Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
Strict-Transport-Security
X-Powered-By
X-Content-Type-Options
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
Referrer-Policy
X-Xss-Protection
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
X-Generator
Content-Security-Policy-Report-Only
CF-Ray
Alt-Svc
X-AspNetMvc-Version
Status
X-Cache-Status
X-DNS-Prefetch-Control
X-Check
X-Iinfo
X-Adblock-Key
Timing-Allow-Origin
X-FRAME-OPTIONS
X-CDN
X-Content-Security-Policy
X-Turbo-Charged-By
X-Permitted-Cross-Domain-Policies
Content-Encoding
P3p
X-Request-ID
X-Template
X-Language
Keep-Alive
X-Via
X-Type
X-AH-Environment
X-Cache-Group
X-Backend
WPE-Backend
X-Pass-Why
X-Buckets
X-Age
X-Nginx-Cache-Status
X-Server
Access-Control-Max-Age
X-Server-Powered-By
X-Pingback
Xkey
X-Varnish-Cache
Grace
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Upgrade
X-Hacker
X-UA-Device
X-Amz-Request-Id
X-Page-Speed
Cf-Railgun
X-Proxy-Cache
X-Amz-Id-2
X-Robots-Tag
EagleId
X-LiteSpeed-Cache
X-Envoy-Upstream-Service-Time
X-Swift-SaveTime
X-Swift-CacheTime
Request-Context
X-Node
Ali-Swift-Global-Savetime
X-Device
X-Ac
X-Cnection
X-Host
Content-Location
X-Amz-Version-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Lookup
Surrogate-Control
X-WebKit-CSP
X-Backend-Server
X-Server-Id
X-OneAgent-JS-Injection
X-Rack-Cache
X-Instart-Request-ID
X-Response-Time
X-Px
X-CST
Request-Id
X-Readtime
X-Rq
Server-Timing
X-Clacks-Overhead
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
X-HeyJason
X-Cloud-Trace-Context
Pinterest-Generated-By
EagleEye-TraceId
Edge-Control
X-Url
X-Ua-Compatible
X-Application-Context
X-MS-InvokeApp
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country
Report-To
X-Server-Name
Charset
SPRequestGuid
Allow
X-DynaTrace-JS-Agent
X-Country-Code
X-SharePointHealthScore
X-TTL
X-DataDome
Rating
X-Varnish-TTL
X-Cached
X-Ruxit-JS-Agent
X-TtlSet
X-PC
X-Vname
X-Powered-CMS
X-ESI
X-Powered-By-Plesk
X-Recruiting
X-FTR-Request-ID
NEL
X-D2id
X-Vhost
Public-Key-Pins
X-Upstream-Env
Pinterest-Version
X-Pinterest-Rid
X-Version
X-Kinja-Server
X-Exp-Variant
X-Exp-Id
X-Geo-Segment
X-Kinja-Revision
X-Kinja
X-Kinja-Build
X-F-Cache
X-Cdn-Fetch
X-CF-Powered-By
SPIisLatency
SPRequestDuration
X-N
X-T
X-VARITI-CCR
X-Dw-Request-Base-Id
X-ORACLE-DMS-ECID
Cartoon
X-ORACLE-DMS-RID
X-GoogleNews-Bot
X-Mod-Pagespeed
X-DynaTrace
MS-Author-Via
Content-MD5
Nginx-Cache
RTSS
X-Abt-Application-Version
AR-ATIME
AR-PoweredBy
AR-CACHE
Feature-Policy
MicrosoftSharePointTeamServices
X-GitHub-Request-Id
Verso
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Navigation-Version
X-Shield-Request-Id
X-Dispatcher
X-Server-ID
X-Amz-Rid
X-Client-IP
Realpath
X-Hits
X-Forwarded-Proto
X-Goog-Hash
X-Trace
X-Origin-Cache
X-Cdn
AR-SID
Paypal-Debug-Id
Arr-Disable-Session-Affinity
X-Content-Options
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Zen-Fury
X-Content-Digest
X-Id
TCN
X-Kinsta-Cache
X-B
X-Grace
Alternate-Protocol
X-Varnish-Age
X-Cache-Key
Fastcgi-Cache
X-Sol
X-Ser
X-Upstream
DynaTrace
Mrf-Cache-Status
X-Ttl
MRF-Tech
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Access-Control-Request-Method
X-FastCGI-Cache
X-Pad
X-Fastly-Request-ID
X-Via-JSL
PB-RID
Display
X-Middleton-Display
PB-PID
X-NF-Request-ID
X-Nf-Srv-Version
X-Vcap-Request-Id
X-DIS-Request-ID
X-Mobile-Rewrite
X-IPLB-Instance
X-User-Agent
X-Middleton-Response
Response
Front-End-Https
X-SS-Set-Cookie
X-MSEdge-Ref
Rt-Fastcgi-Cache
Pagespeed
X-Cache-Rule
X-PressLabs-Stats
X-Frontend
Eomportal-Instance
X-Logged-In
X-Acc-Meta-Resource-Type
X-Whom
X-Cache-Hit
Server-Name
X-Forwarded-For
X-Hostname
X-Newrelic-App-Data
X-VCache
Arc-Version
X-XRDS-Location
Host
Tracecode
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Generation
Cache-Status
S
X-Debug
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Backend
X-Country-Code-Real
X-Request-Processing-Time
X-Request-Received
Surrogate-Key
X-FTR-Expires
X-FTR-Realm
Backend-Timing
X-Analytics
X-HS-Content-Id
Refresh
TP-L2-Cache
X-Instance
TP-Cache
X-AOL-HN
X-Contextid
X-Az
X-Proxied
X-AppVersion
X-Magnolia-Registration
FilterID
X-Activity-Id
X-UUID
X-NWS-LOG-UUID
Public-Key-Pins-Report-Only
X-Rid
X-XRDS-LOCATION
X-Wix-Server-Artifact-Id
HitType
Server-Info
ServerID
HitInfo
Liferay-Portal
X-HW
X-WPE-Loopback-Upstream-Addr
X-URL
X-Srv
X-B3-Traceid
Service-Worker-Allowed
AMP-Access-Control-Allow-Source-Origin
X-Varnish-Server
Cleartype
X-Mobile
X-Webkit-Csp
X-Content-Security-Policy-Report-Only
X-Varnish-Backend
Edge-Cache-Tag
X-HS-Cache-Config
X-FTR-Cache-Host
X-APP-VERSION
Served-By
X-Revision
X-Cache-Control
X-Origin
X-RateLimit-Remaining
Fastly-Restarts
S-Cnection
Source
X-Geo-Country
X-Cache-Server
X-Amzn-Trace-Id
X-App-Environment
Retry-After
X-BCube-Filmed-By
X-Hail-Hydra
Server-Node
X-PC-Hit
X-Request-Guid
Host-Header
X-PHP-Backend
X-PC-AppVer
X-Correlation-Id
X-PC-Key
X-Handled-By
X-Varnish-Hostname
X-Device-Type
X-TT
MS-CV
DC
X-Origin-Upstream-Status
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
X-Cache-Operation
X-B-Cache
X-Cache-Config
Powered-By-ChinaCache
X-Framework
X-Signature
X-FB-Debug
X-Cache-2
X-Page-Id
Accept-Charset
X-Ocache
X-Cache-Action
X-TT-TIMESTAMP
X-Sucuri-ID
X-Origin-Server
X-Debug-Info
Actual-Object-TTL
X-Hyper-Cache
X-Shield-Cache-Expires
X-ADI-VCache
X-PC-Host
X-PC-Date
Viewport
X-WA-Info
NGB
X-Accel-Expires
Cache
X-Content-Powered-By
X-Esi
X-Microcachable
Upgrade-Insecure-Requests
X-Cached-By
X-B3-Sampled
X-Drupal-Cache-Tags
X-ATG-Version
X-LB-Cache
SRV
Filters
X-Cache-NE
AsisCache
X-Akam-SW-Version
X-Generated-By
ServedBy
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Cacheable-TTL
X-FW-Serve
X-Locale
X-FW-Hash
X-FW-Server
X-TX-ID
X-FW-Static
X-FW-Type
X-Internal-Host
X-Amz-Server-Side-Encryption
X-RTag
X-S
X-RequestSource
X-Daa-Tunnel
Content-Script-Type
Content-Style-Type
X-Distil-CS
X-GeoIP
X-HS-Combine-CSS
X-Seen-By
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-WebKit-CSP-Report-Only
X-Wix-Request-Id
X-App-Server
X-Jobs
From-Origin
X-Accel-Buffering
X-Cluster
X-Varnish-Hits
X-Akamai-Edgescape
X-Geo
X-Sucuri-Cache
X-Adobe-Loc
X-Adobe-Content
X-Varnish-IP
X-Varnish-Cache-Hits
X-Varnish-Grace
X-Node-Name
X-ServedBy
X-GZip
X-Platform-Server
X-Cache-Remote
X-Edge-Cache
X-Edge-Cache-Key
X-Vg-Webcache
X-Dns-Prefetch-Control
HostName
Datacenter
X-CDN-Forward
X-Cache-TTL-Remaining
X-Storage
X-RateLimit-Limit
X-Feature
X-Oneagent-Js-Injection
X-UA
X-Region
X-GUploader-UploadID
X-Akamai-Transformed
X-Mode
X-Cache-Age
X-Amz-Replication-Status
Cache-Tag
X-Real-IP
X-Drupal-Cache-Contexts
Country
X-TA-CDN-Provider
X-Distributor
X-NewRelic-App-Data
X-Cache-Bucket
X-Source
X-RN-RSRV
Load-Balancing
X-Cache-Var-Map
X-Is-Bot
X-Cache-Var
X-Path-Route
X-MP-GENERATED-AT
X-Rendered-As
X-ProcessESI
X-RemovedCookies
Machine
Meta-Geo
X-Detected-As
X-Guploader-Uploadid
ServerName
X-Agile-Id
X-Agile
X-Agile-Age
Ohc-File-Size
X-Amzn-RequestId
X-Amz-Apigw-Id
X-NCache
Fastly-SSL
X-Port
X-PCL
X-ApacheServer
X-OCL
Mn-Server-Ip
X-TWH-CORRELATION-ID
X-Upgrade-Enabled
X-Time-Microsecs
X-Akamai-Request-ID
X-NodeID
X-Kinja-Server-Push
X-BB-IP
X-CDN-Cache
X-Cache-Category-Id
X-Viewer-Country
Cache-Key
GEO-INFO
X-PERF
X-Web-Node
X-Grey
X-Webstats-RespID
X-Cache-HT
X-Amz-Meta-Surrogate-Control
Azure-RegionName
X-Edge-Location
X-Debug-Cache
X-EIG-Tracking-Id
Azure-InstanceId
Azure-SiteName
X-Cluster-Node
X-Instance-Name
X-OVcl-Cache
X-Optimization
L5d-Success-Class
X-Via-Fastly
Cache-Name
X-Proto
S-Rt
X-Human
X-Pubstack
Azure-SlotName
X-Request-Time
X-OVcl
Azure-Version
X-Original-Request
Backend
TWC-GeoIP-Country
Webcakes-App-Version
X-Access
Webcakes-Region
DB-Nickname
TWC-Connection-Speed
TWC-Device-Class
TWC-Privacy
TWC-Locale-Group
User-Cache-Control
LB
Webcakes-App-Name
TWC-GeoIP-LatLong
Healthy
X-LJ-Flow-ID
X-Section
X-Routing-Service
X-ServerID
X-Site-Version
X-App-Name
X-Oracle-Dms-Rid
X-Origin-Hint
X-Oracle-Dms-Ecid
X-Zipkin-Id
Property-Id
X-Xfnlog-Site
X-Www-Served-By
X-VWS-Id
X-SplitTest
X-ProxyCache-Status
X-ProxyCache-Key
X-CCM
X-CCM-LastModified
X-BYPASS-REASON
X-Birta-Served
X-AWS-Id
X-Birta-Cache-Post
X-FC-Vary-Parameters
X-Format
X-Proxy
X-Meta-Tbi-Cache-Vertical
X-Labrador-Cache-Channel
X-IP
X-Generation-Time
X-Hosted-By
X-Render-Type
X-Varnish-Cacheable
X-Loop
X-Surge-Debug
X-TNCMS
Cache-Hits
Now
Fastcgi-Useragent
Access-Control-Allow-Method
X-JoinUs
X-Generated
User-Agent
X-Backend-Name
X-Newrelic-Synthetics
X-Ezoic-Cdn
X-Tumblr-Pixel-3
X-Hit
X-Origin-CC
X-Proxy-Build
RATING
X-Timing-Wait
Selected-FE
Countrycode
X-Nginx-Cache
Payment
X-Tb
X-Cache-Enabled
X-Time
WP-Super-Cache
X-Real-Ip
X-CACHE-AGE
Ec-Rule-Version
Origin-Edge-Control
Origin-Cache-Control
X-DataStream-Cache-Status
X-Unique-ID
X-L-Path
X-Nc
X-Environment-Context
X-B3-TraceId
X-B3-Spanid
X-Correlation-ID
RequestId
X-Dc
X-NU-AKA-ACS-Version
Xserver
X-UA-Device-Type
X-Skip-Cache
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Dynatrace
Webserver
X-NGENIX-Cache
X-Servedby
Access-Control-Request-Headers
X-Litespeed-Cache
NODE
X-WR-MODIFICATION
X-Vgn-Hpd-Reason
X-Upstream-HT
X-Upstream-CT
Time
X-ElasticPress-Search
X-Be
X-Croise-Owner
X-COUNTRY
X-Content-Type
X-EdgeConnect-Cache-Status
X-Cache-Backend
X-Varnish-Beresp-Ttl
Ws
Warning
X-ND-Cache
X-User
MD5-Digest
X-No-Session
Memcached
Host-ID
Resin-Trace
T-Server
X-Transaction
X-Trv-Group
Sta2Tusw
X-S-Cookie
Meta-Geo-Continent
X-Logtrace-Id
Fly-Request-Id
X-Server-By
Fastly-Soc-X-Request-Id
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Apple-News-Services-Handled
AKAMAI
Xc-Version
X-SVT-ORM-VERSION
Ajk
X-SVT-ORM-RULES
BehaviorPad-Version
Fastcgi-X-Cache-Version
Viewtype
Fly-Cache
X-PAYTM-SRV-ID
X-SRCache-Key
Cache-Prefix
Fastcgi-X-Cache
X-Server-Time
Www
X-We-Are-Hiring
X-Public
X-Destination
X-Planisys-CDN-TTL
X-D
X-Region-Sid
X-Twitter-Response-Tags
X-Connection-Hash
X-Wix-Route-ID
X-Developer
X-Planisys-CDN-Rules
X-Via-CDN
X-G
X-Generated-In
X-From
X-Fastly-Cache
X-Via-Edge
X-Died
X-DPWN-IS-SECURE
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-Amz-Meta-Cache-Control
X-A-Dam
X-Planisys-CDN-Cache
X-VG-WebServer
X-A
X-A-Ccd
X-Haproxy-Ip
X-ARC
X-Cache-Host
X-Rewrite-Enabled
X-Cache-Id
X-Haproxy-Hostname
X-Rojux
X-B-Cookie
X-BB-ID
X-BBXSRF
VivaBuild
X-Application
Cneonction
IBM-Web2-Location
UCS
X-StackifyID
NGX
X-NX-Host
Fastly-SWR
Fastly-SIE
Odigeo-Trace-Id
X-Request-URI
Origin
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Cache-Expires
X-Phone
X-Cache-Time
X-Core-Value
X-Frame-Option
X-Fstrz
X-Forwarded-Host
X-FireWall-Port
X-F5-Cache
X-Gannett-Site-Version
IsBot
X-ScT
X-CS
X-Debug-Cookies
X-Debug-Log
X-Cdn-Origin
X-Cache-CFC
Rendered-Blocks
X-Status
Release
X-Up
X-Trace-Id
X-Secret
X-Var-Ttl
V-Age
Uber-Trace-Id
Request-Time
X-SIPLIST1
X-Sn-Servicetimems
GMS-Ver
X-Wikidot-Backend
X-Wikidot-Static-Cache
Server-Int
X-Cache-Ttl
X-C
X-Webkit-CSP
Web-Mar-Node
X-Dispatcher-Server
X-Developers
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Device-Os
Who
X-Backend-TTL
X-Cache-Debug
X-Backend-Url
X-Edge-IP
X-TIME
X-Block-Status
X-Backend-State
X-Backend-Host
X-CGP
X-Ckpd-Fst-Backend
X-Cdn-Srv
X-Actual-URL
X-Amz-Meta-S3cmd-Attrs
X-Content-Age
X-IN-WAF
X-Server-IP
X-Servername
X-ServiceProvider
X-Stale
X-Server-Group
X-Served-From
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-Thinkindot-L3
X-TT-LOGID
X-Worker
X-Accel-Expires-Debug
X-Date
X-WebServer
X-VServer
X-UE-Client-Country
X-UnsetCookies
X-V
X-Returned-From
X-Reboot
X-Hnp-Log
X-IN-APIGATEWAY
X-IN-SSL-APIGATEWAY
X-GeoIP-Country-Code
X-GeoIP-City
X-Epic-Correlation-Id
X-Eu-Site
X-Gen-Mode
Thinkindot-CacheControl
X-Location
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Passed-To
X-MSEdge-Flight
X-Matched-Rule
X-MI-In-Market
X-MSEdge-Features
X-Env
X-GoCache-CacheStatus
Fastly-Backend-Name
Ohc-Response-Time
GW-Server
HA-Cloudapp
HA-Geocountry
HA-Geocity
On-Server
Esi-Enabled
Platform
Pragrma
Decoy-Debug-Key
Decoy-Debug-Status
Drupal-Pagecache-Memcache
Decoy-Debug-TTL
MI-Cache-Age
HA-Geolat
HA-Urlpath
HA-Servedtime
Heartbleed
Httpd-Identifier
Is-Eu
HTTPS
HA-Ipaddr
HA-Host
MI-Cache
HA-Geolon
HA-Georegion
MI-API
Ha-Gx-Prefs
Pramga
Powered-By
Server-Host
Cache-Cookie-Set-From
Backend-Name
Adler-Geo
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
CDCHOST
Proxy-Connection
Content-Disposition
NnCoection
X-CSRF-Token
X-Ruxit-Js-Agent
X-Sorting-Hat-ShopId-Cached
X-Sorting-Hat-Section
X-Sorting-Hat-PrivacyLevel
Apicache-Version
X-Sorting-Hat-ShopId
X-Varnish-Id
X-Sorting-Hat-PodId-Cached
X-Ver
X-Via-NSCOPI
X-Fetched-On
X-Bug-Bounty
Apicache-Store
X-Shopify-Stage
X-Page-Type
Version
X-S-Maxage
X-Rocket-Nginx-Bypass
X-Response-By
Kp-EeAlive
X-Node-Id
X-ShardId
X-Hash
X-Sorting-Hat-FeatureSet
X-Hl-Ver
X-Release
X-ShopId
X-Sorting-Hat-PodId
X-RCS-CacheZone
X-Alternate-Cache-Key
Request-Country
Request-EU
X-Auto-Login
PFcat
X-Cache-Srv
OT-Force-Account-Verify
REQUESTUUID
X-Core-Mission
Server-ID
Mime-Version
X-Oss-Request-Id
X-Cache-Control-Set-By
X-Clientip
X-Oss-Object-Type
X-Origin-Expires
X-Oss-Server-Time
X-Info
X-Oss-Storage-Class
X-HCF
X-Origin-Date
X-Svr
X-Varnish-HitMiss
X-Bip
Dnion-Transfer-Encoding
X-Crawler
X-Amz-Meta-S3b-Last-Modified
X-Platform
X-Thanos
X-Oss-Hash-Crc64ecma
X-Cache-URL
NtCoent-Length
Cache-Provider
X-P-T
X-Yottaa-Sig
X-Refresh
X-Fastcgi-Cache
Country-Code
X-App-Version
X-Origin-TTL
X-DC
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Req
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
FSS-Cache
Pagetype
FSS-Proxy
Processtime
X-Pf-Uncompressing
X-Varnish-Url
X-Ua
Cteonnt-Length
Arc-Country
Brightspot-Id
X-From-Cache
Memory
Ar-Sid
X-Irp-Debug
Dynatrace
X-LiteSpeed-Cache-Control
Accept-Ch
X-EC-Security-Audit
X-Atg-Version
COMMERCE-SERVER-SOFTWARE
X-CLOUD-TRACE-CONTEXT
WebServer
X-Pjax-Url
X-Amz-Meta-Sha256
X-NC
X-Cache-ASPX
Sid
X-ROOTCache
X-LB-Node
X-LB-CacheStatus
X-HS-Hub-Id
X-Request-UUID
X-Request-Start
PageType
X-Ratelimit-Limit
Geoip-City
X-Csrf-Token
GeoIp-Country-Code
PICS-Label
X-Endurance-Cache-Level
Cdn
Geoip-Latitude
SN
X-Cdn-Forward
CF-IPCountry
X-Varnish-Action
If-Modified-Since
Edgecast
X-Fastly-Backend-Reqs
X-Redis-Cache
X-Load-Cache
MIME-Version
X-Ratelimit-Remaining
X-Cache-Handler
X-Layer
X-SERVER-NAME
X-GRACE
X-Requestid
Dont-Set-Cookie
X-TId
PROCESSING-IP
BORDER-IP
X-Wix-Petri-Ex
X-ServedByHost
X-Rocket-Nginx-Serving-Static
X-Varnish-Beresp-TTL
X-GDPR
X-Dynatrace-Js-Agent
X-Servedbyhost
X-Tid
Frame-Options
X-Nananana
X-B3-SpanId
X-RequestId
X-Rule
X-Fastly-Cache-Hits
X-Sf
X-Key
NodeID
X-Resolver-IP
RNT-Machine
RNT-Time
X-BE
X-Owner
Pics-Label
X-Cache-TTL
X-Cf-Powered-By
Cf-Ipcountry
CDN
GeoIP-Latitude
GeoIP-Country-Code
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Server-W
Node
Web-Mar-Region
GeoIP-City
X-NWS-UUID-VERIFY
CACHE
X-Flog
X-HTML-Minification-Powered-By
Powered
X-ABtesting
WZWS-RAY
ProcessTime
XServer
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-Sentry-ID
Lfy
X-Powered-By-ANYU
We-Hiring
Mail-Subject
X-FORWARDED-FOR
Cache-Tags
PageSpeed
DataCenter
X-CDN-Pop
X-CDN-Pop-IP
X-Varnish-Ttl
X-VG-WebCache
X-Shard
Max-Age
Get-Access-Time
Is-Session-Tracking
X-Use-Magma
Amp-Access-Control-Allow-Source-Origin
X-SRV
Accept-CH
X-ByteArk-Cache
X-Mem
X-GZIP
X-PJAX-URL
X-PF-Uncompressing
X-Gdpr
URI
X-Cache-FS-Status
Magicmarker
X-Front
X-UPSTREAM-Address
X-Check-Cacheable
X-GEO
X-Powered-By-Defense
X-Dw-Trace-Id
Xet-Cookie
X-Varnish-URL
X-Micro-Cache
X-Cookie
X-Oa-Upstreams
X-Ms-Lease-Status
X-Ms-Blob-Type
X-Remote-IP
X-Zalando-Child-Request-Id
X-Ms-Request-Id
X-Ms-Version
X-Zalando-Page-Type
X-Trv-Request-Id
X-Unique-Id
Group
V-Cache
X-VC
X-Varnish-ID
X-PARISIEN-Cache-Rendered
X-VarnPar2
RequestUuid
X-SB
X-PAGE-TYPE
N-Cache
X-VarnCache
X-Proxy-Server
Rt-Proxy-Cache
X-Aicache-OS
X-VarnPar1
X-Safe-Firewall
Requestid
X-NGINX-Cache
Hostname
X-HGenerator
X-Litespeed-Cache-Control
X-RAMCache
X-Fe
WS
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Alicdn-Da-Ups-Status
WWW-Authenticate
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Hello
CF-Cached-On
X-M-Log
X-M-Reqid
X-Litespeed-Tag
X-Qnm-Cache
SID