Varnish-Hostname
X-TT
X-Hail-Hydra
X-PC-AppVer
X-PC-Key
X-Device-Type
X-PC-Hit
Server-Node
MS-CV
Retry-After
Source
DC
X-Tumblr-Pixel
X-Origin-Upstream-Status
X-Cache-Operation
X-Tumblr-User
X-Tumblr-Pixel-0
X-Framework
X-Cache-Config
X-B-Cache
X-Signature
X-FB-Debug
X-Cache-2
X-Page-Id
Powered-By-ChinaCache
Accept-Charset
X-TT-TIMESTAMP
X-Ocache
X-Cache-Action
X-Origin-Server
X-Sucuri-ID
X-Debug-Info
Actual-Object-TTL
X-Hyper-Cache
X-ADI-VCache
X-Shield-Cache-Expires
X-PC-Date
Viewport
X-PC-Host
NGB
X-WA-Info
X-Accel-Expires
X-ATG-Version
X-Content-Powered-By
X-Microcachable
X-B3-Sampled
Upgrade-Insecure-Requests
X-Cached-By
Cache
X-Drupal-Cache-Tags
X-LB-Cache
X-Cache-NE
SRV
AsisCache
Filters
X-Akam-SW-Version
ServedBy
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Amz-Server-Side-Encryption
X-RequestSource
X-RTag
X-S
X-TX-ID
X-Locale
X-Internal-Host
X-FW-Serve
X-FW-Hash
X-Generated-By
X-FW-Server
X-Cacheable-TTL
X-FW-Static
X-FW-Type
X-GeoIP
Content-Style-Type
X-Tumblr-Pixel-1
X-Distil-CS
X-Seen-By
Content-Script-Type
X-WebKit-CSP-Report-Only
X-Wix-Request-Id
X-Tumblr-Pixel-2
X-HS-Combine-CSS
From-Origin
X-Jobs
X-App-Server
X-Accel-Buffering
X-Varnish-Hits
X-Cluster
X-Esi
X-Akamai-Edgescape
X-Geo
X-ServedBy
X-Adobe-Content
X-Adobe-Loc
X-Daa-Tunnel
X-Sucuri-Cache
X-Varnish-IP
X-Varnish-Cache-Hits
X-Node-Name
X-Varnish-Grace
X-Dns-Prefetch-Control
X-Platform-Server
X-GZip
X-Edge-Cache
X-RateLimit-Limit
X-Edge-Cache-Key
X-CDN-Forward
X-Cache-Remote
X-Vg-Webcache
HostName
X-Cache-TTL-Remaining
Datacenter
X-UA
X-Storage
X-Region
X-Akamai-Transformed
X-Mode
X-Cache-Age
X-TA-CDN-Provider
X-GUploader-UploadID
X-NewRelic-App-Data
X-Amz-Replication-Status
Cache-Tag
X-Drupal-Cache-Contexts
X-Guploader-Uploadid
X-Distributor
X-Feature
X-Kinja-Server-Push
X-Real-IP
Country
X-Cache-Var
Machine
X-RN-RSRV
X-Cache-Var-Map
Meta-Geo
X-Detected-As
Load-Balancing
X-RemovedCookies
X-Source
X-Path-Route
X-Rendered-As
X-MP-GENERATED-AT
X-Is-Bot
X-ProcessESI
X-Agile-Id
X-Amz-Apigw-Id
X-Agile-Age
X-Agile
ServerName
Fastly-SSL
X-NCache
X-Amzn-RequestId
X-Cache-Bucket
X-Viewer-Country
X-Web-Node
X-NodeID
X-Webstats-RespID
Cache-Key
X-Time-Microsecs
X-PCL
X-CDN-Cache
X-Port
Mn-Server-Ip
X-Akamai-Request-ID
X-ApacheServer
X-TWH-CORRELATION-ID
Ohc-File-Size
X-OCL
X-PERF
X-Grey
X-Cache-Category-Id
X-Upgrade-Enabled
X-Edge-Location
Azure-InstanceId
X-EIG-Tracking-Id
Azure-RegionName
X-Debug-Cache
Cache-Name
X-Cache-HT
X-Via-Fastly
X-BB-IP
S-Rt
X-Amz-Meta-Surrogate-Control
L5d-Success-Class
GEO-INFO
Azure-Version
Azure-SlotName
Backend
X-Human
X-Pubstack
Azure-SiteName
X-Cluster-Node
X-OVcl-Cache
X-OVcl
X-Instance-Name
X-Original-Request
X-Optimization
X-Request-Time
X-Birta-Served
X-Birta-Cache-Post
X-BYPASS-REASON
Property-Id
X-Origin-Hint
X-ProxyCache-Status
Healthy
X-Section
X-Proto
X-CCM
X-AWS-Id
TWC-Device-Class
Webcakes-Region
Webcakes-App-Version
X-Routing-Service
X-Access
X-Proxy
X-ProxyCache-Key
Webcakes-App-Name
X-App-Name
TWC-GeoIP-Country
X-ServerID
TWC-GeoIP-LatLong
TWC-Locale-Group
User-Cache-Control
TWC-Privacy
TWC-Connection-Speed
LB
X-Generation-Time
X-SplitTest
X-Oracle-Dms-Ecid
X-Www-Served-By
X-Format
X-FC-Vary-Parameters
X-LJ-Flow-ID
X-Oracle-Dms-Rid
X-VWS-Id
X-Meta-Tbi-Cache-Vertical
X-Labrador-Cache-Channel
X-IP
X-CCM-LastModified
X-Hosted-By
DB-Nickname
X-Site-Version
X-Zipkin-Id
X-Xfnlog-Site
X-TNCMS
X-Loop
X-Surge-Debug
Fastcgi-Useragent
Cache-Hits
X-Varnish-Cacheable
Now
X-JoinUs
X-Render-Type
Access-Control-Allow-Method
RATING
User-Agent
X-Generated
X-Ezoic-Cdn
X-Backend-Name
X-Tumblr-Pixel-3
X-Hit
X-Real-Ip
Payment
X-Proxy-Build
X-Timing-Wait
X-Tb
X-Nginx-Cache
Countrycode
Selected-FE
X-Newrelic-Synthetics
X-Origin-CC
X-Cache-Enabled
X-Time
WP-Super-Cache
X-Nc
Ec-Rule-Version
X-Oneagent-Js-Injection
Origin-Edge-Control
Origin-Cache-Control
X-B3-Spanid
X-CACHE-AGE
X-DataStream-Cache-Status
X-Unique-ID
X-Dc
X-L-Path
X-Environment-Context
RequestId
X-UA-Device-Type
X-NU-AKA-ACS-Version
Xserver
X-Varnish-Beresp-Status
X-Litespeed-Cache
X-Varnish-Beresp-Grace
NODE
X-Skip-Cache
X-B3-TraceId
X-NGENIX-Cache
X-Correlation-ID
Access-Control-Request-Headers
X-COUNTRY
Webserver
X-Be
X-WR-MODIFICATION
X-Servedby
X-Vgn-Hpd-Reason
X-ElasticPress-Search
X-Upstream-CT
X-Upstream-HT
X-EdgeConnect-Cache-Status
Time
Ws
X-Content-Type
X-Croise-Owner
Warning
VivaBuild
Apple-News-Services-Parsed-Url
Www
Apple-News-Services-Host
X-A-Ccd
Ajk
X-A-Dgt
X-A-Dcw
X-A-Dam
AKAMAI
X-A
Apple-News-Services-Handled
T-Server
Fastcgi-X-Cache
GMS-Ver
Cache-Prefix
Fastcgi-X-Cache-Version
Fastly-Soc-X-Request-Id
Fly-Request-Id
X-A-Wwc
Host-ID
BehaviorPad-Version
Apple-News-Services-Request-Url
Fly-Cache
Sta2Tusw
Resin-Trace
MD5-Digest
Meta-Geo-Continent
Viewtype
X-Developer
X-S-Cookie
X-Server-By
X-Server-Time
X-SRCache-Key
X-Rojux
X-Rewrite-Enabled
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Public
X-Region-Sid
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Via-Edge
X-We-Are-Hiring
X-Wix-Route-ID
Xc-Version
X-Via-CDN
X-VG-WebServer
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
X-User
X-Planisys-CDN-Cache
X-PAYTM-SRV-ID
X-CF-Lambda-Version
X-Connection-Hash
X-D
X-Destination
X-CF-Lambda-Fn
X-Cache-Id
X-Application
X-ARC
X-B-Cookie
X-BBXSRF
X-Cache-Backend
X-Died
X-Haproxy-Ip
X-Logtrace-Id
X-ND-Cache
X-No-Session
X-Haproxy-Hostname
X-Generated-In
X-DPWN-IS-SECURE
X-Fastly-Cache
X-From
X-G
X-Amz-Meta-Cache-Control
X-BB-ID
X-Varnish-Beresp-Ttl
Cneonction
X-Webkit-CSP
X-Cache-Ttl
Server-Int
Request-Time
Rendered-Blocks
UCS
Uber-Trace-Id
Release
IsBot
X-SIPLIST1
Memcached
NGX
Origin
Odigeo-Trace-Id
V-Age
X-Request-URI
X-FireWall-Port
X-F5-Cache
X-Forwarded-Host
X-Frame-Option
X-Fstrz
X-CS
X-Core-Value
X-Cache-CFC
X-Phone
X-Cache-Host
X-Cache-Time
X-Cdn-Origin
X-Sn-Servicetimems
X-ScT
X-Up
X-Date
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Status
X-Accel-Expires-Debug
X-TIME
X-StackifyID
Thinkindot-Control
Thinkindot-CacheControl
X-Returned-From-PostProcessResponse
X-Content-Age
Thinkindot-CacheControl-Type
X-Returned-From-BeforeDispatch
X-Ckpd-Fst-Backend
Who
Web-Mar-Node
X-Returned-From
Content-Disposition
X-Returned-From-DLL
X-GeoIP-City
X-V
X-MSEdge-Flight
Proxy-Connection
Pramga
Pragrma
X-Eu-Site
Backend-Name
X-Var-Ttl
X-CGP
Server-Host
X-WebServer
X-Worker
X-Epic-Correlation-Id
X-Rebelmouse-Surrogate-Control
X-Block-Status
X-Bug-Bounty
X-Passed-To
X-Passed-To-BeforeDispatch
X-Backend-TTL
X-Backend-Url
X-C
X-Hnp-Log
X-VServer
X-IN-SSL-APIGATEWAY
X-Cache-Expires
X-Cache-Debug
X-IN-APIGATEWAY
X-Backend-State
X-Backend-Host
X-Gen-Mode
X-Actual-URL
X-Rebelmouse-Cache-Control
Platform
X-Reboot
X-Cdn-Srv
X-Gannett-Site-Version
X-Passed-To-PostProcessResponse
X-Passed-To-DLL
Adler-Geo
X-Amz-Meta-S3cmd-Attrs
X-IN-WAF
X-NX-Host
Powered-By
CDCHOST
GW-Server
HA-Cloudapp
X-UE-Client-Country
X-Device-Os
X-Location
X-Dispatcher-Server
HA-Geocity
HA-Geocountry
HA-Host
HA-Ipaddr
Ha-Gx-Prefs
HA-Georegion
HA-Geolat
HA-Geolon
X-Edge-IP
X-Env
Drupal-Pagecache-Memcache
Esi-Enabled
Decoy-Debug-TTL
Decoy-Debug-Status
X-TT-LOGID
Decoy-Debug-Key
X-Trace-Id
X-Thinkindot-L3
X-GeoIP-Country-Code
X-Stale
Fastly-SWR
X-GoCache-CacheStatus
Fastly-Backend-Name
Fastly-SIE
X-Secret
HA-Servedtime
X-Servername
X-Server-IP
On-Server
X-ServiceProvider
Cache-Cookie-Set-From
Ohc-Response-Time
MI-API
Cache-Cookie-Set-Lfrom
X-Served-From
X-Server-Group
MI-Cache-Age
MI-Cache
X-Debug-Log
X-MI-In-Market
Httpd-Identifier
HTTPS
X-Developers
Heartbleed
HA-Urlpath
IBM-Web2-Location
X-MSEdge-Features
X-UnsetCookies
X-Matched-Rule
X-Debug-Cookies
Is-Eu
Cache-Cookie-Set-Idcheck
X-Dynatrace
Mime-Version
NnCoection
Version
Apicache-Store
X-Node-Id
X-Fetched-On
X-Core-Mission
X-Rocket-Nginx-Bypass
Kp-EeAlive
X-ShopId
X-ShardId
OT-Force-Account-Verify
Request-Country
PFcat
X-Shopify-Stage
X-Sorting-Hat-FeatureSet
X-Sorting-Hat-ShopId
X-Sorting-Hat-ShopId-Cached
X-Sorting-Hat-Section
X-Sorting-Hat-PrivacyLevel
X-Sorting-Hat-PodId
X-Sorting-Hat-PodId-Cached
Request-EU
REQUESTUUID
X-RCS-CacheZone
X-Release
X-Alternate-Cache-Key
X-Hl-Ver
X-Cache-Srv
X-Auto-Login
Apicache-Version
X-Response-By
X-S-Maxage
X-Hash
Server-ID
X-Varnish-Id
X-Ver
X-HCF
X-Info
X-Fastcgi-Cache
X-Amz-Meta-S3b-Last-Modified
X-Bip
X-Via-NSCOPI
X-Platform
X-Varnish-HitMiss
X-Thanos
X-Svr
X-CSRF-Token
X-Cache-Control-Set-By
X-Clientip
X-Origin-Expires
X-Cache-URL
X-Crawler
X-Page-Type
X-Origin-Date
NtCoent-Length
Dnion-Transfer-Encoding
X-P-T
X-Refresh
X-Oss-Object-Type
Country-Code
X-Oss-Storage-Class
Cache-Provider
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Yottaa-Sig
X-Origin-TTL
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Req
X-Pf-Uncompressing
Processtime
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Accept-Ch
X-Varnish-Url
FSS-Cache
FSS-Proxy
Ar-Sid
Cteonnt-Length
Pagetype
Arc-Country
X-DC
X-CLOUD-TRACE-CONTEXT
Brightspot-Id
X-App-Version
X-From-Cache
X-Pjax-Url
WebServer
X-Irp-Debug
X-LiteSpeed-Cache-Control
X-Amz-Meta-Sha256
X-Ua
Memory
X-EC-Security-Audit
X-Cache-ASPX
X-HS-Hub-Id
X-Ruxit-Js-Agent
X-LB-Node
X-LB-CacheStatus
Sid
X-ROOTCache
COMMERCE-SERVER-SOFTWARE
Geoip-Latitude
GeoIp-Country-Code
Geoip-City
PageType
X-Atg-Version
X-NC
X-Request-Start
SN
X-Request-UUID
Cdn
PICS-Label
X-Csrf-Token
Dynatrace
CF-IPCountry
X-Ratelimit-Remaining
X-Load-Cache
X-Endurance-Cache-Level
X-Fastly-Backend-Reqs
X-Varnish-Action
X-Redis-Cache
X-Cache-Handler
Edgecast
If-Modified-Since
X-Ratelimit-Limit
X-SERVER-NAME
MIME-Version
Dont-Set-Cookie
PROCESSING-IP
X-GRACE
X-Cdn-Forward
BORDER-IP
X-Layer
X-Wix-Petri-Ex
X-GDPR
X-Varnish-Beresp-TTL
X-ServedByHost
X-Tid
X-TId
X-Rocket-Nginx-Serving-Static
X-Requestid
Frame-Options
X-RequestId
X-Fastly-Cache-Hits
X-Servedbyhost
X-Sf
X-Rule
X-Nananana
RNT-Time
RNT-Machine
X-B3-SpanId
X-Resolver-IP
X-Owner
X-Key
NodeID
X-BE
Pics-Label
Cf-Ipcountry
CDN
CACHE
X-HTML-Minification-Powered-By
Powered
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Cache-TTL
Web-Mar-Region
X-Server-W
X-Tec-Api-Origin
X-Tec-Api-Version
XServer
X-Tec-Api-Root
Node
GeoIP-Latitude
Mail-Subject
X-Flog
We-Hiring
Cache-Tags
GeoIP-Country-Code
X-ABtesting
GeoIP-City
PageSpeed
X-NWS-UUID-VERIFY
WZWS-RAY
DataCenter
X-Sentry-ID
X-Varnish-Ttl
Lfy
X-Shard
X-Dynatrace-Js-Agent
ProcessTime
X-VG-WebCache
X-Powered-By-ANYU
X-Use-Magma
X-CDN-Pop-IP
X-CDN-Pop
Get-Access-Time
Max-Age
Is-Session-Tracking
X-GZIP
X-Cf-Powered-By
X-Gdpr
X-Mem
Accept-CH
X-PF-Uncompressing
Magicmarker
X-PJAX-URL
X-Powered-By-Defense
X-Cache-FS-Status
X-GEO
X-UPSTREAM-Address
URI
X-FORWARDED-FOR
X-ByteArk-Cache
X-Dw-Trace-Id
Xet-Cookie
X-Varnish-URL
X-PAGE-TYPE
X-Cookie
X-Ms-Version
X-Ms-Blob-Type
X-Check-Cacheable
X-SRV
X-Remote-IP
X-Oa-Upstreams
Amp-Access-Control-Allow-Source-Origin
X-Trv-Request-Id
X-Ms-Request-Id
X-Ms-Lease-Status
X-Front
X-Unique-Id
X-Zalando-Page-Type
X-Varnish-ID
X-Aicache-OS
Requestid
RequestUuid
X-Zalando-Child-Request-Id
X-Proxy-Server
X-Micro-Cache
X-NGINX-Cache
Hostname
X-PARISIEN-Cache-Rendered
X-SB
X-RAMCache
X-VarnCache
WS
X-Acquia-Application-Trace
X-VG-TLSProxy
X-Fe
X-Litespeed-Cache-Control
X-Acquia-Application-UUID
SID
X-Akamai-ERRuleID
V-Cache
N-Cache
X-Hello
Rt-Proxy-Cache
X-Akamai-ERPolicy
X-Litespeed-Tag
X-VarnPar2
CF-Cached-On
X-VC
X-Safe-Firewall
Group
X-VarnPar1