Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
X-Xss-Protection
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
CF-Ray
Alt-Svc
Status
X-AspNetMvc-Version
X-Cache-Status
X-DNS-Prefetch-Control
X-Check
X-Iinfo
X-Adblock-Key
X-FRAME-OPTIONS
Timing-Allow-Origin
X-CDN
X-Content-Security-Policy
X-Turbo-Charged-By
X-Permitted-Cross-Domain-Policies
Content-Encoding
P3p
X-Template
X-Language
Keep-Alive
X-Type
X-Via
X-AH-Environment
X-Backend
X-Cache-Group
X-Request-ID
WPE-Backend
X-Pass-Why
X-Buckets
X-Age
X-Server
X-Nginx-Cache-Status
Access-Control-Max-Age
X-Server-Powered-By
X-Pingback
Xkey
X-Varnish-Cache
Grace
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
Upgrade
X-Hacker
X-UA-Device
X-Amz-Request-Id
X-Page-Speed
Cf-Railgun
X-Amz-Id-2
X-Proxy-Cache
X-Robots-Tag
EagleId
X-LiteSpeed-Cache
X-Envoy-Upstream-Service-Time
Request-Context
X-Node
X-Swift-CacheTime
X-Swift-SaveTime
X-Ac
X-Device
Ali-Swift-Global-Savetime
X-Cnection
X-Host
Content-Location
X-Amz-Version-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Lookup
Surrogate-Control
X-Backend-Server
X-Server-Id
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Rack-Cache
X-Px
X-Response-Time
X-Instart-Request-ID
X-CST
Request-Id
X-Readtime
Server-Timing
X-Rq
X-Clacks-Overhead
X-HeyJason
Permitted-Cross-Domain-Policies
X-Do-Not-Hack
Pinterest-Generated-By
EagleEye-TraceId
X-Cloud-Trace-Context
X-Ua-Compatible
Edge-Control
X-Url
X-Application-Context
X-MS-InvokeApp
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country
Report-To
X-DynaTrace-JS-Agent
X-Server-Name
Charset
SPRequestGuid
Allow
X-Country-Code
X-SharePointHealthScore
X-DataDome
X-Ruxit-JS-Agent
Rating
X-Varnish-TTL
X-Cached
X-PC
X-Vname
X-TtlSet
X-ESI
X-TTL
X-Powered-CMS
X-Powered-By-Plesk
X-Recruiting
X-FTR-Request-ID
NEL
X-D2id
X-Vhost
X-CF-Powered-By
X-ORACLE-DMS-ECID
Public-Key-Pins
X-ORACLE-DMS-RID
X-Pinterest-Rid
X-Upstream-Env
Pinterest-Version
X-Version
X-Kinja-Build
X-Exp-Id
X-Geo-Segment
X-Kinja
X-Kinja-Server
X-Cdn-Fetch
X-Kinja-Revision
X-Exp-Variant
X-F-Cache
X-DynaTrace
SPRequestDuration
X-N
SPIisLatency
X-VARITI-CCR
X-GoogleNews-Bot
X-Dw-Request-Base-Id
Cartoon
X-Mod-Pagespeed
X-T
MS-Author-Via
Content-MD5
X-Abt-Application-Version
RTSS
Nginx-Cache
Feature-Policy
AR-ATIME
AR-CACHE
AR-PoweredBy
X-GitHub-Request-Id
MicrosoftSharePointTeamServices
Verso
X-Dispatcher
X-Navigation-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Shield-Request-Id
X-Server-ID
X-Client-IP
X-Amz-Rid
Realpath
X-Goog-Hash
X-Forwarded-Proto
X-Hits
X-Trace
X-Origin-Cache
X-Cdn
X-Ttl
Paypal-Debug-Id
X-Content-Options
X-Zen-Fury
X-Content-Digest
X-Id
Arr-Disable-Session-Affinity
X-Kinsta-Cache
TCN
AR-SID
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-B
X-Grace
X-Varnish-Age
X-Cache-Key
Alternate-Protocol
Fastcgi-Cache
DynaTrace
X-Sol
X-Upstream
X-Ser
Access-Control-Request-Method
MRF-Tech
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-FastCGI-Cache
X-Pad
X-Fastly-Request-ID
X-Middleton-Display
Display
X-Via-JSL
PB-PID
X-Nf-Srv-Version
X-NF-Request-ID
PB-RID
X-DIS-Request-ID
X-Vcap-Request-Id
X-Mobile-Rewrite
X-User-Agent
Response
X-Middleton-Response
Front-End-Https
X-IPLB-Instance
Rt-Fastcgi-Cache
X-MSEdge-Ref
X-Acc-Meta-Resource-Type
X-SS-Set-Cookie
Pagespeed
X-Cache-Rule
Eomportal-Instance
X-Frontend
X-PressLabs-Stats
X-Logged-In
X-Forwarded-For
X-Cache-Hit
X-Whom
Server-Name
X-Hostname
X-VCache
X-XRDS-Location
Arc-Version
Host
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Storage-Class
Tracecode
S
Cache-Status
Surrogate-Key
X-Webkit-Csp
X-FTR-Balancer
X-FTR-Backend-Server
X-Debug
X-Country-Code-Real
X-FTR-Backend
X-Newrelic-App-Data
X-FTR-Cache-Status
X-FTR-Expires
X-FTR-Realm
X-FTR-DC
X-Request-Processing-Time
X-Analytics
X-Request-Received
Backend-Timing
Refresh
X-HS-Content-Id
X-AOL-HN
TP-L2-Cache
TP-Cache
X-Instance
X-Contextid
X-Magnolia-Registration
Public-Key-Pins-Report-Only
FilterID
X-XRDS-LOCATION
X-Activity-Id
X-Wix-Server-Artifact-Id
X-AppVersion
X-UUID
X-Az
X-Proxied
X-Rid
HitType
HitInfo
Server-Info
ServerID
X-HW
X-WPE-Loopback-Upstream-Addr
X-Srv
Liferay-Portal
X-NWS-LOG-UUID
X-URL
X-B3-Traceid
AMP-Access-Control-Allow-Source-Origin
Cleartype
Service-Worker-Allowed
X-Mobile
X-Varnish-Server
X-Content-Security-Policy-Report-Only
X-Varnish-Backend
X-FTR-Cache-Host
X-APP-VERSION
Served-By
X-HS-Cache-Config
Edge-Cache-Tag
X-Cache-Control
X-Revision
X-RateLimit-Remaining
X-Origin
X-Cache-Server
X-Amzn-Trace-Id
Source
X-Geo-Country
X-Hail-Hydra
X-Request-Guid
Server-Node
Retry-After
X-BCube-Filmed-By
X-Device-Type
X-PC-AppVer
Host-Header
X-PC-Key
X-PHP-Backend
S-Cnection
X-PC-Hit
X-TT
X-Handled-By
X-App-Environment
X-Correlation-Id
X-Cache-Operation
X-Cache-Config
MS-CV
X-Cache-2
X-Framework
X-Varnish-Hostname
Fastly-Restarts
X-Signature
X-Tumblr-Pixel-0
X-Tumblr-User
X-B-Cache
X-Tumblr-Pixel
X-FB-Debug
X-Page-Id
X-Origin-Upstream-Status
Powered-By-ChinaCache
Accept-Charset
DC
X-Cache-Action
X-TT-TIMESTAMP
X-Origin-Server
X-Sucuri-ID
X-Debug-Info
X-Ocache
Actual-Object-TTL
X-Hyper-Cache
X-Shield-Cache-Expires
Viewport
X-ADI-VCache
X-PC-Host
X-PC-Date
X-WA-Info
X-Content-Powered-By
NGB
X-Accel-Expires
X-ATG-Version
X-Microcachable
X-Cached-By
X-B3-Sampled
Upgrade-Insecure-Requests
X-Drupal-Cache-Tags
Cache
X-LB-Cache
Filters
SRV
X-Cache-NE
X-Akam-SW-Version
AsisCache
X-Generated-By
ServedBy
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Locale
X-App-Server
X-Cacheable-TTL
X-TX-ID
X-RequestSource
X-S
Content-Script-Type
X-FW-Hash
X-FW-Serve
X-Internal-Host
X-Wix-Request-Id
X-Seen-By
X-GeoIP
X-FW-Type
Content-Style-Type
X-FW-Server
X-FW-Static
X-Distil-CS
X-Jobs
X-Amz-Server-Side-Encryption
X-RTag
X-Accel-Buffering
X-WebKit-CSP-Report-Only
From-Origin
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-HS-Combine-CSS
X-Cluster
X-Geo
X-Varnish-Hits
X-ServedBy
X-Akamai-Edgescape
X-Daa-Tunnel
X-Esi
X-Varnish-Cache-Hits
X-Adobe-Content
X-Node-Name
X-Adobe-Loc
X-Sucuri-Cache
X-Varnish-Grace
X-Varnish-IP
X-GUploader-UploadID
X-Platform-Server
X-Litespeed-Cache
X-RateLimit-Limit
X-Vg-Webcache
X-TA-CDN-Provider
X-Dns-Prefetch-Control
X-Edge-Cache-Key
X-Edge-Cache
X-Cache-TTL-Remaining
X-GZip
Datacenter
X-Cache-Remote
X-CDN-Forward
X-Storage
X-NewRelic-App-Data
X-Real-IP
X-UA
HostName
X-Akamai-Transformed
X-Mode
X-Region
Cache-Tag
X-Cache-Age
X-Amz-Replication-Status
X-Drupal-Cache-Contexts
Country
X-Source
X-Distributor
X-Detected-As
X-Path-Route
Load-Balancing
X-MP-GENERATED-AT
X-ProcessESI
X-RemovedCookies
X-RN-RSRV
X-Rendered-As
X-Cache-Var-Map
X-Is-Bot
Machine
Meta-Geo
X-Cache-Var
X-Agile-Id
ServerName
X-Agile
X-Amzn-RequestId
X-NCache
X-Agile-Age
X-Amz-Apigw-Id
Fastly-SSL
X-Feature
X-BB-IP
X-Cache-Category-Id
X-CDN-Cache
X-Akamai-Request-ID
X-Grey
GEO-INFO
Mn-Server-Ip
Cache-Key
X-NodeID
X-Upgrade-Enabled
X-Web-Node
X-Webstats-RespID
X-TWH-CORRELATION-ID
X-Time-Microsecs
X-PCL
X-Kinja-Server-Push
X-Cache-Bucket
X-OCL
X-Port
Ohc-File-Size
X-Debug-Cache
X-Edge-Location
X-Cluster-Node
X-ApacheServer
L5d-Success-Class
S-Rt
X-EIG-Tracking-Id
X-Cache-HT
X-Optimization
X-Pubstack
X-Viewer-Country
X-Proto
X-PERF
X-Original-Request
X-OVcl-Cache
X-Human
X-OVcl
X-Amz-Meta-Surrogate-Control
X-Access
Webcakes-Region
X-App-Name
X-AWS-Id
X-BYPASS-REASON
X-Birta-Served
X-Birta-Cache-Post
Webcakes-App-Version
Webcakes-App-Name
TWC-Device-Class
TWC-Connection-Speed
Property-Id
TWC-GeoIP-Country
TWC-GeoIP-LatLong
User-Cache-Control
TWC-Privacy
TWC-Locale-Group
X-CCM
X-CCM-LastModified
X-Site-Version
X-ServerID
X-Section
X-SplitTest
X-Via-Fastly
X-Xfnlog-Site
X-Www-Served-By
X-VWS-Id
X-Request-Time
X-ProxyCache-Key
X-IP
X-Instance-Name
X-FC-Vary-Parameters
X-Labrador-Cache-Channel
X-LJ-Flow-ID
X-Origin-Hint
X-Meta-Tbi-Cache-Vertical
LB
X-ProxyCache-Status
Azure-SlotName
Backend
Azure-SiteName
Azure-RegionName
Azure-InstanceId
Cache-Name
Azure-Version
Fastcgi-Useragent
Cache-Hits
X-TNCMS
X-Routing-Service
X-Proxy
X-Format
X-Hosted-By
X-Loop
X-Varnish-Cacheable
DB-Nickname
Healthy
X-Zipkin-Id
X-JoinUs
Now
Access-Control-Allow-Method
X-Surge-Debug
X-Generation-Time
X-Generated
User-Agent
X-Backend-Name
X-Guploader-Uploadid
X-Render-Type
RATING
X-Proxy-Build
X-Hit
X-Origin-CC
Countrycode
X-Timing-Wait
Payment
X-Tb
Selected-FE
X-Time
X-Newrelic-Synthetics
X-Ezoic-Cdn
X-Tumblr-Pixel-3
X-CACHE-AGE
X-Cache-Enabled
Ec-Rule-Version
X-DataStream-Cache-Status
X-Nginx-Cache
Origin-Cache-Control
X-Unique-ID
Origin-Edge-Control
WP-Super-Cache
X-Oneagent-Js-Injection
X-Environment-Context
X-L-Path
X-B3-Spanid
X-Nc
X-Real-Ip
X-Dc
X-Correlation-ID
X-UA-Device-Type
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
RequestId
X-NU-AKA-ACS-Version
Xserver
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Skip-Cache
NODE
X-WR-MODIFICATION
X-NGENIX-Cache
Access-Control-Request-Headers
X-B3-TraceId
Webserver
X-ElasticPress-Search
X-Vgn-Hpd-Reason
X-Upstream-HT
X-CLOUD-TRACE-CONTEXT
X-COUNTRY
X-Be
X-Upstream-CT
X-Content-Type
X-Servedby
X-Cache-Backend
Warning
Time
X-Status
X-Croise-Owner
X-Varnish-Beresp-Ttl
X-A
X-Developer
X-Planisys-CDN-TTL
X-SVT-ORM-RULES
X-Planisys-CDN-Rules
X-Public
X-SRCache-Key
X-Via-Edge
X-Destination
X-Planisys-CDN-Cache
X-CF-Lambda-Version
Fastly-Soc-X-Request-Id
Fastcgi-X-Cache
Fastcgi-X-Cache-Version
X-DPWN-IS-SECURE
X-Haproxy-Ip
X-We-Are-Hiring
X-SVT-ORM-VERSION
X-Twitter-Response-Tags
X-ARC
Www
X-Connection-Hash
Xc-Version
X-Logtrace-Id
X-Died
VivaBuild
X-D
X-Amz-Meta-Cache-Control
X-S-Cookie
Host-ID
Viewtype
X-B-Cookie
T-Server
X-No-Session
X-A-Dam
X-A-Dcw
X-EdgeConnect-Cache-Status
Cache-Prefix
X-From
X-Transaction
X-A-Ccd
X-ND-Cache
X-Server-By
Fly-Request-Id
GMS-Ver
X-Application
X-A-Wwc
X-Server-Time
X-Trv-Group
X-Region-Sid
X-A-Dgt
X-BBXSRF
X-BB-ID
X-Generated-In
X-G
X-Cache-Host
BehaviorPad-Version
Sta2Tusw
X-User
X-Rojux
MD5-Digest
X-Wix-Route-ID
X-CF-Lambda-Fn
X-PAYTM-SRV-ID
X-VG-WebServer
X-Rewrite-Enabled
X-Haproxy-Hostname
Ajk
AKAMAI
Fly-Cache
Resin-Trace
Apple-News-Services-Request-Url
X-Cache-Id
Meta-Geo-Continent
Apple-News-Services-Parsed-Url
X-Fastly-Cache
Apple-News-Services-Handled
Apple-News-Services-Host
X-Via-CDN
Cneonction
Ws
X-Up
X-Date
X-Frame-Option
X-Cache-Time
X-Accel-Expires-Debug
Request-Time
X-FireWall-Port
Server-Int
X-Forwarded-Host
X-Cache-Expires
NGX
X-Rebelmouse-Cache-Control
Origin
X-Request-URI
X-Rebelmouse-Surrogate-Control
X-Fstrz
Release
Rendered-Blocks
X-Cache-CFC
X-NX-Host
Memcached
X-ScT
X-Core-Value
V-Age
Fastly-SIE
X-CS
X-Debug-Cookies
X-Wikidot-Static-Cache
X-Debug-Log
X-Wikidot-Backend
X-Cdn-Origin
Uber-Trace-Id
X-Sn-Servicetimems
X-Var-Ttl
X-Trace-Id
Fastly-SWR
X-SIPLIST1
IBM-Web2-Location
X-GoCache-CacheStatus
IsBot
X-Cache-Ttl
X-Webkit-CSP
X-Actual-URL
Thinkindot-Control
Server-Host
Proxy-Connection
Pramga
Pragrma
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Web-Mar-Node
X-UE-Client-Country
UCS
X-TT-LOGID
X-MI-In-Market
X-F5-Cache
X-Thinkindot-L3
X-Returned-From-DLL
X-Passed-To-DLL
X-GeoIP-City
X-Returned-From-PostProcessResponse
X-ServiceProvider
X-Passed-To-PostProcessResponse
X-MSEdge-Features
X-GeoIP-Country-Code
X-Returned-From-BeforeDispatch
Powered-By
X-Server-IP
X-Passed-To
X-Reboot
X-Stale
X-Servername
X-Returned-From
X-Served-From
X-MSEdge-Flight
X-Passed-To-BeforeDispatch
X-Phone
X-Hnp-Log
X-Cache-Debug
X-CGP
X-Content-Age
X-Gen-Mode
X-C
X-Bug-Bounty
X-Backend-Host
X-Backend-State
X-Backend-Url
X-Block-Status
X-Developers
X-Device-Os
X-Matched-Rule
X-IN-WAF
X-IN-SSL-APIGATEWAY
X-IN-APIGATEWAY
X-Eu-Site
X-Epic-Correlation-Id
X-Dispatcher-Server
X-Edge-IP
X-Env
X-Amz-Meta-S3cmd-Attrs
Cache-Cookie-Set-Idcheck
HA-Geocity
HA-Cloudapp
GW-Server
Platform
HA-Geocountry
HA-Geolat
HA-Host
Ha-Gx-Prefs
HA-Georegion
HA-Geolon
Decoy-Debug-TTL
Decoy-Debug-Status
Adler-Geo
X-VServer
X-WebServer
X-Worker
Backend-Name
Cache-Cookie-Set-From
Decoy-Debug-Key
Content-Disposition
CDCHOST
Cache-Cookie-Set-Lfrom
HA-Ipaddr
Fastly-Backend-Name
HA-Servedtime
MI-Cache
Odigeo-Trace-Id
Ohc-Response-Time
On-Server
X-V
MI-Cache-Age
Is-Eu
Heartbleed
Httpd-Identifier
HTTPS
HA-Urlpath
Apicache-Store
NnCoection
Apicache-Version
X-TIME
OT-Force-Account-Verify
X-StackifyID
X-Cdn-Srv
X-Rocket-Nginx-Bypass
X-Sorting-Hat-Section
Request-Country
X-Sorting-Hat-PrivacyLevel
X-Page-Type
X-S-Maxage
X-Gannett-Site-Version
X-Hl-Ver
X-Shopify-Stage
X-Release
X-Sorting-Hat-ShopId
X-Response-By
X-Sorting-Hat-ShopId-Cached
X-Ckpd-Fst-Backend
X-Sorting-Hat-FeatureSet
X-Node-Id
X-Core-Mission
X-Via-NSCOPI
Request-EU
X-Server-Group
X-Alternate-Cache-Key
X-Sorting-Hat-PodId-Cached
Kp-EeAlive
X-Auto-Login
X-Ver
X-Sorting-Hat-PodId
Who
X-ShardId
X-ShopId
Server-ID
Esi-Enabled
X-RCS-CacheZone
Drupal-Pagecache-Memcache
X-Fetched-On
X-Secret
X-Hash
X-UnsetCookies
X-Location
X-Backend-TTL
MI-API
Dnion-Transfer-Encoding
X-Dynatrace
X-Origin-Expires
X-Thanos
X-Svr
NtCoent-Length
X-Origin-Date
X-Platform
X-HCF
X-Amz-Meta-S3b-Last-Modified
Version
X-Bip
X-Varnish-Id
X-Varnish-HitMiss
PFcat
REQUESTUUID
X-Cache-Control-Set-By
X-Cache-Srv
X-Crawler
Mime-Version
X-Info
X-Clientip
X-Cache-URL
Ar-Sid
X-Fastcgi-Cache
Cache-Provider
X-Req
Country-Code
X-P-T
X-Refresh
X-Origin-TTL
X-DC
X-App-Version
Cteonnt-Length
X-Oss-Hash-Crc64ecma
Processtime
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Object-Type
X-Yottaa-Sig
X-CSRF-Token
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Pf-Uncompressing
X-Kong-Upstream-Latency
X-Ua
Pagetype
X-Kong-Proxy-Latency
X-HS-Hub-Id
X-From-Cache
X-Varnish-Url
FSS-Cache
X-Amz-Meta-Sha256
Accept-Ch
Arc-Country
FSS-Proxy
X-EC-Security-Audit
X-Pjax-Url
X-Irp-Debug
WebServer
X-Csrf-Token
Brightspot-Id
X-LiteSpeed-Cache-Control
Memory
X-NC
X-Cache-ASPX
X-Ruxit-Js-Agent
X-GRACE
GeoIp-Country-Code
X-LB-CacheStatus
Geoip-City
Geoip-Latitude
Sid
X-ROOTCache
COMMERCE-SERVER-SOFTWARE
SN
X-LB-Node
PageType
X-Atg-Version
PICS-Label
X-Request-UUID
X-Request-Start
X-Endurance-Cache-Level
CF-IPCountry
Dynatrace
X-Cdn-Forward
X-Cache-Handler
Cdn
MIME-Version
X-Wix-Petri-Ex
X-Load-Cache
X-Ratelimit-Remaining
X-Rule
X-Redis-Cache
X-Ratelimit-Limit
If-Modified-Since
X-Fastly-Backend-Reqs
Edgecast
Dont-Set-Cookie
X-Varnish-Action
X-SERVER-NAME
PROCESSING-IP
BORDER-IP
X-Requestid
X-Layer
X-TId
X-Servedbyhost
X-Varnish-Beresp-TTL
Frame-Options
X-Sf
X-Rocket-Nginx-Serving-Static
X-ServedByHost
X-Tid
X-GDPR
X-B3-SpanId
RNT-Machine
X-Fastly-Cache-Hits
X-RequestId
RNT-Time
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-Nananana
X-Resolver-IP
X-BE
Pics-Label
NodeID
X-DataStream-Origin-MEX-Latency
X-Key
XServer
X-Owner
X-DataStream-MidMile-RTT
CDN
X-Cache-TTL
Node
Cf-Ipcountry
CACHE
X-Server-W
GeoIP-Latitude
X-HTML-Minification-Powered-By
Web-Mar-Region
GeoIP-Country-Code
GeoIP-City
Powered
Cache-Tags
Mail-Subject
X-Flog
We-Hiring
X-ABtesting
WZWS-RAY
DataCenter
PageSpeed
X-NWS-UUID-VERIFY
X-GZIP
ProcessTime
X-Sentry-ID
X-Shard
X-VG-WebCache
X-Powered-By-ANYU
Lfy
X-Varnish-Ttl
X-Dynatrace-Js-Agent
Amp-Access-Control-Allow-Source-Origin
X-Use-Magma
X-Gdpr
X-Ms-Version
Is-Session-Tracking
X-Ms-Blob-Type
X-CDN-Pop
X-CDN-Pop-IP
Max-Age
Accept-CH
X-Ms-Request-Id
Get-Access-Time
X-Ms-Lease-Status
X-Cf-Powered-By
X-UPSTREAM-Address
X-Mem
Magicmarker
X-Varnish-URL
X-FORWARDED-FOR
X-PJAX-URL
URI
X-ByteArk-Cache
X-B3-TraceID
X-PF-Uncompressing
X-Cache-FS-Status
X-Powered-By-Defense
X-GEO
Xet-Cookie
X-Front
X-Dw-Trace-Id
X-Varnish-ID
X-Cookie
X-SRV
X-Check-Cacheable
Hostname
X-Trv-Request-Id
X-Remote-IP
X-Oa-Upstreams
X-Unique-Id
X-NGINX-Cache
Cdn-Host
X-Aicache-OS
Cdn-Request-Time
Requestid
True-Client-Country-4JS
X-VG-TLSProxy
X-Ms-Lease-State
X-Edge-Server
X-Alicdn-Da-Ups-Status
RequestUuid
X-Micro-Cache
X-Zalando-Child-Request-Id
X-Zalando-Page-Type
X-PAGE-TYPE
X-Proxy-Server
X-Akamai-ERPolicy
X-DB
X-Policy
X-Swa-Ws
X-Hello
X-Akamai-ERRuleID
X-DI
X-DSS
X-RPS
X-RSL
X-RPM
X-VID
X-DW
CF-Cached-On
X-Acquia-Application-UUID
X-SB
N-Cache
SID
Rt-Proxy-Cache
X-VarnCache
Group
X-VarnPar1
X-Litespeed-Tag
V-Cache
X-Acquia-Application-Trace
X-Safe-Firewall
X-Fe
X-VarnPar2
WS
X-VC
X-RAMCache
X-PARISIEN-Cache-Rendered
X-Litespeed-Cache-Control