Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
X-Powered-By
X-Content-Type-Options
Strict-Transport-Security
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
X-Xss-Protection
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
X-FRAME-OPTIONS
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
CF-Ray
Content-Security-Policy-Report-Only
X-Generator
Alt-Svc
X-AspNetMvc-Version
Status
X-Cache-Status
X-DNS-Prefetch-Control
X-Check
X-Iinfo
X-Adblock-Key
Timing-Allow-Origin
X-CDN
X-Content-Security-Policy
X-Turbo-Charged-By
X-Permitted-Cross-Domain-Policies
Content-Encoding
X-Template
X-Language
Keep-Alive
X-Via
X-Type
X-AH-Environment
X-Backend
X-Cache-Group
WPE-Backend
X-Nginx-Cache-Status
X-Buckets
X-Pass-Why
X-Server
X-Age
X-Server-Powered-By
Access-Control-Max-Age
X-Pingback
X-Request-ID
Xkey
X-Varnish-Cache
Grace
Access-Control-Expose-Headers
Upgrade
X-Drupal-Dynamic-Cache
X-Hacker
X-UA-Device
P3p
X-Amz-Request-Id
X-Page-Speed
Cf-Railgun
X-Proxy-Cache
X-Amz-Id-2
EagleId
X-LiteSpeed-Cache
X-Robots-Tag
X-Swift-SaveTime
X-Swift-CacheTime
X-Envoy-Upstream-Service-Time
Ali-Swift-Global-Savetime
Request-Context
X-Node
X-Device
X-Ac
Content-Location
X-Host
X-Cnection
X-Amz-Version-Id
X-Cache-Lookup
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Surrogate-Control
X-Backend-Server
X-Server-Id
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Rack-Cache
X-Instart-Request-ID
X-Px
X-CST
X-Response-Time
Request-Id
X-Readtime
X-Rq
Server-Timing
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
X-HeyJason
X-Clacks-Overhead
X-Ua-Compatible
X-Cloud-Trace-Context
X-Url
EagleEye-TraceId
Pinterest-Generated-By
Edge-Control
X-Application-Context
X-Country
X-MS-InvokeApp
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Server-Name
Allow
X-DynaTrace-JS-Agent
Charset
Report-To
SPRequestGuid
X-Country-Code
X-SharePointHealthScore
X-DataDome
X-ESI
X-Ruxit-JS-Agent
X-Cached
X-Varnish-TTL
X-TtlSet
X-PC
Rating
X-Vname
X-Powered-CMS
X-Powered-By-Plesk
X-TTL
X-Recruiting
Public-Key-Pins
X-FTR-Request-ID
X-D2id
X-Vhost
NEL
X-Cdn
X-Version
X-Cdn-Fetch
X-Exp-Variant
X-Exp-Id
X-Kinja
X-Kinja-Build
X-Kinja-Server
X-Geo-Segment
X-Kinja-Revision
MS-Author-Via
X-N
X-Upstream-Env
Pinterest-Version
X-F-Cache
X-Pinterest-Rid
SPRequestDuration
SPIisLatency
X-CF-Powered-By
X-Dw-Request-Base-Id
X-DynaTrace
X-VARITI-CCR
Cartoon
X-T
X-GoogleNews-Bot
X-Mod-Pagespeed
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
Content-MD5
AR-CACHE
AR-PoweredBy
AR-ATIME
Nginx-Cache
RTSS
X-Abt-Application-Version
X-GitHub-Request-Id
MicrosoftSharePointTeamServices
Feature-Policy
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Shield-Request-Id
Verso
X-Trace
X-Amz-Rid
X-Navigation-Version
X-Dispatcher
X-Forwarded-Proto
X-Client-IP
X-Hits
Realpath
X-Goog-Hash
X-Server-ID
X-Origin-Cache
AR-SID
X-Ttl
Arr-Disable-Session-Affinity
Paypal-Debug-Id
X-Kinsta-Cache
X-TEC-API-ORIGIN
X-Zen-Fury
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Id
X-Content-Options
TCN
X-B
X-Grace
X-Content-Digest
X-Ser
X-Varnish-Age
X-Cache-Key
Alternate-Protocol
Fastcgi-Cache
X-Sol
X-Upstream
DynaTrace
X-Via-JSL
Access-Control-Request-Method
X-Mrf-Item-Lastmod
MRF-Tech
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Fastly-Request-ID
X-Pad
Display
X-Middleton-Display
X-NF-Request-ID
X-Vcap-Request-Id
X-FastCGI-Cache
X-Nf-Srv-Version
X-DIS-Request-ID
X-IPLB-Instance
PB-RID
PB-PID
X-Middleton-Response
Response
X-User-Agent
X-Mobile-Rewrite
Front-End-Https
X-SS-Set-Cookie
Pagespeed
Rt-Fastcgi-Cache
X-Frontend
X-Logged-In
Eomportal-Instance
X-XRDS-LOCATION
X-Cache-Rule
X-PressLabs-Stats
X-MSEdge-Ref
X-Newrelic-App-Data
X-Whom
Server-Name
X-Forwarded-For
X-VCache
X-Acc-Meta-Resource-Type
Host
S
X-Hostname
X-Cache-Hit
X-NWS-LOG-UUID
Tracecode
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
Cache-Status
X-Debug
Liferay-Portal
Arc-Version
X-UUID
X-AOL-HN
X-HS-Content-Id
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-DC
X-FTR-Expires
X-Request-Processing-Time
X-FTR-Realm
X-FTR-Backend-Server
Surrogate-Key
X-Country-Code-Real
X-FTR-Backend
HitType
X-Request-Received
Server-Info
HitInfo
Backend-Timing
X-Analytics
FilterID
TP-Cache
TP-L2-Cache
Public-Key-Pins-Report-Only
X-Wix-Server-Artifact-Id
X-Magnolia-Registration
X-Instance
Refresh
X-Contextid
X-Rid
ServerID
X-Proxied
X-AppVersion
X-Activity-Id
X-Az
X-Webkit-Csp
Edge-Cache-Tag
X-HS-Cache-Config
X-Correlation-Id
X-Srv
X-B3-Traceid
X-WPE-Loopback-Upstream-Addr
X-Varnish-Server
Service-Worker-Allowed
X-HW
X-Content-Security-Policy-Report-Only
X-XRDS-Location
AMP-Access-Control-Allow-Source-Origin
Cleartype
X-Mobile
X-Origin
S-Cnection
X-Revision
Served-By
X-APP-VERSION
Source
X-Varnish-Backend
X-FTR-Cache-Host
Fastly-Restarts
X-Amzn-Trace-Id
X-RateLimit-Remaining
X-App-Environment
X-Geo-Country
X-TT
X-B-Cache
X-Sucuri-ID
X-Device-Type
X-PHP-Backend
Powered-By-ChinaCache
X-Framework
X-Signature
X-Tumblr-Pixel-0
X-Tumblr-User
X-Cache-Config
X-Varnish-Hostname
X-Tumblr-Pixel
X-Origin-Upstream-Status
X-FB-Debug
Retry-After
X-Cache-Action
X-Cache-Operation
X-Cache-Server
X-Hyper-Cache
X-PC-Hit
X-PC-Key
X-Cache-Control
X-BCube-Filmed-By
X-Hail-Hydra
X-PC-AppVer
X-Request-Guid
Host-Header
X-Handled-By
Server-Node
Accept-Charset
MS-CV
X-Page-Id
X-Cache-2
X-TT-TIMESTAMP
DC
X-Ocache
Actual-Object-TTL
X-ATG-Version
X-Debug-Info
X-WA-Info
X-Shield-Cache-Expires
X-ADI-VCache
X-Origin-Server
Cache
X-Content-Powered-By
X-PC-Date
X-PC-Host
X-Daa-Tunnel
X-Accel-Expires
NGB
X-HS-Combine-CSS
X-URL
Upgrade-Insecure-Requests
Viewport
X-LB-Cache
X-Microcachable
X-Cache-NE
X-Cached-By
SRV
X-GeoIP
AsisCache
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Generated-By
ServedBy
X-Drupal-Cache-Tags
X-Accel-Buffering
X-Amz-Server-Side-Encryption
X-Jobs
Filters
X-RequestSource
X-Sucuri-Cache
X-Cacheable-TTL
X-Akamai-Edgescape
X-App-Server
X-WebKit-CSP-Report-Only
X-Akam-SW-Version
X-Wix-Request-Id
X-TX-ID
X-S
X-Seen-By
X-Feature
X-Cluster
X-B3-Sampled
X-FW-Static
X-FW-Serve
X-FW-Hash
X-Adobe-Content
From-Origin
X-Geo
X-FW-Type
Content-Script-Type
Content-Style-Type
X-Adobe-Loc
X-Distil-CS
X-FW-Server
X-Locale
X-Tumblr-Pixel-2
X-Internal-Host
X-Tumblr-Pixel-1
X-Varnish-Hits
X-RTag
X-Varnish-IP
X-Dns-Prefetch-Control
Datacenter
X-Varnish-Cache-Hits
X-Cache-Age
X-Cache-Remote
HostName
X-GZip
X-Storage
X-Node-Name
X-Edge-Cache-Key
X-Varnish-Grace
X-Edge-Cache
X-ServedBy
X-Platform-Server
X-Guploader-Uploadid
X-UA
X-CDN-Forward
X-Cache-TTL-Remaining
X-Vg-Webcache
X-Akamai-Transformed
X-Region
X-RateLimit-Limit
X-Mode
X-Cache-Bucket
Country
Cache-Tag
X-Kinja-Server-Push
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
X-Amz-Replication-Status
RATING
X-Distributor
X-EIG-Tracking-Id
Load-Balancing
X-Proto
X-Amzn-RequestId
X-Amz-Apigw-Id
Ohc-File-Size
ServerName
X-Source
Fastly-SSL
X-Agile
X-BB-IP
GEO-INFO
Mn-Server-Ip
X-Agile-Id
X-Agile-Age
X-RN-RSRV
Cache-Key
X-Cache-Category-Id
X-Time-Microsecs
X-Viewer-Country
X-Web-Node
X-Is-Bot
X-Akamai-Request-ID
X-Grey
X-BYPASS-REASON
X-ProxyCache-Key
X-ApacheServer
X-Debug-Cache
X-ProxyCache-Status
X-Detected-As
X-Cache-Var
Machine
X-PERF
X-Path-Route
X-Drupal-Cache-Contexts
X-ProcessESI
X-RemovedCookies
Meta-Geo
X-Rendered-As
X-Optimization
Healthy
X-Cache-HT
L5d-Success-Class
Cache-Name
X-MP-GENERATED-AT
X-Cache-Var-Map
X-JoinUs
X-TA-CDN-Provider
X-NewRelic-App-Data
X-Real-Ip
X-ServerID
X-Request-Time
X-CCM
X-TWH-CORRELATION-ID
X-NCache
Cache-Hits
X-Webstats-RespID
X-Human
X-Hit
X-Labrador-Cache-Channel
X-OCL
X-NodeID
Now
X-Generated
X-CDN-Cache
Access-Control-Allow-Method
X-Cluster-Node
X-Xfnlog-Site
X-Upgrade-Enabled
X-Original-Request
Backend
X-Port
X-PCL
X-Www-Served-By
X-Edge-Location
X-FC-Vary-Parameters
TWC-Device-Class
Selected-FE
TWC-GeoIP-Country
Azure-SlotName
TWC-Connection-Speed
Azure-SiteName
Property-Id
Azure-InstanceId
X-CCM-LastModified
X-Timing-Wait
X-Amz-Meta-Surrogate-Control
S-Rt
X-Proxy-Build
TWC-Locale-Group
X-Real-IP
Webcakes-App-Name
Webcakes-App-Version
X-Pubstack
X-Proxy
X-OVcl
X-Origin-Hint
Webcakes-Region
Azure-RegionName
X-Via-Fastly
X-Hosted-By
X-OVcl-Cache
X-Instance-Name
Azure-Version
X-Render-Type
TWC-Privacy
TWC-GeoIP-LatLong
X-Newrelic-Synthetics
User-Cache-Control
X-Access
X-Backend-Name
X-App-Name
X-AWS-Id
X-Format
X-Section
X-Routing-Service
X-Esi
X-Varnish-Cacheable
X-Site-Version
X-TNCMS
X-Surge-Debug
X-SplitTest
X-Nginx-Cache
X-VWS-Id
X-Generation-Time
X-Zipkin-Id
X-Cache-Enabled
X-IP
X-LJ-Flow-ID
X-Meta-Tbi-Cache-Vertical
X-Loop
X-Birta-Served
X-Birta-Cache-Post
LB
WP-Super-Cache
DB-Nickname
X-GUploader-UploadID
X-Time
Fastcgi-Useragent
Countrycode
X-Ezoic-Cdn
X-Origin-CC
X-Nc
User-Agent
X-Oneagent-Js-Injection
X-Dc
X-Tumblr-Pixel-3
Origin-Cache-Control
Origin-Edge-Control
Payment
X-L-Path
X-Tb
Xserver
X-Environment-Context
X-UA-Device-Type
Ec-Rule-Version
RequestId
X-Unique-ID
X-B3-Spanid
X-DataStream-Cache-Status
X-Skip-Cache
X-B3-TraceId
X-Varnish-Beresp-Grace
X-NU-AKA-ACS-Version
X-Varnish-Beresp-Status
X-Servedby
Access-Control-Request-Headers
X-NGENIX-Cache
X-CACHE-AGE
X-WR-MODIFICATION
NODE
Webserver
X-Be
X-Upstream-CT
Time
X-Upstream-HT
X-Vgn-Hpd-Reason
X-EdgeConnect-Cache-Status
X-Croise-Owner
Warning
X-Webkit-CSP
X-Developer
X-ElasticPress-Search
X-DPWN-IS-SECURE
X-Destination
X-NX-Host
X-Logtrace-Id
X-Generated-In
X-From
X-G
X-Died
X-Debug-Cookies
V-Age
X-B-Cookie
X-Cache-Expires
Ajk
X-Cache-Backend
X-Cache-Host
X-A
X-A-Ccd
X-Application
X-A-Wwc
X-A-Dcw
X-ARC
X-A-Dam
X-A-Dgt
T-Server
X-SRCache-Key
X-D
X-S-Cookie
Fly-Cache
Fly-Request-Id
X-Debug-Log
Request-Time
Resin-Trace
X-Cache-Ttl
X-Var-Ttl
Cache-Prefix
X-Cache-Id
X-CS
IBM-Web2-Location
X-Oss-Object-Type
X-Oss-Server-Time
Ws
X-Oss-Storage-Class
X-CSRF-Token
X-Oss-Request-Id
X-StackifyID
X-Dynatrace
X-Oss-Hash-Crc64ecma
X-Status
X-Dispatcher-Server
X-Device-Os
X-Wix-Route-ID
X-Fstrz
X-Cache-Time
Xc-Version
X-SVT-ORM-RULES
BehaviorPad-Version
Apple-News-Services-Request-Url
Fastcgi-X-Cache
X-CF-Lambda-Fn
Fastcgi-X-Cache-Version
X-CF-Lambda-Version
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
AKAMAI
Proxy-Connection
Apple-News-Services-Host
X-Connection-Hash
X-BBXSRF
X-BB-ID
Release
Sta2Tusw
Meta-Geo-Continent
MD5-Digest
Memcached
Viewtype
VivaBuild
X-Amz-Meta-Cache-Control
Fastly-Soc-X-Request-Id
Www
Host-ID
X-Fastly-Cache
X-WebServer
X-SVT-ORM-VERSION
X-Transaction
X-Server-Time
X-Server-By
X-Release
X-Hash
X-Trv-Group
X-Via-CDN
X-Via-Edge
X-VG-WebServer
X-User
X-Twitter-Response-Tags
X-Rojux
X-Rewrite-Enabled
X-No-Session
X-PAYTM-SRV-ID
X-ND-Cache
X-Haproxy-Ip
X-Haproxy-Hostname
X-Request-URI
X-Planisys-CDN-Cache
X-Region-Sid
X-Public
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-We-Are-Hiring
X-UE-Client-Country
X-Fastcgi-Cache
Cneonction
X-Varnish-Beresp-Ttl
Mime-Version
X-Yottaa-Sig
X-Content-Type
UCS
HA-Ipaddr
HA-Host
HA-Servedtime
HA-Georegion
Ha-Gx-Prefs
Heartbleed
Origin
Powered-By
Odigeo-Trace-Id
NGX
HA-Geolon
X-Server-IP
HA-Urlpath
HA-Geocountry
X-Sorting-Hat-ShopId-Cached
X-Via-NSCOPI
X-Correlation-ID
X-Sorting-Hat-ShopId
X-Sorting-Hat-Section
X-Sorting-Hat-PodId-Cached
X-Sorting-Hat-PrivacyLevel
Drupal-Pagecache-Memcache
X-Stale
HA-Geocity
Pramga
HA-Cloudapp
GW-Server
X-Sn-Servicetimems
X-SIPLIST1
HA-Geolat
X-ScT
X-FireWall-Port
X-Forwarded-Host
X-Frame-Option
X-F5-Cache
X-Eu-Site
X-Core-Value
X-Epic-Correlation-Id
X-Gannett-Site-Version
X-GeoIP-City
X-Passed-To-PostProcessResponse
X-Phone
X-Passed-To-DLL
X-Passed-To-BeforeDispatch
X-GeoIP-Country-Code
X-Passed-To
X-CGP
Dnion-Transfer-Encoding
Uber-Trace-Id
X-Returned-From-PostProcessResponse
Server-Int
Server-Host
Rendered-Blocks
X-Sorting-Hat-PodId
X-Actual-URL
X-Amz-Meta-S3cmd-Attrs
X-Returned-From-BeforeDispatch
X-Returned-From
X-Cdn-Origin
X-Returned-From-DLL
X-Cache-CFC
X-Cache-Debug
X-Secret
IsBot
X-Sorting-Hat-FeatureSet
X-Auto-Login
X-Alternate-Cache-Key
X-RCS-CacheZone
Request-EU
Version
X-IN-WAF
X-Hl-Ver
X-IN-APIGATEWAY
X-Up
X-Crawler
Server-ID
X-IN-SSL-APIGATEWAY
Request-Country
X-ShopId
X-ShardId
X-Wikidot-Static-Cache
X-UnsetCookies
X-Trace-Id
Kp-EeAlive
X-Shopify-Stage
X-Wikidot-Backend
GMS-Ver
X-S-Maxage
NtCoent-Length
NnCoection
X-C
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Hnp-Log
Thinkindot-Control
X-Accel-Expires-Debug
Platform
On-Server
Ohc-Response-Time
X-Rebelmouse-Surrogate-Control
X-Date
OT-Force-Account-Verify
Pragrma
X-Location
PFcat
X-Reboot
X-Backend-Host
X-Ckpd-Fst-Backend
X-Fetched-On
X-VServer
X-Response-By
X-Cdn-Srv
X-Content-Age
X-Core-Mission
X-Env
X-Edge-IP
X-Worker
X-Developers
X-Cache-Srv
X-Ver
Country-Code
X-GoCache-CacheStatus
X-Rocket-Nginx-Bypass
Who
X-Gen-Mode
X-Served-From
X-Block-Status
X-Backend-Url
X-Backend-TTL
X-Backend-State
Web-Mar-Node
X-V
Fastly-SIE
MI-Cache-Age
Esi-Enabled
Decoy-Debug-TTL
Fastly-SWR
X-TT-LOGID
X-Origin-Date
X-Origin-Expires
X-Servername
X-ServiceProvider
Decoy-Debug-Status
Decoy-Debug-Key
Backend-Name
Adler-Geo
X-Bug-Bounty
X-Thinkindot-L3
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Content-Disposition
CDCHOST
Cache-Cookie-Set-Lfrom
X-Node-Id
Fastly-Backend-Name
X-MI-In-Market
X-Server-Group
X-MSEdge-Flight
Is-Eu
HTTPS
Httpd-Identifier
X-Rebelmouse-Cache-Control
X-Matched-Rule
MI-API
MI-Cache
X-Info
X-MSEdge-Features
X-Cache-Control-Set-By
X-Thanos
X-RateLimit-Remaining-Second
X-Bip
X-Platform
Cteonnt-Length
X-Cache-URL
X-Clientip
X-Kong-Upstream-Latency
REQUESTUUID
X-RateLimit-Limit-Second
X-Varnish-HitMiss
X-Varnish-Id
X-Page-Type
X-Kong-Proxy-Latency
X-Svr
X-HCF
Cache-Provider
FSS-Proxy
FSS-Cache
X-TIME
Apicache-Store
X-Req
Ar-Sid
Arc-Country
Brightspot-Id
X-Amz-Meta-S3b-Last-Modified
Apicache-Version
X-LiteSpeed-Cache-Control
X-Origin-TTL
X-Varnish-Url
WebServer
X-Refresh
X-P-T
X-Irp-Debug
X-Ua
X-CLOUD-TRACE-CONTEXT
X-Pf-Uncompressing
X-Pjax-Url
X-LB-CacheStatus
Processtime
X-LB-Node
X-App-Version
PageType
X-From-Cache
X-ROOTCache
Sid
Accept-Ch
COMMERCE-SERVER-SOFTWARE
Pagetype
X-Ruxit-Js-Agent
X-Ratelimit-Limit
X-Request-UUID
Memory
X-Request-Start
X-EC-Security-Audit
X-DC
X-Endurance-Cache-Level
X-Ratelimit-Remaining
X-Amz-Meta-Sha256
Cdn
X-Load-Cache
Dynatrace
GeoIp-Country-Code
If-Modified-Since
Geoip-City
X-Cache-ASPX
Geoip-Latitude
X-Fastly-Backend-Reqs
X-Varnish-Action
X-Litespeed-Cache
X-Layer
SN
PICS-Label
X-GRACE
X-Cdn-Forward
X-Redis-Cache
X-Atg-Version
Edgecast
PROCESSING-IP
CF-IPCountry
BORDER-IP
X-COUNTRY
X-NC
X-Rocket-Nginx-Serving-Static
X-GDPR
X-Tid
X-Varnish-Beresp-TTL
X-ServedByHost
X-Csrf-Token
X-Cache-Handler
X-RequestId
Frame-Options
NodeID
MIME-Version
X-Fastly-Cache-Hits
X-Nananana
X-Requestid
X-Resolver-IP
X-Key
X-TId
X-Owner
X-B3-SpanId
X-NWS-UUID-VERIFY
Dont-Set-Cookie
X-HS-Hub-Id
X-Cf-Powered-By
X-Servedbyhost
X-BE
X-Server-W
X-Wix-Petri-Ex
Pics-Label
Cf-Ipcountry
X-Rule
Web-Mar-Region
X-Sf
X-Cache-TTL
ProcessTime
CACHE
RNT-Time
RNT-Machine
X-Sentry-ID
X-HTML-Minification-Powered-By
GeoIP-Country-Code
WZWS-RAY
GeoIP-City
X-ABtesting
GeoIP-Latitude
X-Flog
X-Tec-Api-Origin
Node
X-Tec-Api-Root
X-Tec-Api-Version
X-SERVER-NAME
X-DataStream-MidMile-RTT
X-VG-WebCache
X-DataStream-Origin-MEX-Latency
Get-Access-Time
Is-Session-Tracking
Lfy
X-FORWARDED-FOR
X-Powered-By-ANYU
Mail-Subject
We-Hiring
CDN
PageSpeed
X-Shard
Max-Age
X-Dynatrace-Js-Agent
X-Varnish-Ttl
X-CDN-Pop
X-CDN-Pop-IP
X-Use-Magma
X-SRV
X-ByteArk-Cache
X-Mem
Powered
XServer
X-GZIP
X-Cache-FS-Status
URI
Accept-CH
Cache-Tags
Magicmarker
X-UPSTREAM-Address
X-PF-Uncompressing
X-Powered-By-Defense
X-Check-Cacheable
X-GEO
X-Front
DataCenter
Xet-Cookie
X-Dw-Trace-Id
X-Unique-Id
Amp-Access-Control-Allow-Source-Origin
X-PJAX-URL
X-PAGE-TYPE
X-Varnish-URL
X-Zalando-Page-Type
X-Cookie
X-Oa-Upstreams
X-Micro-Cache
X-Aicache-OS
X-Remote-IP
X-Ms-Lease-Status
X-Ms-Blob-Type
X-Ms-Request-Id
X-Zalando-Child-Request-Id
X-Trv-Request-Id
X-Ms-Version
V-Cache
Group
Rt-Proxy-Cache
X-VarnPar2
X-VC
X-Fe
X-HGenerator
X-VarnPar1
N-Cache
RequestUuid
X-PARISIEN-Cache-Rendered
X-Gdpr
X-Safe-Firewall
X-Varnish-ID
Requestid
X-VarnCache
X-Proxy-Server
X-SB
X-NGINX-Cache
Hostname
SID
X-RAMCache
WS
X-Akamai-ERPolicy
X-M-Reqid
X-M-Log
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Qnm-Cache
X-Akamai-ERRuleID
X-Alicdn-Da-Ups-Status
X-ProxyCache-Args
WWW-Authenticate
CF-Cached-On
X-Hello
X-Litespeed-Tag