Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
ETag
CF-RAY
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
X-Xss-Protection
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
CF-Ray
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
Alt-Svc
X-AspNetMvc-Version
Status
X-Cache-Status
X-DNS-Prefetch-Control
X-Check
X-Iinfo
X-Adblock-Key
X-FRAME-OPTIONS
Timing-Allow-Origin
X-CDN
X-Content-Security-Policy
X-Turbo-Charged-By
X-Permitted-Cross-Domain-Policies
P3p
X-Request-ID
Content-Encoding
X-Template
Keep-Alive
X-Language
X-Type
X-Via
X-AH-Environment
X-Cache-Group
X-Backend
WPE-Backend
X-Pass-Why
X-Age
X-Nginx-Cache-Status
X-Server
X-Buckets
Access-Control-Max-Age
X-Server-Powered-By
X-Pingback
Xkey
X-Varnish-Cache
Grace
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
Upgrade
X-Hacker
X-UA-Device
X-Amz-Request-Id
X-Page-Speed
Cf-Railgun
X-Amz-Id-2
X-Proxy-Cache
X-Robots-Tag
X-LiteSpeed-Cache
EagleId
X-Envoy-Upstream-Service-Time
Request-Context
X-Node
X-Swift-CacheTime
X-Swift-SaveTime
X-Device
X-Ac
Ali-Swift-Global-Savetime
X-Cnection
X-Host
Content-Location
X-Amz-Version-Id
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Lookup
Surrogate-Control
X-Server-Id
X-WebKit-CSP
X-Backend-Server
X-OneAgent-JS-Injection
X-Rack-Cache
X-Instart-Request-ID
X-Response-Time
X-Px
Request-Id
X-Readtime
X-CST
X-Rq
Server-Timing
X-Clacks-Overhead
X-HeyJason
Permitted-Cross-Domain-Policies
X-Do-Not-Hack
X-Cloud-Trace-Context
Pinterest-Generated-By
EagleEye-TraceId
X-Ua-Compatible
Edge-Control
X-Url
X-Application-Context
X-MS-InvokeApp
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country
Report-To
X-DynaTrace-JS-Agent
X-Server-Name
Charset
SPRequestGuid
Allow
X-Country-Code
X-SharePointHealthScore
X-DataDome
X-TTL
X-Ruxit-JS-Agent
Rating
X-Varnish-TTL
X-Cached
X-PC
X-Vname
X-TtlSet
X-ESI
X-Powered-CMS
X-Powered-By-Plesk
X-Recruiting
X-FTR-Request-ID
NEL
X-D2id
X-Vhost
X-CF-Powered-By
Public-Key-Pins
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Env
X-Version
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Exp-Variant
X-Exp-Id
X-F-Cache
X-Cdn-Fetch
X-Kinja-Build
X-Kinja-Server
X-Kinja-Revision
X-Kinja
X-Geo-Segment
X-DynaTrace
SPRequestDuration
X-N
SPIisLatency
X-T
X-Dw-Request-Base-Id
X-VARITI-CCR
X-GoogleNews-Bot
Cartoon
X-Mod-Pagespeed
MS-Author-Via
Content-MD5
RTSS
Nginx-Cache
X-Abt-Application-Version
AR-PoweredBy
AR-ATIME
AR-CACHE
Feature-Policy
X-GitHub-Request-Id
MicrosoftSharePointTeamServices
Verso
X-Navigation-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Dispatcher
X-Shield-Request-Id
X-Amz-Rid
X-Client-IP
Realpath
X-Hits
X-Forwarded-Proto
X-Goog-Hash
X-Cdn
X-Trace
X-Origin-Cache
Paypal-Debug-Id
X-Server-ID
AR-SID
X-Content-Options
Arr-Disable-Session-Affinity
X-Zen-Fury
X-Content-Digest
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Id
TCN
X-Kinsta-Cache
X-Grace
X-B
Alternate-Protocol
X-Varnish-Age
X-Cache-Key
Fastcgi-Cache
DynaTrace
X-Sol
X-Ttl
X-Upstream
X-Ser
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
MRF-Tech
Access-Control-Request-Method
X-Pad
X-FastCGI-Cache
X-Fastly-Request-ID
Display
X-Middleton-Display
PB-RID
PB-PID
X-Nf-Srv-Version
X-NF-Request-ID
X-Via-JSL
X-Mobile-Rewrite
X-DIS-Request-ID
X-Vcap-Request-Id
Response
X-Middleton-Response
X-IPLB-Instance
X-User-Agent
Front-End-Https
X-SS-Set-Cookie
Rt-Fastcgi-Cache
Pagespeed
X-MSEdge-Ref
X-Acc-Meta-Resource-Type
X-Cache-Rule
X-Frontend
X-PressLabs-Stats
Eomportal-Instance
X-Logged-In
X-Forwarded-For
X-Cache-Hit
X-Whom
Server-Name
X-Hostname
X-VCache
Arc-Version
X-XRDS-LOCATION
Host
X-Newrelic-App-Data
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Metageneration
Tracecode
X-Goog-Stored-Content-Length
X-Goog-Generation
Cache-Status
S
Surrogate-Key
X-FTR-Realm
X-Debug
X-FTR-Expires
X-Country-Code-Real
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Balancer
X-FTR-Backend-Server
X-Request-Processing-Time
X-Analytics
Backend-Timing
X-Request-Received
Refresh
X-HS-Content-Id
X-Instance
TP-Cache
X-AOL-HN
TP-L2-Cache
X-Contextid
X-Az
X-Magnolia-Registration
X-Proxied
X-AppVersion
X-Activity-Id
Public-Key-Pins-Report-Only
X-Rid
X-UUID
FilterID
X-Wix-Server-Artifact-Id
X-XRDS-Location
Server-Info
HitInfo
ServerID
HitType
Liferay-Portal
X-URL
AMP-Access-Control-Allow-Source-Origin
X-Srv
X-HW
X-B3-Traceid
X-NWS-LOG-UUID
X-WPE-Loopback-Upstream-Addr
X-Webkit-Csp
Cleartype
Service-Worker-Allowed
X-Mobile
X-APP-VERSION
X-Varnish-Server
X-Content-Security-Policy-Report-Only
X-Varnish-Backend
X-FTR-Cache-Host
X-HS-Cache-Config
X-Correlation-Id
Edge-Cache-Tag
Served-By
X-Cache-Control
X-Revision
X-Origin
Source
X-Geo-Country
X-Amzn-Trace-Id
X-Cache-Server
Server-Node
X-App-Environment
S-Cnection
X-PC-AppVer
X-PHP-Backend
Fastly-Restarts
X-Request-Guid
X-PC-Key
Host-Header
X-PC-Hit
X-RateLimit-Remaining
X-Hail-Hydra
X-BCube-Filmed-By
Retry-After
X-Varnish-Hostname
MS-CV
X-Device-Type
X-Handled-By
X-TT
X-Tumblr-User
X-Cache-Operation
DC
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Origin-Upstream-Status
X-Framework
X-B-Cache
X-Cache-Config
X-Signature
X-Cache-2
X-FB-Debug
X-Page-Id
Powered-By-ChinaCache
X-Cache-Action
Accept-Charset
X-Ocache
X-Sucuri-ID
X-TT-TIMESTAMP
X-Origin-Server
X-Debug-Info
Actual-Object-TTL
X-ADI-VCache
X-Hyper-Cache
X-Shield-Cache-Expires
X-PC-Date
X-PC-Host
Viewport
X-WA-Info
NGB
X-Accel-Expires
X-Content-Powered-By
X-ATG-Version
X-Microcachable
X-B3-Sampled
X-Cached-By
Upgrade-Insecure-Requests
Cache
X-Drupal-Cache-Tags
X-LB-Cache
SRV
X-Cache-NE
Filters
AsisCache
X-Akam-SW-Version
X-Yottaa-Metrics
ServedBy
X-Generated-By
X-Yottaa-Optimizations
X-Locale
X-Internal-Host
X-RTag
X-S
X-RequestSource
X-FW-Static
X-Cacheable-TTL
X-Amz-Server-Side-Encryption
X-FW-Type
X-FW-Hash
X-FW-Serve
X-TX-ID
X-FW-Server
X-WebKit-CSP-Report-Only
X-Wix-Request-Id
X-GeoIP
Content-Style-Type
X-Distil-CS
X-Seen-By
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
Content-Script-Type
X-App-Server
X-Jobs
X-Accel-Buffering
From-Origin
X-HS-Combine-CSS
X-Esi
X-Cluster
X-Varnish-Hits
X-Akamai-Edgescape
X-Daa-Tunnel
X-Adobe-Content
X-Adobe-Loc
X-Sucuri-Cache
X-Varnish-IP
X-Varnish-Cache-Hits
X-Varnish-Grace
X-Node-Name
X-Geo
X-Dns-Prefetch-Control
X-GZip
X-Platform-Server
X-ServedBy
X-RateLimit-Limit
X-Cache-Remote
X-Edge-Cache
X-Edge-Cache-Key
X-CDN-Forward
X-Vg-Webcache
X-UA
HostName
X-Cache-TTL-Remaining
Datacenter
X-Storage
X-Cache-Age
X-Akamai-Transformed
X-Region
X-Mode
X-GUploader-UploadID
X-TA-CDN-Provider
X-NewRelic-App-Data
X-Amz-Replication-Status
Cache-Tag
X-Drupal-Cache-Contexts
X-Feature
X-Guploader-Uploadid
X-Distributor
Country
X-Real-IP
X-Kinja-Server-Push
X-Source
Meta-Geo
Machine
X-Cache-Var
X-Is-Bot
X-Path-Route
X-RemovedCookies
X-Detected-As
X-RN-RSRV
X-MP-GENERATED-AT
X-Cache-Var-Map
Load-Balancing
X-Rendered-As
X-ProcessESI
X-Amzn-RequestId
X-Cache-Bucket
X-NCache
ServerName
Fastly-SSL
X-Agile
X-Amz-Apigw-Id
X-Agile-Age
X-Agile-Id
X-Webstats-RespID
X-Upgrade-Enabled
X-Viewer-Country
X-OCL
Cache-Key
X-PCL
X-Cache-Category-Id
X-Web-Node
X-Grey
X-Akamai-Request-ID
GEO-INFO
Mn-Server-Ip
X-TWH-CORRELATION-ID
X-BB-IP
X-NodeID
X-Port
X-PERF
X-ApacheServer
X-Time-Microsecs
Ohc-File-Size
X-CDN-Cache
Azure-InstanceId
Azure-RegionName
Azure-Version
L5d-Success-Class
Azure-SiteName
Cache-Name
X-EIG-Tracking-Id
X-OVcl
X-Cluster-Node
Azure-SlotName
X-Human
X-Debug-Cache
X-Edge-Location
X-OVcl-Cache
Backend
X-Amz-Meta-Surrogate-Control
X-Instance-Name
X-Optimization
X-Request-Time
S-Rt
X-Proto
X-Pubstack
X-Cache-HT
X-Via-Fastly
X-Original-Request
LB
X-App-Name
X-ProxyCache-Key
X-Www-Served-By
TWC-Connection-Speed
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Device-Class
X-Xfnlog-Site
Property-Id
X-Birta-Served
X-BYPASS-REASON
DB-Nickname
Healthy
X-Zipkin-Id
TWC-Privacy
User-Cache-Control
X-Birta-Cache-Post
X-AWS-Id
X-Format
X-Routing-Service
X-Section
X-Access
X-Origin-Hint
X-Labrador-Cache-Channel
X-Proxy
X-Meta-Tbi-Cache-Vertical
X-SplitTest
X-Site-Version
X-ServerID
X-ProxyCache-Status
X-VWS-Id
X-LJ-Flow-ID
TWC-Locale-Group
Webcakes-App-Version
X-FC-Vary-Parameters
Webcakes-App-Name
X-CCM
X-CCM-LastModified
Webcakes-Region
X-Generation-Time
X-Hosted-By
X-IP
X-Surge-Debug
X-TNCMS
Cache-Hits
Fastcgi-Useragent
X-Varnish-Cacheable
X-Loop
Now
X-JoinUs
Access-Control-Allow-Method
X-Render-Type
RATING
X-Generated
User-Agent
X-Backend-Name
X-Tumblr-Pixel-3
X-Ezoic-Cdn
X-Real-Ip
X-Hit
X-Proxy-Build
X-Nginx-Cache
X-Timing-Wait
X-Tb
Payment
Countrycode
X-Newrelic-Synthetics
Selected-FE
X-Origin-CC
X-Cache-Enabled
X-Time
Ec-Rule-Version
X-Nc
WP-Super-Cache
Origin-Cache-Control
X-Oneagent-Js-Injection
Origin-Edge-Control
X-Unique-ID
X-CACHE-AGE
X-B3-Spanid
X-DataStream-Cache-Status
X-Dc
X-Environment-Context
X-L-Path
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
RequestId
X-UA-Device-Type
X-Servedby
Xserver
X-NU-AKA-ACS-Version
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
NODE
X-Skip-Cache
X-Litespeed-Cache
X-B3-TraceId
X-Correlation-ID
X-NGENIX-Cache
Access-Control-Request-Headers
X-Be
X-WR-MODIFICATION
Webserver
X-COUNTRY
X-Vgn-Hpd-Reason
X-ElasticPress-Search
Time
X-Upstream-HT
X-Upstream-CT
X-Cache-Backend
X-Content-Type
X-EdgeConnect-Cache-Status
Warning
Ws
X-Croise-Owner
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-From
BehaviorPad-Version
Apple-News-Services-Handled
Apple-News-Services-Request-Url
X-ND-Cache
T-Server
X-Haproxy-Hostname
X-Haproxy-Ip
X-Generated-In
X-Fastly-Cache
Ajk
X-No-Session
X-G
AKAMAI
X-D
X-Amz-Meta-Cache-Control
X-A-Wwc
X-A-Dgt
X-Application
X-ARC
Memcached
X-B-Cookie
Meta-Geo-Continent
X-A-Dcw
X-A-Dam
Viewtype
Resin-Trace
Sta2Tusw
VivaBuild
Www
X-A-Ccd
X-A
MD5-Digest
X-BB-ID
Fastly-Soc-X-Request-Id
Fly-Cache
Fly-Request-Id
X-Developer
Fastcgi-X-Cache-Version
X-DPWN-IS-SECURE
X-Died
Fastcgi-X-Cache
X-Destination
GMS-Ver
X-Cache-Host
Host-ID
X-BBXSRF
X-Cache-Id
X-CF-Lambda-Fn
X-Connection-Hash
X-CF-Lambda-Version
Cache-Prefix
X-Logtrace-Id
X-S-Cookie
X-Via-Edge
X-Twitter-Response-Tags
X-Rojux
X-Rewrite-Enabled
X-Region-Sid
X-Wix-Route-ID
X-We-Are-Hiring
X-Via-CDN
X-VG-WebServer
X-SVT-ORM-VERSION
X-Transaction
X-Trv-Group
X-SVT-ORM-RULES
X-SRCache-Key
X-Server-Time
X-Varnish-Beresp-Ttl
X-User
Xc-Version
X-Server-By
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-PAYTM-SRV-ID
X-Public
X-Planisys-CDN-Rules
Cneonction
X-Webkit-CSP
X-Cache-Ttl
Fastly-SIE
X-Sn-Servicetimems
Server-Int
Fastly-SWR
X-Phone
X-SIPLIST1
X-Up
X-Status
Rendered-Blocks
V-Age
X-NX-Host
X-Debug-Log
X-Debug-Cookies
Request-Time
X-Trace-Id
X-Cdn-Origin
X-Cache-Time
X-Date
IsBot
X-Cache-Expires
X-CS
X-Rebelmouse-Surrogate-Control
X-Core-Value
X-Cache-CFC
IBM-Web2-Location
X-Var-Ttl
X-ScT
Uber-Trace-Id
X-Wikidot-Backend
X-Accel-Expires-Debug
X-Rebelmouse-Cache-Control
X-Wikidot-Static-Cache
Origin
UCS
X-Request-URI
X-Fstrz
Release
X-F5-Cache
NGX
X-Frame-Option
Odigeo-Trace-Id
X-Forwarded-Host
X-FireWall-Port
X-TIME
X-StackifyID
X-UE-Client-Country
X-Bug-Bounty
X-Block-Status
Web-Mar-Node
Who
X-Worker
Thinkindot-CacheControl
Thinkindot-Control
X-V
X-Actual-URL
Thinkindot-CacheControl-Type
X-Backend-Host
X-VServer
X-WebServer
X-Backend-TTL
X-Backend-State
X-Amz-Meta-S3cmd-Attrs
X-UnsetCookies
X-Stale
X-GoCache-CacheStatus
X-Returned-From
X-Hnp-Log
X-IN-APIGATEWAY
X-GeoIP-Country-Code
X-GeoIP-City
X-Gannett-Site-Version
X-Returned-From-DLL
X-Gen-Mode
X-Returned-From-BeforeDispatch
X-IN-SSL-APIGATEWAY
X-IN-WAF
X-MSEdge-Flight
X-Passed-To
X-Passed-To-BeforeDispatch
X-Passed-To-PostProcessResponse
X-MSEdge-Features
X-MI-In-Market
X-Reboot
X-Location
X-Matched-Rule
X-Returned-From-PostProcessResponse
X-Secret
X-Thinkindot-L3
X-Content-Age
X-Passed-To-DLL
X-ServiceProvider
X-Ckpd-Fst-Backend
X-CGP
X-Cache-Debug
X-TT-LOGID
X-Cdn-Srv
X-Developers
X-Device-Os
X-Eu-Site
X-Server-IP
X-Server-Group
X-Served-From
X-Epic-Correlation-Id
X-Env
X-Servername
X-Dispatcher-Server
X-Edge-IP
X-C
X-Backend-Url
Is-Eu
HTTPS
Httpd-Identifier
Heartbleed
Fastly-Backend-Name
Esi-Enabled
Drupal-Pagecache-Memcache
MI-Cache-Age
MI-Cache
HA-Geocity
HA-Urlpath
HA-Servedtime
GW-Server
HA-Cloudapp
HA-Geolat
HA-Geocountry
HA-Geolon
HA-Georegion
HA-Ipaddr
Backend-Name
HA-Host
Ha-Gx-Prefs
Decoy-Debug-TTL
MI-API
Pramga
Pragrma
Decoy-Debug-Status
Platform
Proxy-Connection
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
Server-Host
Adler-Geo
Cache-Cookie-Set-Idcheck
CDCHOST
Powered-By
Ohc-Response-Time
Decoy-Debug-Key
On-Server
Content-Disposition
NnCoection
Mime-Version
X-Dynatrace
X-Rocket-Nginx-Bypass
X-RCS-CacheZone
X-Hash
X-Hl-Ver
X-Fetched-On
X-Response-By
Apicache-Store
X-Release
X-Node-Id
X-Core-Mission
Apicache-Version
X-Page-Type
X-ShopId
PFcat
X-Varnish-Id
OT-Force-Account-Verify
X-Alternate-Cache-Key
X-S-Maxage
X-Sorting-Hat-ShopId-Cached
X-Ver
Request-Country
Version
Server-ID
REQUESTUUID
Request-EU
X-Via-NSCOPI
X-Sorting-Hat-ShopId
X-Auto-Login
X-Sorting-Hat-FeatureSet
X-Sorting-Hat-PodId
Kp-EeAlive
X-Sorting-Hat-PodId-Cached
X-Shopify-Stage
X-Cache-Srv
X-Sorting-Hat-Section
X-ShardId
X-Sorting-Hat-PrivacyLevel
X-CSRF-Token
X-Platform
X-Origin-Expires
X-Origin-Date
X-Svr
X-Thanos
X-Varnish-HitMiss
X-HCF
X-Info
X-Fastcgi-Cache
X-Bip
X-Cache-Control-Set-By
X-Clientip
X-Crawler
X-Amz-Meta-S3b-Last-Modified
X-Cache-URL
Dnion-Transfer-Encoding
NtCoent-Length
X-P-T
Country-Code
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Refresh
Cache-Provider
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Storage-Class
X-Origin-TTL
X-Yottaa-Sig
X-RateLimit-Remaining-Second
X-Pf-Uncompressing
Processtime
X-RateLimit-Limit-Second
X-Req
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Ar-Sid
Accept-Ch
FSS-Proxy
X-DC
FSS-Cache
Pagetype
Arc-Country
Cteonnt-Length
X-Varnish-Url
X-CLOUD-TRACE-CONTEXT
X-LiteSpeed-Cache-Control
WebServer
X-EC-Security-Audit
X-From-Cache
X-Irp-Debug
Brightspot-Id
Memory
X-Amz-Meta-Sha256
X-Pjax-Url
X-App-Version
X-Ua
COMMERCE-SERVER-SOFTWARE
X-Cache-ASPX
X-HS-Hub-Id
X-Ruxit-Js-Agent
X-ROOTCache
GeoIp-Country-Code
Geoip-Latitude
Sid
Geoip-City
PageType
X-LB-Node
X-LB-CacheStatus
X-NC
X-Atg-Version
X-Request-UUID
X-Csrf-Token
X-Request-Start
PICS-Label
Cdn
SN
CF-IPCountry
Dynatrace
X-Load-Cache
X-Endurance-Cache-Level
X-Ratelimit-Remaining
X-Redis-Cache
Edgecast
X-Ratelimit-Limit
X-Cache-Handler
If-Modified-Since
X-Fastly-Backend-Reqs
X-Varnish-Action
X-SERVER-NAME
MIME-Version
PROCESSING-IP
BORDER-IP
X-GRACE
X-Layer
Dont-Set-Cookie
X-Cdn-Forward
X-Wix-Petri-Ex
X-GDPR
X-Tid
X-Varnish-Beresp-TTL
X-ServedByHost
X-TId
X-Rocket-Nginx-Serving-Static
X-Requestid
X-RequestId
Frame-Options
X-Rule
X-Fastly-Cache-Hits
X-Servedbyhost
X-Sf
X-Nananana
X-Resolver-IP
X-B3-SpanId
RNT-Time
RNT-Machine
NodeID
X-Owner
X-Key
X-BE
Pics-Label
Cf-Ipcountry
CACHE
CDN
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Cache-TTL
Web-Mar-Region
Powered
X-Server-W
X-HTML-Minification-Powered-By
XServer
X-Tec-Api-Origin
Node
X-Tec-Api-Root
X-Tec-Api-Version
X-ABtesting
We-Hiring
Mail-Subject
Cache-Tags
GeoIP-City
GeoIP-Latitude
X-Flog
GeoIP-Country-Code
DataCenter
X-NWS-UUID-VERIFY
PageSpeed
WZWS-RAY
X-Shard
ProcessTime
Lfy
X-Powered-By-ANYU
X-Varnish-Ttl
X-Dynatrace-Js-Agent
X-VG-WebCache
X-Sentry-ID
X-Use-Magma
Get-Access-Time
Max-Age
Is-Session-Tracking
X-GEO
X-CDN-Pop
X-CDN-Pop-IP
X-Cf-Powered-By
X-GZIP
Accept-CH
X-Gdpr
X-Mem
X-Powered-By-Defense
X-FORWARDED-FOR
X-Cache-FS-Status
X-ByteArk-Cache
X-PF-Uncompressing
URI
X-UPSTREAM-Address
Magicmarker
X-PJAX-URL
X-Dw-Trace-Id
Xet-Cookie
X-Oa-Upstreams
X-Varnish-URL
X-Cookie
X-Trv-Request-Id
X-Remote-IP
X-SRV
Amp-Access-Control-Allow-Source-Origin
X-Ms-Lease-Status
X-Ms-Blob-Type
X-Ms-Request-Id
X-Ms-Version
X-Check-Cacheable
X-Unique-Id
X-Front
X-Zalando-Page-Type
X-Zalando-Child-Request-Id
Requestid
X-Aicache-OS
X-Proxy-Server
RequestUuid
X-Varnish-ID
X-Micro-Cache
X-PAGE-TYPE
Hostname
X-NGINX-Cache
WS
X-Fe
X-RAMCache
X-Litespeed-Cache-Control
SID
X-VG-TLSProxy
X-Acquia-Application-Trace
X-VarnCache
N-Cache
Rt-Proxy-Cache
X-VarnPar1
X-VarnPar2
V-Cache
X-VC
X-SB
X-Safe-Firewall
X-Hello
CF-Cached-On
X-PARISIEN-Cache-Rendered
X-Akamai-ERRuleID
X-Akamai-ERPolicy
Group
X-Acquia-Application-UUID
X-Litespeed-Tag