Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
X-Powered-By
Strict-Transport-Security
X-Content-Type-Options
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
X-Xss-Protection
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
CF-Ray
X-Generator
Content-Security-Policy-Report-Only
Alt-Svc
X-AspNetMvc-Version
Status
X-Cache-Status
X-DNS-Prefetch-Control
X-Check
X-Iinfo
X-Adblock-Key
X-FRAME-OPTIONS
Timing-Allow-Origin
X-CDN
X-Content-Security-Policy
X-Turbo-Charged-By
X-Permitted-Cross-Domain-Policies
Content-Encoding
X-Template
X-Language
Keep-Alive
X-Via
X-Type
X-AH-Environment
X-Backend
X-Cache-Group
WPE-Backend
X-Pass-Why
X-Nginx-Cache-Status
X-Buckets
X-Server
X-Age
X-Server-Powered-By
Access-Control-Max-Age
X-Pingback
Xkey
X-Request-ID
X-Varnish-Cache
Grace
Access-Control-Expose-Headers
Upgrade
X-Drupal-Dynamic-Cache
X-Hacker
X-UA-Device
X-Amz-Request-Id
P3p
X-Page-Speed
Cf-Railgun
X-Proxy-Cache
X-Amz-Id-2
EagleId
X-Robots-Tag
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Envoy-Upstream-Service-Time
Request-Context
Ali-Swift-Global-Savetime
X-Node
X-Ac
X-Device
Content-Location
X-Host
X-Cnection
X-Amz-Version-Id
X-Cache-Lookup
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
Surrogate-Control
X-Server-Id
X-Backend-Server
X-OneAgent-JS-Injection
X-Rack-Cache
X-Instart-Request-ID
X-Px
X-CST
X-Response-Time
Request-Id
X-Readtime
Server-Timing
X-Rq
Permitted-Cross-Domain-Policies
X-HeyJason
X-Do-Not-Hack
X-Clacks-Overhead
X-Cloud-Trace-Context
X-Url
EagleEye-TraceId
Pinterest-Generated-By
X-Ua-Compatible
Edge-Control
X-Application-Context
X-Country
X-MS-InvokeApp
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Allow
X-DynaTrace-JS-Agent
Charset
X-Server-Name
Report-To
SPRequestGuid
X-Country-Code
X-SharePointHealthScore
X-DataDome
X-Ruxit-JS-Agent
X-TTL
X-Varnish-TTL
X-Cached
X-ESI
Rating
X-TtlSet
X-PC
X-Vname
X-Powered-CMS
X-Powered-By-Plesk
X-Recruiting
Public-Key-Pins
X-FTR-Request-ID
X-D2id
X-Vhost
NEL
X-Version
X-F-Cache
X-Cdn-Fetch
X-Exp-Id
Pinterest-Version
X-Geo-Segment
X-Exp-Variant
X-Kinja-Build
X-Kinja-Revision
X-Pinterest-Rid
X-Upstream-Env
X-Kinja
X-Kinja-Server
X-CF-Powered-By
X-N
SPIisLatency
SPRequestDuration
MS-Author-Via
X-DynaTrace
X-Dw-Request-Base-Id
Cartoon
X-VARITI-CCR
X-Cdn
X-T
X-Mod-Pagespeed
X-GoogleNews-Bot
Content-MD5
AR-PoweredBy
AR-ATIME
AR-CACHE
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
Nginx-Cache
RTSS
X-Abt-Application-Version
X-GitHub-Request-Id
MicrosoftSharePointTeamServices
Feature-Policy
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Verso
X-Shield-Request-Id
X-Amz-Rid
X-Navigation-Version
X-Dispatcher
X-Trace
X-Forwarded-Proto
X-Hits
X-Client-IP
X-Goog-Hash
Realpath
X-Origin-Cache
AR-SID
X-Server-ID
Arr-Disable-Session-Affinity
Paypal-Debug-Id
X-Kinsta-Cache
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Zen-Fury
X-Grace
X-Id
X-Content-Options
TCN
X-B
X-Content-Digest
X-Varnish-Age
X-Cache-Key
Alternate-Protocol
X-Ser
X-Sol
X-Ttl
Fastcgi-Cache
DynaTrace
X-Upstream
Access-Control-Request-Method
X-Via-JSL
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Mrf-Cache-Status
MRF-Tech
X-Pad
X-Fastly-Request-ID
X-Middleton-Display
Display
X-FastCGI-Cache
X-Nf-Srv-Version
X-Vcap-Request-Id
X-NF-Request-ID
X-DIS-Request-ID
X-IPLB-Instance
PB-PID
PB-RID
Response
X-Middleton-Response
X-User-Agent
X-Mobile-Rewrite
Front-End-Https
X-SS-Set-Cookie
Pagespeed
Rt-Fastcgi-Cache
X-Frontend
X-Newrelic-App-Data
X-Cache-Rule
X-Logged-In
Eomportal-Instance
X-MSEdge-Ref
X-PressLabs-Stats
X-XRDS-LOCATION
X-Whom
Server-Name
X-Acc-Meta-Resource-Type
X-Cache-Hit
X-VCache
X-Forwarded-For
Host
X-Hostname
S
Tracecode
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Storage-Class
X-NWS-LOG-UUID
Cache-Status
X-Debug
Arc-Version
Liferay-Portal
X-FTR-Backend
X-FTR-Realm
X-Country-Code-Real
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Expires
X-FTR-Balancer
X-HS-Content-Id
X-AOL-HN
X-Request-Received
Surrogate-Key
X-Request-Processing-Time
X-UUID
Backend-Timing
X-Analytics
FilterID
HitInfo
HitType
Server-Info
TP-L2-Cache
X-Magnolia-Registration
X-Wix-Server-Artifact-Id
TP-Cache
Public-Key-Pins-Report-Only
X-Instance
X-Contextid
Refresh
X-Rid
ServerID
X-Az
X-Activity-Id
X-Proxied
X-AppVersion
X-XRDS-Location
X-Webkit-Csp
X-B3-Traceid
AMP-Access-Control-Allow-Source-Origin
X-Srv
X-WPE-Loopback-Upstream-Addr
Service-Worker-Allowed
X-Content-Security-Policy-Report-Only
X-HW
X-Varnish-Server
Edge-Cache-Tag
X-HS-Cache-Config
X-Correlation-Id
Cleartype
X-Mobile
X-APP-VERSION
X-Origin
X-Varnish-Backend
S-Cnection
X-Revision
Served-By
X-FTR-Cache-Host
Fastly-Restarts
Source
X-Amzn-Trace-Id
X-Geo-Country
X-PHP-Backend
X-RateLimit-Remaining
X-TT
X-Varnish-Hostname
X-Signature
X-Cache-Config
X-App-Environment
X-B-Cache
X-FB-Debug
X-Framework
Retry-After
Powered-By-ChinaCache
X-Cache-Server
X-Device-Type
X-Sucuri-ID
X-Cache-Operation
X-Cache-Control
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
Host-Header
X-BCube-Filmed-By
X-Cache-Action
X-Hail-Hydra
X-Request-Guid
X-PC-Key
X-PC-Hit
X-PC-AppVer
Server-Node
MS-CV
Accept-Charset
X-Cache-2
X-Handled-By
X-Page-Id
X-Hyper-Cache
X-TT-TIMESTAMP
X-Origin-Upstream-Status
DC
X-Ocache
X-Debug-Info
Actual-Object-TTL
X-Origin-Server
X-WA-Info
X-Shield-Cache-Expires
X-ADI-VCache
Cache
X-ATG-Version
X-PC-Host
X-PC-Date
Viewport
X-Content-Powered-By
NGB
X-Accel-Expires
Upgrade-Insecure-Requests
X-Microcachable
X-LB-Cache
X-Daa-Tunnel
X-Cached-By
X-Cache-NE
X-URL
SRV
X-HS-Combine-CSS
AsisCache
X-Drupal-Cache-Tags
X-Accel-Buffering
X-Generated-By
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Amz-Server-Side-Encryption
Filters
ServedBy
X-App-Server
X-Akam-SW-Version
X-Cacheable-TTL
X-Jobs
X-B3-Sampled
X-GeoIP
X-RequestSource
X-TX-ID
X-S
X-Wix-Request-Id
X-Seen-By
X-WebKit-CSP-Report-Only
X-Sucuri-Cache
X-Cluster
X-Akamai-Edgescape
X-FW-Static
X-Varnish-Hits
X-Locale
X-Distil-CS
X-Geo
X-FW-Serve
X-FW-Hash
X-Tumblr-Pixel-1
X-FW-Type
X-Tumblr-Pixel-2
From-Origin
X-Internal-Host
X-RTag
X-FW-Server
Content-Script-Type
Content-Style-Type
X-Adobe-Content
X-Adobe-Loc
X-Varnish-IP
Datacenter
X-Feature
X-Varnish-Cache-Hits
X-Dns-Prefetch-Control
X-Cache-Remote
X-ServedBy
HostName
X-GZip
X-Varnish-Grace
X-Cache-Age
X-Storage
X-Node-Name
X-Edge-Cache
X-CDN-Forward
X-Platform-Server
X-Edge-Cache-Key
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Cache-TTL-Remaining
X-Vg-Webcache
X-Esi
X-Akamai-Transformed
X-UA
X-Region
X-Guploader-Uploadid
X-RateLimit-Limit
X-Mode
Cache-Tag
X-Cache-Bucket
X-Amz-Replication-Status
Country
X-Kinja-Server-Push
X-Distributor
Load-Balancing
X-Amz-Apigw-Id
X-Amzn-RequestId
RATING
X-Source
X-Proto
X-Agile-Age
Fastly-SSL
X-Agile-Id
X-Drupal-Cache-Contexts
Ohc-File-Size
ServerName
X-GUploader-UploadID
X-Agile
X-ProxyCache-Status
X-Detected-As
Cache-Key
X-Is-Bot
X-Grey
X-BB-IP
X-MP-GENERATED-AT
X-Rendered-As
X-ProxyCache-Key
X-Path-Route
X-PERF
X-ProcessESI
X-EIG-Tracking-Id
GEO-INFO
X-Viewer-Country
X-Web-Node
Mn-Server-Ip
Meta-Geo
X-RemovedCookies
X-Time-Microsecs
X-BYPASS-REASON
X-RN-RSRV
X-Cache-Var-Map
X-ApacheServer
X-Akamai-Request-ID
X-Cache-Var
Machine
X-Cache-Category-Id
X-JoinUs
X-Real-IP
X-NCache
X-Debug-Cache
Healthy
X-Optimization
Cache-Name
X-Request-Time
Cache-Hits
L5d-Success-Class
X-Cache-HT
X-CCM
X-Webstats-RespID
X-Labrador-Cache-Channel
Backend
X-CDN-Cache
X-Generated
Now
X-OCL
X-ServerID
X-Port
X-PCL
X-TWH-CORRELATION-ID
X-Upgrade-Enabled
X-NodeID
X-Xfnlog-Site
Access-Control-Allow-Method
Azure-RegionName
Azure-SiteName
Azure-SlotName
Azure-Version
S-Rt
Azure-InstanceId
X-Hit
X-OVcl
X-Original-Request
X-OVcl-Cache
X-Pubstack
X-Via-Fastly
X-Render-Type
X-TA-CDN-Provider
X-Instance-Name
X-Cluster-Node
X-NewRelic-App-Data
X-Edge-Location
X-FC-Vary-Parameters
X-Human
X-Real-Ip
X-Amz-Meta-Surrogate-Control
X-Hosted-By
WP-Super-Cache
X-IP
X-Proxy
X-LJ-Flow-ID
X-Routing-Service
X-Section
TWC-Privacy
DB-Nickname
X-Site-Version
TWC-GeoIP-LatLong
X-Loop
X-Nginx-Cache
X-Meta-Tbi-Cache-Vertical
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
X-Origin-Hint
Property-Id
TWC-Locale-Group
LB
X-Newrelic-Synthetics
X-Access
X-SplitTest
TWC-GeoIP-Country
X-Proxy-Build
X-Varnish-Cacheable
TWC-Device-Class
X-Format
X-CCM-LastModified
Selected-FE
X-VWS-Id
X-Www-Served-By
X-Timing-Wait
X-Generation-Time
X-TNCMS
X-AWS-Id
X-App-Name
X-Surge-Debug
TWC-Connection-Speed
X-Backend-Name
X-Birta-Served
X-Zipkin-Id
X-Birta-Cache-Post
User-Cache-Control
Fastcgi-Useragent
Countrycode
X-Ezoic-Cdn
X-Cache-Enabled
User-Agent
X-Tumblr-Pixel-3
X-Origin-CC
X-Time
X-Nc
Origin-Cache-Control
Origin-Edge-Control
Payment
X-Dc
X-Oneagent-Js-Injection
X-Tb
Xserver
X-L-Path
X-Environment-Context
Ec-Rule-Version
X-B3-Spanid
X-Unique-ID
X-DataStream-Cache-Status
X-UA-Device-Type
RequestId
X-Skip-Cache
X-CACHE-AGE
X-NU-AKA-ACS-Version
X-Litespeed-Cache
X-B3-TraceId
X-NGENIX-Cache
Access-Control-Request-Headers
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Servedby
NODE
Webserver
X-Upstream-HT
X-Upstream-CT
Time
X-WR-MODIFICATION
X-Vgn-Hpd-Reason
X-Be
X-EdgeConnect-Cache-Status
X-Cache-Ttl
X-Correlation-ID
Warning
X-Croise-Owner
X-Generated-In
Ajk
X-B-Cookie
X-G
X-Application
X-Logtrace-Id
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-Cache-Host
X-Cache-Id
X-From
X-Died
X-S-Cookie
X-Developer
X-Destination
X-ElasticPress-Search
X-A-Dam
X-D
X-DPWN-IS-SECURE
X-ARC
X-A-Ccd
Resin-Trace
Fly-Cache
X-SRCache-Key
Fly-Request-Id
T-Server
Cache-Prefix
X-A
V-Age
X-Cache-Backend
IBM-Web2-Location
X-Status
Ws
X-Webkit-CSP
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-UE-Client-Country
X-Content-Type
X-Request-URI
AKAMAI
X-NX-Host
X-Debug-Log
X-Fstrz
Apple-News-Services-Handled
X-Var-Ttl
Sta2Tusw
MD5-Digest
Fastcgi-X-Cache
X-Cache-Expires
Host-ID
Fastly-Soc-X-Request-Id
Fastcgi-X-Cache-Version
Request-Time
Memcached
X-CS
Apple-News-Services-Request-Url
X-Cache-Time
BehaviorPad-Version
Meta-Geo-Continent
X-Debug-Cookies
Www
X-CF-Lambda-Fn
X-Public
X-Twitter-Response-Tags
X-Trv-Group
X-Planisys-CDN-TTL
X-SVT-ORM-VERSION
X-BBXSRF
X-BB-ID
X-Via-CDN
X-VG-WebServer
X-SVT-ORM-RULES
X-Transaction
X-Planisys-CDN-Rules
X-Haproxy-Ip
X-Haproxy-Hostname
X-Fastly-Cache
X-Varnish-Beresp-Ttl
X-ND-Cache
X-No-Session
X-CF-Lambda-Version
X-Connection-Hash
X-Planisys-CDN-Cache
X-PAYTM-SRV-ID
X-Via-Edge
X-User
X-Server-By
X-Rewrite-Enabled
Cneonction
VivaBuild
X-Wix-Route-ID
X-Region-Sid
X-Amz-Meta-Cache-Control
X-Server-Time
Viewtype
Xc-Version
X-We-Are-Hiring
X-Rojux
X-Oss-Request-Id
X-CSRF-Token
X-Oss-Storage-Class
X-Dynatrace
X-StackifyID
UCS
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-ShopId
X-ScT
X-Secret
X-Shopify-Stage
X-GeoIP-Country-Code
X-IN-WAF
X-ShardId
X-Gannett-Site-Version
X-SIPLIST1
X-Sn-Servicetimems
X-S-Maxage
X-Rebelmouse-Cache-Control
X-Phone
X-Rebelmouse-Surrogate-Control
X-Release
X-RCS-CacheZone
X-Core-Value
Fastly-SWR
X-Wikidot-Static-Cache
IsBot
X-Wikidot-Backend
Fastly-SIE
X-IN-SSL-APIGATEWAY
Drupal-Pagecache-Memcache
NGX
Odigeo-Trace-Id
Uber-Trace-Id
GMS-Ver
Server-Int
Rendered-Blocks
Origin
Release
X-Cache-CFC
X-Up
X-Epic-Correlation-Id
X-Sorting-Hat-PodId
X-F5-Cache
X-Sorting-Hat-FeatureSet
X-Forwarded-Host
X-FireWall-Port
X-Sorting-Hat-PodId-Cached
X-Sorting-Hat-PrivacyLevel
X-WebServer
X-Cdn-Origin
X-Via-NSCOPI
X-Trace-Id
X-Sorting-Hat-Section
X-Sorting-Hat-ShopId
X-Frame-Option
X-Sorting-Hat-ShopId-Cached
X-Alternate-Cache-Key
X-Auto-Login
X-Fastcgi-Cache
X-Dispatcher-Server
Server-ID
Request-EU
Dnion-Transfer-Encoding
Proxy-Connection
Request-Country
Version
X-Device-Os
X-Hl-Ver
X-IN-APIGATEWAY
X-Hash
Mime-Version
X-Yottaa-Sig
X-C
X-Cache-Debug
X-Env
X-Backend-TTL
X-Cache-Srv
X-Backend-Url
X-Block-Status
X-Developers
X-Backend-State
X-Ckpd-Fst-Backend
X-Content-Age
X-Cdn-Srv
X-CGP
X-Core-Mission
X-Edge-IP
Thinkindot-CacheControl-Type
Platform
Powered-By
Pragrma
PFcat
OT-Force-Account-Verify
MI-Cache-Age
Ohc-Response-Time
On-Server
Pramga
Server-Host
Who
X-Actual-URL
X-Amz-Meta-S3cmd-Attrs
Web-Mar-Node
Thinkindot-Control
Thinkindot-CacheControl
X-Eu-Site
X-Backend-Host
X-Matched-Rule
X-Servername
X-ServiceProvider
X-Stale
X-Server-IP
X-Server-Group
X-Returned-From-PostProcessResponse
X-Rocket-Nginx-Bypass
X-Served-From
X-Thinkindot-L3
X-TT-LOGID
X-Worker
X-Accel-Expires-Debug
X-Date
X-VServer
X-Ver
X-UnsetCookies
X-V
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
MI-Cache
X-MI-In-Market
X-MSEdge-Features
X-Location
X-Hnp-Log
X-Gen-Mode
X-GoCache-CacheStatus
X-MSEdge-Flight
X-Node-Id
X-Reboot
X-Response-By
X-Returned-From
X-Passed-To-PostProcessResponse
X-Passed-To-DLL
X-Passed-To
X-Passed-To-BeforeDispatch
X-Fetched-On
X-GeoIP-City
HA-Geolat
HA-Geolon
HA-Geocountry
HA-Geocity
HA-Cloudapp
Adler-Geo
Decoy-Debug-TTL
Country-Code
HA-Host
Ha-Gx-Prefs
MI-API
X-Info
GW-Server
Content-Disposition
Esi-Enabled
Decoy-Debug-Key
Decoy-Debug-Status
CDCHOST
Fastly-Backend-Name
Backend-Name
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
HA-Ipaddr
HA-Georegion
X-Crawler
Heartbleed
Httpd-Identifier
Is-Eu
X-Origin-Expires
HA-Servedtime
Kp-EeAlive
HTTPS
HA-Urlpath
X-Origin-Date
NnCoection
X-TIME
X-Thanos
X-Page-Type
X-Svr
X-Clientip
X-Cache-Control-Set-By
X-Varnish-HitMiss
X-HCF
X-Cache-URL
X-Bip
X-Platform
REQUESTUUID
X-Bug-Bounty
X-Varnish-Id
Apicache-Version
NtCoent-Length
Apicache-Store
X-RateLimit-Remaining-Second
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-RateLimit-Limit-Second
X-Refresh
X-Amz-Meta-S3b-Last-Modified
X-Req
Cteonnt-Length
Cache-Provider
FSS-Proxy
X-Origin-TTL
FSS-Cache
Brightspot-Id
X-Ua
X-Varnish-Url
X-LiteSpeed-Cache-Control
Arc-Country
X-P-T
WebServer
Ar-Sid
X-Pf-Uncompressing
X-Irp-Debug
X-CLOUD-TRACE-CONTEXT
X-App-Version
X-LB-CacheStatus
Processtime
X-LB-Node
X-DC
X-Pjax-Url
Accept-Ch
COMMERCE-SERVER-SOFTWARE
PageType
Pagetype
Memory
Sid
X-ROOTCache
X-EC-Security-Audit
X-Ruxit-Js-Agent
X-Ratelimit-Limit
X-Request-Start
X-Request-UUID
X-Amz-Meta-Sha256
X-From-Cache
X-Ratelimit-Remaining
If-Modified-Since
X-Endurance-Cache-Level
Cdn
X-Cache-ASPX
X-Atg-Version
Dynatrace
X-Load-Cache
Geoip-Latitude
SN
PICS-Label
X-Varnish-Action
Geoip-City
GeoIp-Country-Code
X-NC
X-Fastly-Backend-Reqs
X-Layer
CF-IPCountry
X-SERVER-NAME
X-Csrf-Token
X-Redis-Cache
PROCESSING-IP
BORDER-IP
X-Cdn-Forward
X-COUNTRY
X-GRACE
Edgecast
X-Rocket-Nginx-Serving-Static
X-Tid
X-GDPR
X-Varnish-Beresp-TTL
X-ServedByHost
X-Cache-Handler
MIME-Version
X-RequestId
Frame-Options
X-HS-Hub-Id
X-Nananana
Dont-Set-Cookie
NodeID
X-Fastly-Cache-Hits
X-TId
X-Requestid
X-Wix-Petri-Ex
X-B3-SpanId
X-Key
X-Servedbyhost
X-Owner
X-Resolver-IP
X-NWS-UUID-VERIFY
X-Cf-Powered-By
X-Sf
X-Rule
X-BE
Web-Mar-Region
X-Server-W
Pics-Label
RNT-Time
Cf-Ipcountry
RNT-Machine
CACHE
X-Cache-TTL
ProcessTime
X-ABtesting
X-Flog
X-HTML-Minification-Powered-By
GeoIP-Latitude
GeoIP-City
GeoIP-Country-Code
WZWS-RAY
X-Sentry-ID
X-Tec-Api-Root
Node
X-Tec-Api-Version
CDN
X-Tec-Api-Origin
Mail-Subject
Is-Session-Tracking
X-DataStream-MidMile-RTT
X-FORWARDED-FOR
X-Powered-By-ANYU
X-VG-WebCache
Get-Access-Time
Lfy
X-DataStream-Origin-MEX-Latency
We-Hiring
PageSpeed
Powered
Max-Age
X-Shard
X-Dynatrace-Js-Agent
X-CDN-Pop-IP
X-CDN-Pop
X-Varnish-Ttl
X-Use-Magma
X-Mem
X-ByteArk-Cache
X-SRV
Cache-Tags
X-GZIP
XServer
X-Cache-FS-Status
Magicmarker
URI
Accept-CH
X-Front
X-Check-Cacheable
DataCenter
X-PF-Uncompressing
X-PJAX-URL
X-Powered-By-Defense
X-UPSTREAM-Address
X-GEO
X-Dw-Trace-Id
Xet-Cookie
X-Unique-Id
X-Zalando-Child-Request-Id
X-Zalando-Page-Type
X-Varnish-URL
X-Gdpr
X-Micro-Cache
X-Trv-Request-Id
X-Ms-Request-Id
X-Oa-Upstreams
X-PAGE-TYPE
Amp-Access-Control-Allow-Source-Origin
X-Cookie
X-Remote-IP
X-Ms-Lease-Status
X-Ms-Blob-Type
X-Ms-Version
V-Cache
Group
X-SB
X-VarnPar2
X-Safe-Firewall
X-Fe
N-Cache
Rt-Proxy-Cache
X-VarnPar1
X-VarnCache
X-VC
X-Varnish-ID
Requestid
X-HGenerator
RequestUuid
X-PARISIEN-Cache-Rendered
X-Proxy-Server
X-Aicache-OS
Hostname
X-NGINX-Cache
WS
X-RAMCache
SID
X-ProxyCache-Args
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-M-Reqid
X-M-Log
X-Acquia-Application-Trace
X-Hello
CF-Cached-On
X-Acquia-Application-UUID
WWW-Authenticate
X-Alicdn-Da-Ups-Status
X-Qnm-Cache
X-Litespeed-Tag