Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
X-Powered-By
Strict-Transport-Security
X-Content-Type-Options
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
X-Xss-Protection
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Download-Options
X-Drupal-Cache
X-Cacheable
CF-Ray
Content-Security-Policy-Report-Only
X-Generator
Alt-Svc
X-AspNetMvc-Version
Status
X-Cache-Status
X-DNS-Prefetch-Control
X-Check
X-Iinfo
X-Adblock-Key
Timing-Allow-Origin
X-Content-Security-Policy
X-CDN
X-Turbo-Charged-By
X-Permitted-Cross-Domain-Policies
Content-Encoding
X-Template
X-Language
Keep-Alive
X-Via
X-Type
X-Request-ID
X-AH-Environment
X-Backend
X-Cache-Group
WPE-Backend
X-Pass-Why
X-Nginx-Cache-Status
X-Buckets
X-Server
X-Age
X-Server-Powered-By
Access-Control-Max-Age
X-Pingback
Xkey
X-Varnish-Cache
Grace
Access-Control-Expose-Headers
Upgrade
X-Drupal-Dynamic-Cache
X-Hacker
X-UA-Device
X-Amz-Request-Id
P3p
X-Page-Speed
Cf-Railgun
X-Proxy-Cache
X-Amz-Id-2
EagleId
X-Robots-Tag
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Envoy-Upstream-Service-Time
Request-Context
Ali-Swift-Global-Savetime
X-Node
X-Ac
X-Device
Content-Location
X-Cnection
X-Host
X-Amz-Version-Id
X-Cache-Lookup
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Surrogate-Control
X-WebKit-CSP
X-Backend-Server
X-Server-Id
X-OneAgent-JS-Injection
X-Rack-Cache
X-Instart-Request-ID
X-Px
X-CST
X-Response-Time
Request-Id
X-Readtime
Server-Timing
X-Rq
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
X-HeyJason
X-Clacks-Overhead
X-Url
EagleEye-TraceId
Pinterest-Generated-By
X-Ua-Compatible
X-Cloud-Trace-Context
Edge-Control
X-Application-Context
X-Country
X-MS-InvokeApp
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Allow
X-DynaTrace-JS-Agent
Charset
X-Server-Name
Report-To
SPRequestGuid
X-Country-Code
X-SharePointHealthScore
X-DataDome
X-Cdn
X-Varnish-TTL
X-Cached
X-ESI
Rating
X-TtlSet
X-PC
X-Vname
X-Ruxit-JS-Agent
X-TTL
X-Powered-CMS
X-Powered-By-Plesk
X-Recruiting
Public-Key-Pins
X-FTR-Request-ID
X-D2id
NEL
X-Vhost
X-Version
X-Kinja
X-F-Cache
X-Geo-Segment
X-Kinja-Build
X-Upstream-Env
X-Pinterest-Rid
X-Exp-Variant
X-Exp-Id
Pinterest-Version
X-Cdn-Fetch
X-Kinja-Server
X-Kinja-Revision
X-CF-Powered-By
X-N
SPIisLatency
SPRequestDuration
MS-Author-Via
X-DynaTrace
X-Dw-Request-Base-Id
Cartoon
X-VARITI-CCR
X-T
X-GoogleNews-Bot
X-Mod-Pagespeed
Content-MD5
AR-ATIME
AR-PoweredBy
AR-CACHE
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
Nginx-Cache
RTSS
X-Abt-Application-Version
X-GitHub-Request-Id
Feature-Policy
MicrosoftSharePointTeamServices
X-Server-ID
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Verso
X-Shield-Request-Id
X-Amz-Rid
X-Navigation-Version
X-Dispatcher
X-Trace
X-Forwarded-Proto
X-Hits
X-Client-IP
X-Goog-Hash
Realpath
X-Origin-Cache
AR-SID
Arr-Disable-Session-Affinity
Paypal-Debug-Id
X-Ttl
X-Kinsta-Cache
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Zen-Fury
X-Id
X-Grace
X-Content-Options
TCN
X-Content-Digest
X-B
X-Varnish-Age
X-Cache-Key
X-Ser
Alternate-Protocol
X-Sol
Fastcgi-Cache
DynaTrace
X-Upstream
Access-Control-Request-Method
X-Via-JSL
Mrf-Cache-Status
MRF-Tech
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-Pad
X-Fastly-Request-ID
Display
X-Middleton-Display
X-FastCGI-Cache
X-NF-Request-ID
X-Nf-Srv-Version
X-Vcap-Request-Id
X-DIS-Request-ID
PB-RID
PB-PID
X-IPLB-Instance
X-Middleton-Response
Response
X-User-Agent
X-Mobile-Rewrite
Front-End-Https
Pagespeed
X-SS-Set-Cookie
Rt-Fastcgi-Cache
X-Frontend
Eomportal-Instance
X-Logged-In
X-Cache-Rule
X-MSEdge-Ref
X-PressLabs-Stats
Server-Name
X-XRDS-LOCATION
X-Whom
X-Newrelic-App-Data
X-VCache
X-Cache-Hit
X-Forwarded-For
X-Acc-Meta-Resource-Type
Host
X-Hostname
S
Tracecode
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-NWS-LOG-UUID
Cache-Status
Arc-Version
X-Debug
Liferay-Portal
X-FTR-Expires
X-FTR-Realm
X-FTR-DC
X-FTR-Backend
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend-Server
X-Country-Code-Real
X-HS-Content-Id
Surrogate-Key
X-Request-Received
X-Request-Processing-Time
X-AOL-HN
X-UUID
Backend-Timing
X-Analytics
HitInfo
HitType
Server-Info
TP-L2-Cache
TP-Cache
X-Instance
X-Magnolia-Registration
X-Wix-Server-Artifact-Id
FilterID
Public-Key-Pins-Report-Only
Refresh
X-Contextid
X-Rid
ServerID
X-Proxied
X-Az
X-AppVersion
X-Activity-Id
X-XRDS-Location
X-Webkit-Csp
X-B3-Traceid
AMP-Access-Control-Allow-Source-Origin
X-Srv
Service-Worker-Allowed
X-Content-Security-Policy-Report-Only
X-HW
X-WPE-Loopback-Upstream-Addr
X-HS-Cache-Config
Edge-Cache-Tag
X-Varnish-Server
Cleartype
X-APP-VERSION
X-Mobile
X-Origin
X-Varnish-Backend
X-Revision
X-Correlation-Id
X-FTR-Cache-Host
Served-By
S-Cnection
Fastly-Restarts
Source
X-Geo-Country
X-Amzn-Trace-Id
X-RateLimit-Remaining
X-TT
Retry-After
Powered-By-ChinaCache
X-PHP-Backend
X-Framework
X-Cache-Config
X-B-Cache
X-Varnish-Hostname
X-Signature
X-App-Environment
X-FB-Debug
X-Device-Type
X-Tumblr-Pixel-0
X-Cache-Operation
X-Sucuri-ID
X-Tumblr-User
X-Cache-Server
X-Cache-Control
X-Tumblr-Pixel
X-Hail-Hydra
X-PC-AppVer
Host-Header
X-Cache-Action
X-Request-Guid
X-PC-Hit
Server-Node
X-BCube-Filmed-By
X-PC-Key
X-Page-Id
MS-CV
X-Cache-2
X-Handled-By
Accept-Charset
X-Origin-Upstream-Status
DC
X-Hyper-Cache
X-TT-TIMESTAMP
X-Ocache
X-Debug-Info
Actual-Object-TTL
X-ADI-VCache
X-Shield-Cache-Expires
X-WA-Info
X-Origin-Server
Cache
X-ATG-Version
X-PC-Date
X-PC-Host
Viewport
X-Content-Powered-By
NGB
Upgrade-Insecure-Requests
X-Accel-Expires
X-Microcachable
X-Daa-Tunnel
X-LB-Cache
X-Cache-NE
SRV
X-URL
X-Cached-By
X-HS-Combine-CSS
AsisCache
X-Drupal-Cache-Tags
X-Accel-Buffering
Filters
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Generated-By
X-App-Server
X-Jobs
X-Amz-Server-Side-Encryption
ServedBy
X-Akam-SW-Version
X-Cacheable-TTL
X-B3-Sampled
X-Wix-Request-Id
X-WebKit-CSP-Report-Only
X-S
X-RequestSource
X-GeoIP
X-Seen-By
X-Akamai-Edgescape
X-TX-ID
X-Cluster
X-Sucuri-Cache
X-FW-Serve
X-Varnish-Hits
X-Distil-CS
X-RTag
X-FW-Type
X-FW-Static
X-Geo
X-FW-Hash
X-Tumblr-Pixel-1
X-FW-Server
X-Locale
X-Tumblr-Pixel-2
From-Origin
X-Internal-Host
Content-Script-Type
Content-Style-Type
X-Adobe-Loc
X-Adobe-Content
X-Varnish-IP
X-Feature
Datacenter
X-Dns-Prefetch-Control
X-Varnish-Cache-Hits
X-ServedBy
X-GZip
X-Cache-Remote
HostName
X-Storage
X-Cache-Age
X-Varnish-Grace
X-Platform-Server
X-Edge-Cache-Key
X-Oracle-Dms-Ecid
X-Edge-Cache
X-Node-Name
X-Oracle-Dms-Rid
X-CDN-Forward
X-Oneagent-Js-Injection
X-Vg-Webcache
X-Cache-TTL-Remaining
X-Esi
X-Akamai-Transformed
X-UA
X-Region
X-RateLimit-Limit
X-GUploader-UploadID
X-Mode
X-NewRelic-App-Data
Cache-Tag
X-Cache-Bucket
Country
X-Amz-Replication-Status
X-Kinja-Server-Push
X-Real-IP
X-Distributor
Load-Balancing
RATING
X-Guploader-Uploadid
Ohc-File-Size
X-Amz-Apigw-Id
X-Agile-Id
X-Agile-Age
X-Agile
Fastly-SSL
X-Proto
X-Drupal-Cache-Contexts
X-Amzn-RequestId
X-Source
ServerName
X-BB-IP
X-ProcessESI
X-Path-Route
X-MP-GENERATED-AT
X-Is-Bot
X-RemovedCookies
X-Rendered-As
X-Web-Node
X-Viewer-Country
X-Time-Microsecs
X-RN-RSRV
X-Grey
X-Detected-As
GEO-INFO
X-ProxyCache-Status
X-ProxyCache-Key
X-JoinUs
Machine
Meta-Geo
X-Cache-Var-Map
X-Cache-Var
X-Cache-Category-Id
Mn-Server-Ip
X-BYPASS-REASON
X-EIG-Tracking-Id
Healthy
X-Debug-Cache
Cache-Name
X-Optimization
X-NCache
Cache-Key
X-PERF
L5d-Success-Class
X-Akamai-Request-ID
X-Webstats-RespID
Cache-Hits
X-ApacheServer
X-Cache-HT
X-Request-Time
Backend
X-CCM
Now
X-Labrador-Cache-Channel
X-CDN-Cache
X-Generated
X-NodeID
X-TWH-CORRELATION-ID
X-ServerID
X-PCL
X-Upgrade-Enabled
X-OCL
X-Port
X-Xfnlog-Site
Access-Control-Allow-Method
Azure-RegionName
S-Rt
Azure-SlotName
Azure-SiteName
Azure-Version
Azure-InstanceId
X-TA-CDN-Provider
X-OVcl-Cache
X-OVcl
X-Pubstack
X-Render-Type
X-Via-Fastly
X-Original-Request
X-Instance-Name
X-Edge-Location
X-Cluster-Node
X-FC-Vary-Parameters
X-Hosted-By
X-Human
X-Amz-Meta-Surrogate-Control
X-Hit
WP-Super-Cache
X-Access
Webcakes-App-Version
Webcakes-Region
X-App-Name
X-CCM-LastModified
X-Backend-Name
X-AWS-Id
Webcakes-App-Name
User-Cache-Control
TWC-Device-Class
TWC-Connection-Speed
Property-Id
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Privacy
TWC-Locale-Group
X-Format
X-LJ-Flow-ID
X-TNCMS
X-Surge-Debug
X-SplitTest
X-Varnish-Cacheable
X-VWS-Id
X-Zipkin-Id
X-Www-Served-By
X-Site-Version
X-Section
X-Nginx-Cache
X-Loop
LB
X-Origin-Hint
Selected-FE
X-Routing-Service
X-Proxy
X-Generation-Time
X-IP
X-Newrelic-Synthetics
X-Timing-Wait
DB-Nickname
X-Proxy-Build
X-Birta-Cache-Post
X-Meta-Tbi-Cache-Vertical
X-Birta-Served
Fastcgi-Useragent
Countrycode
X-Ezoic-Cdn
X-Cache-Enabled
User-Agent
X-Tumblr-Pixel-3
X-Time
X-Real-Ip
X-Origin-CC
Payment
Origin-Edge-Control
Origin-Cache-Control
X-Nc
X-Tb
X-Dc
Xserver
X-L-Path
X-Environment-Context
Ec-Rule-Version
X-DataStream-Cache-Status
X-Unique-ID
X-B3-Spanid
X-UA-Device-Type
RequestId
X-CACHE-AGE
X-Litespeed-Cache
X-NU-AKA-ACS-Version
Access-Control-Request-Headers
X-Skip-Cache
X-Correlation-ID
X-B3-TraceId
X-NGENIX-Cache
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
NODE
X-Servedby
Webserver
X-Upstream-CT
X-Upstream-HT
X-WR-MODIFICATION
X-CLOUD-TRACE-CONTEXT
Time
X-Vgn-Hpd-Reason
X-EdgeConnect-Cache-Status
X-Be
X-Croise-Owner
Warning
X-Cache-Ttl
X-Application
X-Cache-Backend
X-ElasticPress-Search
X-ARC
X-Cache-Id
X-A-Wwc
X-B-Cookie
X-Cache-Host
X-Logtrace-Id
X-D
X-Destination
X-G
Fly-Cache
Fly-Request-Id
Cache-Prefix
X-Developer
X-A-Ccd
X-A-Dam
X-Died
X-DPWN-IS-SECURE
Ajk
X-S-Cookie
X-SRCache-Key
X-A-Dcw
X-From
Resin-Trace
X-A-Dgt
T-Server
X-Generated-In
X-A
V-Age
IBM-Web2-Location
X-Status
Ws
X-Webkit-CSP
X-Rojux
X-UE-Client-Country
X-Var-Ttl
X-Content-Type
Host-ID
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
BehaviorPad-Version
Fastcgi-X-Cache-Version
Fastcgi-X-Cache
MD5-Digest
Memcached
Fastly-Soc-X-Request-Id
X-Cache-Expires
AKAMAI
Apple-News-Services-Handled
Apple-News-Services-Host
Meta-Geo-Continent
Sta2Tusw
Www
X-Twitter-Response-Tags
X-Debug-Log
X-Trv-Group
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Debug-Cookies
X-BBXSRF
X-VG-WebServer
X-Server-Time
Request-Time
X-User
X-CS
X-Transaction
X-Connection-Hash
X-SVT-ORM-RULES
X-ND-Cache
X-Request-URI
X-Varnish-Beresp-Ttl
X-Haproxy-Hostname
X-No-Session
X-PAYTM-SRV-ID
X-SVT-ORM-VERSION
X-Planisys-CDN-Rules
X-Fastly-Cache
X-Planisys-CDN-Cache
X-Fstrz
X-Server-By
X-BB-ID
Xc-Version
Viewtype
X-Amz-Meta-Cache-Control
VivaBuild
X-Public
X-NX-Host
X-Rewrite-Enabled
X-Cache-Time
X-Region-Sid
X-Haproxy-Ip
X-Wix-Route-ID
X-Via-Edge
Cneonction
X-We-Are-Hiring
X-Via-CDN
X-Planisys-CDN-TTL
X-CSRF-Token
X-Dynatrace
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
UCS
X-Oss-Request-Id
X-Oss-Server-Time
X-StackifyID
X-ShardId
X-Sorting-Hat-FeatureSet
X-Release
X-IN-WAF
X-RCS-CacheZone
X-Shopify-Stage
X-ShopId
X-S-Maxage
X-Wikidot-Static-Cache
X-Epic-Correlation-Id
X-F5-Cache
X-FireWall-Port
X-Forwarded-Host
X-Trace-Id
X-Core-Value
X-Cache-CFC
X-Up
X-Cdn-Origin
X-Frame-Option
X-Gannett-Site-Version
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-ScT
X-Secret
X-SIPLIST1
X-GeoIP-Country-Code
X-Phone
X-Sn-Servicetimems
X-IN-SSL-APIGATEWAY
X-Wikidot-Backend
X-WebServer
Drupal-Pagecache-Memcache
Fastly-SIE
X-Via-NSCOPI
X-Sorting-Hat-ShopId-Cached
X-Sorting-Hat-PodId-Cached
X-Sorting-Hat-PrivacyLevel
X-Sorting-Hat-Section
Fastly-SWR
IsBot
Server-Int
GMS-Ver
Uber-Trace-Id
Rendered-Blocks
Release
NGX
Odigeo-Trace-Id
Origin
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Auto-Login
Dnion-Transfer-Encoding
X-Dispatcher-Server
Version
X-Alternate-Cache-Key
Server-ID
Proxy-Connection
Request-Country
Request-EU
X-Hash
X-Device-Os
X-IN-APIGATEWAY
X-Fastcgi-Cache
X-Hl-Ver
X-Yottaa-Sig
Mime-Version
X-C
X-Backend-TTL
X-Backend-Url
X-Backend-State
X-Backend-Host
X-Ckpd-Fst-Backend
X-Amz-Meta-S3cmd-Attrs
X-Block-Status
X-Developers
X-Content-Age
X-Cdn-Srv
X-Cache-Srv
X-Core-Mission
X-CGP
X-Cache-Debug
Thinkindot-CacheControl-Type
PFcat
Platform
Powered-By
OT-Force-Account-Verify
Ohc-Response-Time
MI-Cache
MI-Cache-Age
Pragrma
Pramga
Web-Mar-Node
Who
X-Ruxit-Js-Agent
Thinkindot-Control
X-Edge-IP
Server-Host
Thinkindot-CacheControl
X-Actual-URL
X-Hnp-Log
X-Server-Group
X-Server-IP
X-Servername
X-Rocket-Nginx-Bypass
X-Returned-From-PostProcessResponse
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-Stale
X-Thinkindot-L3
X-Worker
X-Accel-Expires-Debug
X-Date
X-VServer
X-Ver
X-TT-LOGID
X-UnsetCookies
X-Returned-From
X-Response-By
MI-API
X-Location
X-Matched-Rule
X-GoCache-CacheStatus
X-Gen-Mode
X-Eu-Site
X-Fetched-On
X-MI-In-Market
X-MSEdge-Features
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Reboot
X-Passed-To-BeforeDispatch
X-Passed-To
X-MSEdge-Flight
X-Node-Id
X-Env
X-GeoIP-City
Country-Code
HA-Geolon
HA-Geolat
HA-Geocountry
HA-Georegion
Kp-EeAlive
HA-Ipaddr
HA-Host
X-Crawler
Adler-Geo
HA-Geocity
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
CDCHOST
Cache-Cookie-Set-From
Content-Disposition
HA-Cloudapp
GW-Server
Backend-Name
HA-Servedtime
Ha-Gx-Prefs
X-Origin-Expires
HTTPS
X-Origin-Date
Heartbleed
HA-Urlpath
Esi-Enabled
Fastly-Backend-Name
X-Info
Is-Eu
Httpd-Identifier
X-TIME
NnCoection
X-V
Decoy-Debug-Key
X-Varnish-HitMiss
X-HCF
X-Bug-Bounty
X-Cache-Control-Set-By
On-Server
X-Bip
X-Varnish-Id
X-Page-Type
X-Cache-URL
X-Svr
REQUESTUUID
X-Served-From
X-ServiceProvider
X-Clientip
X-Thanos
Decoy-Debug-Status
X-Platform
Decoy-Debug-TTL
Apicache-Version
Apicache-Store
NtCoent-Length
X-Req
X-Refresh
Cteonnt-Length
X-RateLimit-Limit-Second
Cache-Provider
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-RateLimit-Remaining-Second
X-Amz-Meta-S3b-Last-Modified
FSS-Cache
FSS-Proxy
X-Origin-TTL
Arc-Country
X-P-T
X-LiteSpeed-Cache-Control
Brightspot-Id
X-Ua
X-Varnish-Url
X-Pf-Uncompressing
Ar-Sid
WebServer
X-Irp-Debug
Pagetype
Accept-Ch
X-App-Version
X-LB-CacheStatus
X-Pjax-Url
X-LB-Node
X-DC
Processtime
COMMERCE-SERVER-SOFTWARE
X-ROOTCache
Memory
Sid
X-EC-Security-Audit
X-Ratelimit-Limit
X-Request-UUID
X-Request-Start
X-From-Cache
X-Amz-Meta-Sha256
PageType
X-Ratelimit-Remaining
If-Modified-Since
X-Cache-ASPX
Cdn
X-Endurance-Cache-Level
X-Atg-Version
X-Load-Cache
Dynatrace
PICS-Label
Geoip-City
SN
X-Varnish-Action
Geoip-Latitude
GeoIp-Country-Code
X-NC
X-Fastly-Backend-Reqs
X-Layer
CF-IPCountry
X-SERVER-NAME
X-COUNTRY
X-Redis-Cache
X-Cdn-Forward
PROCESSING-IP
Edgecast
X-Csrf-Token
X-GRACE
BORDER-IP
X-Cache-Handler
X-GDPR
X-Tid
X-Rocket-Nginx-Serving-Static
X-ServedByHost
X-Varnish-Beresp-TTL
MIME-Version
X-HS-Hub-Id
X-HOST
X-RequestId
Frame-Options
X-Nananana
NodeID
X-Requestid
X-TId
Dont-Set-Cookie
X-Fastly-Cache-Hits
X-Resolver-IP
X-Wix-Petri-Ex
X-B3-SpanId
X-Key
X-Owner
X-Servedbyhost
X-NWS-UUID-VERIFY
X-Rule
X-Cf-Powered-By
X-Sf
X-BE
Cf-Ipcountry
X-Server-W
Web-Mar-Region
RNT-Time
Pics-Label
RNT-Machine
X-Cache-TTL
ProcessTime
CACHE
WZWS-RAY
X-HTML-Minification-Powered-By
GeoIP-Country-Code
GeoIP-Latitude
X-Sentry-ID
X-Flog
X-ABtesting
GeoIP-City
Node
X-Tec-Api-Origin
X-Tec-Api-Version
CDN
X-Tec-Api-Root
X-DataStream-Origin-MEX-Latency
We-Hiring
X-FORWARDED-FOR
Mail-Subject
X-DataStream-MidMile-RTT
X-Powered-By-ANYU
Lfy
Is-Session-Tracking
Get-Access-Time
X-VG-WebCache
PageSpeed
X-CDN-Pop
X-Varnish-Ttl
X-Dynatrace-Js-Agent
X-CDN-Pop-IP
Max-Age
X-Shard
Powered
X-Use-Magma
X-ByteArk-Cache
X-SRV
Cache-Tags
X-Mem
X-GZIP
XServer
URI
Magicmarker
Accept-CH
X-Cache-FS-Status
X-Check-Cacheable
X-PF-Uncompressing
DataCenter
X-Powered-By-Defense
X-GEO
X-Front
X-PJAX-URL
X-UPSTREAM-Address
X-Dw-Trace-Id
X-Unique-Id
Xet-Cookie
X-Oa-Upstreams
Amp-Access-Control-Allow-Source-Origin
X-PAGE-TYPE
X-Micro-Cache
X-Zalando-Page-Type
X-Gdpr
X-Zalando-Child-Request-Id
X-Varnish-URL
X-Cookie
X-Ms-Request-Id
X-Ms-Lease-Status
X-Ms-Blob-Type
X-Ms-Version
X-Remote-IP
X-Trv-Request-Id
Group
V-Cache
X-VC
X-Safe-Firewall
N-Cache
X-HGenerator
Rt-Proxy-Cache
X-VarnPar2
X-SB
RequestUuid
X-Aicache-OS
X-Fe
X-Proxy-Server
Requestid
X-Varnish-ID
X-VarnCache
X-PARISIEN-Cache-Rendered
X-VarnPar1
X-NGINX-Cache
Hostname
X-ProxyCache-Args
X-Akamai-ERPolicy
WS
X-Acquia-Application-Trace
X-M-Reqid
X-RAMCache
X-Acquia-Application-UUID
X-Akamai-ERRuleID
CF-Cached-On
X-Alicdn-Da-Ups-Status
WWW-Authenticate
X-Hello
SID
X-Qnm-Cache
X-M-Log
X-Litespeed-Tag