Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
X-Xss-Protection
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
Alt-Svc
Status
X-AspNetMvc-Version
X-Cache-Status
X-DNS-Prefetch-Control
X-Check
P3p
X-Iinfo
X-Adblock-Key
X-FRAME-OPTIONS
X-CDN
Timing-Allow-Origin
X-Content-Security-Policy
X-Permitted-Cross-Domain-Policies
X-Turbo-Charged-By
Content-Encoding
X-Template
X-Language
Keep-Alive
X-Type
X-AH-Environment
X-Via
CF-Ray
X-Cache-Group
X-Backend
WPE-Backend
X-Request-ID
X-Pass-Why
X-Buckets
X-Age
X-Server
X-Nginx-Cache-Status
Access-Control-Max-Age
X-Server-Powered-By
X-Pingback
Xkey
X-Varnish-Cache
Grace
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Expose-Headers
X-Hacker
X-UA-Device
X-Amz-Request-Id
Cf-Railgun
X-Page-Speed
X-Amz-Id-2
X-Proxy-Cache
X-Robots-Tag
EagleId
X-Envoy-Upstream-Service-Time
Request-Context
X-Node
X-LiteSpeed-Cache
X-Ac
X-Swift-CacheTime
X-Swift-SaveTime
X-Device
X-Cnection
X-Host
Ali-Swift-Global-Savetime
Content-Location
X-Amz-Version-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Server-Id
Surrogate-Control
X-Backend-Server
X-OneAgent-JS-Injection
X-Cache-Lookup
X-Rack-Cache
X-Response-Time
X-Px
X-Instart-Request-ID
Request-Id
Server-Timing
X-Readtime
X-CST
X-Rq
X-Clacks-Overhead
Pinterest-Generated-By
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
X-HeyJason
X-Url
EagleEye-TraceId
X-Ua-Compatible
Edge-Control
X-Application-Context
X-Cloud-Trace-Context
X-Country
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-MS-InvokeApp
Report-To
Charset
X-DynaTrace-JS-Agent
SPRequestGuid
X-Server-Name
X-Country-Code
Allow
X-DataDome
X-SharePointHealthScore
X-Ruxit-JS-Agent
X-ESI
Rating
X-Varnish-TTL
X-PC
X-Vname
X-TtlSet
X-Cached
X-Powered-CMS
X-Powered-By-Plesk
X-Recruiting
X-CF-Powered-By
X-TTL
X-FTR-Request-ID
X-DynaTrace
NEL
X-Vhost
X-D2id
Public-Key-Pins
X-Upstream-Env
X-Pinterest-Rid
X-Cdn-Fetch
Pinterest-Version
X-Exp-Variant
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-Exp-Id
X-Geo-Segment
X-F-Cache
X-Version
X-ORACLE-DMS-ECID
X-T
X-ORACLE-DMS-RID
X-VARITI-CCR
X-N
X-GoogleNews-Bot
Cartoon
SPRequestDuration
SPIisLatency
X-Dw-Request-Base-Id
X-Mod-Pagespeed
Content-MD5
X-Abt-Application-Version
MS-Author-Via
RTSS
Nginx-Cache
Feature-Policy
Verso
X-GitHub-Request-Id
X-Dispatcher
X-Ttl
X-Goog-Hash
X-Navigation-Version
MicrosoftSharePointTeamServices
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Client-IP
AR-CACHE
AR-PoweredBy
X-Amz-Rid
AR-ATIME
Realpath
X-Hits
X-Forwarded-Proto
X-Shield-Request-Id
X-Origin-Cache
X-Cdn
X-Trace
Paypal-Debug-Id
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Content-Options
X-Id
X-Grace
X-Zen-Fury
X-Content-Digest
X-Kinsta-Cache
X-Server-ID
DynaTrace
TCN
X-B
Arr-Disable-Session-Affinity
AR-SID
Alternate-Protocol
X-Varnish-Age
X-Cache-Key
X-Sol
Fastcgi-Cache
X-Upstream
MRF-Tech
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Access-Control-Request-Method
X-FastCGI-Cache
X-Middleton-Display
Display
X-Ser
X-Pad
PB-RID
X-Fastly-Request-ID
X-Acc-Meta-Resource-Type
PB-PID
X-Mobile-Rewrite
X-NF-Request-ID
X-Nf-Srv-Version
X-Via-JSL
X-DIS-Request-ID
X-Middleton-Response
Response
X-User-Agent
Pagespeed
X-Vcap-Request-Id
X-Litespeed-Cache
X-Forwarded-For
Front-End-Https
X-MSEdge-Ref
Rt-Fastcgi-Cache
Eomportal-Instance
X-Cache-Rule
X-Frontend
X-PressLabs-Stats
Arc-Version
X-SS-Set-Cookie
X-IPLB-Instance
X-Logged-In
X-Cache-Hit
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Generation
X-VCache
Server-Name
X-Whom
X-Hostname
Host
X-XRDS-Location
Surrogate-Key
S
Tracecode
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-DC
X-FTR-Backend
X-FTR-Expires
X-FTR-Balancer
X-FTR-Backend-Server
X-Country-Code-Real
X-Request-Processing-Time
X-Request-Received
Backend-Timing
Cache-Status
X-Analytics
X-Debug
X-HS-Content-Id
TP-Cache
TP-L2-Cache
X-Instance
X-AOL-HN
X-Contextid
X-Magnolia-Registration
Refresh
X-Rid
X-Proxied
X-Activity-Id
X-Az
X-AppVersion
ServerID
FilterID
X-Srv
X-Wix-Server-Artifact-Id
X-XRDS-LOCATION
Public-Key-Pins-Report-Only
X-B3-Traceid
X-HW
X-UUID
Server-Info
HitType
HitInfo
X-Newrelic-App-Data
X-WPE-Loopback-Upstream-Addr
Cleartype
X-APP-VERSION
Liferay-Portal
Service-Worker-Allowed
X-FTR-Cache-Host
AMP-Access-Control-Allow-Source-Origin
X-Content-Security-Policy-Report-Only
X-Mobile
X-Varnish-Server
X-Varnish-Backend
X-Cache-Control
Served-By
X-Revision
Source
X-Amzn-Trace-Id
X-Cache-Server
X-PC-AppVer
X-Hail-Hydra
X-NWS-LOG-UUID
X-PC-Hit
X-PHP-Backend
X-Geo-Country
X-Origin-Upstream-Status
Server-Node
X-App-Environment
X-BCube-Filmed-By
Host-Header
X-Request-Guid
X-PC-Key
X-TT
X-Tumblr-Pixel
X-RateLimit-Remaining
X-Tumblr-Pixel-0
X-Tumblr-User
X-Device-Type
X-Handled-By
Retry-After
Accept-Charset
MS-CV
X-Framework
X-Varnish-Hostname
DC
X-Cache-2
X-Cache-Operation
X-B-Cache
X-Page-Id
Powered-By-ChinaCache
X-Cache-Config
X-Signature
X-FB-Debug
Edge-Cache-Tag
X-HS-Cache-Config
X-Origin
S-Cnection
X-Origin-Server
X-Correlation-Id
X-URL
Fastly-Restarts
X-Cache-Action
X-TT-TIMESTAMP
X-Debug-Info
X-Sucuri-ID
Viewport
X-Ocache
X-PC-Host
X-PC-Date
Actual-Object-TTL
X-ATG-Version
X-B3-Sampled
X-Hyper-Cache
X-Cached-By
X-WA-Info
X-ADI-VCache
NGB
X-Shield-Cache-Expires
X-Webkit-Csp
X-Content-Powered-By
X-Microcachable
X-Drupal-Cache-Tags
X-LB-Cache
X-Akam-SW-Version
X-Accel-Expires
Upgrade-Insecure-Requests
SRV
AsisCache
X-Generated-By
Filters
X-Cache-NE
X-NewRelic-App-Data
X-Yottaa-Metrics
X-Yottaa-Optimizations
ServedBy
X-App-Server
X-Internal-Host
X-Tumblr-Pixel-1
X-WebKit-CSP-Report-Only
Cache
X-FW-Hash
X-FW-Serve
X-FW-Server
X-FW-Type
X-FW-Static
X-Tumblr-Pixel-2
X-Distil-CS
X-Cacheable-TTL
X-RTag
X-Locale
X-RequestSource
X-Wix-Request-Id
X-Seen-By
X-GeoIP
Content-Style-Type
Content-Script-Type
X-Jobs
X-S
X-Accel-Buffering
X-Cluster
X-ServedBy
X-Node-Name
X-TX-ID
X-Amz-Server-Side-Encryption
X-GUploader-UploadID
X-Geo
X-Varnish-Hits
From-Origin
X-Varnish-Grace
X-Cache-Age
X-Varnish-Cache-Hits
X-RateLimit-Limit
X-Sucuri-Cache
X-Akamai-Edgescape
X-Adobe-Content
X-Adobe-Loc
X-CDN-Forward
X-Platform-Server
Datacenter
X-Varnish-IP
X-GZip
X-Vg-Webcache
X-HS-Combine-CSS
X-UA
X-Dns-Prefetch-Control
X-CLOUD-TRACE-CONTEXT
X-Cache-TTL-Remaining
X-Edge-Cache-Key
X-Edge-Cache
X-Real-IP
Cache-Tag
X-Storage
X-Cache-Remote
X-Akamai-Transformed
X-Mode
X-Esi
X-Region
X-Drupal-Cache-Contexts
X-Daa-Tunnel
X-Source
X-Amz-Replication-Status
X-Distributor
HostName
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
X-RN-RSRV
X-ProcessESI
X-Path-Route
X-Cache-Var-Map
Meta-Geo
Machine
Load-Balancing
X-Cache-Var
X-Rendered-As
X-Detected-As
X-RemovedCookies
X-MP-GENERATED-AT
X-Is-Bot
X-NCache
ServerName
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Proxy
Fastly-SSL
X-Kinja-Server-Push
X-Agile
X-Cache-Category-Id
X-Web-Node
GEO-INFO
X-CDN-Cache
X-TWH-CORRELATION-ID
X-Time-Microsecs
X-Agile-Age
X-Upgrade-Enabled
X-Webstats-RespID
X-Grey
X-PERF
X-Viewer-Country
X-PCL
X-Akamai-Request-ID
X-OCL
Mn-Server-Ip
X-ApacheServer
Cache-Key
X-BB-IP
X-Agile-Id
X-Edge-Location
Azure-InstanceId
Azure-RegionName
X-Instance-Name
X-Cluster-Node
Azure-Version
Azure-SlotName
X-Amz-Meta-Surrogate-Control
Backend
X-Debug-Cache
L5d-Success-Class
S-Rt
X-NodeID
X-OVcl
X-Original-Request
X-EIG-Tracking-Id
Country
Ohc-File-Size
X-OVcl-Cache
Azure-SiteName
X-Pubstack
X-Human
X-Proto
X-Via-Fastly
X-FC-Vary-Parameters
TWC-GeoIP-LatLong
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-Country
TWC-Locale-Group
X-IP
X-Xfnlog-Site
User-Cache-Control
Webcakes-App-Name
Webcakes-App-Version
X-Access
Webcakes-Region
TWC-Privacy
X-CCM
X-ProxyCache-Key
X-VWS-Id
X-BYPASS-REASON
Now
X-Hosted-By
X-Origin-Hint
X-Optimization
X-ServerID
X-Varnish-Cacheable
X-Port
X-Routing-Service
X-ProxyCache-Status
X-SplitTest
X-Site-Version
X-Birta-Cache-Post
X-Birta-Served
X-Section
X-AWS-Id
X-App-Name
X-Www-Served-By
X-Cache-HT
X-Format
X-Generation-Time
X-CCM-LastModified
X-Meta-Tbi-Cache-Vertical
X-LJ-Flow-ID
X-Zipkin-Id
LB
Healthy
Cache-Name
User-Agent
DB-Nickname
Property-Id
Fastcgi-Useragent
X-Labrador-Cache-Channel
Cache-Hits
X-Loop
X-TNCMS
Access-Control-Allow-Method
X-Backend-Name
X-JoinUs
X-Generated
X-Proxy-Build
Selected-FE
Countrycode
X-Timing-Wait
X-Request-Time
Payment
X-Tumblr-Pixel-3
X-Tb
X-Guploader-Uploadid
X-Cache-Bucket
X-Surge-Debug
Ec-Rule-Version
RATING
X-Ezoic-Cdn
X-Origin-CC
X-Dc
X-Time
X-Hit
X-DataStream-Cache-Status
WP-Super-Cache
X-Correlation-ID
X-Cache-Enabled
X-Unique-ID
X-B3-Spanid
X-TA-CDN-Provider
X-Render-Type
X-Newrelic-Synthetics
X-Oneagent-Js-Injection
Origin-Edge-Control
Origin-Cache-Control
X-Feature
X-Real-Ip
X-Nginx-Cache
X-Nc
X-UA-Device-Type
X-L-Path
X-Environment-Context
NODE
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
RequestId
X-NU-AKA-ACS-Version
X-CACHE-AGE
Xserver
X-Skip-Cache
X-B3-TraceId
X-Content-Type
X-NGENIX-Cache
X-Status
X-WR-MODIFICATION
Access-Control-Request-Headers
X-Be
X-EdgeConnect-Cache-Status
X-Cache-Backend
X-Vgn-Hpd-Reason
X-ElasticPress-Search
Webserver
X-Servedby
Apicache-Store
Apicache-Version
X-Upstream-HT
Warning
Time
Ws
X-Upstream-CT
X-Haproxy-Hostname
X-CF-Lambda-Fn
X-CF-Lambda-Version
Fly-Cache
X-No-Session
Fastly-Soc-X-Request-Id
X-A-Dgt
Xc-Version
Apple-News-Services-Handled
Fly-Request-Id
X-A-Dcw
X-A-Ccd
X-Logtrace-Id
X-Wix-Route-ID
X-A
X-Connection-Hash
X-A-Dam
X-Region-Sid
X-Haproxy-Ip
Apple-News-Services-Host
Fastcgi-X-Cache-Version
AKAMAI
X-GoCache-CacheStatus
BehaviorPad-Version
X-S-Cookie
Cache-Prefix
X-Rojux
X-Rewrite-Enabled
IBM-Web2-Location
X-B-Cookie
X-ARC
X-From
X-Application
Ajk
X-A-Wwc
Fastcgi-X-Cache
X-Server-Time
Apple-News-Services-Parsed-Url
X-Server-By
X-BB-ID
Apple-News-Services-Request-Url
X-Accel-Expires-Debug
X-BBXSRF
GMS-Ver
X-Planisys-CDN-Rules
X-Died
X-Planisys-CDN-Cache
MD5-Digest
X-PAYTM-SRV-ID
X-Twitter-Response-Tags
X-Planisys-CDN-TTL
X-Developer
Www
Memcached
X-We-Are-Hiring
X-VG-WebServer
X-Via-CDN
X-HS-Hub-Id
X-Via-Edge
X-G
Resin-Trace
X-User
Meta-Geo-Continent
X-Generated-In
Sta2Tusw
X-Fastly-Cache
X-Date
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-D
Viewtype
X-ND-Cache
VivaBuild
Host-ID
X-SRCache-Key
X-Transaction
X-Trv-Group
T-Server
X-Public
X-Destination
Rendered-Blocks
IsBot
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
Origin
Release
Uber-Trace-Id
Request-Time
X-Request-URI
V-Age
Fastly-SIE
X-Phone
Server-Int
Fastly-SWR
NGX
X-Amz-Meta-Cache-Control
UCS
X-NX-Host
X-CS
X-Debug-Cookies
X-Debug-Log
X-IN-SSL-APIGATEWAY
X-IN-WAF
X-Cdn-Origin
X-SIPLIST1
X-Sn-Servicetimems
X-Wikidot-Static-Cache
X-IN-APIGATEWAY
X-DPWN-IS-SECURE
X-Var-Ttl
X-Fstrz
X-Up
X-F5-Cache
X-Wikidot-Backend
X-Trace-Id
X-Forwarded-Host
X-Core-Value
X-Cache-Expires
X-Cache-Host
X-ScT
X-Cache-Id
X-C
X-Webkit-CSP
OT-Force-Account-Verify
X-Cache-Ttl
X-Device-Os
X-MI-In-Market
X-GeoIP-City
X-Backend-Host
X-GeoIP-Country-Code
X-Block-Status
X-Developers
X-Frame-Option
X-Backend-State
X-Backend-TTL
X-Node-Id
Proxy-Connection
Pramga
X-Epic-Correlation-Id
X-Env
X-Eu-Site
Server-Host
X-Bug-Bounty
X-Gen-Mode
X-Edge-IP
Thinkindot-Control
Powered-By
X-Actual-URL
X-Passed-To-BeforeDispatch
X-Backend-Url
X-Content-Age
X-Ckpd-Fst-Backend
X-FireWall-Port
X-Cdn-Srv
X-CGP
X-Passed-To
Who
X-Passed-To-DLL
X-Amz-Meta-S3cmd-Attrs
X-Cache-Time
Thinkindot-CacheControl-Type
X-Cache-CFC
X-Hnp-Log
X-Passed-To-PostProcessResponse
Web-Mar-Node
X-Matched-Rule
X-Cache-Debug
Thinkindot-CacheControl
Cache-Cookie-Set-Lfrom
X-Returned-From
Backend-Name
Cache-Cookie-Set-From
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-Served-From
X-Returned-From-PostProcessResponse
Cache-Cookie-Set-Idcheck
X-Location
Decoy-Debug-TTL
Esi-Enabled
Decoy-Debug-Status
Decoy-Debug-Key
CDCHOST
Content-Disposition
X-Server-Group
X-Servername
Cneonction
X-Worker
X-WebServer
X-Auto-Login
X-Hl-Ver
X-Via-NSCOPI
X-Rocket-Nginx-Bypass
X-VServer
X-V
X-Stale
X-ServiceProvider
X-Thinkindot-L3
X-TT-LOGID
X-UnsetCookies
X-UE-Client-Country
Fastly-Backend-Name
X-Server-IP
On-Server
Ha-Gx-Prefs
HA-Georegion
HA-Geolon
HTTPS
HA-Host
Httpd-Identifier
HA-Urlpath
HA-Servedtime
HA-Ipaddr
HA-Geolat
HA-Geocountry
X-RCS-CacheZone
MI-Cache-Age
X-Reboot
MI-Cache
GW-Server
Odigeo-Trace-Id
Ohc-Response-Time
HA-Geocity
HA-Cloudapp
Heartbleed
X-Varnish-Beresp-Ttl
X-Varnish-Id
X-Ver
X-Thanos
Request-EU
REQUESTUUID
X-Dispatcher-Server
Kp-EeAlive
Server-ID
Pragrma
X-Varnish-HitMiss
X-Origin-Date
X-Fetched-On
X-Clientip
X-Crawler
PFcat
X-HCF
X-Info
X-Cache-Control-Set-By
Request-Country
X-Hash
X-Platform
X-Bip
X-Sorting-Hat-ShopId-Cached
X-Sorting-Hat-PrivacyLevel
X-Sorting-Hat-ShopId
X-Origin-Expires
X-ShardId
X-Shopify-Stage
Is-Eu
X-Cache-Srv
X-Response-By
Adler-Geo
X-Alternate-Cache-Key
Platform
X-Sorting-Hat-FeatureSet
X-ShopId
X-Croise-Owner
X-Release
X-Sorting-Hat-Section
X-Core-Mission
X-Sorting-Hat-PodId-Cached
X-Sorting-Hat-PodId
X-TIME
NnCoection
X-Page-Type
Country-Code
X-S-Maxage
X-MSEdge-Flight
X-Cache-URL
NtCoent-Length
X-Refresh
X-MSEdge-Features
X-StackifyID
X-Svr
Drupal-Pagecache-Memcache
X-P-T
Mime-Version
X-Fastcgi-Cache
MI-API
Cache-Provider
X-Gannett-Site-Version
X-Req
X-Secret
X-Pf-Uncompressing
X-Amz-Meta-S3b-Last-Modified
X-Oss-Object-Type
Dnion-Transfer-Encoding
X-Oss-Hash-Crc64ecma
Processtime
X-Csrf-Token
X-Oss-Storage-Class
X-Origin-TTL
X-SERVER-NAME
X-Oss-Server-Time
X-Oss-Request-Id
X-COUNTRY
X-Pjax-Url
Accept-Ch
X-Cache-ASPX
Version
X-NC
Memory
Ar-Sid
X-Amz-Meta-Sha256
Pagetype
X-EC-Security-Audit
X-Kong-Proxy-Latency
X-RateLimit-Remaining-Second
X-Kong-Upstream-Latency
SN
X-RateLimit-Limit-Second
WebServer
X-Varnish-Url
X-App-Version
X-Yottaa-Sig
X-Ua
X-Wix-Petri-Ex
Cteonnt-Length
FSS-Cache
Arc-Country
X-LiteSpeed-Cache-Control
FSS-Proxy
Geoip-Latitude
Geoip-City
X-From-Cache
GeoIp-Country-Code
X-Rule
Dont-Set-Cookie
X-Ruxit-Js-Agent
PICS-Label
X-DC
PageType
Brightspot-Id
X-Irp-Debug
X-Cache-Handler
COMMERCE-SERVER-SOFTWARE
X-CSRF-Token
MIME-Version
X-LB-CacheStatus
X-Redis-Cache
CF-IPCountry
X-LB-Node
X-Load-Cache
Cdn
X-Varnish-Beresp-TTL
X-Request-Start
X-ROOTCache
Sid
X-Endurance-Cache-Level
X-Ratelimit-Remaining
X-Request-UUID
Edgecast
If-Modified-Since
BORDER-IP
X-Sf
X-GRACE
PROCESSING-IP
X-Fastly-Backend-Reqs
X-Cdn-Forward
X-Requestid
X-Atg-Version
RNT-Time
RNT-Machine
X-Varnish-Action
X-TId
X-Servedbyhost
XServer
X-Ratelimit-Limit
X-GDPR
X-Tid
X-Layer
X-ServedByHost
X-RequestId
X-Dynatrace
X-Nananana
Powered
X-Resolver-IP
X-B3-SpanId
Frame-Options
X-Rocket-Nginx-Serving-Static
X-BE
X-Cache-TTL
CDN
Cache-Tags
X-Fastly-Cache-Hits
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
NodeID
Cf-Ipcountry
Pics-Label
Amp-Access-Control-Allow-Source-Origin
CACHE
X-Owner
X-Gdpr
X-Key
X-Tec-Api-Root
Node
X-Tec-Api-Origin
X-Tec-Api-Version
Dynatrace
GeoIP-Latitude
X-HTML-Minification-Powered-By
X-Server-W
GeoIP-Country-Code
GeoIP-City
We-Hiring
Mail-Subject
PageSpeed
X-VG-WebCache
X-Shard
Web-Mar-Region
X-UPSTREAM-Address
X-Varnish-Ttl
X-Dynatrace-Js-Agent
X-Ms-Blob-Type
X-Ms-Lease-Status
ProcessTime
X-Ms-Request-Id
X-Ms-Version
X-Use-Magma
Hostname
X-Flog
X-Varnish-URL
Lfy
X-Sentry-ID
X-ABtesting
X-GZIP
DataCenter
X-Powered-By-ANYU
X-Aicache-OS
Accept-CH
X-Alicdn-Da-Ups-Status
WZWS-RAY
X-VG-TLSProxy
Is-Session-Tracking
URI
X-GEO
Get-Access-Time
X-PF-Uncompressing
X-PJAX-URL
True-Client-Country-4JS
Max-Age
X-CDN-Pop-IP
X-CDN-Pop
X-NGINX-Cache
X-NWS-UUID-VERIFY
Xet-Cookie
X-Dw-Trace-Id
Cdn-Request-Time
X-Oa-Upstreams
X-Trv-Request-Id
Requestid
Cdn-Host
X-Policy
X-Edge-Server
X-Check-Cacheable
X-Mem
X-Cookie
X-Unique-Id
X-Powered-By-Defense
GEO-REGION-INFO
Rt-Proxy-Cache
X-Ms-Lease-State
X-Org
X-Varnish-ID
X-Remote-IP
X-Cache-FS-Status
X-Front
X-Swa-Ws
RequestUuid
X-PAGE-TYPE
X-RPS
V-Cache
Group
X-RPM
X-VC
X-VID
X-RSL
X-SB
X-Acquia-Application-Trace
X-Akamai-ERRuleID
X-Hello
CF-Cached-On
X-Akamai-ERPolicy
X-Acquia-Application-UUID
Magicmarker
X-Proxy-Server
X-Litespeed-Tag
SID
X-DB
X-DI
X-DSS
X-Litespeed-Cache-Control
X-Fe
X-RAMCache
WS
X-DW