Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Xss-Protection
X-Served-By
X-Varnish
X-Amz-Cf-Id
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
CF-Ray
Alt-Svc
Status
X-AspNetMvc-Version
X-Cache-Status
X-DNS-Prefetch-Control
X-Check
X-Iinfo
X-Adblock-Key
X-FRAME-OPTIONS
X-CDN
Timing-Allow-Origin
X-Content-Security-Policy
X-Turbo-Charged-By
X-Permitted-Cross-Domain-Policies
Content-Encoding
P3p
X-Request-ID
X-Template
X-Language
Keep-Alive
X-Type
X-AH-Environment
X-Via
X-Cache-Group
X-Backend
WPE-Backend
X-Pass-Why
X-Buckets
X-Age
X-Server
X-Nginx-Cache-Status
Access-Control-Max-Age
X-Server-Powered-By
X-Pingback
Xkey
X-Varnish-Cache
Grace
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Expose-Headers
X-Hacker
X-UA-Device
X-Amz-Request-Id
X-Page-Speed
Cf-Railgun
X-Amz-Id-2
X-Proxy-Cache
X-Robots-Tag
EagleId
X-Envoy-Upstream-Service-Time
X-LiteSpeed-Cache
Request-Context
X-Node
X-Swift-CacheTime
X-Swift-SaveTime
X-Ac
X-Device
Ali-Swift-Global-Savetime
X-Cnection
X-Host
Content-Location
X-Amz-Version-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Server-Id
Surrogate-Control
X-Backend-Server
X-Cache-Lookup
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Rack-Cache
X-Response-Time
X-Px
X-Instart-Request-ID
Request-Id
X-CST
X-Readtime
Server-Timing
X-Rq
X-Clacks-Overhead
X-Do-Not-Hack
X-HeyJason
Permitted-Cross-Domain-Policies
Pinterest-Generated-By
EagleEye-TraceId
X-Ua-Compatible
X-Url
Edge-Control
X-Cloud-Trace-Context
X-Application-Context
X-MS-InvokeApp
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country
Report-To
X-DynaTrace-JS-Agent
X-Server-Name
Charset
SPRequestGuid
X-Country-Code
Allow
X-SharePointHealthScore
X-DataDome
X-ESI
Rating
X-Varnish-TTL
X-Ruxit-JS-Agent
X-PC
X-TtlSet
X-Vname
X-Cached
X-Powered-CMS
X-Powered-By-Plesk
X-Recruiting
X-CF-Powered-By
X-TTL
X-FTR-Request-ID
X-D2id
X-Vhost
NEL
X-DynaTrace
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
Public-Key-Pins
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Env
X-Version
X-F-Cache
X-Cdn-Fetch
X-Kinja
X-Exp-Variant
X-Exp-Id
X-Kinja-Build
X-Kinja-Server
X-Geo-Segment
X-Kinja-Revision
X-VARITI-CCR
X-T
X-N
SPIisLatency
SPRequestDuration
X-Dw-Request-Base-Id
Cartoon
X-GoogleNews-Bot
X-Mod-Pagespeed
MS-Author-Via
Content-MD5
RTSS
Nginx-Cache
X-Abt-Application-Version
Feature-Policy
X-GitHub-Request-Id
Verso
X-Dispatcher
AR-ATIME
AR-PoweredBy
AR-CACHE
X-Navigation-Version
MicrosoftSharePointTeamServices
X-Ttl
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Goog-Hash
X-Client-IP
X-Amz-Rid
X-Shield-Request-Id
X-Hits
Realpath
X-Forwarded-Proto
X-Trace
X-Origin-Cache
X-Cdn
Paypal-Debug-Id
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Content-Options
X-Zen-Fury
X-Content-Digest
X-Id
X-Server-ID
X-Grace
X-Kinsta-Cache
Arr-Disable-Session-Affinity
TCN
AR-SID
X-B
DynaTrace
Alternate-Protocol
X-Varnish-Age
X-Cache-Key
Fastcgi-Cache
X-Sol
X-Upstream
Mrf-Cache-Status
X-Mrf-Section-Lastmod
Access-Control-Request-Method
X-Mrf-Item-Lastmod
MRF-Tech
X-Ser
X-Pad
X-Fastly-Request-ID
X-Middleton-Display
Display
PB-PID
PB-RID
X-Mobile-Rewrite
X-NF-Request-ID
X-Nf-Srv-Version
X-FastCGI-Cache
X-Via-JSL
X-Acc-Meta-Resource-Type
X-DIS-Request-ID
X-Vcap-Request-Id
Response
X-Middleton-Response
X-User-Agent
Pagespeed
Front-End-Https
X-MSEdge-Ref
X-Forwarded-For
Rt-Fastcgi-Cache
X-Cache-Rule
X-PressLabs-Stats
X-IPLB-Instance
X-Frontend
Eomportal-Instance
X-SS-Set-Cookie
X-Logged-In
X-Cache-Hit
Arc-Version
X-Whom
Server-Name
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-VCache
X-Hostname
X-Webkit-Csp
Host
X-XRDS-Location
Tracecode
Surrogate-Key
S
X-FTR-Expires
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Balancer
X-FTR-DC
X-FTR-Backend
Cache-Status
X-Request-Processing-Time
X-Request-Received
Backend-Timing
X-Debug
X-Analytics
X-HS-Content-Id
TP-L2-Cache
Refresh
X-AOL-HN
TP-Cache
X-Instance
X-Contextid
X-Proxied
X-Magnolia-Registration
X-Activity-Id
X-AppVersion
X-Az
X-Rid
Public-Key-Pins-Report-Only
X-Wix-Server-Artifact-Id
FilterID
X-Srv
X-XRDS-LOCATION
ServerID
X-UUID
Server-Info
HitInfo
HitType
X-HW
X-WPE-Loopback-Upstream-Addr
X-Newrelic-App-Data
X-B3-Traceid
Cleartype
X-URL
Liferay-Portal
Service-Worker-Allowed
X-Varnish-Server
X-Content-Security-Policy-Report-Only
X-NWS-LOG-UUID
X-Mobile
X-FTR-Cache-Host
X-Varnish-Backend
X-APP-VERSION
X-Cache-Control
Served-By
AMP-Access-Control-Allow-Source-Origin
X-Revision
Source
X-Amzn-Trace-Id
X-Geo-Country
X-Cache-Server
Server-Node
X-PC-Hit
X-PHP-Backend
Retry-After
X-PC-AppVer
X-App-Environment
Host-Header
X-RateLimit-Remaining
X-Hail-Hydra
X-PC-Key
X-Request-Guid
X-Correlation-Id
MS-CV
X-BCube-Filmed-By
X-HS-Cache-Config
X-Varnish-Hostname
X-TT
Edge-Cache-Tag
X-Origin
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Cache-Operation
X-Handled-By
X-Cache-2
DC
X-Device-Type
X-Framework
S-Cnection
Powered-By-ChinaCache
X-Origin-Upstream-Status
X-Signature
X-FB-Debug
X-B-Cache
X-Cache-Config
X-Litespeed-Cache
X-Page-Id
Fastly-Restarts
Accept-Charset
X-Origin-Server
X-Cache-Action
X-TT-TIMESTAMP
X-Sucuri-ID
X-Ocache
X-Debug-Info
X-PC-Host
Viewport
X-PC-Date
Actual-Object-TTL
X-ATG-Version
X-Shield-Cache-Expires
X-ADI-VCache
X-Hyper-Cache
X-B3-Sampled
X-Cached-By
X-Content-Powered-By
NGB
X-WA-Info
X-Accel-Expires
X-Microcachable
X-Drupal-Cache-Tags
X-LB-Cache
X-Akam-SW-Version
Upgrade-Insecure-Requests
SRV
Filters
AsisCache
X-Cache-NE
X-NewRelic-App-Data
Cache
X-Generated-By
ServedBy
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-App-Server
X-FW-Static
X-RTag
X-FW-Serve
X-Cacheable-TTL
X-Locale
X-RequestSource
X-S
X-FW-Hash
X-FW-Server
X-FW-Type
X-Tumblr-Pixel-2
X-Internal-Host
X-GeoIP
X-Seen-By
Content-Style-Type
X-Distil-CS
X-Wix-Request-Id
X-Tumblr-Pixel-1
Content-Script-Type
X-WebKit-CSP-Report-Only
X-Amz-Server-Side-Encryption
X-Accel-Buffering
X-TX-ID
X-Jobs
X-Cluster
X-Varnish-Hits
X-Geo
X-Node-Name
From-Origin
X-Akamai-Edgescape
X-Sucuri-Cache
X-Varnish-Cache-Hits
X-RateLimit-Limit
X-Adobe-Content
X-Adobe-Loc
X-Varnish-Grace
X-HS-Combine-CSS
X-ServedBy
X-Varnish-IP
X-Cache-Age
X-GZip
X-Platform-Server
X-UA
X-Vg-Webcache
X-Dns-Prefetch-Control
X-Cache-TTL-Remaining
X-Edge-Cache
Datacenter
X-Daa-Tunnel
X-Edge-Cache-Key
X-GUploader-UploadID
X-CDN-Forward
X-Cache-Remote
X-Storage
X-Akamai-Transformed
X-Oneagent-Js-Injection
Cache-Tag
X-Mode
X-Region
HostName
X-Drupal-Cache-Contexts
X-Real-IP
X-Amz-Replication-Status
X-Esi
X-Source
X-Distributor
X-Detected-As
Machine
X-Cache-Var-Map
X-Cache-Var
Meta-Geo
Load-Balancing
X-Is-Bot
X-ProcessESI
X-Path-Route
X-MP-GENERATED-AT
X-RemovedCookies
X-RN-RSRV
X-Rendered-As
X-Amz-Apigw-Id
X-Agile-Id
X-Agile-Age
X-Agile
Country
X-NCache
ServerName
Fastly-SSL
X-Guploader-Uploadid
X-Amzn-RequestId
Mn-Server-Ip
X-Time-Microsecs
X-TWH-CORRELATION-ID
X-Upgrade-Enabled
X-PERF
X-PCL
X-OCL
X-NodeID
X-Viewer-Country
X-Web-Node
X-BB-IP
X-ApacheServer
X-Akamai-Request-ID
X-Cache-Category-Id
X-CDN-Cache
X-Webstats-RespID
X-Grey
Cache-Key
GEO-INFO
X-Kinja-Server-Push
X-Cache-HT
X-Optimization
X-Debug-Cache
X-Via-Fastly
Ohc-File-Size
Azure-SlotName
X-Cluster-Node
X-OVcl-Cache
X-OVcl
X-TA-CDN-Provider
X-Proto
L5d-Success-Class
X-Original-Request
X-Amz-Meta-Surrogate-Control
Azure-Version
Backend
Azure-InstanceId
Azure-RegionName
X-Port
Azure-SiteName
X-EIG-Tracking-Id
S-Rt
X-Instance-Name
Cache-Name
X-Edge-Location
X-Human
DB-Nickname
Healthy
X-CCM-LastModified
TWC-Connection-Speed
User-Cache-Control
TWC-Device-Class
TWC-GeoIP-Country
TWC-Locale-Group
TWC-GeoIP-LatLong
Webcakes-App-Name
Property-Id
X-AWS-Id
X-CCM
X-App-Name
X-Access
Webcakes-App-Version
Webcakes-Region
LB
X-Hosted-By
X-Format
X-Site-Version
X-Section
X-Routing-Service
X-SplitTest
X-BYPASS-REASON
X-Zipkin-Id
X-Xfnlog-Site
X-Www-Served-By
X-VWS-Id
X-Proxy
X-Pubstack
X-ProxyCache-Status
X-IP
X-ServerID
TWC-Privacy
X-Generation-Time
X-Labrador-Cache-Channel
X-Origin-Hint
X-ProxyCache-Key
X-LJ-Flow-ID
X-Varnish-Cacheable
X-FC-Vary-Parameters
Now
X-Birta-Served
User-Agent
Cache-Hits
X-Meta-Tbi-Cache-Vertical
Fastcgi-Useragent
X-Request-Time
X-Birta-Cache-Post
X-JoinUs
Access-Control-Allow-Method
X-TNCMS
X-Loop
X-Cache-Bucket
X-Surge-Debug
X-CLOUD-TRACE-CONTEXT
X-Generated
X-Backend-Name
X-Tumblr-Pixel-3
X-Tb
X-Time
RATING
Countrycode
X-Proxy-Build
Payment
Selected-FE
X-Ezoic-Cdn
X-Timing-Wait
X-Hit
X-Dc
X-Origin-CC
Ec-Rule-Version
X-Render-Type
X-Feature
X-Real-Ip
X-Cache-Enabled
WP-Super-Cache
X-DataStream-Cache-Status
X-Unique-ID
X-Newrelic-Synthetics
X-Nginx-Cache
X-Nc
Origin-Edge-Control
Origin-Cache-Control
X-Oracle-Dms-Rid
X-B3-Spanid
X-Oracle-Dms-Ecid
X-B3-TraceId
X-Environment-Context
X-L-Path
X-UA-Device-Type
RequestId
X-Correlation-ID
X-Varnish-Beresp-Grace
X-NU-AKA-ACS-Version
X-Varnish-Beresp-Status
X-Servedby
X-Skip-Cache
NODE
X-CACHE-AGE
Xserver
X-NGENIX-Cache
Access-Control-Request-Headers
X-WR-MODIFICATION
X-Content-Type
Webserver
X-COUNTRY
X-ElasticPress-Search
X-Be
X-Status
X-Vgn-Hpd-Reason
Time
X-Cache-Backend
X-EdgeConnect-Cache-Status
X-Upstream-HT
X-Upstream-CT
Ws
Warning
X-Amz-Meta-Cache-Control
X-Planisys-CDN-Cache
X-Cache-Host
X-Cache-Id
X-PAYTM-SRV-ID
X-We-Are-Hiring
X-Wix-Route-ID
X-Planisys-CDN-Rules
X-ARC
X-B-Cookie
X-BB-ID
X-BBXSRF
X-Application
Www
Meta-Geo-Continent
Memcached
BehaviorPad-Version
Apple-News-Services-Request-Url
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
MD5-Digest
Cache-Prefix
Fastly-Soc-X-Request-Id
Fastcgi-X-Cache-Version
Fly-Cache
Fly-Request-Id
Host-ID
GMS-Ver
Apple-News-Services-Handled
AKAMAI
X-A-Ccd
X-A
X-A-Dam
X-A-Dcw
X-A-Wwc
X-A-Dgt
X-Via-Edge
VivaBuild
Xc-Version
Ajk
Resin-Trace
Sta2Tusw
Viewtype
T-Server
X-Accel-Expires-Debug
X-VG-WebServer
X-Developer
X-Destination
X-Died
X-DPWN-IS-SECURE
X-SVT-ORM-VERSION
X-Region-Sid
X-Transaction
X-Planisys-CDN-TTL
X-Public
X-Twitter-Response-Tags
X-Trv-Group
X-G
X-SVT-ORM-RULES
X-S-Cookie
X-Rojux
X-Rewrite-Enabled
X-From
X-Server-By
X-Server-Time
X-SRCache-Key
X-Fastcgi-Cache
X-Fastly-Cache
Fastcgi-X-Cache
X-Haproxy-Hostname
X-Generated-In
X-Connection-Hash
X-CF-Lambda-Version
X-ND-Cache
X-No-Session
X-Via-CDN
X-D
X-Logtrace-Id
X-User
X-CF-Lambda-Fn
X-Haproxy-Ip
X-Date
X-GoCache-CacheStatus
X-Croise-Owner
IBM-Web2-Location
NGX
X-SIPLIST1
X-Cache-Time
X-Core-Value
Odigeo-Trace-Id
X-FireWall-Port
X-Frame-Option
X-Forwarded-Host
X-NX-Host
IsBot
X-Request-URI
X-Fstrz
X-ScT
X-Wikidot-Backend
Request-Time
X-Cdn-Origin
X-Cache-CFC
X-Cache-Expires
X-CS
X-Trace-Id
X-Up
X-Phone
X-Debug-Cookies
X-F5-Cache
V-Age
Rendered-Blocks
X-Wikidot-Static-Cache
Origin
X-Debug-Log
Server-Int
UCS
X-Var-Ttl
X-Sn-Servicetimems
Release
Apicache-Store
Apicache-Version
Cneonction
X-Webkit-CSP
X-C
X-Cache-Ttl
X-Content-Age
X-Ckpd-Fst-Backend
X-CGP
X-Cdn-Srv
X-Cache-Debug
X-Eu-Site
X-Edge-IP
X-Env
X-Dispatcher-Server
X-Device-Os
X-Epic-Correlation-Id
X-Bug-Bounty
X-Developers
X-Backend-Url
Uber-Trace-Id
Web-Mar-Node
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Who
X-Actual-URL
X-Backend-TTL
X-Gen-Mode
X-Backend-State
X-Backend-Host
X-Amz-Meta-S3cmd-Attrs
X-Block-Status
X-GeoIP-Country-Code
X-Thinkindot-L3
X-TT-LOGID
X-UE-Client-Country
X-StackifyID
X-Stale
X-Server-IP
X-ServiceProvider
X-UnsetCookies
X-V
X-IN-SSL-APIGATEWAY
X-IN-WAF
X-IN-APIGATEWAY
X-Worker
X-VServer
X-WebServer
X-Server-Group
X-Returned-From-PostProcessResponse
X-MI-In-Market
X-Passed-To
X-Matched-Rule
X-Location
Server-Host
X-Hnp-Log
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-Returned-From
X-Reboot
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-GeoIP-City
X-Passed-To-BeforeDispatch
HA-Servedtime
HA-Urlpath
Heartbleed
MI-Cache-Age
Fastly-SIE
HA-Geocity
Decoy-Debug-TTL
Pragrma
Decoy-Debug-Status
Powered-By
CDCHOST
MI-Cache
Cache-Cookie-Set-Idcheck
Fastly-Backend-Name
Decoy-Debug-Key
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
HA-Geolon
HA-Geocountry
Httpd-Identifier
HTTPS
Fastly-SWR
Esi-Enabled
Ohc-Response-Time
HA-Host
OT-Force-Account-Verify
Ha-Gx-Prefs
Proxy-Connection
GW-Server
HA-Geolat
Pramga
HA-Ipaddr
HA-Georegion
HA-Cloudapp
X-TIME
X-Varnish-Beresp-Ttl
MI-API
X-Via-NSCOPI
Request-EU
X-ShopId
X-Shopify-Stage
X-Core-Mission
X-RCS-CacheZone
Content-Disposition
X-Ver
Kp-EeAlive
Server-ID
Is-Eu
X-Served-From
X-S-Maxage
X-Fetched-On
NnCoection
REQUESTUUID
X-ShardId
X-Response-By
X-Varnish-Id
X-Auto-Login
Platform
X-MSEdge-Flight
PFcat
Adler-Geo
X-Sorting-Hat-PodId
X-Hl-Ver
X-Sorting-Hat-FeatureSet
X-Page-Type
X-Alternate-Cache-Key
X-Rocket-Nginx-Bypass
On-Server
X-MSEdge-Features
X-Sorting-Hat-ShopId
X-Sorting-Hat-ShopId-Cached
X-Release
Request-Country
X-Cache-Srv
X-Servername
Backend-Name
X-Sorting-Hat-PrivacyLevel
X-Hash
X-Sorting-Hat-Section
X-Sorting-Hat-PodId-Cached
X-HS-Hub-Id
X-Ruxit-Js-Agent
Mime-Version
X-Crawler
X-Clientip
X-Cache-URL
X-Origin-Expires
X-HCF
X-Amz-Meta-S3b-Last-Modified
X-Varnish-HitMiss
Drupal-Pagecache-Memcache
X-Platform
X-Info
X-Gannett-Site-Version
X-Cache-Control-Set-By
NtCoent-Length
X-Secret
X-Node-Id
X-Origin-Date
X-Bip
X-Req
X-P-T
X-Refresh
Cache-Provider
Country-Code
X-Svr
X-Thanos
Processtime
Version
X-App-Version
Dnion-Transfer-Encoding
X-Origin-TTL
X-Pjax-Url
X-Amz-Meta-Sha256
X-Pf-Uncompressing
X-Oss-Request-Id
X-Oss-Server-Time
Cteonnt-Length
X-Csrf-Token
Pagetype
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Storage-Class
X-EC-Security-Audit
X-From-Cache
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Cache-ASPX
Ar-Sid
X-Kong-Upstream-Latency
Memory
X-Kong-Proxy-Latency
X-Yottaa-Sig
Accept-Ch
WebServer
X-CSRF-Token
Arc-Country
X-Varnish-Url
FSS-Cache
FSS-Proxy
X-NC
X-Ua
SN
X-LiteSpeed-Cache-Control
Geoip-Latitude
Geoip-City
Brightspot-Id
X-Irp-Debug
GeoIp-Country-Code
X-DC
PageType
X-Dynatrace
X-Wix-Petri-Ex
X-Cache-Handler
X-LB-CacheStatus
X-LB-Node
Cdn
X-ROOTCache
X-Rule
Sid
If-Modified-Since
Dont-Set-Cookie
X-Redis-Cache
PICS-Label
X-Cdn-Forward
COMMERCE-SERVER-SOFTWARE
CF-IPCountry
X-Endurance-Cache-Level
X-Varnish-Beresp-TTL
X-Request-UUID
X-Request-Start
X-Load-Cache
MIME-Version
X-Ratelimit-Remaining
Edgecast
X-Fastly-Backend-Reqs
X-SERVER-NAME
X-TId
X-Atg-Version
X-Requestid
X-Varnish-Action
X-GRACE
BORDER-IP
PROCESSING-IP
X-GDPR
X-Sf
X-Servedbyhost
X-Layer
X-Ratelimit-Limit
X-ServedByHost
RNT-Machine
RNT-Time
X-Tid
XServer
X-B3-SpanId
Dynatrace
X-Rocket-Nginx-Serving-Static
Frame-Options
X-RequestId
Amp-Access-Control-Allow-Source-Origin
X-Nananana
X-Fastly-Cache-Hits
X-Resolver-IP
X-BE
X-Cache-TTL
Pics-Label
Cf-Ipcountry
Powered
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
CDN
Cache-Tags
NodeID
Node
X-Owner
X-Key
CACHE
X-HTML-Minification-Powered-By
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
We-Hiring
Mail-Subject
Web-Mar-Region
X-Server-W
GeoIP-Country-Code
GeoIP-City
GeoIP-Latitude
DataCenter
PageSpeed
X-ABtesting
X-VG-WebCache
X-Flog
X-Gdpr
X-Varnish-Ttl
X-Shard
X-Dynatrace-Js-Agent
X-Use-Magma
X-UPSTREAM-Address
X-Sentry-ID
X-Powered-By-ANYU
WZWS-RAY
Lfy
Accept-CH
ProcessTime
X-GZIP
X-NWS-UUID-VERIFY
X-CDN-Pop
Max-Age
Get-Access-Time
X-PF-Uncompressing
X-CDN-Pop-IP
X-Varnish-URL
Is-Session-Tracking
X-Ms-Lease-Status
X-Ms-Blob-Type
Hostname
X-Ms-Request-Id
X-Ms-Version
X-GEO
URI
X-Mem
X-Aicache-OS
X-NGINX-Cache
X-Dw-Trace-Id
X-Alicdn-Da-Ups-Status
Xet-Cookie
X-VG-TLSProxy
X-PJAX-URL
X-Edge-Server
X-Front
Cdn-Host
X-Remote-IP
X-Cookie
X-Cache-FS-Status
X-Check-Cacheable
X-Trv-Request-Id
True-Client-Country-4JS
Cdn-Request-Time
X-Oa-Upstreams
X-Powered-By-Defense
X-Unique-Id
Magicmarker
RequestUuid
X-Varnish-ID
Requestid
X-Proxy-Server
X-PAGE-TYPE
X-Ms-Lease-State
X-Swa-Ws
X-ByteArk-Cache
X-Policy
X-DW
X-DSS
X-DI
X-RSL
Rt-Proxy-Cache
X-ServerName
X-VID
X-DB
X-RPS
X-RPM
X-Zalando-Child-Request-Id
X-Akamai-ERPolicy
X-RAMCache
X-Akamai-ERRuleID
X-Hello
X-Litespeed-Tag
CF-Cached-On
WS
X-Acquia-Application-UUID
X-Litespeed-Cache-Control
SID
X-Zalando-Page-Type
X-Acquia-Application-Trace
X-Fe
X-Micro-Cache