Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
X-Xss-Protection
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
CF-Ray
Alt-Svc
Status
X-AspNetMvc-Version
X-Cache-Status
X-DNS-Prefetch-Control
X-Check
X-Iinfo
X-Adblock-Key
X-FRAME-OPTIONS
Timing-Allow-Origin
X-CDN
X-Content-Security-Policy
X-Turbo-Charged-By
X-Permitted-Cross-Domain-Policies
Content-Encoding
P3p
X-Template
X-Language
Keep-Alive
X-Type
X-Via
X-AH-Environment
X-Backend
X-Cache-Group
WPE-Backend
X-Request-ID
X-Pass-Why
X-Buckets
X-Age
X-Server
X-Nginx-Cache-Status
Access-Control-Max-Age
X-Server-Powered-By
X-Pingback
Xkey
X-Varnish-Cache
Grace
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
Upgrade
X-Hacker
X-UA-Device
X-Amz-Request-Id
X-Page-Speed
Cf-Railgun
X-Amz-Id-2
X-Proxy-Cache
X-Robots-Tag
EagleId
X-LiteSpeed-Cache
X-Envoy-Upstream-Service-Time
Request-Context
X-Node
X-Swift-CacheTime
X-Swift-SaveTime
X-Ac
X-Device
Ali-Swift-Global-Savetime
X-Cnection
X-Host
Content-Location
X-Amz-Version-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Lookup
Surrogate-Control
X-Backend-Server
X-Server-Id
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Rack-Cache
X-Px
X-Response-Time
X-Instart-Request-ID
X-CST
Request-Id
X-Readtime
Server-Timing
X-Rq
X-Clacks-Overhead
X-HeyJason
Permitted-Cross-Domain-Policies
X-Do-Not-Hack
Pinterest-Generated-By
EagleEye-TraceId
X-Cloud-Trace-Context
X-Ua-Compatible
Edge-Control
X-Url
X-Application-Context
X-MS-InvokeApp
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country
Report-To
X-DynaTrace-JS-Agent
X-Server-Name
Charset
SPRequestGuid
Allow
X-Country-Code
X-SharePointHealthScore
X-DataDome
X-Ruxit-JS-Agent
Rating
X-Varnish-TTL
X-TTL
X-Cached
X-TtlSet
X-PC
X-Vname
X-ESI
X-Powered-CMS
X-Powered-By-Plesk
X-Recruiting
X-FTR-Request-ID
NEL
X-D2id
X-Vhost
X-CF-Powered-By
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
Public-Key-Pins
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Env
X-Version
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Revision
X-Geo-Segment
X-Exp-Variant
X-Kinja-Server
X-Kinja-Build
X-Kinja
X-F-Cache
X-DynaTrace
X-N
SPIisLatency
SPRequestDuration
X-VARITI-CCR
X-GoogleNews-Bot
Cartoon
X-Dw-Request-Base-Id
X-Mod-Pagespeed
X-T
MS-Author-Via
Content-MD5
X-Abt-Application-Version
RTSS
Nginx-Cache
Feature-Policy
AR-ATIME
AR-CACHE
AR-PoweredBy
X-GitHub-Request-Id
MicrosoftSharePointTeamServices
Verso
X-Dispatcher
X-Navigation-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Shield-Request-Id
X-Server-ID
X-Client-IP
X-Amz-Rid
Realpath
X-Goog-Hash
X-Hits
X-Forwarded-Proto
X-Trace
X-Origin-Cache
X-Cdn
Paypal-Debug-Id
X-Content-Options
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Zen-Fury
X-Content-Digest
Arr-Disable-Session-Affinity
X-Kinsta-Cache
TCN
AR-SID
X-B
X-Ttl
X-Id
X-Grace
X-Varnish-Age
X-Cache-Key
Alternate-Protocol
Fastcgi-Cache
DynaTrace
X-Sol
X-Upstream
X-Ser
X-Mrf-Item-Lastmod
Mrf-Cache-Status
Access-Control-Request-Method
X-Mrf-Section-Lastmod
MRF-Tech
X-Pad
X-Fastly-Request-ID
X-FastCGI-Cache
X-Middleton-Display
Display
X-Nf-Srv-Version
X-Via-JSL
X-NF-Request-ID
PB-PID
PB-RID
X-DIS-Request-ID
X-Vcap-Request-Id
X-Mobile-Rewrite
X-User-Agent
Response
X-Middleton-Response
Front-End-Https
Pagespeed
X-IPLB-Instance
X-Acc-Meta-Resource-Type
Rt-Fastcgi-Cache
X-MSEdge-Ref
X-SS-Set-Cookie
X-Cache-Rule
X-Frontend
Eomportal-Instance
X-PressLabs-Stats
X-Logged-In
X-Forwarded-For
X-Cache-Hit
X-Whom
Server-Name
X-Hostname
X-VCache
Arc-Version
Host
X-XRDS-Location
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Encoding
Tracecode
S
Cache-Status
Surrogate-Key
X-Webkit-Csp
X-FTR-Balancer
X-FTR-Backend-Server
X-Debug
X-FTR-Backend
X-Country-Code-Real
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-Expires
X-FTR-DC
X-Analytics
Backend-Timing
X-Request-Received
X-Request-Processing-Time
X-HS-Content-Id
Refresh
X-Newrelic-App-Data
TP-L2-Cache
TP-Cache
X-Contextid
X-AOL-HN
X-Magnolia-Registration
X-Instance
X-Proxied
Public-Key-Pins-Report-Only
FilterID
X-AppVersion
X-Az
X-Wix-Server-Artifact-Id
X-UUID
X-XRDS-LOCATION
X-Activity-Id
X-Rid
HitInfo
Server-Info
HitType
ServerID
X-HW
X-Srv
Liferay-Portal
X-WPE-Loopback-Upstream-Addr
X-NWS-LOG-UUID
X-URL
AMP-Access-Control-Allow-Source-Origin
X-B3-Traceid
Cleartype
Service-Worker-Allowed
X-Varnish-Server
X-Mobile
X-Content-Security-Policy-Report-Only
X-Varnish-Backend
X-FTR-Cache-Host
X-APP-VERSION
Served-By
X-Revision
X-HS-Cache-Config
X-Cache-Control
Edge-Cache-Tag
X-Origin
X-Geo-Country
X-Amzn-Trace-Id
X-Cache-Server
Source
X-RateLimit-Remaining
X-App-Environment
X-Hail-Hydra
X-Request-Guid
X-BCube-Filmed-By
Server-Node
X-PC-AppVer
X-PC-Hit
Retry-After
X-PC-Key
Host-Header
S-Cnection
X-Device-Type
X-PHP-Backend
X-Handled-By
X-Correlation-Id
X-Varnish-Hostname
X-Cache-Operation
X-TT
MS-CV
X-Cache-Config
X-Cache-2
X-Framework
Fastly-Restarts
X-Signature
X-Tumblr-Pixel-0
X-Tumblr-User
X-B-Cache
X-Tumblr-Pixel
X-FB-Debug
X-Page-Id
X-Origin-Upstream-Status
Powered-By-ChinaCache
Accept-Charset
DC
X-Cache-Action
X-TT-TIMESTAMP
X-Origin-Server
X-Sucuri-ID
X-Debug-Info
X-Ocache
Actual-Object-TTL
X-Hyper-Cache
X-PC-Host
X-Shield-Cache-Expires
Viewport
X-ADI-VCache
X-PC-Date
X-WA-Info
NGB
X-Content-Powered-By
X-ATG-Version
X-Accel-Expires
X-B3-Sampled
X-Microcachable
X-Cached-By
Upgrade-Insecure-Requests
X-Drupal-Cache-Tags
X-LB-Cache
Cache
AsisCache
X-Cache-NE
SRV
X-Akam-SW-Version
Filters
X-Generated-By
X-Yottaa-Optimizations
ServedBy
X-Yottaa-Metrics
X-App-Server
X-Locale
X-Cacheable-TTL
X-TX-ID
X-S
X-RequestSource
X-FW-Hash
Content-Style-Type
X-FW-Server
Content-Script-Type
X-Distil-CS
X-Internal-Host
X-Amz-Server-Side-Encryption
X-FW-Static
X-FW-Serve
X-FW-Type
X-Seen-By
X-GeoIP
X-WebKit-CSP-Report-Only
X-Wix-Request-Id
X-RTag
X-Accel-Buffering
X-Jobs
From-Origin
X-Cluster
X-Tumblr-Pixel-2
X-ServedBy
X-Tumblr-Pixel-1
X-Geo
X-HS-Combine-CSS
X-Varnish-Hits
X-Akamai-Edgescape
X-Daa-Tunnel
X-Node-Name
X-Adobe-Content
X-Adobe-Loc
X-Esi
X-Varnish-Cache-Hits
X-Sucuri-Cache
X-Varnish-IP
X-Varnish-Grace
X-GUploader-UploadID
X-Platform-Server
X-NewRelic-App-Data
X-Litespeed-Cache
X-TA-CDN-Provider
X-Vg-Webcache
X-RateLimit-Limit
X-Edge-Cache
X-Dns-Prefetch-Control
X-Edge-Cache-Key
X-Cache-TTL-Remaining
X-GZip
Datacenter
X-Cache-Remote
X-Storage
X-CDN-Forward
X-UA
HostName
X-Real-IP
X-Mode
X-Akamai-Transformed
X-Region
Cache-Tag
X-Cache-Age
X-Amz-Replication-Status
X-Drupal-Cache-Contexts
Country
X-Source
X-Distributor
X-Detected-As
X-Path-Route
Load-Balancing
X-MP-GENERATED-AT
X-ProcessESI
X-RemovedCookies
X-RN-RSRV
X-Rendered-As
X-Cache-Var-Map
X-Is-Bot
Machine
Meta-Geo
X-Cache-Var
X-Agile-Id
ServerName
X-Agile
X-Amzn-RequestId
X-NCache
X-Agile-Age
X-Amz-Apigw-Id
Fastly-SSL
X-Feature
X-BB-IP
X-Cache-Category-Id
X-CDN-Cache
X-ApacheServer
X-Akamai-Request-ID
GEO-INFO
Mn-Server-Ip
X-Grey
Cache-Key
X-NodeID
X-Upgrade-Enabled
X-Viewer-Country
X-Web-Node
X-Webstats-RespID
X-TWH-CORRELATION-ID
X-Time-Microsecs
X-PCL
X-PERF
X-Kinja-Server-Push
X-Cache-Bucket
X-OCL
Ohc-File-Size
X-Port
S-Rt
X-Proto
X-OVcl
X-Optimization
X-Human
X-OVcl-Cache
X-Pubstack
Azure-Version
Backend
L5d-Success-Class
Azure-SlotName
Azure-SiteName
Azure-InstanceId
Azure-RegionName
X-Amz-Meta-Surrogate-Control
X-Original-Request
X-Edge-Location
X-Debug-Cache
X-Cluster-Node
X-Cache-HT
X-EIG-Tracking-Id
X-CCM-LastModified
Healthy
Property-Id
X-CCM
TWC-Connection-Speed
X-Labrador-Cache-Channel
X-ProxyCache-Status
X-Hosted-By
X-IP
X-Instance-Name
X-FC-Vary-Parameters
TWC-Device-Class
LB
X-Generation-Time
TWC-GeoIP-Country
X-BYPASS-REASON
X-Origin-Hint
X-Access
X-Birta-Served
X-App-Name
X-Meta-Tbi-Cache-Vertical
X-AWS-Id
DB-Nickname
Webcakes-Region
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-LatLong
User-Cache-Control
X-LJ-Flow-ID
Webcakes-App-Version
Webcakes-App-Name
X-Birta-Cache-Post
X-ProxyCache-Key
X-Www-Served-By
X-Zipkin-Id
X-SplitTest
X-Site-Version
X-Routing-Service
X-ServerID
X-Section
X-Xfnlog-Site
X-VWS-Id
Cache-Name
X-Request-Time
X-Via-Fastly
X-Loop
X-TNCMS
X-Varnish-Cacheable
X-Format
Cache-Hits
X-Proxy
Fastcgi-Useragent
X-Surge-Debug
X-JoinUs
Now
Access-Control-Allow-Method
User-Agent
X-Generated
X-Backend-Name
X-Render-Type
X-Guploader-Uploadid
X-Ezoic-Cdn
RATING
X-Origin-CC
X-Tb
Payment
Selected-FE
X-Proxy-Build
Countrycode
X-Hit
X-Timing-Wait
X-Newrelic-Synthetics
X-Tumblr-Pixel-3
X-Time
Ec-Rule-Version
X-Cache-Enabled
X-CACHE-AGE
X-Nginx-Cache
X-DataStream-Cache-Status
X-Unique-ID
Origin-Cache-Control
Origin-Edge-Control
WP-Super-Cache
X-B3-TraceId
X-Oneagent-Js-Injection
X-L-Path
X-B3-Spanid
X-Nc
X-Environment-Context
X-Real-Ip
X-UA-Device-Type
X-Correlation-ID
X-Dc
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
Xserver
X-NU-AKA-ACS-Version
RequestId
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-NGENIX-Cache
NODE
X-Skip-Cache
X-WR-MODIFICATION
Webserver
Access-Control-Request-Headers
X-Vgn-Hpd-Reason
X-ElasticPress-Search
X-Content-Type
X-Upstream-CT
X-CLOUD-TRACE-CONTEXT
X-Upstream-HT
X-COUNTRY
Time
X-Be
X-Cache-Backend
X-Servedby
X-EdgeConnect-Cache-Status
X-Varnish-Beresp-Ttl
Warning
X-Croise-Owner
X-Status
Ws
Fastly-Soc-X-Request-Id
X-CF-Lambda-Fn
Fly-Cache
Fly-Request-Id
X-Application
X-Wix-Route-ID
Fastcgi-X-Cache
X-DPWN-IS-SECURE
Fastcgi-X-Cache-Version
X-CF-Lambda-Version
X-Region-Sid
X-Amz-Meta-Cache-Control
X-Planisys-CDN-Rules
AKAMAI
X-Planisys-CDN-Cache
X-A-Dcw
X-Planisys-CDN-TTL
X-Public
X-A-Wwc
X-SVT-ORM-VERSION
X-A-Dgt
X-Died
X-ARC
X-Cache-Id
X-D
X-Cache-Host
BehaviorPad-Version
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Via-Edge
X-Rewrite-Enabled
X-Connection-Hash
X-Destination
X-We-Are-Hiring
Cache-Prefix
X-BBXSRF
X-BB-ID
X-B-Cookie
X-PAYTM-SRV-ID
Apple-News-Services-Handled
Apple-News-Services-Host
X-Developer
X-VG-WebServer
X-Via-CDN
X-User
X-S-Cookie
X-Twitter-Response-Tags
Memcached
X-Haproxy-Hostname
Host-ID
Resin-Trace
X-Logtrace-Id
GMS-Ver
T-Server
Sta2Tusw
X-Fastly-Cache
MD5-Digest
X-Server-Time
X-Haproxy-Ip
X-Generated-In
X-Rojux
X-Trv-Group
X-G
Www
Xc-Version
X-From
X-A
X-A-Ccd
Ajk
X-A-Dam
X-SVT-ORM-RULES
X-No-Session
Meta-Geo-Continent
X-Transaction
X-Server-By
X-SRCache-Key
Viewtype
X-ND-Cache
VivaBuild
Cneonction
Release
Origin
Rendered-Blocks
Request-Time
NGX
IsBot
Fastly-SIE
V-Age
Fastly-SWR
X-Trace-Id
X-Var-Ttl
UCS
Uber-Trace-Id
X-Cache-Expires
X-Cache-CFC
X-Up
IBM-Web2-Location
Server-Int
X-CS
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-ScT
X-Sn-Servicetimems
X-Frame-Option
X-Request-URI
X-Date
X-FireWall-Port
X-F5-Cache
X-Forwarded-Host
X-Accel-Expires-Debug
X-Wikidot-Static-Cache
X-Phone
X-Core-Value
X-Cdn-Origin
X-SIPLIST1
X-GoCache-CacheStatus
X-Cache-Time
X-Debug-Cookies
X-Wikidot-Backend
X-Fstrz
X-Debug-Log
X-NX-Host
X-Webkit-CSP
X-StackifyID
X-Cache-Ttl
X-Matched-Rule
X-Gen-Mode
X-IN-WAF
X-Served-From
X-Stale
Proxy-Connection
X-MSEdge-Features
Pragrma
X-MI-In-Market
Pramga
X-GeoIP-City
Powered-By
X-TT-LOGID
Server-Host
Thinkindot-CacheControl
X-GeoIP-Country-Code
X-Hnp-Log
Thinkindot-CacheControl-Type
X-IN-SSL-APIGATEWAY
Thinkindot-Control
X-IN-APIGATEWAY
X-MSEdge-Flight
X-Passed-To-DLL
X-Developers
X-Block-Status
X-Bug-Bounty
X-Returned-From-BeforeDispatch
X-Backend-Url
X-Backend-Host
X-Backend-State
X-C
X-Returned-From-DLL
X-Content-Age
X-CGP
X-Server-IP
X-Thinkindot-L3
X-Returned-From-PostProcessResponse
X-Cache-Debug
X-Device-Os
X-Dispatcher-Server
X-Passed-To-PostProcessResponse
X-ServiceProvider
X-Servername
X-Passed-To-BeforeDispatch
Who
X-Passed-To
X-Actual-URL
X-Reboot
X-Env
X-Edge-IP
X-Returned-From
X-Epic-Correlation-Id
X-Amz-Meta-S3cmd-Attrs
X-Eu-Site
Web-Mar-Node
Cache-Cookie-Set-From
HA-Geocity
HA-Cloudapp
GW-Server
X-V
HA-Geocountry
HA-Geolon
HA-Ipaddr
HA-Host
Ha-Gx-Prefs
HA-Georegion
Platform
Fastly-Backend-Name
CDCHOST
Backend-Name
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Content-Disposition
Adler-Geo
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
HA-Servedtime
HA-Geolat
X-WebServer
X-UE-Client-Country
Odigeo-Trace-Id
MI-Cache-Age
X-VServer
MI-Cache
HA-Urlpath
Ohc-Response-Time
Httpd-Identifier
Heartbleed
HTTPS
Is-Eu
X-Worker
On-Server
X-TIME
OT-Force-Account-Verify
NnCoection
Apicache-Store
Apicache-Version
X-Release
X-Node-Id
X-Sorting-Hat-PodId-Cached
X-Shopify-Stage
X-Sorting-Hat-PrivacyLevel
X-Rocket-Nginx-Bypass
X-Sorting-Hat-ShopId
X-Page-Type
X-Response-By
X-Via-NSCOPI
X-Fetched-On
X-Ckpd-Fst-Backend
X-Sorting-Hat-ShopId-Cached
X-Cdn-Srv
X-Ver
X-Sorting-Hat-Section
X-Core-Mission
X-RCS-CacheZone
X-Auto-Login
X-Server-Group
X-ShardId
X-UnsetCookies
Kp-EeAlive
X-Location
X-Hl-Ver
Server-ID
MI-API
PFcat
X-ShopId
Request-Country
Request-EU
X-Hash
X-Sorting-Hat-FeatureSet
X-Secret
Drupal-Pagecache-Memcache
X-Alternate-Cache-Key
X-Backend-TTL
Esi-Enabled
X-Gannett-Site-Version
X-S-Maxage
X-Sorting-Hat-PodId
Dnion-Transfer-Encoding
X-Dynatrace
X-Origin-Date
X-Svr
NtCoent-Length
X-Origin-Expires
Version
X-Platform
X-Info
X-Cache-Control-Set-By
X-HCF
X-Cache-Srv
X-Cache-URL
X-Bip
X-Amz-Meta-S3b-Last-Modified
REQUESTUUID
X-Varnish-HitMiss
X-Varnish-Id
X-Thanos
X-Crawler
X-Clientip
Ar-Sid
Country-Code
Mime-Version
X-Req
X-Fastcgi-Cache
Cache-Provider
X-Refresh
X-P-T
X-Origin-TTL
X-App-Version
X-DC
Cteonnt-Length
X-Pf-Uncompressing
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Storage-Class
Processtime
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Yottaa-Sig
X-CSRF-Token
X-HS-Hub-Id
X-Ua
Pagetype
X-RateLimit-Limit-Second
X-Kong-Proxy-Latency
X-RateLimit-Remaining-Second
X-Kong-Upstream-Latency
X-From-Cache
Arc-Country
Accept-Ch
X-Amz-Meta-Sha256
FSS-Cache
X-EC-Security-Audit
X-Varnish-Url
Memory
FSS-Proxy
X-Pjax-Url
X-LiteSpeed-Cache-Control
Brightspot-Id
WebServer
X-Csrf-Token
X-Irp-Debug
X-NC
X-Cache-ASPX
X-Ruxit-Js-Agent
X-GRACE
X-LB-CacheStatus
Geoip-City
Sid
SN
X-ROOTCache
PageType
X-LB-Node
COMMERCE-SERVER-SOFTWARE
Geoip-Latitude
GeoIp-Country-Code
X-Atg-Version
X-Request-Start
PICS-Label
X-Request-UUID
MIME-Version
X-Endurance-Cache-Level
X-Cache-Handler
X-Cdn-Forward
Dynatrace
CF-IPCountry
X-Redis-Cache
Cdn
X-Rule
X-Wix-Petri-Ex
X-Load-Cache
X-Ratelimit-Remaining
Dont-Set-Cookie
X-Ratelimit-Limit
If-Modified-Since
X-Varnish-Action
X-Fastly-Backend-Reqs
Edgecast
X-SERVER-NAME
X-TId
BORDER-IP
PROCESSING-IP
X-Requestid
X-Layer
X-Servedbyhost
X-Varnish-Beresp-TTL
X-ServedByHost
X-Tid
Frame-Options
X-GDPR
X-Sf
X-Rocket-Nginx-Serving-Static
X-B3-SpanId
RNT-Machine
RNT-Time
X-RequestId
X-Fastly-Cache-Hits
X-Nananana
X-BE
X-Resolver-IP
Pics-Label
NodeID
X-DataStream-MidMile-RTT
X-Key
X-DataStream-Origin-MEX-Latency
X-Owner
XServer
X-Cache-TTL
CDN
Node
Cf-Ipcountry
Powered
CACHE
GeoIP-City
GeoIP-Country-Code
Web-Mar-Region
GeoIP-Latitude
X-Server-W
X-HTML-Minification-Powered-By
Cache-Tags
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
We-Hiring
X-Flog
X-ABtesting
Mail-Subject
X-GZIP
DataCenter
PageSpeed
WZWS-RAY
X-NWS-UUID-VERIFY
ProcessTime
X-Powered-By-ANYU
X-Shard
X-Dynatrace-Js-Agent
X-Varnish-Ttl
Lfy
X-VG-WebCache
X-Sentry-ID
Amp-Access-Control-Allow-Source-Origin
X-Use-Magma
Get-Access-Time
X-Ms-Version
X-CDN-Pop
X-Ms-Lease-Status
X-CDN-Pop-IP
Accept-CH
X-Ms-Blob-Type
Max-Age
X-Ms-Request-Id
X-Gdpr
Is-Session-Tracking
X-Cf-Powered-By
X-UPSTREAM-Address
X-Mem
X-FORWARDED-FOR
X-Varnish-URL
X-PJAX-URL
X-GEO
X-Powered-By-Defense
X-ID
X-PF-Uncompressing
X-ByteArk-Cache
Magicmarker
URI
X-Cache-FS-Status
X-Front
Xet-Cookie
X-Dw-Trace-Id
X-SRV
X-Varnish-ID
RequestUuid
X-Cookie
X-Trv-Request-Id
X-Oa-Upstreams
Hostname
X-Check-Cacheable
X-Remote-IP
X-NGINX-Cache
X-Unique-Id
X-DI
X-DSS
X-DW
X-DB
True-Client-Country-4JS
Requestid
X-Aicache-OS
Cdn-Host
X-Micro-Cache
X-Edge-Server
Cdn-Request-Time
X-Alicdn-Da-Ups-Status
X-RPS
X-Ms-Lease-State
X-Proxy-Server
X-VID
X-PAGE-TYPE
X-VG-TLSProxy
X-Zalando-Page-Type
X-RSL
X-RPM
X-Zalando-Child-Request-Id
X-Swa-Ws
X-SB
X-Policy
X-Fe
X-Litespeed-Cache-Control
X-RAMCache
X-VC
X-VarnPar2
X-Litespeed-Tag
CF-Cached-On
X-Hello
X-Acquia-Application-Trace
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-VarnPar1
X-VarnCache
X-Acquia-Application-UUID
X-PARISIEN-Cache-Rendered
WS
V-Cache
Rt-Proxy-Cache
Group
SID
N-Cache
X-Safe-Firewall