Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
X-Xss-Protection
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
CF-Ray
Alt-Svc
Status
X-AspNetMvc-Version
X-Cache-Status
X-DNS-Prefetch-Control
X-Check
X-Iinfo
X-Adblock-Key
X-FRAME-OPTIONS
X-CDN
Timing-Allow-Origin
X-Content-Security-Policy
X-Turbo-Charged-By
X-Permitted-Cross-Domain-Policies
P3p
Content-Encoding
X-Template
X-Language
Keep-Alive
X-Type
X-Via
X-AH-Environment
X-Request-ID
X-Cache-Group
X-Backend
WPE-Backend
X-Pass-Why
X-Age
X-Buckets
X-Server
X-Nginx-Cache-Status
Access-Control-Max-Age
X-Server-Powered-By
X-Pingback
Xkey
X-Varnish-Cache
Grace
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Expose-Headers
X-Hacker
X-UA-Device
X-Amz-Request-Id
X-Page-Speed
Cf-Railgun
X-Amz-Id-2
X-Proxy-Cache
X-Robots-Tag
X-LiteSpeed-Cache
EagleId
X-Envoy-Upstream-Service-Time
Request-Context
X-Node
X-Swift-SaveTime
X-Swift-CacheTime
X-Ac
X-Device
X-Cnection
X-Host
Ali-Swift-Global-Savetime
Content-Location
X-Amz-Version-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Server-Id
Surrogate-Control
X-WebKit-CSP
X-Backend-Server
X-Cache-Lookup
X-OneAgent-JS-Injection
X-Rack-Cache
X-Response-Time
X-Px
X-Instart-Request-ID
Request-Id
X-Readtime
Server-Timing
X-CST
X-Rq
X-Clacks-Overhead
Permitted-Cross-Domain-Policies
X-HeyJason
X-Do-Not-Hack
Pinterest-Generated-By
X-Ua-Compatible
EagleEye-TraceId
X-Cloud-Trace-Context
Edge-Control
X-Url
X-Application-Context
X-MS-InvokeApp
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country
Report-To
X-Server-Name
Charset
SPRequestGuid
X-DynaTrace-JS-Agent
X-Country-Code
Allow
X-SharePointHealthScore
X-DataDome
X-Ruxit-JS-Agent
X-ESI
Rating
X-Varnish-TTL
X-Vname
X-TtlSet
X-PC
X-Cached
X-Powered-CMS
X-Powered-By-Plesk
X-TTL
X-Recruiting
X-CF-Powered-By
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-FTR-Request-ID
NEL
X-D2id
X-Vhost
X-DynaTrace
Public-Key-Pins
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Env
X-Cdn-Fetch
X-Version
X-Kinja-Server
X-F-Cache
X-Exp-Variant
X-Geo-Segment
X-Exp-Id
X-Kinja-Build
X-Kinja-Revision
X-Kinja
X-N
SPRequestDuration
SPIisLatency
X-T
X-VARITI-CCR
X-Dw-Request-Base-Id
Cartoon
X-GoogleNews-Bot
X-Mod-Pagespeed
MS-Author-Via
Content-MD5
X-Abt-Application-Version
RTSS
Nginx-Cache
Feature-Policy
X-GitHub-Request-Id
Verso
AR-PoweredBy
AR-CACHE
AR-ATIME
X-Dispatcher
MicrosoftSharePointTeamServices
X-Navigation-Version
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Goog-Hash
X-Shield-Request-Id
X-Amz-Rid
X-Client-IP
Realpath
X-Hits
X-Forwarded-Proto
X-Cdn
X-Ttl
X-Origin-Cache
X-Trace
Paypal-Debug-Id
X-Server-ID
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Content-Options
X-TEC-API-ORIGIN
X-Content-Digest
X-Zen-Fury
X-Id
X-Grace
X-Kinsta-Cache
Arr-Disable-Session-Affinity
TCN
AR-SID
X-B
DynaTrace
Alternate-Protocol
X-Varnish-Age
X-Cache-Key
Fastcgi-Cache
X-Sol
X-Upstream
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-Mrf-Item-Lastmod
MRF-Tech
X-Ser
Access-Control-Request-Method
X-Pad
X-Fastly-Request-ID
X-FastCGI-Cache
X-Middleton-Display
Display
PB-PID
PB-RID
X-Nf-Srv-Version
X-NF-Request-ID
X-Mobile-Rewrite
X-Via-JSL
X-DIS-Request-ID
X-Acc-Meta-Resource-Type
X-Vcap-Request-Id
X-Dns-Prefetch-Control
Response
X-User-Agent
X-Middleton-Response
X-Forwarded-For
Pagespeed
Front-End-Https
X-MSEdge-Ref
X-IPLB-Instance
Rt-Fastcgi-Cache
X-Cache-Rule
X-SS-Set-Cookie
X-PressLabs-Stats
X-Frontend
Eomportal-Instance
X-Logged-In
X-Cache-Hit
Arc-Version
Server-Name
X-Whom
X-VCache
X-Hostname
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-XRDS-LOCATION
Host
Tracecode
Surrogate-Key
Cache-Status
S
X-FTR-Expires
X-FTR-DC
X-FTR-Realm
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Balancer
X-Debug
X-Request-Received
X-Analytics
X-Request-Processing-Time
Backend-Timing
X-Newrelic-App-Data
X-HS-Content-Id
X-AOL-HN
TP-L2-Cache
TP-Cache
Refresh
X-Instance
X-Contextid
X-Proxied
X-Magnolia-Registration
X-AppVersion
X-Activity-Id
X-Az
Public-Key-Pins-Report-Only
X-Rid
X-Srv
X-Wix-Server-Artifact-Id
FilterID
X-UUID
ServerID
X-XRDS-Location
Server-Info
HitType
HitInfo
X-WPE-Loopback-Upstream-Addr
X-URL
X-HW
Liferay-Portal
X-Webkit-Csp
AMP-Access-Control-Allow-Source-Origin
Cleartype
X-B3-Traceid
Service-Worker-Allowed
X-Mobile
X-Varnish-Server
X-Content-Security-Policy-Report-Only
X-Varnish-Backend
X-FTR-Cache-Host
X-NWS-LOG-UUID
Served-By
X-Correlation-Id
X-Cache-Control
X-APP-VERSION
X-Revision
X-Origin
X-Amzn-Trace-Id
X-Geo-Country
X-Cache-Server
X-HS-Cache-Config
Source
Edge-Cache-Tag
Server-Node
X-App-Environment
Retry-After
Host-Header
X-PHP-Backend
X-Request-Guid
X-BCube-Filmed-By
X-PC-Hit
X-Hail-Hydra
X-PC-AppVer
X-PC-Key
MS-CV
X-RateLimit-Remaining
X-Handled-By
X-Varnish-Hostname
X-Device-Type
X-TT
X-Cache-Operation
DC
X-Tumblr-User
S-Cnection
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Framework
X-Origin-Upstream-Status
X-Cache-Config
X-Signature
Fastly-Restarts
X-B-Cache
X-Cache-2
X-FB-Debug
Powered-By-ChinaCache
X-Page-Id
Accept-Charset
X-Origin-Server
X-Cache-Action
X-TT-TIMESTAMP
X-Sucuri-ID
X-Ocache
X-Debug-Info
X-PC-Host
Actual-Object-TTL
X-PC-Date
Viewport
X-ATG-Version
X-Shield-Cache-Expires
X-ADI-VCache
X-Hyper-Cache
X-WA-Info
NGB
X-Content-Powered-By
X-B3-Sampled
X-Cached-By
X-Accel-Expires
X-Microcachable
X-Drupal-Cache-Tags
Upgrade-Insecure-Requests
X-LB-Cache
X-Akam-SW-Version
SRV
Filters
X-Cache-NE
AsisCache
Cache
X-Generated-By
X-Yottaa-Optimizations
ServedBy
X-Yottaa-Metrics
X-FW-Server
X-FW-Hash
X-RequestSource
X-Internal-Host
X-App-Server
X-Cacheable-TTL
X-FW-Static
X-RTag
X-Locale
X-S
X-FW-Serve
X-FW-Type
Content-Style-Type
X-Tumblr-Pixel-2
X-Seen-By
X-Amz-Server-Side-Encryption
X-Wix-Request-Id
X-Distil-CS
X-WebKit-CSP-Report-Only
Content-Script-Type
X-GeoIP
X-Tumblr-Pixel-1
X-TX-ID
X-Jobs
X-Accel-Buffering
X-Cluster
From-Origin
X-Varnish-Hits
X-Geo
X-Akamai-Edgescape
X-Node-Name
X-Sucuri-Cache
X-Litespeed-Cache
X-Adobe-Content
X-HS-Combine-CSS
X-Varnish-Cache-Hits
X-Adobe-Loc
X-RateLimit-Limit
X-Varnish-IP
X-UA
X-Varnish-Grace
X-GZip
X-Platform-Server
X-Cache-Age
X-ServedBy
X-NewRelic-App-Data
X-Edge-Cache
X-Edge-Cache-Key
X-Daa-Tunnel
X-Cache-TTL-Remaining
Datacenter
X-Vg-Webcache
X-Cache-Remote
X-Storage
X-CDN-Forward
HostName
X-Mode
X-GUploader-UploadID
X-Region
Cache-Tag
X-Akamai-Transformed
X-Esi
X-Amz-Replication-Status
X-Drupal-Cache-Contexts
X-Distributor
X-Guploader-Uploadid
X-Real-IP
X-Kinja-Server-Push
X-Source
X-Rendered-As
Load-Balancing
Meta-Geo
Machine
X-RN-RSRV
X-Cache-Var-Map
X-RemovedCookies
X-ProcessESI
X-MP-GENERATED-AT
X-Is-Bot
X-Detected-As
X-Cache-Var
X-TA-CDN-Provider
X-Path-Route
X-Agile-Age
ServerName
X-NCache
X-Amz-Apigw-Id
X-Agile
X-Amzn-RequestId
X-Agile-Id
Fastly-SSL
Country
X-OCL
X-NodeID
X-PCL
X-Time-Microsecs
X-TWH-CORRELATION-ID
X-CDN-Cache
X-PERF
X-Cache-Category-Id
GEO-INFO
Mn-Server-Ip
Cache-Key
X-Akamai-Request-ID
X-BB-IP
X-ApacheServer
X-Upgrade-Enabled
X-Grey
X-Web-Node
X-Viewer-Country
X-Webstats-RespID
X-Cache-HT
X-Human
Azure-InstanceId
Backend
L5d-Success-Class
X-Instance-Name
X-Via-Fastly
X-Debug-Cache
X-Cluster-Node
X-Edge-Location
X-EIG-Tracking-Id
Cache-Name
Ohc-File-Size
X-Optimization
Azure-SlotName
X-Pubstack
Azure-SiteName
Azure-RegionName
X-Amz-Meta-Surrogate-Control
S-Rt
X-Proto
X-Port
Azure-Version
X-OVcl
X-Original-Request
X-OVcl-Cache
X-Access
X-ProxyCache-Key
Webcakes-Region
User-Cache-Control
TWC-Device-Class
TWC-Connection-Speed
X-ServerID
Property-Id
TWC-GeoIP-Country
TWC-GeoIP-LatLong
Webcakes-App-Name
X-ProxyCache-Status
TWC-Privacy
TWC-Locale-Group
Webcakes-App-Version
X-CCM
X-Meta-Tbi-Cache-Vertical
X-Www-Served-By
X-LJ-Flow-ID
X-Labrador-Cache-Channel
X-IP
X-Origin-Hint
X-Request-Time
X-VWS-Id
X-SplitTest
X-Section
X-Routing-Service
X-Hosted-By
X-Generation-Time
X-BYPASS-REASON
X-AWS-Id
X-App-Name
X-FC-Vary-Parameters
X-Birta-Cache-Post
X-Birta-Served
X-Format
X-Xfnlog-Site
X-CCM-LastModified
X-Zipkin-Id
X-Proxy
X-Site-Version
DB-Nickname
LB
Healthy
Fastcgi-Useragent
Cache-Hits
X-Cache-Bucket
X-Loop
Now
X-TNCMS
X-Varnish-Cacheable
X-Surge-Debug
Access-Control-Allow-Method
X-JoinUs
User-Agent
RATING
X-Generated
X-Time
X-Backend-Name
X-Tumblr-Pixel-3
X-Ezoic-Cdn
X-Render-Type
X-Tb
X-Real-Ip
Payment
Countrycode
X-Hit
Selected-FE
X-Origin-CC
X-Proxy-Build
X-Timing-Wait
X-Feature
Ec-Rule-Version
X-Dc
X-Cache-Enabled
X-Newrelic-Synthetics
X-B3-TraceId
X-Nc
X-DataStream-Cache-Status
X-Nginx-Cache
X-Oneagent-Js-Injection
Origin-Cache-Control
Origin-Edge-Control
WP-Super-Cache
X-L-Path
X-Environment-Context
X-B3-Spanid
X-Unique-ID
RequestId
X-UA-Device-Type
X-Servedby
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
Xserver
X-NU-AKA-ACS-Version
X-CACHE-AGE
X-Skip-Cache
X-Ah-Environment
X-NGENIX-Cache
X-Correlation-ID
X-WR-MODIFICATION
NODE
X-COUNTRY
X-CLOUD-TRACE-CONTEXT
Access-Control-Request-Headers
X-Content-Type
Webserver
X-ElasticPress-Search
X-Vgn-Hpd-Reason
X-Be
Time
X-EdgeConnect-Cache-Status
X-Upstream-HT
X-Cache-Backend
X-Upstream-CT
Warning
Ws
X-Status
X-CF-Lambda-Fn
GMS-Ver
X-ND-Cache
X-No-Session
X-Cache-Id
X-CF-Lambda-Version
Fly-Cache
X-Logtrace-Id
Fly-Request-Id
X-Connection-Hash
X-SVT-ORM-RULES
X-S-Cookie
X-DPWN-IS-SECURE
X-ARC
X-Application
MD5-Digest
Host-ID
X-BB-ID
X-Cache-Host
X-SVT-ORM-VERSION
X-BBXSRF
Fastly-Soc-X-Request-Id
X-Haproxy-Ip
Apple-News-Services-Handled
AKAMAI
Ajk
X-Developer
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
BehaviorPad-Version
Cache-Prefix
X-Died
Apple-News-Services-Request-Url
X-Fastly-Cache
X-User
X-Generated-In
Fastcgi-X-Cache
Fastcgi-X-Cache-Version
X-Haproxy-Hostname
X-SRCache-Key
X-D
X-Destination
X-From
X-Date
X-G
X-PAYTM-SRV-ID
X-B-Cookie
X-A
Www
X-Server-Time
X-Rojux
X-Trv-Group
Memcached
X-A-Dcw
X-A-Dam
X-We-Are-Hiring
X-A-Ccd
X-Via-Edge
X-Twitter-Response-Tags
Resin-Trace
X-VG-WebServer
Sta2Tusw
T-Server
X-Via-CDN
Viewtype
X-Cache-Ttl
VivaBuild
X-Rewrite-Enabled
X-A-Dgt
X-Transaction
X-Region-Sid
X-Accel-Expires-Debug
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Amz-Meta-Cache-Control
X-Server-By
Xc-Version
X-Public
Meta-Geo-Continent
X-Planisys-CDN-Cache
X-A-Wwc
X-Wix-Route-ID
X-Croise-Owner
X-Webkit-CSP
Server-Int
Uber-Trace-Id
X-Debug-Log
Request-Time
UCS
IsBot
V-Age
IBM-Web2-Location
Rendered-Blocks
Odigeo-Trace-Id
Fastly-SWR
X-Core-Value
X-Cache-Time
X-Cdn-Origin
NGX
Fastly-SIE
X-Cache-CFC
Origin
X-Cache-Expires
Release
X-CS
X-Debug-Cookies
X-FireWall-Port
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Wikidot-Static-Cache
X-GoCache-CacheStatus
X-Phone
X-NX-Host
X-SIPLIST1
X-Request-URI
X-ScT
X-Sn-Servicetimems
X-Fstrz
X-Var-Ttl
X-Up
X-Frame-Option
X-Trace-Id
X-Wikidot-Backend
X-Forwarded-Host
X-F5-Cache
X-Oracle-Dms-Ecid
X-Varnish-Beresp-Ttl
Cneonction
X-Oracle-Dms-Rid
Apicache-Store
Apicache-Version
X-Server-IP
X-Device-Os
X-WebServer
X-Returned-From-BeforeDispatch
X-VServer
X-Developers
X-Gen-Mode
X-Actual-URL
X-Server-Group
X-Amz-Meta-S3cmd-Attrs
X-Worker
X-TT-LOGID
X-IN-APIGATEWAY
Who
X-UnsetCookies
X-UE-Client-Country
X-Dispatcher-Server
Thinkindot-Control
X-Env
X-V
X-Epic-Correlation-Id
X-Returned-From-PostProcessResponse
X-Eu-Site
Web-Mar-Node
X-Servername
Thinkindot-CacheControl-Type
X-Returned-From-DLL
X-Reboot
X-GeoIP-City
X-Passed-To-PostProcessResponse
X-MSEdge-Flight
X-MSEdge-Features
X-Hnp-Log
X-Passed-To
X-Thinkindot-L3
X-Cache-Debug
X-Location
X-Cdn-Srv
X-Ckpd-Fst-Backend
X-Returned-From
X-CGP
X-Matched-Rule
X-MI-In-Market
X-Stale
X-C
X-Bug-Bounty
X-Backend-Host
X-Backend-State
X-Served-From
X-GeoIP-Country-Code
X-Passed-To-DLL
X-Passed-To-BeforeDispatch
X-IN-SSL-APIGATEWAY
X-Backend-TTL
X-ServiceProvider
X-Block-Status
X-Edge-IP
X-IN-WAF
X-Backend-Url
X-Content-Age
On-Server
HA-Georegion
Ha-Gx-Prefs
HA-Geolon
HA-Geolat
HA-Geocity
HA-Geocountry
HA-Host
HA-Ipaddr
Httpd-Identifier
HTTPS
Heartbleed
Cache-Cookie-Set-Lfrom
HA-Servedtime
Thinkindot-CacheControl
HA-Cloudapp
Decoy-Debug-Key
Decoy-Debug-Status
Content-Disposition
Cache-Cookie-Set-Idcheck
CDCHOST
Decoy-Debug-TTL
Cache-Cookie-Set-From
Adler-Geo
GW-Server
Backend-Name
Fastly-Backend-Name
Esi-Enabled
Is-Eu
HA-Urlpath
Pramga
MI-Cache-Age
Ohc-Response-Time
Pragrma
X-StackifyID
MI-Cache
Proxy-Connection
Platform
Powered-By
Server-Host
Mime-Version
OT-Force-Account-Verify
X-Hash
X-Fetched-On
X-Gannett-Site-Version
X-Node-Id
X-Via-NSCOPI
X-Rocket-Nginx-Bypass
X-Hl-Ver
X-Auto-Login
X-RCS-CacheZone
X-Response-By
X-Sorting-Hat-PodId-Cached
X-Sorting-Hat-PrivacyLevel
X-Sorting-Hat-Section
X-Sorting-Hat-PodId
X-Sorting-Hat-FeatureSet
X-ShopId
X-Shopify-Stage
X-Sorting-Hat-ShopId
NnCoection
X-ShardId
X-Release
X-Ver
X-Varnish-Id
X-Sorting-Hat-ShopId-Cached
X-Secret
X-Page-Type
X-S-Maxage
Request-Country
REQUESTUUID
X-Cache-Srv
Kp-EeAlive
Request-EU
X-Core-Mission
MI-API
Server-ID
PFcat
Drupal-Pagecache-Memcache
X-Alternate-Cache-Key
Dnion-Transfer-Encoding
X-Origin-Expires
X-Origin-Date
X-Fastcgi-Cache
X-Clientip
NtCoent-Length
X-TIME
X-Cache-URL
X-Crawler
X-Thanos
X-Amz-Meta-S3b-Last-Modified
X-Cache-Control-Set-By
X-Svr
X-Bip
X-Varnish-HitMiss
X-Platform
X-Info
X-HCF
X-App-Version
Version
Processtime
X-Req
X-Refresh
Country-Code
Cache-Provider
X-P-T
X-Origin-TTL
X-HS-Hub-Id
Cteonnt-Length
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Oss-Object-Type
X-CSRF-Token
X-Oss-Server-Time
Ar-Sid
X-RateLimit-Limit-Second
X-Amz-Meta-Sha256
X-Pjax-Url
X-Yottaa-Sig
X-RateLimit-Remaining-Second
X-Pf-Uncompressing
X-Kong-Upstream-Latency
Accept-Ch
X-Kong-Proxy-Latency
Pagetype
Arc-Country
Memory
X-Varnish-Url
WebServer
FSS-Cache
FSS-Proxy
X-From-Cache
X-Cache-ASPX
X-EC-Security-Audit
X-LiteSpeed-Cache-Control
X-Irp-Debug
Brightspot-Id
X-DC
X-Ruxit-Js-Agent
X-Csrf-Token
SN
PageType
Geoip-City
Geoip-Latitude
GeoIp-Country-Code
X-Dynatrace
X-NC
Cdn
X-LB-CacheStatus
X-LB-Node
X-Ua
Sid
X-ROOTCache
COMMERCE-SERVER-SOFTWARE
PICS-Label
X-Redis-Cache
X-Cdn-Forward
X-Request-Start
X-Cache-Handler
X-Request-UUID
X-Wix-Petri-Ex
X-Rule
Dont-Set-Cookie
X-Ratelimit-Remaining
Edgecast
X-Fastly-Backend-Reqs
If-Modified-Since
X-Endurance-Cache-Level
CF-IPCountry
X-Varnish-Beresp-TTL
X-SERVER-NAME
X-Load-Cache
X-Varnish-Action
BORDER-IP
X-Atg-Version
MIME-Version
X-GRACE
PROCESSING-IP
X-TId
X-Dynatrace-Js-Agent
X-Requestid
X-ServedByHost
X-Layer
X-GDPR
X-Ratelimit-Limit
X-Tid
X-B3-SpanId
X-Sf
X-RequestId
Dynatrace
RNT-Machine
X-Servedbyhost
RNT-Time
X-Rocket-Nginx-Serving-Static
Frame-Options
X-Nananana
X-BE
X-Resolver-IP
X-Fastly-Cache-Hits
XServer
Pics-Label
Cf-Ipcountry
Node
Powered
X-DataStream-MidMile-RTT
NodeID
X-DataStream-Origin-MEX-Latency
X-Key
X-Owner
CDN
CACHE
Cache-Tags
X-Cache-TTL
X-VG-WebCache
X-HTML-Minification-Powered-By
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
GeoIP-Latitude
We-Hiring
GeoIP-City
Web-Mar-Region
GeoIP-Country-Code
Mail-Subject
X-Server-W
DataCenter
PageSpeed
X-Varnish-Ttl
X-Shard
X-Flog
X-ABtesting
X-Use-Magma
Amp-Access-Control-Allow-Source-Origin
X-Ms-Version
X-Ms-Lease-Status
X-Gdpr
X-Powered-By-ANYU
X-Ms-Blob-Type
X-Sentry-ID
WZWS-RAY
Lfy
X-Ms-Request-Id
X-NWS-UUID-VERIFY
ProcessTime
X-GZIP
X-UPSTREAM-Address
X-CDN-Pop-IP
Get-Access-Time
Is-Session-Tracking
X-PF-Uncompressing
Max-Age
Accept-CH
X-CDN-Pop
X-Unique-Id
X-Mem
X-Varnish-URL
X-GEO
Xet-Cookie
X-Dw-Trace-Id
X-Remote-IP
X-Oa-Upstreams
X-PJAX-URL
X-Powered-By-Defense
X-Check-Cacheable
X-Trv-Request-Id
X-Cache-FS-Status
URI
Hostname
X-Cookie
X-NGINX-Cache
Magicmarker
X-Varnish-ID
X-DI
X-DSS
RequestUuid
Requestid
X-Aicache-OS
X-PAGE-TYPE
Cdn-Host
Cdn-Request-Time
X-DB
X-DW
X-Alicdn-Da-Ups-Status
X-ByteArk-Cache
X-Proxy-Server
X-Ms-Lease-State
X-VG-TLSProxy
X-RSL
X-RPM
X-VID
True-Client-Country-4JS
X-RPS
X-Front
X-Edge-Server
X-Policy
X-Swa-Ws
X-Zalando-Child-Request-Id
X-Acquia-Application-UUID
X-Acquia-Application-Trace
CF-Cached-On
X-Hello
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Micro-Cache
X-Litespeed-Tag
WS
X-Fe
X-Zalando-Page-Type
X-RAMCache
SID
X-Litespeed-Cache-Control