Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
Referrer-Policy
X-Xss-Protection
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
X-Generator
Content-Security-Policy-Report-Only
CF-Ray
Alt-Svc
Status
X-AspNetMvc-Version
X-Cache-Status
X-DNS-Prefetch-Control
X-Check
X-Iinfo
X-Adblock-Key
X-FRAME-OPTIONS
Timing-Allow-Origin
X-CDN
X-Content-Security-Policy
X-Turbo-Charged-By
X-Permitted-Cross-Domain-Policies
Content-Encoding
P3p
X-Template
X-Language
Keep-Alive
X-Type
X-Via
X-AH-Environment
X-Cache-Group
X-Backend
WPE-Backend
X-Request-ID
X-Pass-Why
X-Buckets
X-Age
X-Server
X-Nginx-Cache-Status
Access-Control-Max-Age
X-Server-Powered-By
X-Pingback
Xkey
X-Varnish-Cache
Grace
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
Upgrade
X-Hacker
X-UA-Device
X-Amz-Request-Id
X-Page-Speed
Cf-Railgun
X-Amz-Id-2
X-Proxy-Cache
X-Robots-Tag
EagleId
X-LiteSpeed-Cache
X-Envoy-Upstream-Service-Time
Request-Context
X-Node
X-Swift-SaveTime
X-Swift-CacheTime
X-Ac
X-Device
Ali-Swift-Global-Savetime
X-Cnection
X-Host
Content-Location
X-Amz-Version-Id
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Lookup
Surrogate-Control
X-WebKit-CSP
X-Backend-Server
X-Server-Id
X-OneAgent-JS-Injection
X-Rack-Cache
X-Instart-Request-ID
X-Response-Time
X-Px
X-CST
Request-Id
X-Readtime
Server-Timing
X-Rq
X-Clacks-Overhead
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
X-HeyJason
Pinterest-Generated-By
EagleEye-TraceId
X-Cloud-Trace-Context
Edge-Control
X-Ua-Compatible
X-Url
X-Application-Context
X-MS-InvokeApp
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country
Report-To
X-DynaTrace-JS-Agent
X-Server-Name
Charset
SPRequestGuid
Allow
X-Country-Code
X-SharePointHealthScore
X-DataDome
X-Ruxit-JS-Agent
Rating
X-Varnish-TTL
X-Cached
X-Vname
X-PC
X-TtlSet
X-ESI
X-Powered-CMS
X-TTL
X-Powered-By-Plesk
X-Recruiting
X-FTR-Request-ID
X-D2id
NEL
X-Vhost
X-CF-Powered-By
Public-Key-Pins
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Env
X-Version
X-F-Cache
X-Kinja-Server
X-Kinja-Revision
X-Geo-Segment
X-Cdn-Fetch
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-Exp-Id
X-DynaTrace
SPRequestDuration
SPIisLatency
X-N
X-T
X-VARITI-CCR
X-Dw-Request-Base-Id
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
Cartoon
X-GoogleNews-Bot
X-Mod-Pagespeed
MS-Author-Via
Content-MD5
RTSS
Nginx-Cache
X-Abt-Application-Version
Feature-Policy
AR-CACHE
AR-ATIME
AR-PoweredBy
X-GitHub-Request-Id
MicrosoftSharePointTeamServices
Verso
X-Dispatcher
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Navigation-Version
X-Shield-Request-Id
X-Client-IP
X-Goog-Hash
X-Amz-Rid
X-Hits
X-Forwarded-Proto
X-Server-ID
Realpath
X-Trace
X-Origin-Cache
X-Cdn
X-Ttl
Paypal-Debug-Id
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Content-Options
X-Content-Digest
X-Zen-Fury
Arr-Disable-Session-Affinity
X-Id
X-Grace
TCN
X-Kinsta-Cache
X-B
AR-SID
Alternate-Protocol
X-Varnish-Age
X-Cache-Key
Fastcgi-Cache
DynaTrace
X-Sol
X-Upstream
X-Ser
X-Mrf-Item-Lastmod
Mrf-Cache-Status
MRF-Tech
X-Mrf-Section-Lastmod
Access-Control-Request-Method
X-FastCGI-Cache
X-Pad
X-Fastly-Request-ID
X-Middleton-Display
Display
PB-RID
PB-PID
X-Via-JSL
X-Nf-Srv-Version
X-NF-Request-ID
X-Mobile-Rewrite
X-DIS-Request-ID
X-Vcap-Request-Id
X-User-Agent
Response
X-IPLB-Instance
X-Middleton-Response
Front-End-Https
X-Acc-Meta-Resource-Type
X-MSEdge-Ref
Rt-Fastcgi-Cache
Pagespeed
X-SS-Set-Cookie
X-Cache-Rule
X-Frontend
X-PressLabs-Stats
X-Logged-In
Eomportal-Instance
X-Forwarded-For
X-Cache-Hit
X-Whom
Server-Name
Arc-Version
X-Hostname
X-VCache
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
Host
X-XRDS-Location
Tracecode
S
X-Newrelic-App-Data
Cache-Status
Surrogate-Key
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Expires
X-FTR-Realm
X-FTR-Balancer
X-FTR-DC
X-FTR-Backend
X-FTR-Backend-Server
X-Debug
X-Analytics
X-Request-Processing-Time
X-Request-Received
Backend-Timing
X-HS-Content-Id
X-Instance
X-AOL-HN
TP-L2-Cache
TP-Cache
X-Contextid
Refresh
X-Az
X-AppVersion
X-Activity-Id
X-Proxied
X-Magnolia-Registration
X-Rid
Public-Key-Pins-Report-Only
FilterID
X-Wix-Server-Artifact-Id
X-XRDS-LOCATION
X-UUID
ServerID
HitType
Server-Info
HitInfo
X-B3-Traceid
X-HW
X-Srv
X-WPE-Loopback-Upstream-Addr
Liferay-Portal
X-NWS-LOG-UUID
X-URL
Service-Worker-Allowed
AMP-Access-Control-Allow-Source-Origin
X-APP-VERSION
Cleartype
X-Webkit-Csp
X-Varnish-Server
X-Mobile
X-Content-Security-Policy-Report-Only
X-Varnish-Backend
X-FTR-Cache-Host
Served-By
X-Cache-Control
X-Revision
Edge-Cache-Tag
X-HS-Cache-Config
X-Origin
X-Amzn-Trace-Id
X-Geo-Country
X-Cache-Server
Source
X-PC-AppVer
X-PC-Key
X-PHP-Backend
X-Hail-Hydra
Retry-After
X-BCube-Filmed-By
X-App-Environment
Server-Node
X-Request-Guid
X-PC-Hit
X-RateLimit-Remaining
MS-CV
X-Handled-By
X-Varnish-Hostname
S-Cnection
X-TT
Host-Header
X-Tumblr-User
X-Device-Type
X-Cache-Operation
Powered-By-ChinaCache
X-Tumblr-Pixel
Fastly-Restarts
DC
X-Origin-Upstream-Status
X-Tumblr-Pixel-0
X-B-Cache
X-Cache-Config
X-Signature
X-Cache-2
X-Framework
X-FB-Debug
X-Page-Id
Accept-Charset
X-Cache-Action
X-Correlation-Id
X-Origin-Server
X-TT-TIMESTAMP
X-Sucuri-ID
X-Ocache
X-Debug-Info
Actual-Object-TTL
X-Hyper-Cache
X-Shield-Cache-Expires
X-ADI-VCache
X-PC-Date
Viewport
X-PC-Host
X-WA-Info
X-Content-Powered-By
NGB
X-Microcachable
X-Accel-Expires
X-B3-Sampled
X-Cached-By
Upgrade-Insecure-Requests
Cache
X-Drupal-Cache-Tags
X-LB-Cache
X-ATG-Version
SRV
X-Cache-NE
X-Akam-SW-Version
AsisCache
X-Generated-By
Filters
ServedBy
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-RequestSource
X-FW-Type
X-Internal-Host
X-App-Server
X-FW-Static
X-FW-Server
X-RTag
X-FW-Serve
X-FW-Hash
X-TX-ID
X-Seen-By
X-Cacheable-TTL
X-GeoIP
X-Wix-Request-Id
X-Distil-CS
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
Content-Style-Type
X-WebKit-CSP-Report-Only
X-Amz-Server-Side-Encryption
Content-Script-Type
X-S
X-Locale
X-Jobs
X-Accel-Buffering
X-ServedBy
X-Cluster
From-Origin
X-Geo
X-Varnish-Hits
X-HS-Combine-CSS
X-Akamai-Edgescape
X-Daa-Tunnel
X-Adobe-Content
X-Adobe-Loc
X-Varnish-Cache-Hits
X-Esi
X-Sucuri-Cache
X-Varnish-IP
X-Node-Name
X-Varnish-Grace
X-GUploader-UploadID
X-Platform-Server
X-GZip
X-Litespeed-Cache
X-TA-CDN-Provider
X-Vg-Webcache
X-RateLimit-Limit
X-Edge-Cache-Key
X-Edge-Cache
X-Dns-Prefetch-Control
X-Cache-TTL-Remaining
Datacenter
X-Cache-Remote
X-CDN-Forward
X-Storage
X-NewRelic-App-Data
HostName
X-Real-IP
X-UA
X-Akamai-Transformed
X-Mode
X-Region
X-Cache-Age
Cache-Tag
X-Amz-Replication-Status
X-Drupal-Cache-Contexts
X-Distributor
Country
X-Source
X-Rendered-As
Meta-Geo
Machine
X-ProcessESI
X-Is-Bot
X-MP-GENERATED-AT
Load-Balancing
X-Path-Route
X-Detected-As
X-RemovedCookies
X-Cache-Var-Map
X-RN-RSRV
X-Cache-Var
ServerName
X-Agile-Age
X-Agile
X-Amz-Apigw-Id
X-Agile-Id
X-NCache
X-Amzn-RequestId
Fastly-SSL
X-Feature
GEO-INFO
X-Port
X-PERF
X-PCL
X-Kinja-Server-Push
Mn-Server-Ip
X-Grey
X-OCL
X-CDN-Cache
X-Time-Microsecs
X-TWH-CORRELATION-ID
Cache-Key
X-ApacheServer
Ohc-File-Size
X-BB-IP
X-Webstats-RespID
X-Web-Node
X-Upgrade-Enabled
X-Cache-Category-Id
X-Viewer-Country
X-Cache-Bucket
X-Akamai-Request-ID
Azure-SiteName
X-Human
Azure-Version
Azure-SlotName
Azure-InstanceId
X-Instance-Name
X-Cache-HT
X-Amz-Meta-Surrogate-Control
X-Cluster-Node
X-Debug-Cache
X-Edge-Location
Azure-RegionName
X-EIG-Tracking-Id
X-OVcl
X-Proto
X-Via-Fastly
X-Pubstack
L5d-Success-Class
S-Rt
X-OVcl-Cache
X-NodeID
X-Original-Request
X-Optimization
Cache-Name
TWC-GeoIP-Country
Property-Id
TWC-Device-Class
X-Access
TWC-Connection-Speed
TWC-Privacy
X-App-Name
Webcakes-App-Version
Webcakes-App-Name
User-Cache-Control
TWC-Locale-Group
Webcakes-Region
TWC-GeoIP-LatLong
X-Format
X-Request-Time
X-Routing-Service
X-ProxyCache-Status
X-ProxyCache-Key
X-Proxy
X-Section
X-ServerID
X-Xfnlog-Site
X-Zipkin-Id
X-Www-Served-By
X-VWS-Id
X-SplitTest
X-Meta-Tbi-Cache-Vertical
X-LJ-Flow-ID
X-Oracle-Dms-Rid
X-CCM
X-BYPASS-REASON
X-Birta-Served
X-Birta-Cache-Post
X-CCM-LastModified
X-Oracle-Dms-Ecid
X-IP
X-Labrador-Cache-Channel
X-Hosted-By
X-Generation-Time
X-FC-Vary-Parameters
X-AWS-Id
X-Origin-Hint
DB-Nickname
Backend
Healthy
LB
Fastcgi-Useragent
Cache-Hits
X-Loop
X-TNCMS
Now
X-Surge-Debug
X-Varnish-Cacheable
Access-Control-Allow-Method
User-Agent
X-JoinUs
X-Generated
X-Site-Version
X-Backend-Name
X-Tumblr-Pixel-3
X-Guploader-Uploadid
X-Ezoic-Cdn
X-Render-Type
X-Proxy-Build
X-Hit
RATING
Countrycode
X-Timing-Wait
Selected-FE
Payment
X-Tb
X-Origin-CC
X-Time
X-Newrelic-Synthetics
X-CACHE-AGE
X-Correlation-ID
X-Cache-Enabled
Ec-Rule-Version
X-DataStream-Cache-Status
X-Nginx-Cache
X-B3-Spanid
Origin-Edge-Control
X-Unique-ID
Origin-Cache-Control
WP-Super-Cache
X-Environment-Context
X-Oneagent-Js-Injection
X-L-Path
X-Real-Ip
X-UA-Device-Type
X-Dc
X-Nc
NODE
X-NU-AKA-ACS-Version
RequestId
Xserver
X-Varnish-Beresp-Grace
X-Skip-Cache
X-Varnish-Beresp-Status
X-WR-MODIFICATION
X-NGENIX-Cache
X-B3-TraceId
Access-Control-Request-Headers
Webserver
X-ElasticPress-Search
X-Vgn-Hpd-Reason
X-Upstream-HT
Time
X-Content-Type
X-Upstream-CT
X-CLOUD-TRACE-CONTEXT
X-Be
X-COUNTRY
X-Cache-Backend
X-Servedby
X-EdgeConnect-Cache-Status
X-Status
Warning
Ws
X-Varnish-Beresp-Ttl
X-Fastly-Cache
X-We-Are-Hiring
X-D
X-Destination
Www
X-Twitter-Response-Tags
X-Logtrace-Id
X-Via-Edge
X-Connection-Hash
X-Planisys-CDN-TTL
X-Developer
X-Died
X-Via-CDN
VivaBuild
X-Trv-Group
Host-ID
Xc-Version
X-Wix-Route-ID
Viewtype
X-DPWN-IS-SECURE
X-A
X-BB-ID
Fastcgi-X-Cache
X-BBXSRF
X-Transaction
X-A-Dgt
X-A-Wwc
Fastcgi-X-Cache-Version
GMS-Ver
X-B-Cookie
X-ARC
X-Amz-Meta-Cache-Control
Fly-Request-Id
Fastly-Soc-X-Request-Id
Fly-Cache
X-Cache-Host
Cache-Prefix
Ajk
Apple-News-Services-Handled
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-SVT-ORM-VERSION
X-A-Ccd
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
BehaviorPad-Version
X-Cache-Id
X-A-Dcw
X-A-Dam
Apple-News-Services-Request-Url
X-VG-WebServer
X-Haproxy-Hostname
Meta-Geo-Continent
X-From
T-Server
X-Rojux
X-Planisys-CDN-Cache
X-PAYTM-SRV-ID
X-S-Cookie
Memcached
X-Region-Sid
X-Planisys-CDN-Rules
X-Generated-In
X-Haproxy-Ip
X-Public
X-ND-Cache
Sta2Tusw
X-SRCache-Key
X-G
MD5-Digest
X-Rewrite-Enabled
X-User
X-Server-Time
X-Server-By
Resin-Trace
X-Application
X-SVT-ORM-RULES
Cneonction
X-Croise-Owner
X-Cache-Expires
Odigeo-Trace-Id
NGX
X-Request-URI
X-Fstrz
IBM-Web2-Location
X-Cdn-Origin
X-Sn-Servicetimems
X-Cache-Time
X-F5-Cache
X-Date
Server-Int
Fastly-SWR
X-No-Session
X-NX-Host
Origin
V-Age
Fastly-SIE
X-Rebelmouse-Surrogate-Control
X-SIPLIST1
X-Var-Ttl
X-Rebelmouse-Cache-Control
Request-Time
X-Cache-CFC
X-Frame-Option
X-ScT
Uber-Trace-Id
UCS
IsBot
X-Phone
X-Core-Value
X-Wikidot-Backend
X-Debug-Log
X-Debug-Cookies
X-CS
X-Wikidot-Static-Cache
X-GoCache-CacheStatus
X-FireWall-Port
AKAMAI
X-Forwarded-Host
X-Accel-Expires-Debug
Release
X-Up
Rendered-Blocks
X-StackifyID
X-Webkit-CSP
Who
X-Amz-Meta-S3cmd-Attrs
X-Actual-URL
Thinkindot-CacheControl
X-TT-LOGID
Thinkindot-CacheControl-Type
Thinkindot-Control
X-UE-Client-Country
Server-Host
Web-Mar-Node
X-Matched-Rule
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Returned-From
Proxy-Connection
X-Returned-From-PostProcessResponse
X-MSEdge-Flight
X-Server-Group
X-MSEdge-Features
X-Served-From
X-IN-WAF
X-Reboot
X-IN-SSL-APIGATEWAY
X-Passed-To-DLL
X-GeoIP-Country-Code
X-Passed-To-BeforeDispatch
X-Passed-To
X-Passed-To-PostProcessResponse
X-GeoIP-City
X-IN-APIGATEWAY
X-Hnp-Log
X-Gen-Mode
X-Stale
X-MI-In-Market
X-Server-IP
X-Trace-Id
X-Thinkindot-L3
X-Cdn-Srv
X-CGP
X-Cache-Debug
X-C
X-Backend-State
X-Backend-TTL
X-Backend-Url
X-Block-Status
X-Ckpd-Fst-Backend
X-Content-Age
X-Epic-Correlation-Id
X-Eu-Site
X-ServiceProvider
X-Servername
X-Env
X-Edge-IP
X-Location
X-Developers
X-Device-Os
X-Dispatcher-Server
X-Backend-Host
Cache-Cookie-Set-Idcheck
HA-Geocity
HA-Geocountry
HA-Cloudapp
GW-Server
Fastly-Backend-Name
HA-Geolat
HA-Geolon
HA-Ipaddr
HA-Host
Ha-Gx-Prefs
HA-Georegion
Esi-Enabled
Decoy-Debug-TTL
X-VServer
Adler-Geo
X-WebServer
X-Worker
Pramga
Backend-Name
Cache-Cookie-Set-From
Decoy-Debug-Status
Decoy-Debug-Key
CDCHOST
Cache-Cookie-Set-Lfrom
HA-Servedtime
Content-Disposition
Powered-By
Pragrma
MI-Cache
On-Server
MI-Cache-Age
Ohc-Response-Time
X-UnsetCookies
MI-API
HA-Urlpath
Httpd-Identifier
Heartbleed
Is-Eu
X-V
Platform
X-TIME
Apicache-Store
OT-Force-Account-Verify
Apicache-Version
NnCoection
X-Rocket-Nginx-Bypass
X-Ver
X-Via-NSCOPI
X-Core-Mission
X-Release
X-Sorting-Hat-Section
X-Node-Id
X-Page-Type
X-Gannett-Site-Version
X-Hl-Ver
X-Hash
X-Fetched-On
X-Sorting-Hat-ShopId-Cached
X-Cache-Ttl
X-RCS-CacheZone
X-S-Maxage
X-Sorting-Hat-ShopId
Request-Country
Request-EU
X-Response-By
X-Secret
X-Auto-Login
X-Sorting-Hat-PodId-Cached
Drupal-Pagecache-Memcache
X-ShopId
X-Varnish-Id
X-Sorting-Hat-FeatureSet
HTTPS
Kp-EeAlive
X-ShardId
X-Alternate-Cache-Key
X-Bug-Bounty
X-Sorting-Hat-PodId
X-Sorting-Hat-PrivacyLevel
Server-ID
PFcat
X-Shopify-Stage
X-Cache-Srv
Dnion-Transfer-Encoding
X-Dynatrace
X-Amz-Meta-S3b-Last-Modified
X-Origin-Expires
X-Thanos
X-Varnish-HitMiss
X-Origin-Date
X-Svr
X-Info
REQUESTUUID
X-Bip
Version
Ar-Sid
X-Cache-Control-Set-By
X-Crawler
X-Cache-URL
X-HCF
X-Platform
X-Clientip
NtCoent-Length
Mime-Version
Country-Code
X-Refresh
X-Fastcgi-Cache
Cache-Provider
X-P-T
X-Req
X-Origin-TTL
X-Pf-Uncompressing
Cteonnt-Length
X-DC
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-CSRF-Token
X-Yottaa-Sig
X-Ua
Accept-Ch
Processtime
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Kong-Upstream-Latency
Pagetype
X-Kong-Proxy-Latency
X-NC
X-HS-Hub-Id
X-Varnish-Url
Memory
X-From-Cache
X-Amz-Meta-Sha256
FSS-Cache
X-EC-Security-Audit
FSS-Proxy
Arc-Country
X-Cache-ASPX
WebServer
X-Csrf-Token
X-Atg-Version
X-Irp-Debug
X-Pjax-Url
X-App-Version
X-LiteSpeed-Cache-Control
Brightspot-Id
X-Ruxit-Js-Agent
GeoIp-Country-Code
X-LB-Node
PageType
X-LB-CacheStatus
X-ROOTCache
Geoip-City
PICS-Label
SN
Sid
COMMERCE-SERVER-SOFTWARE
Geoip-Latitude
CF-IPCountry
X-Request-UUID
MIME-Version
X-Request-Start
X-Cache-Handler
Cdn
X-Redis-Cache
Dynatrace
X-Endurance-Cache-Level
X-Wix-Petri-Ex
X-Ratelimit-Remaining
X-Cdn-Forward
X-Load-Cache
Dont-Set-Cookie
X-Rule
X-Fastly-Backend-Reqs
Edgecast
X-Ratelimit-Limit
X-Varnish-Action
If-Modified-Since
X-SERVER-NAME
X-GRACE
X-Layer
BORDER-IP
PROCESSING-IP
X-TId
X-Requestid
X-Servedbyhost
X-Varnish-Beresp-TTL
Frame-Options
X-Tid
X-Sf
X-ServedByHost
X-GDPR
X-Rocket-Nginx-Serving-Static
RNT-Time
X-RequestId
RNT-Machine
X-Fastly-Cache-Hits
X-Nananana
X-Cache-TTL
X-B3-SpanId
X-BE
X-Resolver-IP
CDN
NodeID
X-Owner
XServer
X-DataStream-Origin-MEX-Latency
X-Key
X-DataStream-MidMile-RTT
Cf-Ipcountry
Powered
Pics-Label
CACHE
GeoIP-Country-Code
GeoIP-City
Web-Mar-Region
X-Server-W
GeoIP-Latitude
Cache-Tags
X-HTML-Minification-Powered-By
X-Tec-Api-Version
X-Tec-Api-Origin
Node
X-Tec-Api-Root
ProcessTime
X-ABtesting
Mail-Subject
We-Hiring
X-Flog
X-NWS-UUID-VERIFY
WZWS-RAY
DataCenter
PageSpeed
X-Dynatrace-Js-Agent
X-Sentry-ID
X-VG-WebCache
Lfy
X-Gdpr
X-Varnish-Ttl
X-Shard
X-Powered-By-ANYU
X-Use-Magma
Amp-Access-Control-Allow-Source-Origin
X-CDN-Pop-IP
X-Ms-Lease-Status
Get-Access-Time
Is-Session-Tracking
X-Ms-Version
X-Ms-Blob-Type
X-Ms-Request-Id
Max-Age
X-CDN-Pop
X-Cf-Powered-By
X-GZIP
Accept-CH
X-Mem
X-Varnish-URL
X-PF-Uncompressing
X-FORWARDED-FOR
X-ByteArk-Cache
X-GEO
X-Cache-FS-Status
X-PJAX-URL
X-UPSTREAM-Address
URI
X-Powered-By-Defense
Magicmarker
Xet-Cookie
X-Dw-Trace-Id
X-Front
X-Cookie
X-SRV
X-Trv-Request-Id
Requestid
X-Remote-IP
X-Oa-Upstreams
X-Check-Cacheable
Hostname
X-NGINX-Cache
X-Unique-Id
Cdn-Host
Cdn-Request-Time
X-RPS
X-RPM
X-RSL
X-Aicache-OS
X-Varnish-ID
RequestUuid
X-VID
X-VG-TLSProxy
X-Ms-Lease-State
X-DW
X-DSS
X-Proxy-Server
X-DB
X-DI
X-PAGE-TYPE
X-Micro-Cache
X-Alicdn-Da-Ups-Status
X-Zalando-Child-Request-Id
X-Edge-Server
True-Client-Country-4JS
X-Zalando-Page-Type
X-Policy
X-Fe
X-Litespeed-Cache-Control
X-Acquia-Application-UUID
X-VarnPar2
X-VC
X-PARISIEN-Cache-Rendered
X-Acquia-Application-Trace
X-VarnPar1
V-Cache
N-Cache
Group
X-VarnCache
Rt-Proxy-Cache
X-Akamai-ERPolicy
SID
X-SB
X-RAMCache
X-Safe-Firewall
X-Litespeed-Tag
X-Akamai-ERRuleID
X-Hello
CF-Cached-On
WS