Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
X-Xss-Protection
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
X-Generator
Content-Security-Policy-Report-Only
CF-Ray
Alt-Svc
X-AspNetMvc-Version
Status
X-Cache-Status
X-DNS-Prefetch-Control
X-Check
X-Iinfo
X-Adblock-Key
X-FRAME-OPTIONS
Timing-Allow-Origin
X-CDN
X-Content-Security-Policy
X-Turbo-Charged-By
X-Permitted-Cross-Domain-Policies
P3p
Content-Encoding
X-Template
Keep-Alive
X-Language
X-Type
X-Via
X-AH-Environment
X-Request-ID
X-Cache-Group
X-Backend
WPE-Backend
X-Pass-Why
X-Age
X-Buckets
X-Server
X-Nginx-Cache-Status
Access-Control-Max-Age
X-Server-Powered-By
X-Pingback
Xkey
X-Varnish-Cache
Grace
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
Upgrade
X-Hacker
X-UA-Device
X-Amz-Request-Id
X-Page-Speed
Cf-Railgun
X-Amz-Id-2
X-Proxy-Cache
X-Robots-Tag
X-LiteSpeed-Cache
EagleId
X-Envoy-Upstream-Service-Time
Request-Context
X-Node
X-Swift-CacheTime
X-Swift-SaveTime
X-Device
X-Ac
Ali-Swift-Global-Savetime
X-Cnection
X-Host
Content-Location
X-Amz-Version-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Lookup
Surrogate-Control
X-Server-Id
X-WebKit-CSP
X-Backend-Server
X-OneAgent-JS-Injection
X-Rack-Cache
X-Instart-Request-ID
X-Response-Time
X-Px
Request-Id
X-Readtime
X-CST
X-Rq
Server-Timing
X-Clacks-Overhead
X-Do-Not-Hack
X-HeyJason
Permitted-Cross-Domain-Policies
X-Cloud-Trace-Context
Pinterest-Generated-By
EagleEye-TraceId
X-Ua-Compatible
Edge-Control
X-Url
X-Application-Context
X-MS-InvokeApp
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country
Report-To
X-DynaTrace-JS-Agent
X-Server-Name
Charset
SPRequestGuid
Allow
X-Country-Code
X-SharePointHealthScore
X-DataDome
Rating
X-Varnish-TTL
X-Ruxit-JS-Agent
X-Cached
X-TtlSet
X-Vname
X-PC
X-TTL
X-ESI
X-Powered-CMS
X-Powered-By-Plesk
X-Recruiting
X-D2id
X-FTR-Request-ID
NEL
X-Vhost
X-CF-Powered-By
Public-Key-Pins
X-Upstream-Env
Pinterest-Version
X-Pinterest-Rid
X-Version
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-F-Cache
X-Kinja-Revision
X-Kinja
X-Kinja-Build
X-Exp-Variant
X-Geo-Segment
X-Exp-Id
X-Kinja-Server
X-Cdn-Fetch
X-DynaTrace
X-N
SPRequestDuration
SPIisLatency
X-T
X-Dw-Request-Base-Id
X-VARITI-CCR
Cartoon
X-GoogleNews-Bot
X-Mod-Pagespeed
MS-Author-Via
Content-MD5
RTSS
Nginx-Cache
X-Abt-Application-Version
AR-CACHE
AR-PoweredBy
AR-ATIME
Feature-Policy
X-GitHub-Request-Id
MicrosoftSharePointTeamServices
Verso
X-Navigation-Version
X-SRCache-Store-Status
X-Dispatcher
X-SRCache-Fetch-Status
X-Shield-Request-Id
X-Amz-Rid
X-Client-IP
X-Hits
X-Goog-Hash
X-Forwarded-Proto
Realpath
X-Cdn
X-Trace
X-Origin-Cache
Paypal-Debug-Id
X-Server-ID
AR-SID
X-Content-Options
Arr-Disable-Session-Affinity
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Zen-Fury
X-Content-Digest
X-Ttl
X-Id
X-Kinsta-Cache
TCN
X-B
X-Grace
X-Varnish-Age
Alternate-Protocol
X-Cache-Key
Fastcgi-Cache
DynaTrace
X-Sol
X-Upstream
X-Ser
MRF-Tech
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-Mrf-Item-Lastmod
Access-Control-Request-Method
X-Pad
X-FastCGI-Cache
X-Fastly-Request-ID
X-Middleton-Display
Display
PB-RID
PB-PID
X-NF-Request-ID
X-Nf-Srv-Version
X-Via-JSL
X-Mobile-Rewrite
X-DIS-Request-ID
X-Vcap-Request-Id
Response
X-IPLB-Instance
X-Middleton-Response
X-User-Agent
Front-End-Https
X-SS-Set-Cookie
X-MSEdge-Ref
Rt-Fastcgi-Cache
Pagespeed
X-Acc-Meta-Resource-Type
X-Frontend
X-Cache-Rule
X-PressLabs-Stats
Eomportal-Instance
X-Logged-In
X-Forwarded-For
X-Cache-Hit
X-Whom
Server-Name
Arc-Version
X-Hostname
X-VCache
X-XRDS-LOCATION
Host
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
Tracecode
Cache-Status
X-Newrelic-App-Data
S
Surrogate-Key
X-FTR-Backend
X-Debug
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Cache-Status
X-Request-Processing-Time
X-Request-Received
Backend-Timing
X-FTR-Realm
X-FTR-DC
X-FTR-Expires
X-FTR-Balancer
X-Analytics
Refresh
X-HS-Content-Id
TP-Cache
TP-L2-Cache
X-AOL-HN
X-Instance
X-Contextid
X-Activity-Id
X-AppVersion
X-Az
X-Magnolia-Registration
X-Proxied
Public-Key-Pins-Report-Only
X-Rid
FilterID
X-UUID
X-XRDS-Location
X-Wix-Server-Artifact-Id
HitType
Server-Info
HitInfo
ServerID
Liferay-Portal
X-URL
AMP-Access-Control-Allow-Source-Origin
X-B3-Traceid
X-Srv
X-HW
X-NWS-LOG-UUID
X-WPE-Loopback-Upstream-Addr
X-Webkit-Csp
Cleartype
X-Mobile
X-APP-VERSION
Service-Worker-Allowed
X-Varnish-Server
X-Content-Security-Policy-Report-Only
X-Varnish-Backend
X-HS-Cache-Config
X-FTR-Cache-Host
Served-By
Edge-Cache-Tag
X-Revision
X-Cache-Control
X-Origin
Source
X-Geo-Country
X-Cache-Server
Fastly-Restarts
Retry-After
Host-Header
S-Cnection
Server-Node
X-PC-AppVer
X-Amzn-Trace-Id
X-PC-Hit
X-PC-Key
X-Request-Guid
X-PHP-Backend
X-BCube-Filmed-By
X-Hail-Hydra
X-App-Environment
X-RateLimit-Remaining
X-TT
X-Handled-By
X-Device-Type
X-Varnish-Hostname
MS-CV
X-Tumblr-Pixel-0
X-Correlation-Id
X-Origin-Upstream-Status
X-Tumblr-User
X-Tumblr-Pixel
DC
X-Signature
X-Cache-Operation
X-Cache-Config
X-Framework
X-B-Cache
Powered-By-ChinaCache
X-Cache-2
X-FB-Debug
X-Page-Id
Accept-Charset
X-Cache-Action
X-TT-TIMESTAMP
X-Ocache
X-Origin-Server
X-Sucuri-ID
X-Debug-Info
Actual-Object-TTL
X-Hyper-Cache
X-Shield-Cache-Expires
X-ADI-VCache
X-PC-Host
X-PC-Date
Viewport
X-WA-Info
NGB
X-Content-Powered-By
X-Accel-Expires
X-Microcachable
X-ATG-Version
Upgrade-Insecure-Requests
X-B3-Sampled
X-Cached-By
Cache
X-Drupal-Cache-Tags
X-LB-Cache
SRV
Filters
X-Cache-NE
AsisCache
X-Akam-SW-Version
X-Generated-By
ServedBy
X-FW-Hash
X-TX-ID
X-Amz-Server-Side-Encryption
X-FW-Static
X-Internal-Host
X-Locale
X-RTag
X-FW-Type
X-FW-Server
X-Yottaa-Optimizations
X-FW-Serve
X-RequestSource
X-S
X-Yottaa-Metrics
X-GeoIP
X-Tumblr-Pixel-2
X-WebKit-CSP-Report-Only
X-Tumblr-Pixel-1
X-Wix-Request-Id
X-Cacheable-TTL
X-App-Server
Content-Style-Type
X-Distil-CS
X-Seen-By
Content-Script-Type
X-Accel-Buffering
X-HS-Combine-CSS
X-Jobs
From-Origin
X-Esi
X-Cluster
X-Varnish-Hits
X-Akamai-Edgescape
X-Geo
X-Daa-Tunnel
X-ServedBy
X-Sucuri-Cache
X-Adobe-Loc
X-Adobe-Content
X-Varnish-IP
X-Varnish-Cache-Hits
X-Varnish-Grace
X-Node-Name
X-Dns-Prefetch-Control
X-Platform-Server
X-GZip
X-CDN-Forward
X-Edge-Cache-Key
X-Vg-Webcache
X-Edge-Cache
X-GUploader-UploadID
X-RateLimit-Limit
X-UA
X-Cache-Remote
X-NewRelic-App-Data
Datacenter
X-Cache-TTL-Remaining
X-Storage
HostName
X-Oneagent-Js-Injection
X-Akamai-Transformed
X-Cache-Age
X-Region
X-Mode
X-Real-IP
X-TA-CDN-Provider
X-Amz-Replication-Status
Cache-Tag
X-Drupal-Cache-Contexts
X-Feature
X-Distributor
X-Kinja-Server-Push
X-Source
X-Detected-As
X-Cache-Var
X-Cache-Var-Map
X-ProcessESI
Meta-Geo
X-Is-Bot
Load-Balancing
Machine
Country
X-RN-RSRV
X-Rendered-As
X-Path-Route
X-MP-GENERATED-AT
X-RemovedCookies
X-Cache-Bucket
X-Amz-Apigw-Id
X-Agile-Id
X-Agile-Age
X-Agile
X-Amzn-RequestId
X-NCache
ServerName
Fastly-SSL
X-Port
X-Time-Microsecs
X-BB-IP
X-Akamai-Request-ID
X-Cache-Category-Id
X-CDN-Cache
X-Grey
X-ApacheServer
X-PERF
GEO-INFO
Mn-Server-Ip
X-OCL
Ohc-File-Size
X-NodeID
X-PCL
X-Webstats-RespID
X-TWH-CORRELATION-ID
Cache-Key
X-Upgrade-Enabled
X-Original-Request
X-Cache-HT
X-OVcl
X-OVcl-Cache
S-Rt
X-Optimization
X-Human
Backend
X-EIG-Tracking-Id
Azure-SlotName
X-Viewer-Country
X-Pubstack
Azure-InstanceId
X-Web-Node
Cache-Name
X-Proto
Azure-RegionName
X-Cluster-Node
X-Request-Time
Azure-Version
Azure-SiteName
X-Instance-Name
X-Amz-Meta-Surrogate-Control
Webcakes-App-Version
Property-Id
TWC-Device-Class
TWC-GeoIP-Country
Webcakes-Region
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Connection-Speed
User-Cache-Control
TWC-Privacy
Webcakes-App-Name
X-Section
X-Zipkin-Id
X-Edge-Location
X-Xfnlog-Site
X-Www-Served-By
X-VWS-Id
X-Origin-Hint
X-Meta-Tbi-Cache-Vertical
X-IP
X-Generation-Time
X-Format
X-FC-Vary-Parameters
X-LJ-Flow-ID
X-Via-Fastly
X-Debug-Cache
X-Birta-Served
X-CCM-LastModified
X-Birta-Cache-Post
X-AWS-Id
X-App-Name
X-Proxy
X-Routing-Service
X-SplitTest
X-Site-Version
X-ServerID
X-Hosted-By
X-Access
L5d-Success-Class
DB-Nickname
LB
Healthy
X-TNCMS
Cache-Hits
X-Labrador-Cache-Channel
Fastcgi-Useragent
X-BYPASS-REASON
X-Surge-Debug
X-Varnish-Cacheable
X-ProxyCache-Key
X-ProxyCache-Status
X-Loop
Access-Control-Allow-Method
X-JoinUs
Now
X-Guploader-Uploadid
X-Render-Type
X-Generated
RATING
X-CCM
User-Agent
X-Ezoic-Cdn
X-Tumblr-Pixel-3
X-Backend-Name
X-Hit
X-Origin-CC
Payment
X-Newrelic-Synthetics
X-Nginx-Cache
X-Proxy-Build
X-Tb
Countrycode
Selected-FE
X-Timing-Wait
X-Cache-Enabled
X-Time
Ec-Rule-Version
WP-Super-Cache
X-DataStream-Cache-Status
X-B3-Spanid
Origin-Edge-Control
Origin-Cache-Control
X-CACHE-AGE
X-Unique-ID
X-Real-Ip
X-Correlation-ID
X-Environment-Context
X-L-Path
X-Dc
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Nc
RequestId
X-NU-AKA-ACS-Version
X-UA-Device-Type
X-Varnish-Beresp-Grace
X-Litespeed-Cache
X-Varnish-Beresp-Status
NODE
X-Skip-Cache
X-B3-TraceId
Xserver
X-NGENIX-Cache
Access-Control-Request-Headers
X-COUNTRY
X-WR-MODIFICATION
Webserver
X-Be
X-Vgn-Hpd-Reason
X-Servedby
Time
X-Upstream-CT
X-ElasticPress-Search
X-Upstream-HT
X-EdgeConnect-Cache-Status
X-Cache-Backend
X-Croise-Owner
Warning
X-Content-Type
Ws
X-User
X-Via-CDN
X-VG-WebServer
X-Twitter-Response-Tags
Memcached
MD5-Digest
X-Transaction
X-SRCache-Key
X-Server-Time
Resin-Trace
X-SVT-ORM-RULES
Meta-Geo-Continent
Host-ID
X-SVT-ORM-VERSION
X-Trv-Group
Fly-Cache
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
AKAMAI
Ajk
Xc-Version
X-Wix-Route-ID
X-We-Are-Hiring
Apple-News-Services-Request-Url
BehaviorPad-Version
X-Server-By
X-Via-Edge
Fly-Request-Id
Fastly-Soc-X-Request-Id
Fastcgi-X-Cache-Version
Cache-Prefix
Fastcgi-X-Cache
GMS-Ver
X-S-Cookie
X-Connection-Hash
X-D
X-Destination
X-Developer
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-BB-ID
X-BBXSRF
X-Cache-Host
X-PAYTM-SRV-ID
X-No-Session
X-DPWN-IS-SECURE
X-Generated-In
X-G
X-From
X-Haproxy-Hostname
X-Died
X-ND-Cache
X-Logtrace-Id
X-Haproxy-Ip
X-B-Cookie
X-ARC
X-Rojux
X-A
X-A-Ccd
X-Rewrite-Enabled
Www
VivaBuild
X-Fastly-Cache
T-Server
Viewtype
X-A-Dam
X-A-Dgt
X-Planisys-CDN-Cache
X-Amz-Meta-Cache-Control
X-Application
X-A-Wwc
X-Planisys-CDN-Rules
X-Region-Sid
X-Public
X-Planisys-CDN-TTL
Sta2Tusw
X-A-Dcw
X-Varnish-Beresp-Ttl
X-Webkit-CSP
Cneonction
X-Cache-Id
Fastly-SIE
X-Request-URI
IsBot
X-Cache-Expires
X-Cache-CFC
X-Phone
X-NX-Host
Fastly-SWR
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Cache-Time
X-FireWall-Port
X-Forwarded-Host
X-F5-Cache
X-Debug-Cookies
X-Debug-Log
X-Frame-Option
X-CS
X-Cdn-Origin
IBM-Web2-Location
Request-Time
X-Core-Value
NGX
X-Status
Server-Int
X-Up
X-Trace-Id
Uber-Trace-Id
UCS
X-SIPLIST1
Release
X-Var-Ttl
X-Accel-Expires-Debug
X-Date
X-Wikidot-Static-Cache
X-Wikidot-Backend
Rendered-Blocks
V-Age
X-Sn-Servicetimems
X-ScT
Odigeo-Trace-Id
Origin
X-StackifyID
X-TIME
Who
X-Actual-URL
X-Dispatcher-Server
X-Backend-State
X-Developers
X-Backend-Host
X-Backend-TTL
Server-Host
X-Cdn-Srv
X-Bug-Bounty
X-Amz-Meta-S3cmd-Attrs
Web-Mar-Node
X-Cache-Debug
Thinkindot-Control
X-Block-Status
X-C
X-Backend-Url
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-CGP
X-GeoIP-Country-Code
X-Secret
X-Served-From
X-Server-Group
X-Server-IP
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-Reboot
X-Returned-From
X-Returned-From-BeforeDispatch
X-Servername
X-ServiceProvider
X-V
X-VServer
X-WebServer
X-UnsetCookies
X-UE-Client-Country
X-Stale
X-Thinkindot-L3
X-TT-LOGID
X-Passed-To-PostProcessResponse
X-Passed-To-DLL
X-Gen-Mode
X-GeoIP-City
X-Hnp-Log
X-Gannett-Site-Version
X-Fstrz
X-Env
X-Epic-Correlation-Id
X-Eu-Site
X-IN-APIGATEWAY
X-IN-SSL-APIGATEWAY
X-MSEdge-Flight
X-Passed-To
X-Passed-To-BeforeDispatch
X-MSEdge-Features
X-MI-In-Market
X-IN-WAF
X-Location
X-Matched-Rule
X-Edge-IP
X-GoCache-CacheStatus
HA-Host
HA-Ipaddr
Ha-Gx-Prefs
HA-Georegion
HA-Geolat
HA-Geolon
HA-Servedtime
HA-Urlpath
MI-API
MI-Cache
Is-Eu
HTTPS
Heartbleed
Httpd-Identifier
HA-Geocountry
HA-Geocity
Cache-Cookie-Set-Idcheck
CDCHOST
Cache-Cookie-Set-From
Backend-Name
Adler-Geo
X-Cache-Ttl
Content-Disposition
Decoy-Debug-Key
GW-Server
HA-Cloudapp
Esi-Enabled
Drupal-Pagecache-Memcache
Decoy-Debug-Status
Decoy-Debug-TTL
MI-Cache-Age
Cache-Cookie-Set-Lfrom
Pragrma
Ohc-Response-Time
Pramga
Proxy-Connection
On-Server
Platform
Powered-By
X-Ruxit-Js-Agent
X-Dynatrace
NnCoection
Request-EU
X-Device-Os
X-Response-By
Request-Country
X-Release
X-Node-Id
X-Fetched-On
X-Hl-Ver
Fastly-Backend-Name
X-Alternate-Cache-Key
OT-Force-Account-Verify
PFcat
X-Hash
X-ShopId
Apicache-Store
Apicache-Version
X-Sorting-Hat-ShopId-Cached
X-Varnish-Id
X-Ver
X-Worker
X-Via-NSCOPI
Version
X-Sorting-Hat-ShopId
X-Sorting-Hat-Section
X-Shopify-Stage
X-ShardId
REQUESTUUID
X-Sorting-Hat-FeatureSet
X-Sorting-Hat-PodId
X-Sorting-Hat-PrivacyLevel
X-Sorting-Hat-PodId-Cached
X-S-Maxage
X-Rocket-Nginx-Bypass
X-Content-Age
Kp-EeAlive
X-Ckpd-Fst-Backend
X-Core-Mission
X-Cache-Srv
X-Auto-Login
Dnion-Transfer-Encoding
X-RCS-CacheZone
Server-ID
NtCoent-Length
X-Platform
X-Page-Type
X-Origin-Date
X-Origin-Expires
X-HCF
X-Clientip
X-Varnish-HitMiss
X-Cache-URL
X-Crawler
X-Cache-Control-Set-By
X-Bip
X-Svr
X-Thanos
Mime-Version
X-Fastcgi-Cache
X-Amz-Meta-S3b-Last-Modified
X-CSRF-Token
Country-Code
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Oss-Object-Type
X-P-T
X-Oss-Server-Time
Cache-Provider
X-Refresh
X-Info
X-Oss-Request-Id
X-Yottaa-Sig
X-Origin-TTL
Cteonnt-Length
X-Kong-Upstream-Latency
X-Req
X-RateLimit-Remaining-Second
X-Pf-Uncompressing
Pagetype
X-RateLimit-Limit-Second
Processtime
X-Kong-Proxy-Latency
FSS-Cache
Accept-Ch
Arc-Country
Ar-Sid
X-DC
FSS-Proxy
X-CLOUD-TRACE-CONTEXT
Brightspot-Id
WebServer
X-Amz-Meta-Sha256
X-Pjax-Url
X-Irp-Debug
X-LiteSpeed-Cache-Control
X-Varnish-Url
X-App-Version
Memory
X-EC-Security-Audit
X-Ua
X-Cache-ASPX
X-From-Cache
X-NC
X-HS-Hub-Id
COMMERCE-SERVER-SOFTWARE
Geoip-City
GeoIp-Country-Code
Geoip-Latitude
X-ROOTCache
Sid
X-LB-CacheStatus
X-LB-Node
X-Atg-Version
X-Csrf-Token
X-Request-Start
X-Request-UUID
PICS-Label
PageType
SN
CF-IPCountry
Dynatrace
Cdn
X-Endurance-Cache-Level
X-Ratelimit-Remaining
X-Load-Cache
Edgecast
If-Modified-Since
MIME-Version
X-Redis-Cache
X-Varnish-Action
X-Ratelimit-Limit
X-SERVER-NAME
PROCESSING-IP
X-Cache-Handler
X-Fastly-Backend-Reqs
X-Cdn-Forward
Dont-Set-Cookie
X-GRACE
BORDER-IP
X-Layer
X-Wix-Petri-Ex
X-Tid
X-Varnish-Beresp-TTL
X-Servedbyhost
X-GDPR
X-TId
Frame-Options
X-Requestid
X-Rocket-Nginx-Serving-Static
X-ServedByHost
X-RequestId
X-Fastly-Cache-Hits
X-Rule
X-Nananana
X-Resolver-IP
X-B3-SpanId
X-Sf
RNT-Machine
X-Key
NodeID
RNT-Time
X-Owner
X-BE
Cf-Ipcountry
X-Cache-TTL
XServer
Pics-Label
CDN
CACHE
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
Web-Mar-Region
X-Server-W
Powered
X-HTML-Minification-Powered-By
Node
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
We-Hiring
X-Flog
GeoIP-Country-Code
GeoIP-City
GeoIP-Latitude
Mail-Subject
Cache-Tags
X-ABtesting
X-NWS-UUID-VERIFY
DataCenter
PageSpeed
WZWS-RAY
X-Powered-By-ANYU
X-Shard
X-Dynatrace-Js-Agent
X-VG-WebCache
X-Sentry-ID
X-Varnish-Ttl
ProcessTime
Lfy
X-Use-Magma
X-Gdpr
Max-Age
X-CDN-Pop
X-CDN-Pop-IP
Is-Session-Tracking
Get-Access-Time
X-Cf-Powered-By
X-GZIP
X-Mem
Accept-CH
X-Ms-Version
X-Ms-Lease-Status
X-Ms-Request-Id
X-Ms-Blob-Type
X-Powered-By-Defense
Magicmarker
X-Varnish-URL
URI
X-ByteArk-Cache
X-UPSTREAM-Address
X-PF-Uncompressing
X-PJAX-URL
X-GEO
X-Cache-FS-Status
X-FORWARDED-FOR
X-Dw-Trace-Id
Xet-Cookie
X-Trv-Request-Id
Amp-Access-Control-Allow-Source-Origin
X-Oa-Upstreams
X-SRV
X-Cookie
X-PAGE-TYPE
X-Remote-IP
X-Check-Cacheable
X-Unique-Id
X-Front
Hostname
Requestid
X-Micro-Cache
X-Aicache-OS
X-Proxy-Server
X-Zalando-Child-Request-Id
X-Zalando-Page-Type
RequestUuid
X-Varnish-ID
X-NGINX-Cache
X-Fe
X-Litespeed-Cache-Control
X-DW
X-RPS
X-RPM
X-RSL
X-VG-TLSProxy
X-VID
X-Ms-Lease-State
X-Edge-Server
X-Alicdn-Da-Ups-Status
Cdn-Request-Time
X-DB
X-DI
X-DSS
Cdn-Host
X-Hello
X-Safe-Firewall
Rt-Proxy-Cache
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-SB
N-Cache
X-VarnPar2
X-VarnPar1
X-VarnCache
X-Akamai-ERPolicy
X-Akamai-ERRuleID
SID
V-Cache
X-RAMCache
Group
X-Litespeed-Tag
X-PARISIEN-Cache-Rendered
X-VC
CF-Cached-On
WS