Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
X-Xss-Protection
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
CF-Ray
Alt-Svc
Status
X-AspNetMvc-Version
X-Cache-Status
X-DNS-Prefetch-Control
P3p
X-Check
X-Iinfo
X-FRAME-OPTIONS
X-Adblock-Key
Timing-Allow-Origin
X-CDN
X-Content-Security-Policy
X-Turbo-Charged-By
X-Permitted-Cross-Domain-Policies
Content-Encoding
X-Template
X-Language
Keep-Alive
X-Type
X-AH-Environment
X-Via
X-Request-ID
X-Cache-Group
X-Backend
WPE-Backend
X-Pass-Why
X-Age
X-Buckets
X-Server
X-Nginx-Cache-Status
Access-Control-Max-Age
X-Server-Powered-By
X-Pingback
Xkey
X-Varnish-Cache
Grace
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Expose-Headers
X-Hacker
X-UA-Device
X-Amz-Request-Id
X-Page-Speed
Cf-Railgun
X-Amz-Id-2
X-Proxy-Cache
X-Robots-Tag
EagleId
X-Envoy-Upstream-Service-Time
X-LiteSpeed-Cache
Request-Context
X-Node
X-Swift-SaveTime
X-Swift-CacheTime
X-Ac
X-Device
X-Cnection
Ali-Swift-Global-Savetime
X-Host
Content-Location
X-Amz-Version-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Server-Id
Surrogate-Control
X-WebKit-CSP
X-Backend-Server
X-Cache-Lookup
X-OneAgent-JS-Injection
X-Rack-Cache
X-Response-Time
X-Instart-Request-ID
X-Px
Request-Id
X-Readtime
X-CST
Server-Timing
X-Rq
X-Clacks-Overhead
Permitted-Cross-Domain-Policies
X-Do-Not-Hack
X-HeyJason
Pinterest-Generated-By
X-Ua-Compatible
EagleEye-TraceId
Edge-Control
X-Url
X-Cloud-Trace-Context
X-Application-Context
X-MS-InvokeApp
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country
Report-To
X-Server-Name
X-DynaTrace-JS-Agent
Charset
SPRequestGuid
X-Country-Code
Allow
X-SharePointHealthScore
X-DataDome
X-Ruxit-JS-Agent
X-ESI
Rating
X-Varnish-TTL
X-PC
X-Vname
X-Cached
X-TtlSet
X-Powered-CMS
X-Powered-By-Plesk
X-TTL
X-Recruiting
X-CF-Powered-By
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-FTR-Request-ID
NEL
X-D2id
X-Vhost
X-DynaTrace
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Env
Public-Key-Pins
X-F-Cache
X-Cdn-Fetch
X-Exp-Variant
X-Exp-Id
X-Kinja-Server
X-Geo-Segment
X-Kinja-Revision
X-Kinja
X-Version
X-Kinja-Build
X-N
SPRequestDuration
SPIisLatency
X-T
X-Dw-Request-Base-Id
Cartoon
X-VARITI-CCR
X-GoogleNews-Bot
X-Mod-Pagespeed
MS-Author-Via
Content-MD5
X-Abt-Application-Version
RTSS
Nginx-Cache
Feature-Policy
X-GitHub-Request-Id
Verso
AR-PoweredBy
AR-CACHE
AR-ATIME
X-Dispatcher
MicrosoftSharePointTeamServices
X-Navigation-Version
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Goog-Hash
X-Client-IP
X-Shield-Request-Id
X-Amz-Rid
Realpath
X-Hits
X-Forwarded-Proto
X-Cdn
X-Ttl
X-Trace
X-Origin-Cache
Paypal-Debug-Id
X-Server-ID
X-Content-Options
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Content-Digest
X-Zen-Fury
X-Id
X-Kinsta-Cache
Arr-Disable-Session-Affinity
TCN
X-Grace
AR-SID
X-B
DynaTrace
Alternate-Protocol
X-Varnish-Age
X-Cache-Key
Fastcgi-Cache
X-Sol
X-Upstream
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Mrf-Cache-Status
MRF-Tech
Access-Control-Request-Method
X-Ser
X-FastCGI-Cache
X-Fastly-Request-ID
X-Pad
Display
X-Middleton-Display
PB-RID
PB-PID
X-Nf-Srv-Version
X-Mobile-Rewrite
X-NF-Request-ID
X-Via-JSL
X-Acc-Meta-Resource-Type
X-DIS-Request-ID
X-Vcap-Request-Id
Response
X-Middleton-Response
X-User-Agent
X-Forwarded-For
Front-End-Https
Pagespeed
X-IPLB-Instance
X-MSEdge-Ref
Rt-Fastcgi-Cache
X-SS-Set-Cookie
X-Cache-Rule
X-PressLabs-Stats
X-Frontend
Eomportal-Instance
X-Logged-In
X-Cache-Hit
Arc-Version
X-Whom
X-VCache
Server-Name
X-Hostname
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Metageneration
Host
Tracecode
Surrogate-Key
S
Cache-Status
X-FTR-Expires
X-Country-Code-Real
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-DC
X-XRDS-Location
X-Debug
X-Analytics
X-Request-Processing-Time
X-Request-Received
Backend-Timing
X-XRDS-LOCATION
X-HS-Content-Id
TP-L2-Cache
TP-Cache
X-AOL-HN
X-Instance
Refresh
X-Contextid
X-Magnolia-Registration
X-Proxied
X-Az
X-Activity-Id
X-AppVersion
X-Rid
X-Srv
FilterID
Public-Key-Pins-Report-Only
X-Wix-Server-Artifact-Id
X-UUID
X-Newrelic-App-Data
ServerID
HitType
HitInfo
Server-Info
X-B3-Traceid
X-URL
X-WPE-Loopback-Upstream-Addr
X-HW
Liferay-Portal
X-Webkit-Csp
Cleartype
Service-Worker-Allowed
X-APP-VERSION
X-Varnish-Server
X-Mobile
X-Content-Security-Policy-Report-Only
X-FTR-Cache-Host
X-NWS-LOG-UUID
X-Varnish-Backend
AMP-Access-Control-Allow-Source-Origin
Served-By
X-Cache-Control
X-Revision
X-HS-Cache-Config
X-Amzn-Trace-Id
X-Cache-Server
Edge-Cache-Tag
Source
X-PC-Key
X-BCube-Filmed-By
X-Origin
X-Request-Guid
Server-Node
X-PC-AppVer
X-Hail-Hydra
X-PHP-Backend
X-Geo-Country
X-PC-Hit
X-App-Environment
X-Device-Type
MS-CV
Retry-After
Host-Header
X-TT
X-Handled-By
X-RateLimit-Remaining
X-Tumblr-User
X-Correlation-Id
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Cache-Operation
DC
S-Cnection
X-Varnish-Hostname
X-Cache-Config
X-B-Cache
X-Framework
X-Signature
Fastly-Restarts
X-Origin-Upstream-Status
X-Litespeed-Cache
X-FB-Debug
Powered-By-ChinaCache
X-Page-Id
Accept-Charset
X-Cache-2
X-Origin-Server
X-Cache-Action
X-Sucuri-ID
X-TT-TIMESTAMP
X-Ocache
X-Debug-Info
X-PC-Date
Actual-Object-TTL
X-PC-Host
Viewport
X-ADI-VCache
X-Shield-Cache-Expires
X-ATG-Version
X-Hyper-Cache
X-WA-Info
NGB
X-B3-Sampled
X-Content-Powered-By
X-Microcachable
X-Accel-Expires
X-Cached-By
Upgrade-Insecure-Requests
X-Drupal-Cache-Tags
X-LB-Cache
X-Akam-SW-Version
SRV
X-Cache-NE
Filters
AsisCache
Cache
X-Generated-By
X-Yottaa-Metrics
ServedBy
X-Yottaa-Optimizations
X-Cacheable-TTL
X-FW-Static
X-RTag
X-FW-Serve
X-RequestSource
X-Locale
X-FW-Hash
X-Internal-Host
X-FW-Type
X-FW-Server
Content-Style-Type
X-App-Server
X-TX-ID
X-WebKit-CSP-Report-Only
X-Amz-Server-Side-Encryption
X-Wix-Request-Id
X-Distil-CS
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
Content-Script-Type
X-Seen-By
X-GeoIP
X-Jobs
X-Accel-Buffering
X-S
X-Cluster
From-Origin
X-NewRelic-App-Data
X-Geo
X-Varnish-Hits
X-ServedBy
X-Node-Name
X-Akamai-Edgescape
X-Varnish-Cache-Hits
X-Sucuri-Cache
X-HS-Combine-CSS
X-UA
X-Adobe-Content
X-Varnish-Grace
X-Adobe-Loc
X-RateLimit-Limit
X-Varnish-IP
X-Dns-Prefetch-Control
X-Platform-Server
X-GUploader-UploadID
X-GZip
X-CDN-Forward
X-Cache-Age
X-Vg-Webcache
X-Edge-Cache
X-Edge-Cache-Key
X-Cache-TTL-Remaining
Datacenter
X-Daa-Tunnel
X-Cache-Remote
X-Storage
X-Mode
X-Region
X-Akamai-Transformed
X-Real-IP
Cache-Tag
HostName
X-Esi
X-Drupal-Cache-Contexts
X-Amz-Replication-Status
X-Distributor
X-Kinja-Server-Push
X-Source
X-Is-Bot
X-Detected-As
X-MP-GENERATED-AT
X-Cache-Var-Map
X-Cache-Var
X-RN-RSRV
X-Rendered-As
X-RemovedCookies
X-TA-CDN-Provider
X-ProcessESI
X-Path-Route
Load-Balancing
Machine
Meta-Geo
X-NCache
ServerName
X-Amz-Apigw-Id
X-Amzn-RequestId
Country
Fastly-SSL
X-Webstats-RespID
X-Web-Node
X-Upgrade-Enabled
X-PERF
X-Time-Microsecs
X-TWH-CORRELATION-ID
X-Viewer-Country
X-CDN-Cache
X-Agile-Age
X-Agile
Mn-Server-Ip
Cache-Key
X-Agile-Id
X-Akamai-Request-ID
X-OCL
X-BB-IP
X-ApacheServer
X-PCL
GEO-INFO
Azure-RegionName
X-Amz-Meta-Surrogate-Control
Azure-SiteName
Azure-SlotName
Backend
X-Instance-Name
Azure-InstanceId
Ohc-File-Size
S-Rt
X-Via-Fastly
X-NodeID
X-Original-Request
X-OVcl
X-Cache-Category-Id
Azure-Version
L5d-Success-Class
X-OVcl-Cache
X-Edge-Location
X-EIG-Tracking-Id
X-Port
X-Grey
X-Debug-Cache
X-Human
X-Cluster-Node
X-Proto
X-Pubstack
TWC-Connection-Speed
TWC-Device-Class
X-Optimization
X-Origin-Hint
X-Routing-Service
Property-Id
Healthy
Webcakes-App-Name
X-Birta-Served
X-Birta-Cache-Post
X-IP
X-AWS-Id
X-Cache-HT
X-Hosted-By
X-Format
X-Generation-Time
X-CCM-LastModified
X-CCM
X-App-Name
X-LJ-Flow-ID
User-Cache-Control
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-LatLong
X-Section
Webcakes-App-Version
X-Meta-Tbi-Cache-Vertical
X-Access
Webcakes-Region
TWC-GeoIP-Country
LB
X-Www-Served-By
X-VWS-Id
X-Xfnlog-Site
X-Zipkin-Id
X-FC-Vary-Parameters
X-Proxy
X-Site-Version
X-SplitTest
Cache-Name
X-Cache-Bucket
X-Labrador-Cache-Channel
DB-Nickname
X-Loop
Now
X-CLOUD-TRACE-CONTEXT
Fastcgi-Useragent
X-ProxyCache-Key
X-ProxyCache-Status
X-ServerID
X-Varnish-Cacheable
X-TNCMS
X-BYPASS-REASON
Cache-Hits
Access-Control-Allow-Method
X-Request-Time
X-Guploader-Uploadid
User-Agent
X-JoinUs
X-Generated
RATING
X-Backend-Name
X-Tumblr-Pixel-3
X-Surge-Debug
Payment
X-Render-Type
X-Tb
X-Ezoic-Cdn
Countrycode
X-Origin-CC
Selected-FE
X-Timing-Wait
X-Feature
X-Hit
X-Proxy-Build
Ec-Rule-Version
X-Newrelic-Synthetics
X-Time
X-Dc
WP-Super-Cache
X-B3-Spanid
X-DataStream-Cache-Status
X-Cache-Enabled
X-Oneagent-Js-Injection
X-Nginx-Cache
Origin-Edge-Control
Origin-Cache-Control
X-Real-Ip
X-Unique-ID
X-Correlation-ID
X-Nc
X-L-Path
X-Environment-Context
X-UA-Device-Type
RequestId
X-NU-AKA-ACS-Version
NODE
X-CACHE-AGE
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-B3-TraceId
X-Skip-Cache
X-NGENIX-Cache
Access-Control-Request-Headers
X-COUNTRY
X-WR-MODIFICATION
X-Be
Xserver
X-Servedby
Webserver
X-Vgn-Hpd-Reason
X-Content-Type
X-ElasticPress-Search
X-Upstream-HT
X-EdgeConnect-Cache-Status
X-Cache-Backend
X-Upstream-CT
Time
Warning
X-Status
Ws
X-A-Dam
Apple-News-Services-Request-Url
X-ND-Cache
Apple-News-Services-Parsed-Url
X-Died
X-No-Session
X-Developer
Apple-News-Services-Host
BehaviorPad-Version
X-DPWN-IS-SECURE
Ajk
X-Haproxy-Hostname
X-G
X-Haproxy-Ip
Xc-Version
X-Logtrace-Id
X-Wix-Route-ID
X-From
AKAMAI
X-A-Ccd
T-Server
X-Fastly-Cache
Apple-News-Services-Handled
X-A-Dcw
X-B-Cookie
Viewtype
Host-ID
X-BB-ID
GMS-Ver
X-BBXSRF
X-ARC
X-Application
Meta-Geo-Continent
Memcached
MD5-Digest
Www
VivaBuild
X-Accel-Expires-Debug
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-D
X-Connection-Hash
X-A
X-Date
Cache-Prefix
X-Destination
X-We-Are-Hiring
X-A-Dgt
Fly-Cache
Fly-Request-Id
Fastly-Soc-X-Request-Id
Fastcgi-X-Cache-Version
Resin-Trace
Fastcgi-X-Cache
X-A-Wwc
X-Generated-In
X-Server-Time
X-Twitter-Response-Tags
X-Server-By
X-SVT-ORM-VERSION
Sta2Tusw
X-Trv-Group
X-SVT-ORM-RULES
X-PAYTM-SRV-ID
X-Region-Sid
X-SRCache-Key
X-Planisys-CDN-Cache
X-User
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Rojux
X-S-Cookie
X-Public
X-Rewrite-Enabled
X-Via-CDN
X-Via-Edge
X-VG-WebServer
X-Transaction
X-Webkit-CSP
X-Croise-Owner
Fastly-SIE
X-Wikidot-Backend
X-Cache-Id
X-Phone
X-Cdn-Origin
X-CS
X-Debug-Log
X-Cache-Host
Fastly-SWR
X-Debug-Cookies
X-Rebelmouse-Cache-Control
X-Trace-Id
X-Core-Value
X-Up
X-NX-Host
V-Age
Origin
X-ScT
NGX
UCS
X-Var-Ttl
Request-Time
Uber-Trace-Id
Rendered-Blocks
Release
X-F5-Cache
IsBot
X-GoCache-CacheStatus
X-Forwarded-Host
X-Rebelmouse-Surrogate-Control
X-Cache-Expires
X-Wikidot-Static-Cache
X-Fstrz
X-Amz-Meta-Cache-Control
IBM-Web2-Location
X-SIPLIST1
X-Sn-Servicetimems
Server-Int
X-Oracle-Dms-Rid
X-TIME
X-Oracle-Dms-Ecid
Apicache-Version
Apicache-Store
Cneonction
X-Varnish-Beresp-Ttl
X-Passed-To-PostProcessResponse
X-Served-From
X-Returned-From-BeforeDispatch
X-Hnp-Log
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-GeoIP-Country-Code
X-Request-URI
X-Actual-URL
X-Servername
X-Returned-From
X-Server-IP
X-Passed-To
X-Server-Group
Web-Mar-Node
X-MSEdge-Flight
Thinkindot-Control
X-MSEdge-Features
Thinkindot-CacheControl-Type
X-Worker
X-Returned-From-PostProcessResponse
Thinkindot-CacheControl
X-MI-In-Market
X-Matched-Rule
X-IN-SSL-APIGATEWAY
X-GeoIP-City
X-IN-APIGATEWAY
X-Location
X-IN-WAF
X-V
Who
X-Amz-Meta-S3cmd-Attrs
X-Cdn-Srv
X-Stale
X-Cache-Time
X-Env
X-Eu-Site
X-Epic-Correlation-Id
X-UE-Client-Country
X-CGP
X-Content-Age
X-Ckpd-Fst-Backend
X-Developers
X-Device-Os
X-Edge-IP
X-TT-LOGID
X-UnsetCookies
X-Cache-Debug
X-Backend-Host
X-Backend-State
X-Frame-Option
X-Gen-Mode
X-Thinkindot-L3
X-ServiceProvider
X-Backend-TTL
X-Backend-Url
X-C
X-Cache-CFC
X-Bug-Bounty
X-Block-Status
X-Reboot
X-FireWall-Port
X-Returned-From-DLL
Proxy-Connection
HA-Geolon
HA-Georegion
HA-Geolat
HA-Geocountry
HA-Geocity
Ha-Gx-Prefs
HA-Host
Heartbleed
Httpd-Identifier
HA-Urlpath
HA-Servedtime
HA-Ipaddr
HA-Cloudapp
GW-Server
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Backend-Name
X-StackifyID
X-Cache-Ttl
Cache-Cookie-Set-Lfrom
CDCHOST
Esi-Enabled
Fastly-Backend-Name
Decoy-Debug-Status
Decoy-Debug-Key
Content-Disposition
HTTPS
Decoy-Debug-TTL
Odigeo-Trace-Id
Ohc-Response-Time
On-Server
Powered-By
MI-Cache-Age
MI-Cache
Pramga
Server-Host
OT-Force-Account-Verify
X-Sorting-Hat-FeatureSet
Pragrma
X-Auto-Login
X-Fetched-On
X-Hl-Ver
Request-Country
Adler-Geo
X-Dispatcher-Server
X-RCS-CacheZone
Request-EU
X-Shopify-Stage
NnCoection
X-Sorting-Hat-PodId-Cached
X-Sorting-Hat-ShopId
X-Sorting-Hat-Section
Server-ID
X-Ver
X-Varnish-Id
X-VServer
X-WebServer
X-Sorting-Hat-PodId
X-Node-Id
X-Sorting-Hat-ShopId-Cached
X-Sorting-Hat-PrivacyLevel
X-Hash
X-Gannett-Site-Version
REQUESTUUID
X-Release
X-ShopId
PFcat
X-ShardId
MI-API
X-Rocket-Nginx-Bypass
X-Cache-Srv
X-Secret
Kp-EeAlive
X-Response-By
X-Core-Mission
X-Alternate-Cache-Key
Is-Eu
Drupal-Pagecache-Memcache
Platform
X-Via-NSCOPI
X-Cache-URL
X-Origin-Date
X-Info
Mime-Version
NtCoent-Length
X-Fastcgi-Cache
X-Amz-Meta-S3b-Last-Modified
X-Thanos
X-Svr
X-Origin-Expires
X-Crawler
X-HCF
X-S-Maxage
X-Page-Type
X-Clientip
X-Varnish-HitMiss
X-Cache-Control-Set-By
X-Bip
X-Platform
Version
Dnion-Transfer-Encoding
X-Req
Cache-Provider
X-Refresh
Processtime
Country-Code
X-P-T
X-Origin-TTL
X-Pf-Uncompressing
X-HS-Hub-Id
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
Cteonnt-Length
Pagetype
X-Oss-Storage-Class
X-Oss-Server-Time
X-RateLimit-Remaining-Second
Ar-Sid
X-RateLimit-Limit-Second
X-Yottaa-Sig
Accept-Ch
X-Pjax-Url
X-Amz-Meta-Sha256
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Arc-Country
FSS-Proxy
X-CSRF-Token
X-EC-Security-Audit
FSS-Cache
Memory
X-From-Cache
WebServer
X-Cache-ASPX
X-App-Version
X-Csrf-Token
X-NC
X-Varnish-Url
Geoip-City
Geoip-Latitude
X-Irp-Debug
X-LiteSpeed-Cache-Control
GeoIp-Country-Code
Brightspot-Id
X-Ruxit-Js-Agent
X-DC
SN
X-Dynatrace
X-Ua
X-LB-CacheStatus
Sid
X-LB-Node
X-ROOTCache
PageType
PICS-Label
COMMERCE-SERVER-SOFTWARE
X-Redis-Cache
X-Request-UUID
X-Request-Start
CF-IPCountry
Cdn
X-Cache-Handler
MIME-Version
X-Wix-Petri-Ex
X-Ratelimit-Remaining
Dont-Set-Cookie
X-Rule
Edgecast
If-Modified-Since
X-Fastly-Backend-Reqs
X-Endurance-Cache-Level
X-Load-Cache
X-SERVER-NAME
X-Varnish-Beresp-TTL
X-Varnish-Action
X-GRACE
BORDER-IP
X-Cdn-Forward
PROCESSING-IP
X-Atg-Version
X-Requestid
X-Layer
X-Ratelimit-Limit
X-ServedByHost
X-Sf
X-GDPR
X-Servedbyhost
X-TId
X-Tid
XServer
Frame-Options
X-Rocket-Nginx-Serving-Static
X-RequestId
RNT-Time
Dynatrace
RNT-Machine
X-Nananana
X-Fastly-Cache-Hits
X-Resolver-IP
X-B3-SpanId
X-Cache-TTL
CDN
X-BE
NodeID
Powered
Pics-Label
X-Owner
X-Key
Cf-Ipcountry
X-DataStream-Origin-MEX-Latency
CACHE
Amp-Access-Control-Allow-Source-Origin
X-DataStream-MidMile-RTT
X-HTML-Minification-Powered-By
Cache-Tags
X-Tec-Api-Origin
Node
X-Tec-Api-Root
X-Tec-Api-Version
Mail-Subject
Web-Mar-Region
We-Hiring
X-Server-W
PageSpeed
DataCenter
GeoIP-Latitude
X-Dynatrace-Js-Agent
X-Varnish-Ttl
X-Gdpr
GeoIP-City
X-VG-WebCache
X-ABtesting
GeoIP-Country-Code
X-Flog
X-Shard
X-Use-Magma
WZWS-RAY
X-Sentry-ID
Lfy
X-Powered-By-ANYU
X-GZIP
ProcessTime
X-NWS-UUID-VERIFY
Get-Access-Time
X-CDN-Pop
Max-Age
X-CDN-Pop-IP
Is-Session-Tracking
X-UPSTREAM-Address
Accept-CH
X-Varnish-URL
X-Ms-Version
X-Ms-Blob-Type
X-Ms-Request-Id
Hostname
X-Ms-Lease-Status
X-Mem
X-PF-Uncompressing
X-GEO
Xet-Cookie
X-Dw-Trace-Id
X-Cookie
X-Trv-Request-Id
X-Check-Cacheable
X-PJAX-URL
X-Cache-FS-Status
X-Aicache-OS
X-Powered-By-Defense
X-Remote-IP
URI
X-Oa-Upstreams
X-NGINX-Cache
Magicmarker
X-Unique-Id
Requestid
X-Varnish-ID
X-Proxy-Server
RequestUuid
X-ByteArk-Cache
True-Client-Country-4JS
X-Alicdn-Da-Ups-Status
X-Front
X-PAGE-TYPE
X-VG-TLSProxy
X-Ms-Lease-State
X-DB
X-VID
X-Swa-Ws
X-Policy
X-DI
X-RPS
X-Edge-Server
Cdn-Request-Time
X-DW
X-RPM
X-DSS
X-RSL
X-Fe
X-Hello
X-Zalando-Page-Type
SID
X-Zalando-Child-Request-Id
X-Litespeed-Tag
CF-Cached-On
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Micro-Cache
X-Litespeed-Cache-Control
X-Acquia-Application-Trace
WS
X-RAMCache
X-Acquia-Application-UUID
Cdn-Host