Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
X-Powered-By
Strict-Transport-Security
X-Content-Type-Options
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
X-Xss-Protection
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
CF-Ray
X-Generator
Content-Security-Policy-Report-Only
Alt-Svc
X-AspNetMvc-Version
Status
X-Cache-Status
X-DNS-Prefetch-Control
X-Check
X-Iinfo
X-Adblock-Key
X-FRAME-OPTIONS
Timing-Allow-Origin
X-CDN
X-Content-Security-Policy
X-Turbo-Charged-By
X-Permitted-Cross-Domain-Policies
Content-Encoding
X-Template
X-Language
Keep-Alive
X-Via
X-Type
X-AH-Environment
P3p
X-Backend
X-Cache-Group
WPE-Backend
X-Pass-Why
X-Buckets
X-Nginx-Cache-Status
X-Server
X-Age
X-Server-Powered-By
Access-Control-Max-Age
X-Pingback
Xkey
X-Request-ID
X-Varnish-Cache
Grace
Access-Control-Expose-Headers
Upgrade
X-Drupal-Dynamic-Cache
X-Hacker
X-UA-Device
X-Amz-Request-Id
X-Page-Speed
Cf-Railgun
X-Proxy-Cache
X-Amz-Id-2
EagleId
X-Robots-Tag
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Envoy-Upstream-Service-Time
Request-Context
Ali-Swift-Global-Savetime
X-Node
X-Ac
X-Device
Content-Location
X-Host
X-Cnection
X-Amz-Version-Id
X-Cache-Lookup
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Surrogate-Control
X-WebKit-CSP
X-Server-Id
X-Backend-Server
X-OneAgent-JS-Injection
X-Rack-Cache
X-Instart-Request-ID
X-Px
X-CST
X-Response-Time
Request-Id
X-Readtime
Server-Timing
X-Rq
Permitted-Cross-Domain-Policies
X-HeyJason
X-Do-Not-Hack
X-Clacks-Overhead
X-Cloud-Trace-Context
Pinterest-Generated-By
EagleEye-TraceId
X-Ua-Compatible
Edge-Control
X-Url
X-Application-Context
X-MS-InvokeApp
X-Country
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-DynaTrace-JS-Agent
Allow
Charset
X-Server-Name
Report-To
SPRequestGuid
X-Country-Code
X-SharePointHealthScore
X-DataDome
X-Ruxit-JS-Agent
X-TTL
X-Varnish-TTL
X-Cached
Rating
X-PC
X-TtlSet
X-Vname
X-ESI
X-Powered-CMS
X-Powered-By-Plesk
X-Recruiting
Public-Key-Pins
X-FTR-Request-ID
X-D2id
X-Vhost
NEL
X-Version
X-Pinterest-Rid
X-Geo-Segment
X-Exp-Id
X-Exp-Variant
X-F-Cache
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
Pinterest-Version
X-Upstream-Env
X-Kinja
X-Cdn-Fetch
X-N
SPIisLatency
SPRequestDuration
X-CF-Powered-By
MS-Author-Via
X-Dw-Request-Base-Id
X-VARITI-CCR
Cartoon
X-Cdn
X-T
X-GoogleNews-Bot
X-Mod-Pagespeed
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-DynaTrace
Content-MD5
AR-PoweredBy
AR-CACHE
AR-ATIME
Nginx-Cache
RTSS
X-Abt-Application-Version
X-GitHub-Request-Id
Feature-Policy
MicrosoftSharePointTeamServices
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Shield-Request-Id
Verso
X-Amz-Rid
X-Dispatcher
X-Navigation-Version
X-Trace
X-Forwarded-Proto
X-Hits
X-Client-IP
X-Goog-Hash
Realpath
X-Origin-Cache
AR-SID
X-Server-ID
Arr-Disable-Session-Affinity
Paypal-Debug-Id
X-Kinsta-Cache
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Zen-Fury
X-Id
X-Content-Options
X-Grace
TCN
X-B
X-Content-Digest
X-Varnish-Age
X-Cache-Key
X-Ser
Alternate-Protocol
X-Ttl
Fastcgi-Cache
X-Sol
X-Upstream
Access-Control-Request-Method
X-Via-JSL
DynaTrace
X-Mrf-Section-Lastmod
MRF-Tech
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-Fastly-Request-ID
X-Pad
Display
X-Middleton-Display
X-FastCGI-Cache
X-NF-Request-ID
X-Nf-Srv-Version
X-Vcap-Request-Id
X-DIS-Request-ID
PB-PID
PB-RID
X-IPLB-Instance
X-User-Agent
X-Middleton-Response
Response
X-Mobile-Rewrite
Front-End-Https
X-SS-Set-Cookie
Rt-Fastcgi-Cache
Pagespeed
X-Frontend
X-Cache-Rule
Eomportal-Instance
X-Logged-In
X-MSEdge-Ref
X-PressLabs-Stats
X-Whom
Server-Name
X-Acc-Meta-Resource-Type
X-Forwarded-For
X-VCache
X-Cache-Hit
X-Newrelic-App-Data
X-Hostname
Host
S
Tracecode
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Metageneration
X-NWS-LOG-UUID
X-XRDS-LOCATION
Cache-Status
X-Debug
Arc-Version
Liferay-Portal
X-FTR-DC
X-FTR-Expires
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Realm
X-FTR-Backend-Server
Surrogate-Key
X-HS-Content-Id
X-Request-Processing-Time
X-XRDS-Location
X-Request-Received
X-AOL-HN
Backend-Timing
X-UUID
X-Analytics
HitInfo
Server-Info
HitType
FilterID
X-Wix-Server-Artifact-Id
TP-L2-Cache
TP-Cache
Public-Key-Pins-Report-Only
X-Instance
X-Magnolia-Registration
Refresh
X-Contextid
X-Rid
ServerID
X-Activity-Id
X-AppVersion
X-Proxied
X-Az
X-Webkit-Csp
X-B3-Traceid
X-WPE-Loopback-Upstream-Addr
X-Srv
AMP-Access-Control-Allow-Source-Origin
X-HW
Service-Worker-Allowed
X-Content-Security-Policy-Report-Only
X-Varnish-Server
Edge-Cache-Tag
X-HS-Cache-Config
Cleartype
X-APP-VERSION
X-Mobile
X-Origin
X-Varnish-Backend
X-Revision
S-Cnection
X-Correlation-Id
X-FTR-Cache-Host
Served-By
Fastly-Restarts
X-Amzn-Trace-Id
Source
X-Geo-Country
X-URL
X-TT
X-RateLimit-Remaining
X-PHP-Backend
X-Signature
X-FB-Debug
X-App-Environment
X-Framework
X-Varnish-Hostname
X-Cache-Config
Retry-After
Powered-By-ChinaCache
X-B-Cache
X-Device-Type
X-Cache-Server
X-Sucuri-ID
X-Cache-Control
X-Cache-Operation
X-Tumblr-Pixel
Server-Node
X-Tumblr-Pixel-0
X-Hail-Hydra
Host-Header
X-PC-Hit
X-Request-Guid
X-PC-Key
X-BCube-Filmed-By
X-Cache-Action
X-PC-AppVer
X-Tumblr-User
X-Cache-2
MS-CV
X-Page-Id
Accept-Charset
X-Handled-By
DC
X-Hyper-Cache
X-TT-TIMESTAMP
X-Origin-Upstream-Status
X-Ocache
Actual-Object-TTL
X-Debug-Info
X-Origin-Server
X-WA-Info
X-ADI-VCache
X-Shield-Cache-Expires
Cache
X-PC-Date
X-PC-Host
Viewport
X-Content-Powered-By
Upgrade-Insecure-Requests
X-ATG-Version
X-Accel-Expires
NGB
X-Microcachable
X-LB-Cache
X-Daa-Tunnel
X-Cached-By
X-Cache-NE
SRV
X-HS-Combine-CSS
AsisCache
X-Drupal-Cache-Tags
X-Accel-Buffering
X-Generated-By
X-Amz-Server-Side-Encryption
X-Yottaa-Metrics
X-Esi
Filters
X-Yottaa-Optimizations
X-Cacheable-TTL
X-Jobs
X-B3-Sampled
X-App-Server
ServedBy
X-RequestSource
X-S
X-Wix-Request-Id
X-Seen-By
X-Akam-SW-Version
X-WebKit-CSP-Report-Only
X-GeoIP
X-TX-ID
X-Cluster
X-Sucuri-Cache
X-Akamai-Edgescape
X-Geo
X-RTag
X-Distil-CS
X-Locale
X-Varnish-Hits
X-FW-Server
X-FW-Static
X-Internal-Host
X-FW-Serve
X-FW-Hash
X-FW-Type
From-Origin
Content-Style-Type
Content-Script-Type
X-Adobe-Loc
X-Tumblr-Pixel-1
X-Adobe-Content
X-Tumblr-Pixel-2
X-Varnish-IP
X-Feature
X-Dns-Prefetch-Control
X-Varnish-Cache-Hits
X-Cache-Remote
Datacenter
X-ServedBy
X-GZip
HostName
X-Varnish-Grace
X-Storage
X-CDN-Forward
X-Edge-Cache-Key
X-Node-Name
X-Platform-Server
X-Edge-Cache
X-Cache-TTL-Remaining
X-Vg-Webcache
X-Akamai-Transformed
X-Region
X-Cache-Age
X-UA
X-RateLimit-Limit
X-GUploader-UploadID
X-Mode
X-NewRelic-App-Data
X-Cache-Bucket
Cache-Tag
X-Amz-Replication-Status
Country
X-Real-IP
X-Distributor
X-Kinja-Server-Push
Load-Balancing
X-Oracle-Dms-Ecid
RATING
X-Oracle-Dms-Rid
X-Guploader-Uploadid
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Source
ServerName
X-Agile-Age
X-Agile-Id
Fastly-SSL
X-Agile
X-Proto
X-Drupal-Cache-Contexts
Ohc-File-Size
Cache-Key
X-Web-Node
GEO-INFO
X-Akamai-Request-ID
Machine
Meta-Geo
Mn-Server-Ip
X-Viewer-Country
X-ApacheServer
X-BB-IP
X-Rendered-As
X-Cache-Var-Map
X-Cache-Var
X-Is-Bot
X-Detected-As
X-Grey
X-EIG-Tracking-Id
X-MP-GENERATED-AT
X-Path-Route
X-Cache-Category-Id
X-RN-RSRV
X-RemovedCookies
X-ProcessESI
X-PERF
X-Time-Microsecs
X-JoinUs
X-ProxyCache-Status
Cache-Name
X-Debug-Cache
X-Optimization
X-NCache
X-BYPASS-REASON
X-ProxyCache-Key
X-CCM
X-Webstats-RespID
L5d-Success-Class
Cache-Hits
Healthy
X-Request-Time
X-Cache-HT
Backend
X-CDN-Cache
X-Generated
X-Labrador-Cache-Channel
X-NodeID
X-OCL
X-Port
X-ServerID
Now
X-TWH-CORRELATION-ID
X-Xfnlog-Site
X-Upgrade-Enabled
X-PCL
Azure-Version
Azure-RegionName
Azure-SiteName
Azure-SlotName
Azure-InstanceId
Access-Control-Allow-Method
X-Hosted-By
X-OVcl
X-Original-Request
X-OVcl-Cache
X-Pubstack
X-Via-Fastly
X-Render-Type
X-TA-CDN-Provider
X-Instance-Name
X-Cluster-Node
X-Amz-Meta-Surrogate-Control
X-Edge-Location
X-FC-Vary-Parameters
X-Human
S-Rt
X-Hit
X-Access
Webcakes-Region
Webcakes-App-Version
X-App-Name
X-AWS-Id
X-CCM-LastModified
X-Birta-Served
X-Birta-Cache-Post
Webcakes-App-Name
User-Cache-Control
TWC-Device-Class
TWC-Connection-Speed
Property-Id
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Privacy
TWC-Locale-Group
X-Format
X-Generation-Time
X-Surge-Debug
X-SplitTest
X-Site-Version
X-TNCMS
X-Varnish-Cacheable
X-Zipkin-Id
X-Www-Served-By
X-VWS-Id
X-Section
X-Routing-Service
X-Meta-Tbi-Cache-Vertical
X-Loop
X-LJ-Flow-ID
X-Nginx-Cache
X-Origin-Hint
X-Proxy
Selected-FE
X-Newrelic-Synthetics
X-IP
X-Proxy-Build
X-Timing-Wait
LB
DB-Nickname
Fastcgi-Useragent
X-Backend-Name
Countrycode
WP-Super-Cache
X-Ezoic-Cdn
X-Cache-Enabled
User-Agent
X-Tumblr-Pixel-3
X-Real-Ip
X-Time
X-Origin-CC
Payment
Origin-Edge-Control
Origin-Cache-Control
X-Oneagent-Js-Injection
X-Tb
X-CACHE-AGE
X-L-Path
X-Environment-Context
Ec-Rule-Version
X-B3-Spanid
X-DataStream-Cache-Status
X-Unique-ID
X-Nc
X-Dc
Xserver
RequestId
X-UA-Device-Type
X-Skip-Cache
X-Dynatrace
X-Litespeed-Cache
X-NU-AKA-ACS-Version
Access-Control-Request-Headers
X-Correlation-ID
X-B3-TraceId
X-NGENIX-Cache
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
NODE
X-Servedby
Webserver
Time
X-WR-MODIFICATION
X-Upstream-CT
X-Upstream-HT
X-Vgn-Hpd-Reason
X-Be
X-EdgeConnect-Cache-Status
X-Croise-Owner
X-Varnish-Beresp-Ttl
Warning
T-Server
V-Age
X-B-Cookie
X-ARC
X-Application
X-Logtrace-Id
X-A-Wwc
X-A-Dgt
X-ElasticPress-Search
X-Generated-In
X-A-Dcw
Fly-Request-Id
Ajk
X-Died
X-SRCache-Key
X-Destination
X-From
X-Developer
Fly-Cache
X-A-Ccd
X-Cache-Host
X-A
X-Cache-Id
X-Cache-Backend
X-DPWN-IS-SECURE
X-G
X-D
Cache-Prefix
Resin-Trace
X-A-Dam
X-S-Cookie
X-Status
Ws
IBM-Web2-Location
X-Webkit-CSP
Request-Time
X-Rojux
Fastly-Soc-X-Request-Id
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Apple-News-Services-Handled
AKAMAI
X-UE-Client-Country
X-Content-Type
BehaviorPad-Version
Fastcgi-X-Cache
MD5-Digest
Memcached
Meta-Geo-Continent
Host-ID
X-Cache-Ttl
Fastcgi-X-Cache-Version
X-Var-Ttl
X-Cache-Expires
Www
X-Debug-Cookies
X-Twitter-Response-Tags
X-Trv-Group
X-Transaction
X-SVT-ORM-RULES
X-BBXSRF
X-BB-ID
X-VG-WebServer
X-No-Session
X-User
X-CS
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Request-URI
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Fastly-Cache
X-SVT-ORM-VERSION
X-Debug-Log
X-Connection-Hash
X-Fstrz
X-Public
X-PAYTM-SRV-ID
X-Via-CDN
X-Wix-Route-ID
Viewtype
VivaBuild
X-Server-Time
Xc-Version
Sta2Tusw
X-Rewrite-Enabled
X-Region-Sid
X-Haproxy-Hostname
X-Haproxy-Ip
X-ND-Cache
X-Cache-Time
X-Server-By
X-Amz-Meta-Cache-Control
X-Via-Edge
X-We-Are-Hiring
Cneonction
X-NX-Host
X-Oss-Object-Type
UCS
X-Oss-Server-Time
X-Oss-Storage-Class
X-StackifyID
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-RCS-CacheZone
X-Shopify-Stage
X-Release
X-S-Maxage
X-IN-WAF
X-ShardId
X-ShopId
X-Sorting-Hat-FeatureSet
X-Wikidot-Static-Cache
X-Epic-Correlation-Id
X-F5-Cache
X-FireWall-Port
X-Forwarded-Host
X-Core-Value
X-Trace-Id
X-IN-SSL-APIGATEWAY
X-Cache-CFC
X-Cdn-Origin
X-Frame-Option
X-Gannett-Site-Version
X-Rebelmouse-Surrogate-Control
X-Secret
X-ScT
X-SIPLIST1
X-Sn-Servicetimems
X-GeoIP-Country-Code
X-Phone
X-Rebelmouse-Cache-Control
X-Up
X-Wikidot-Backend
X-WebServer
Drupal-Pagecache-Memcache
Fastly-SIE
X-Via-NSCOPI
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId-Cached
X-Sorting-Hat-PrivacyLevel
X-Sorting-Hat-Section
Fastly-SWR
IsBot
Server-Int
GMS-Ver
Uber-Trace-Id
Rendered-Blocks
Release
NGX
Odigeo-Trace-Id
Origin
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId-Cached
X-Auto-Login
X-Fastcgi-Cache
X-Device-Os
X-Alternate-Cache-Key
Server-ID
Proxy-Connection
Request-Country
Request-EU
Version
X-Dispatcher-Server
X-Hash
X-IN-APIGATEWAY
X-Yottaa-Sig
X-C
X-Eu-Site
X-Cache-Debug
X-Block-Status
X-Backend-TTL
X-Backend-Url
X-Env
X-Developers
X-Backend-State
X-Cdn-Srv
X-CGP
X-Content-Age
X-Core-Mission
X-Ckpd-Fst-Backend
X-Cache-Srv
X-Edge-IP
Thinkindot-Control
PFcat
Platform
Powered-By
OT-Force-Account-Verify
On-Server
MI-Cache
MI-Cache-Age
Ohc-Response-Time
Pragrma
Pramga
Who
X-Actual-URL
X-Amz-Meta-S3cmd-Attrs
Web-Mar-Node
X-Fetched-On
Server-Host
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Backend-Host
X-MI-In-Market
X-Servername
X-ServiceProvider
X-Stale
X-Server-IP
X-Server-Group
X-Rocket-Nginx-Bypass
X-TIME
X-Served-From
X-Thinkindot-L3
X-TT-LOGID
X-Worker
X-Accel-Expires-Debug
X-Date
X-VServer
X-Ver
X-UnsetCookies
X-CSRF-Token
X-V
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-MSEdge-Features
X-MSEdge-Flight
X-Node-Id
MI-API
X-Matched-Rule
X-GoCache-CacheStatus
X-Hnp-Log
X-Location
X-Passed-To
X-Passed-To-BeforeDispatch
X-Response-By
X-Returned-From
X-Returned-From-BeforeDispatch
X-Reboot
Dnion-Transfer-Encoding
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Gen-Mode
X-GeoIP-City
Content-Disposition
HA-Geolon
HA-Geocountry
HA-Geocity
HA-Cloudapp
HA-Georegion
Kp-EeAlive
HA-Ipaddr
HA-Host
Ha-Gx-Prefs
X-Crawler
GW-Server
Adler-Geo
Decoy-Debug-Status
Cache-Cookie-Set-Lfrom
Decoy-Debug-Key
CDCHOST
Decoy-Debug-TTL
Esi-Enabled
Fastly-Backend-Name
Backend-Name
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
HA-Servedtime
HA-Geolat
X-Origin-Expires
X-Page-Type
HA-Urlpath
Is-Eu
HTTPS
Httpd-Identifier
X-Origin-Date
Heartbleed
X-Info
X-Hl-Ver
NnCoection
X-Cache-Control-Set-By
X-HCF
X-Bug-Bounty
X-Cache-URL
X-Bip
X-Clientip
X-Varnish-Id
Mime-Version
X-Varnish-HitMiss
X-Platform
X-Svr
X-Thanos
REQUESTUUID
Country-Code
X-COUNTRY
NtCoent-Length
Apicache-Version
Apicache-Store
Cteonnt-Length
X-Kong-Upstream-Latency
Cache-Provider
X-Req
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Amz-Meta-S3b-Last-Modified
X-Refresh
X-Kong-Proxy-Latency
FSS-Proxy
X-Origin-TTL
FSS-Cache
Brightspot-Id
X-DC
X-Ua
Arc-Country
X-Varnish-Url
X-P-T
Ar-Sid
X-Pf-Uncompressing
Dynatrace
X-Irp-Debug
X-LiteSpeed-Cache-Control
WebServer
Pagetype
X-CLOUD-TRACE-CONTEXT
X-LB-CacheStatus
X-LB-Node
Accept-Ch
X-App-Version
Processtime
COMMERCE-SERVER-SOFTWARE
X-Atg-Version
Memory
X-From-Cache
Sid
X-ROOTCache
X-EC-Security-Audit
X-Pjax-Url
X-Ratelimit-Limit
X-Ruxit-Js-Agent
X-Request-UUID
X-Amz-Meta-Sha256
PageType
X-Request-Start
X-NC
X-Ratelimit-Remaining
If-Modified-Since
X-Endurance-Cache-Level
X-Cache-ASPX
X-Load-Cache
GeoIp-Country-Code
X-Varnish-Action
Cdn
X-Fastly-Backend-Reqs
Geoip-City
Geoip-Latitude
PICS-Label
SN
X-Csrf-Token
X-Layer
CF-IPCountry
X-SERVER-NAME
BORDER-IP
Edgecast
X-Redis-Cache
X-GRACE
X-Cdn-Forward
PROCESSING-IP
MIME-Version
X-Cache-Handler
X-Rocket-Nginx-Serving-Static
X-ServedByHost
X-TId
X-HS-Hub-Id
X-GDPR
X-Tid
Frame-Options
X-Requestid
X-Varnish-Beresp-TTL
X-Nananana
X-Fastly-Cache-Hits
X-Servedbyhost
NodeID
X-RequestId
Dont-Set-Cookie
X-Wix-Petri-Ex
X-Key
X-Resolver-IP
X-Owner
X-B3-SpanId
X-NWS-UUID-VERIFY
X-Rule
X-Sf
X-Cf-Powered-By
X-Cache-TTL
X-BE
X-Server-W
Web-Mar-Region
Pics-Label
RNT-Machine
RNT-Time
Cf-Ipcountry
CDN
CACHE
ProcessTime
X-Flog
WZWS-RAY
X-HTML-Minification-Powered-By
X-ABtesting
GeoIP-Country-Code
GeoIP-Latitude
GeoIP-City
X-Sentry-ID
X-Tec-Api-Root
Node
X-Tec-Api-Origin
X-Tec-Api-Version
We-Hiring
Mail-Subject
Lfy
Get-Access-Time
X-DataStream-MidMile-RTT
Is-Session-Tracking
X-Powered-By-ANYU
X-DataStream-Origin-MEX-Latency
X-FORWARDED-FOR
X-VG-WebCache
PageSpeed
X-CDN-Pop-IP
XServer
Powered
X-CDN-Pop
X-Varnish-Ttl
Max-Age
X-Dynatrace-Js-Agent
X-Shard
X-Use-Magma
X-Mem
X-SRV
Cache-Tags
X-ByteArk-Cache
DataCenter
X-GZIP
URI
Magicmarker
X-PJAX-URL
X-Cache-FS-Status
Accept-CH
X-Gdpr
X-PF-Uncompressing
X-UPSTREAM-Address
X-GEO
X-Front
X-Powered-By-Defense
X-Check-Cacheable
X-Unique-Id
X-Dw-Trace-Id
Xet-Cookie
X-Remote-IP
X-Varnish-URL
X-Oa-Upstreams
X-Zalando-Child-Request-Id
X-Micro-Cache
X-Cookie
X-Zalando-Page-Type
Amp-Access-Control-Allow-Source-Origin
X-Ms-Lease-Status
X-Ms-Blob-Type
X-Ms-Request-Id
X-Ms-Version
X-Trv-Request-Id
V-Cache
Group
X-Varnish-ID
X-PARISIEN-Cache-Rendered
X-Safe-Firewall
X-SB
RequestUuid
X-PAGE-TYPE
X-VC
X-VarnPar2
X-HGenerator
X-Proxy-Server
N-Cache
Requestid
X-VarnPar1
X-Aicache-OS
X-Fe
Rt-Proxy-Cache
X-VarnCache
X-NGINX-Cache
Hostname
X-M-Reqid
X-RAMCache
X-Litespeed-Cache-Control
X-M-Log
WS
WWW-Authenticate
X-Akamai-ERPolicy
X-ProxyCache-Args
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Akamai-ERRuleID
X-Hello
X-Litespeed-Tag
X-Qnm-Cache
X-Alicdn-Da-Ups-Status
CF-Cached-On
SID