Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
X-Xss-Protection
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
Alt-Svc
Status
X-AspNetMvc-Version
X-Cache-Status
X-DNS-Prefetch-Control
X-Check
X-Iinfo
P3p
X-Adblock-Key
X-FRAME-OPTIONS
X-CDN
Timing-Allow-Origin
X-Content-Security-Policy
X-Permitted-Cross-Domain-Policies
X-Turbo-Charged-By
Content-Encoding
X-Template
X-Language
Keep-Alive
X-Type
X-AH-Environment
X-Via
CF-Ray
X-Cache-Group
X-Backend
WPE-Backend
X-Request-ID
X-Pass-Why
X-Buckets
X-Age
X-Server
X-Nginx-Cache-Status
Access-Control-Max-Age
X-Server-Powered-By
X-Pingback
Xkey
X-Varnish-Cache
Grace
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Expose-Headers
X-Hacker
X-UA-Device
X-Amz-Request-Id
Cf-Railgun
X-Page-Speed
X-Amz-Id-2
X-Proxy-Cache
X-Robots-Tag
EagleId
X-Envoy-Upstream-Service-Time
Request-Context
X-Node
X-LiteSpeed-Cache
X-Ac
X-Swift-SaveTime
X-Swift-CacheTime
X-Device
X-Cnection
X-Host
Ali-Swift-Global-Savetime
Content-Location
X-Amz-Version-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Server-Id
Surrogate-Control
X-Backend-Server
X-OneAgent-JS-Injection
X-Cache-Lookup
X-Rack-Cache
X-Response-Time
X-Px
X-Instart-Request-ID
Request-Id
Server-Timing
X-Readtime
X-CST
X-Rq
X-Clacks-Overhead
Pinterest-Generated-By
X-Do-Not-Hack
X-HeyJason
Permitted-Cross-Domain-Policies
X-Url
EagleEye-TraceId
X-Ua-Compatible
Edge-Control
X-Application-Context
X-Country
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Cloud-Trace-Context
X-MS-InvokeApp
Report-To
X-Server-Name
Charset
X-DynaTrace-JS-Agent
SPRequestGuid
X-Country-Code
Allow
X-ESI
X-DataDome
X-SharePointHealthScore
X-Ruxit-JS-Agent
Rating
X-Varnish-TTL
X-Vname
X-TtlSet
X-PC
X-Cached
X-Powered-CMS
X-Powered-By-Plesk
X-Recruiting
X-CF-Powered-By
X-FTR-Request-ID
X-DynaTrace
NEL
X-Vhost
X-D2id
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
Public-Key-Pins
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Upstream-Env
X-Pinterest-Rid
X-Geo-Segment
X-Kinja-Build
X-Kinja-Revision
X-Kinja
Pinterest-Version
X-Kinja-Server
X-F-Cache
X-TTL
X-Version
X-VARITI-CCR
X-N
X-T
X-GoogleNews-Bot
Cartoon
SPRequestDuration
SPIisLatency
X-Dw-Request-Base-Id
X-Mod-Pagespeed
X-Ttl
Content-MD5
X-Abt-Application-Version
MS-Author-Via
RTSS
Nginx-Cache
Feature-Policy
Verso
X-GitHub-Request-Id
X-Dispatcher
X-Goog-Hash
X-Navigation-Version
X-SRCache-Fetch-Status
MicrosoftSharePointTeamServices
X-SRCache-Store-Status
X-Client-IP
AR-PoweredBy
AR-ATIME
AR-CACHE
X-Amz-Rid
Realpath
X-Hits
X-Forwarded-Proto
X-Shield-Request-Id
X-Origin-Cache
X-Trace
X-Cdn
Paypal-Debug-Id
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Content-Options
X-Grace
X-Content-Digest
X-Id
X-Zen-Fury
X-Kinsta-Cache
X-Server-ID
DynaTrace
TCN
X-B
Arr-Disable-Session-Affinity
AR-SID
Alternate-Protocol
X-Varnish-Age
X-Cache-Key
X-Sol
Fastcgi-Cache
X-Upstream
Mrf-Cache-Status
MRF-Tech
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Access-Control-Request-Method
X-FastCGI-Cache
Display
X-Middleton-Display
X-Ser
X-Acc-Meta-Resource-Type
PB-RID
X-Pad
PB-PID
X-Fastly-Request-ID
X-Mobile-Rewrite
X-NF-Request-ID
X-Nf-Srv-Version
X-Via-JSL
X-Middleton-Response
X-DIS-Request-ID
Response
X-User-Agent
X-Litespeed-Cache
Pagespeed
X-Vcap-Request-Id
X-Forwarded-For
X-MSEdge-Ref
Front-End-Https
Rt-Fastcgi-Cache
X-Cache-Rule
Eomportal-Instance
X-PressLabs-Stats
X-Frontend
Arc-Version
X-SS-Set-Cookie
X-IPLB-Instance
X-Logged-In
X-Cache-Hit
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-VCache
Server-Name
X-Whom
X-Hostname
Host
X-XRDS-Location
Surrogate-Key
Tracecode
S
X-Country-Code-Real
X-FTR-Expires
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Balancer
X-FTR-Realm
X-Request-Received
X-Request-Processing-Time
X-Analytics
Backend-Timing
Cache-Status
X-Debug
X-HS-Content-Id
TP-Cache
TP-L2-Cache
X-AOL-HN
X-Instance
X-Contextid
Refresh
X-Magnolia-Registration
X-Proxied
X-Rid
X-Activity-Id
X-AppVersion
X-Az
FilterID
ServerID
X-Srv
Public-Key-Pins-Report-Only
X-Wix-Server-Artifact-Id
X-XRDS-LOCATION
X-B3-Traceid
X-HW
X-UUID
Server-Info
HitType
HitInfo
Cleartype
X-WPE-Loopback-Upstream-Addr
X-APP-VERSION
Liferay-Portal
X-Newrelic-App-Data
Service-Worker-Allowed
X-FTR-Cache-Host
X-Content-Security-Policy-Report-Only
X-Varnish-Server
X-Mobile
AMP-Access-Control-Allow-Source-Origin
Served-By
X-Cache-Control
X-Varnish-Backend
X-Revision
X-Amzn-Trace-Id
X-Cache-Server
Source
X-PC-AppVer
X-PHP-Backend
Host-Header
X-PC-Hit
X-PC-Key
X-Request-Guid
X-Geo-Country
X-NWS-LOG-UUID
Server-Node
X-TT
X-BCube-Filmed-By
X-App-Environment
X-Hail-Hydra
Retry-After
MS-CV
X-Tumblr-Pixel-0
Accept-Charset
X-RateLimit-Remaining
X-Origin-Upstream-Status
X-Device-Type
X-Handled-By
X-Tumblr-Pixel
X-Tumblr-User
X-Varnish-Hostname
X-Cache-2
X-Framework
DC
X-Cache-Operation
X-B-Cache
Powered-By-ChinaCache
X-Signature
X-Cache-Config
X-Page-Id
X-FB-Debug
S-Cnection
X-Origin
X-HS-Cache-Config
Edge-Cache-Tag
X-Origin-Server
X-Correlation-Id
Fastly-Restarts
X-URL
X-Cache-Action
X-Debug-Info
X-TT-TIMESTAMP
X-ATG-Version
Viewport
X-Sucuri-ID
X-Ocache
X-PC-Host
X-PC-Date
Actual-Object-TTL
X-B3-Sampled
X-NewRelic-App-Data
X-Hyper-Cache
X-Cached-By
X-WA-Info
NGB
X-ADI-VCache
X-Shield-Cache-Expires
X-Webkit-Csp
X-Content-Powered-By
X-Akam-SW-Version
X-Microcachable
X-Drupal-Cache-Tags
X-Accel-Expires
X-LB-Cache
X-CLOUD-TRACE-CONTEXT
Upgrade-Insecure-Requests
Filters
X-Cache-NE
AsisCache
X-Generated-By
SRV
X-Yottaa-Metrics
X-App-Server
ServedBy
X-Yottaa-Optimizations
X-FW-Hash
Cache
X-Cacheable-TTL
X-FW-Type
X-Distil-CS
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-WebKit-CSP-Report-Only
X-RTag
X-RequestSource
X-FW-Static
X-Internal-Host
X-Locale
X-FW-Server
X-FW-Serve
X-GeoIP
X-Seen-By
X-Wix-Request-Id
Content-Script-Type
Content-Style-Type
X-Accel-Buffering
X-Jobs
X-S
X-Cluster
X-Cache-Age
X-TX-ID
X-Amz-Server-Side-Encryption
X-Node-Name
X-ServedBy
X-Geo
X-GUploader-UploadID
X-Varnish-Hits
From-Origin
X-UA
X-Varnish-Grace
X-Akamai-Edgescape
X-RateLimit-Limit
X-Varnish-Cache-Hits
X-Sucuri-Cache
X-Adobe-Loc
X-Adobe-Content
X-Platform-Server
Datacenter
X-Varnish-IP
X-CDN-Forward
X-GZip
X-HS-Combine-CSS
X-Vg-Webcache
X-Dns-Prefetch-Control
X-Cache-TTL-Remaining
X-Edge-Cache
X-Edge-Cache-Key
Cache-Tag
X-Real-IP
X-Storage
X-Cache-Remote
X-Akamai-Transformed
X-Mode
X-Region
X-Drupal-Cache-Contexts
X-Daa-Tunnel
X-Amz-Replication-Status
X-Source
X-Distributor
Meta-Geo
X-Is-Bot
Machine
X-Path-Route
X-Rendered-As
X-RemovedCookies
X-Detected-As
X-Cache-Var
X-MP-GENERATED-AT
X-RN-RSRV
X-Cache-Var-Map
Load-Balancing
X-ProcessESI
X-Amz-Apigw-Id
X-Amzn-RequestId
ServerName
Fastly-SSL
X-Proxy
X-NCache
HostName
X-Agile
X-CDN-Cache
X-Kinja-Server-Push
Cache-Key
X-Web-Node
X-Viewer-Country
Mn-Server-Ip
X-Cache-Category-Id
X-Akamai-Request-ID
X-Agile-Id
X-Upgrade-Enabled
X-ApacheServer
X-BB-IP
X-Agile-Age
X-Time-Microsecs
X-OCL
X-Grey
X-PCL
X-TWH-CORRELATION-ID
GEO-INFO
X-PERF
X-Webstats-RespID
L5d-Success-Class
X-OVcl-Cache
X-Original-Request
Azure-Version
Backend
Azure-SlotName
X-Proto
X-OVcl
Azure-InstanceId
Azure-RegionName
Ohc-File-Size
Azure-SiteName
X-Human
X-Debug-Cache
X-Instance-Name
S-Rt
X-FC-Vary-Parameters
Country
X-Pubstack
X-Cluster-Node
X-NodeID
X-Amz-Meta-Surrogate-Control
X-Edge-Location
X-EIG-Tracking-Id
X-Via-Fastly
User-Cache-Control
TWC-Device-Class
TWC-Connection-Speed
Webcakes-App-Version
X-Access
Webcakes-Region
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Privacy
Webcakes-App-Name
X-Origin-Hint
X-Section
X-Www-Served-By
X-Xfnlog-Site
X-Zipkin-Id
Property-Id
X-ProxyCache-Status
X-ProxyCache-Key
X-Port
X-IP
X-LJ-Flow-ID
X-Meta-Tbi-Cache-Vertical
X-BYPASS-REASON
X-VWS-Id
X-Hosted-By
Now
X-Routing-Service
X-CCM
X-CCM-LastModified
X-Cache-HT
X-Birta-Served
X-AWS-Id
X-Birta-Cache-Post
X-Format
X-Optimization
X-ServerID
X-SplitTest
X-Varnish-Cacheable
X-Site-Version
X-Generation-Time
X-App-Name
LB
Cache-Name
Healthy
User-Agent
DB-Nickname
X-Labrador-Cache-Channel
Fastcgi-Useragent
X-Backend-Name
Access-Control-Allow-Method
X-TNCMS
X-Loop
X-JoinUs
Cache-Hits
Selected-FE
Countrycode
X-Proxy-Build
X-Generated
X-Timing-Wait
X-Dc
X-Request-Time
X-Tumblr-Pixel-3
X-Tb
Payment
X-Guploader-Uploadid
X-Surge-Debug
X-Cache-Bucket
RATING
Ec-Rule-Version
X-Ezoic-Cdn
X-Esi
X-Hit
X-Origin-CC
X-Correlation-ID
WP-Super-Cache
X-Unique-ID
X-Cache-Enabled
X-DataStream-Cache-Status
X-B3-Spanid
X-Time
X-Render-Type
X-TA-CDN-Provider
X-Oracle-Dms-Rid
X-Oneagent-Js-Injection
X-Oracle-Dms-Ecid
Origin-Edge-Control
Origin-Cache-Control
X-Real-Ip
X-Newrelic-Synthetics
X-Feature
X-UA-Device-Type
X-Nc
X-Nginx-Cache
NODE
RequestId
X-Environment-Context
X-L-Path
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-NU-AKA-ACS-Version
X-Skip-Cache
X-B3-TraceId
X-Be
X-Content-Type
X-Status
X-NGENIX-Cache
X-WR-MODIFICATION
Access-Control-Request-Headers
Webserver
X-Cache-Backend
X-EdgeConnect-Cache-Status
X-Vgn-Hpd-Reason
Xserver
X-ElasticPress-Search
X-Servedby
X-CACHE-AGE
Warning
Time
Apicache-Version
Ws
Apicache-Store
X-Upstream-CT
X-Upstream-HT
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
Ajk
X-Server-By
X-Wix-Route-ID
X-Public
X-Region-Sid
X-Developer
X-Rewrite-Enabled
X-Fastly-Cache
AKAMAI
X-A-Wwc
IBM-Web2-Location
X-Accel-Expires-Debug
X-A-Dgt
X-GoCache-CacheStatus
X-Rojux
X-A-Dcw
X-From
Resin-Trace
X-G
Sta2Tusw
GMS-Ver
T-Server
X-No-Session
Host-ID
X-Generated-In
Memcached
Meta-Geo-Continent
X-Haproxy-Ip
MD5-Digest
X-Haproxy-Hostname
X-ND-Cache
X-Logtrace-Id
Fly-Request-Id
Fly-Cache
BehaviorPad-Version
X-PAYTM-SRV-ID
X-A-Dam
X-Application
Apple-News-Services-Request-Url
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-A-Ccd
X-A
Fastcgi-X-Cache
Fastcgi-X-Cache-Version
Fastly-Soc-X-Request-Id
Viewtype
VivaBuild
Cache-Prefix
Www
Apple-News-Services-Handled
X-S-Cookie
X-SVT-ORM-RULES
X-Connection-Hash
X-Transaction
X-SRCache-Key
X-CF-Lambda-Fn
X-BBXSRF
X-Date
X-D
X-Trv-Group
X-Twitter-Response-Tags
X-VG-WebServer
X-Via-CDN
X-Died
X-HS-Hub-Id
X-User
X-We-Are-Hiring
X-ARC
X-Via-Edge
X-BB-ID
X-SVT-ORM-VERSION
X-B-Cookie
X-Server-Time
X-CF-Lambda-Version
X-Destination
Xc-Version
X-Up
NGX
X-Forwarded-Host
V-Age
X-Sn-Servicetimems
X-F5-Cache
X-NX-Host
X-Debug-Log
X-Request-URI
X-Core-Value
X-Var-Ttl
X-DPWN-IS-SECURE
Uber-Trace-Id
Release
Rendered-Blocks
X-Cdn-Origin
Fastly-SWR
UCS
Fastly-SIE
X-ScT
X-Wikidot-Backend
X-Cache-Id
X-Wikidot-Static-Cache
IsBot
X-Cache-Expires
X-C
X-Fstrz
X-Rebelmouse-Cache-Control
X-Amz-Meta-Cache-Control
X-IN-WAF
X-IN-SSL-APIGATEWAY
X-Rebelmouse-Surrogate-Control
X-SIPLIST1
Request-Time
X-CS
X-Cache-Host
X-Trace-Id
X-Phone
Server-Int
X-Debug-Cookies
X-IN-APIGATEWAY
Origin
X-TIME
X-Webkit-CSP
OT-Force-Account-Verify
X-Ckpd-Fst-Backend
X-Cdn-Srv
X-CGP
X-GeoIP-City
X-GeoIP-Country-Code
Powered-By
Pramga
Proxy-Connection
Ohc-Response-Time
On-Server
X-Gen-Mode
Who
X-Actual-URL
X-Eu-Site
X-Block-Status
X-Bug-Bounty
X-Cache-CFC
X-Backend-Url
Odigeo-Trace-Id
X-Amz-Meta-S3cmd-Attrs
X-Backend-Host
X-Backend-State
X-Backend-TTL
X-Cache-Debug
X-Epic-Correlation-Id
Thinkindot-CacheControl-Type
Thinkindot-Control
Thinkindot-CacheControl
X-Frame-Option
X-Content-Age
X-Edge-IP
Web-Mar-Node
X-Env
X-Device-Os
X-Cache-Time
X-FireWall-Port
Server-Host
X-RCS-CacheZone
X-Returned-From
MI-Cache-Age
X-Reboot
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-Served-From
X-Returned-From-PostProcessResponse
X-Developers
Backend-Name
X-Passed-To-PostProcessResponse
Content-Disposition
X-Rocket-Nginx-Bypass
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-Server-Group
X-Server-IP
X-UE-Client-Country
X-TT-LOGID
X-UnsetCookies
X-V
X-VServer
X-WebServer
X-Thinkindot-L3
X-Stale
X-ServiceProvider
X-Servername
X-Hl-Ver
X-Auto-Login
Cneonction
X-Worker
Decoy-Debug-Key
CDCHOST
HA-Servedtime
HA-Urlpath
Heartbleed
HA-Ipaddr
HA-Host
HA-Georegion
Decoy-Debug-Status
Httpd-Identifier
HTTPS
X-Via-NSCOPI
MI-Cache
X-Hnp-Log
X-Location
X-MI-In-Market
X-Matched-Rule
HA-Geolon
Ha-Gx-Prefs
Esi-Enabled
X-Passed-To-DLL
Fastly-Backend-Name
HA-Geolat
X-Node-Id
X-Passed-To
GW-Server
HA-Geocountry
HA-Geocity
HA-Cloudapp
Decoy-Debug-TTL
X-Passed-To-BeforeDispatch
X-Dispatcher-Server
X-Thanos
X-Bip
X-HCF
X-Info
X-Crawler
X-Clientip
X-Platform
X-Cache-Control-Set-By
X-Varnish-HitMiss
X-Response-By
X-Release
X-ShardId
X-ShopId
X-Fetched-On
X-Origin-Expires
X-Hash
X-Origin-Date
X-Shopify-Stage
X-Sorting-Hat-FeatureSet
X-Sorting-Hat-ShopId
X-Sorting-Hat-ShopId-Cached
X-Varnish-Id
X-Sorting-Hat-Section
X-Sorting-Hat-PrivacyLevel
X-Sorting-Hat-PodId
X-Sorting-Hat-PodId-Cached
X-Ver
X-Alternate-Cache-Key
PFcat
Request-Country
Server-ID
Adler-Geo
Platform
X-Cache-Ttl
Pragrma
X-Croise-Owner
Is-Eu
X-Core-Mission
Request-EU
REQUESTUUID
NtCoent-Length
X-Cache-Srv
Kp-EeAlive
X-StackifyID
NnCoection
X-Page-Type
X-MSEdge-Features
X-MSEdge-Flight
X-S-Maxage
X-Refresh
X-Cache-URL
X-Varnish-Beresp-Ttl
Country-Code
X-P-T
Cache-Provider
Drupal-Pagecache-Memcache
X-Secret
Mime-Version
X-Svr
X-Fastcgi-Cache
X-Req
X-Gannett-Site-Version
MI-API
Processtime
X-Amz-Meta-S3b-Last-Modified
X-Pf-Uncompressing
X-Pjax-Url
X-Oss-Request-Id
X-Csrf-Token
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Server-Time
X-COUNTRY
Dnion-Transfer-Encoding
Version
Pagetype
Accept-Ch
X-Cache-ASPX
X-Origin-TTL
X-NC
X-EC-Security-Audit
Memory
Ar-Sid
X-Amz-Meta-Sha256
X-App-Version
X-RateLimit-Remaining-Second
X-Kong-Upstream-Latency
X-RateLimit-Limit-Second
Geoip-City
Geoip-Latitude
X-Kong-Proxy-Latency
SN
WebServer
GeoIp-Country-Code
Cteonnt-Length
X-Wix-Petri-Ex
X-Yottaa-Sig
Arc-Country
X-LiteSpeed-Cache-Control
X-Varnish-Url
FSS-Proxy
X-From-Cache
FSS-Cache
Dont-Set-Cookie
X-Ruxit-Js-Agent
X-Rule
X-Cache-Handler
X-Irp-Debug
Brightspot-Id
PICS-Label
COMMERCE-SERVER-SOFTWARE
X-CSRF-Token
X-Varnish-Beresp-TTL
X-LB-CacheStatus
MIME-Version
PageType
CF-IPCountry
X-Ua
X-LB-Node
X-Redis-Cache
X-Load-Cache
X-DC
Cdn
Sid
X-Request-Start
X-ROOTCache
X-Endurance-Cache-Level
X-Ratelimit-Remaining
XServer
If-Modified-Since
X-Request-UUID
Edgecast
X-SERVER-NAME
BORDER-IP
X-Requestid
PROCESSING-IP
X-GRACE
X-Cdn-Forward
X-Fastly-Backend-Reqs
X-Sf
X-TId
RNT-Machine
X-Varnish-Action
X-Servedbyhost
RNT-Time
X-Ratelimit-Limit
X-Tid
X-GDPR
X-Layer
X-ServedByHost
X-RequestId
X-Atg-Version
X-Cache-TTL
X-Dynatrace
X-Rocket-Nginx-Serving-Static
X-B3-SpanId
Powered
X-Resolver-IP
Frame-Options
CDN
X-Nananana
Cache-Tags
X-Fastly-Cache-Hits
X-DataStream-Origin-MEX-Latency
X-BE
X-DataStream-MidMile-RTT
NodeID
Amp-Access-Control-Allow-Source-Origin
Pics-Label
Cf-Ipcountry
CACHE
X-Key
X-Gdpr
X-Owner
X-Tec-Api-Root
Node
X-Tec-Api-Version
X-Tec-Api-Origin
Dynatrace
X-HTML-Minification-Powered-By
We-Hiring
X-Server-W
Mail-Subject
Hostname
PageSpeed
X-VG-WebCache
X-Varnish-Ttl
X-Dynatrace-Js-Agent
X-Varnish-URL
X-Shard
Web-Mar-Region
X-UPSTREAM-Address
GeoIP-City
GeoIP-Country-Code
GeoIP-Latitude
X-Ms-Version
X-Ms-Lease-Status
X-Ms-Blob-Type
X-Ms-Request-Id
X-Use-Magma
X-Sentry-ID
Lfy
X-Flog
X-ABtesting
X-GZIP
DataCenter
ProcessTime
X-Powered-By-ANYU
Accept-CH
WZWS-RAY
URI
X-Alicdn-Da-Ups-Status
X-Aicache-OS
X-NGINX-Cache
Is-Session-Tracking
Max-Age
True-Client-Country-4JS
X-CDN-Pop
X-GEO
X-CDN-Pop-IP
X-VG-TLSProxy
Get-Access-Time
X-PF-Uncompressing
Xet-Cookie
X-Dw-Trace-Id
X-NWS-UUID-VERIFY
Cdn-Request-Time
X-Swa-Ws
X-Policy
X-Front
X-Edge-Server
Cdn-Host
X-PJAX-URL
X-Trv-Request-Id
X-Check-Cacheable
X-Oa-Upstreams
X-Mem
X-Cookie
X-Unique-Id
X-Cache-FS-Status
Rt-Proxy-Cache
X-Powered-By-Defense
X-Remote-IP
X-Ms-Lease-State
Requestid
GEO-REGION-INFO
X-PAGE-TYPE
X-Varnish-ID
RequestUuid
X-Org
V-Cache
X-RPS
X-RPM
X-RSL
X-VID
CF-Cached-On
Magicmarker
X-Litespeed-Tag
Group
X-DI
X-Fe
X-Acquia-Application-Trace
X-Acquia-Application-UUID
WS
X-Akamai-ERPolicy
X-RAMCache
X-Proxy-Server
X-Litespeed-Cache-Control
X-Akamai-ERRuleID
X-DSS
X-DB
SID
X-Hello
X-DW