Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
X-Powered-By
X-Content-Type-Options
Strict-Transport-Security
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
X-Xss-Protection
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
CF-Ray
Content-Security-Policy-Report-Only
X-Generator
Alt-Svc
X-AspNetMvc-Version
Status
X-Cache-Status
X-DNS-Prefetch-Control
X-Check
X-Iinfo
X-FRAME-OPTIONS
X-Adblock-Key
Timing-Allow-Origin
X-CDN
X-Content-Security-Policy
X-Turbo-Charged-By
X-Permitted-Cross-Domain-Policies
Content-Encoding
X-Template
X-Language
Keep-Alive
X-Via
X-Type
X-AH-Environment
X-Backend
X-Cache-Group
WPE-Backend
X-Nginx-Cache-Status
X-Buckets
X-Pass-Why
X-Server
X-Age
X-Server-Powered-By
Access-Control-Max-Age
X-Pingback
X-Request-ID
Xkey
X-Varnish-Cache
Grace
Access-Control-Expose-Headers
Upgrade
X-Drupal-Dynamic-Cache
X-Hacker
X-UA-Device
P3p
X-Amz-Request-Id
X-Page-Speed
Cf-Railgun
X-Proxy-Cache
X-Amz-Id-2
EagleId
X-Robots-Tag
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Envoy-Upstream-Service-Time
Ali-Swift-Global-Savetime
Request-Context
X-Node
X-Ac
X-Device
Content-Location
X-Host
X-Cnection
X-Amz-Version-Id
X-Cache-Lookup
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Surrogate-Control
X-Backend-Server
X-Server-Id
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Rack-Cache
X-Instart-Request-ID
X-CST
X-Px
X-Response-Time
Request-Id
X-Readtime
X-Rq
Server-Timing
Permitted-Cross-Domain-Policies
X-Do-Not-Hack
X-HeyJason
X-Clacks-Overhead
X-Ua-Compatible
X-Url
EagleEye-TraceId
Pinterest-Generated-By
X-Cloud-Trace-Context
Edge-Control
X-Application-Context
X-Country
X-MS-InvokeApp
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Server-Name
Allow
X-DynaTrace-JS-Agent
Charset
SPRequestGuid
Report-To
X-Country-Code
X-SharePointHealthScore
X-DataDome
X-ESI
X-Ruxit-JS-Agent
X-Cached
X-Varnish-TTL
X-PC
X-TtlSet
X-Vname
Rating
X-Powered-CMS
X-Powered-By-Plesk
X-TTL
X-Recruiting
Public-Key-Pins
X-FTR-Request-ID
X-D2id
X-Vhost
NEL
X-Version
X-Cdn
X-Cdn-Fetch
X-Exp-Variant
X-Exp-Id
X-Kinja
X-Kinja-Build
X-Kinja-Server
X-Geo-Segment
X-Kinja-Revision
MS-Author-Via
X-N
X-Upstream-Env
Pinterest-Version
X-F-Cache
X-Pinterest-Rid
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
SPIisLatency
SPRequestDuration
X-CF-Powered-By
X-Dw-Request-Base-Id
X-DynaTrace
X-VARITI-CCR
Cartoon
X-T
X-GoogleNews-Bot
X-Mod-Pagespeed
Content-MD5
AR-CACHE
AR-PoweredBy
AR-ATIME
Nginx-Cache
RTSS
X-Abt-Application-Version
X-GitHub-Request-Id
MicrosoftSharePointTeamServices
Feature-Policy
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Shield-Request-Id
Verso
X-Trace
X-Amz-Rid
X-Navigation-Version
X-Dispatcher
X-Forwarded-Proto
X-Client-IP
X-Hits
Realpath
X-Goog-Hash
X-Server-ID
X-Origin-Cache
AR-SID
X-Ttl
Arr-Disable-Session-Affinity
Paypal-Debug-Id
X-Kinsta-Cache
X-TEC-API-ORIGIN
X-Zen-Fury
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Id
X-Content-Options
TCN
X-B
X-Grace
X-Content-Digest
X-Ser
X-Varnish-Age
X-Cache-Key
Alternate-Protocol
Fastcgi-Cache
X-Sol
X-Upstream
DynaTrace
X-Via-JSL
Access-Control-Request-Method
X-Mrf-Item-Lastmod
MRF-Tech
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Fastly-Request-ID
X-Pad
Display
X-Middleton-Display
X-Vcap-Request-Id
X-NF-Request-ID
X-FastCGI-Cache
X-Nf-Srv-Version
X-DIS-Request-ID
X-IPLB-Instance
PB-PID
PB-RID
X-Middleton-Response
Response
X-User-Agent
X-Mobile-Rewrite
X-SS-Set-Cookie
Front-End-Https
Pagespeed
X-Frontend
Rt-Fastcgi-Cache
X-Logged-In
Eomportal-Instance
X-Cache-Rule
X-PressLabs-Stats
X-MSEdge-Ref
X-Whom
Server-Name
X-VCache
X-Forwarded-For
X-Acc-Meta-Resource-Type
Host
X-Cache-Hit
X-Hostname
S
X-XRDS-LOCATION
X-NWS-LOG-UUID
X-Newrelic-App-Data
Tracecode
X-Goog-Stored-Content-Length
Cache-Status
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Metageneration
X-Debug
Liferay-Portal
Arc-Version
X-HS-Content-Id
X-UUID
X-Request-Processing-Time
X-Country-Code-Real
X-FTR-Realm
X-FTR-Expires
HitInfo
HitType
X-AOL-HN
X-Request-Received
X-FTR-DC
Server-Info
Surrogate-Key
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
Backend-Timing
X-Analytics
FilterID
X-Magnolia-Registration
X-Instance
X-Wix-Server-Artifact-Id
TP-L2-Cache
TP-Cache
X-Contextid
Refresh
X-Rid
Public-Key-Pins-Report-Only
X-XRDS-Location
ServerID
X-Activity-Id
X-AppVersion
X-Az
X-Proxied
X-Webkit-Csp
Edge-Cache-Tag
X-HS-Cache-Config
X-Srv
X-WPE-Loopback-Upstream-Addr
X-B3-Traceid
X-Content-Security-Policy-Report-Only
X-HW
X-Varnish-Server
Service-Worker-Allowed
AMP-Access-Control-Allow-Source-Origin
Cleartype
X-Correlation-Id
X-Mobile
X-Origin
X-Revision
S-Cnection
Served-By
X-APP-VERSION
X-Varnish-Backend
Source
X-FTR-Cache-Host
X-Amzn-Trace-Id
Fastly-Restarts
X-Geo-Country
X-TT
X-App-Environment
X-RateLimit-Remaining
X-Framework
X-Device-Type
X-B-Cache
X-Sucuri-ID
X-PHP-Backend
Powered-By-ChinaCache
X-Signature
X-Origin-Upstream-Status
X-Varnish-Hostname
Retry-After
X-Cache-Config
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-FB-Debug
X-Cache-Operation
X-Cache-Action
X-Hyper-Cache
X-Cache-Server
X-BCube-Filmed-By
Server-Node
Host-Header
X-Request-Guid
X-Cache-Control
X-Hail-Hydra
X-PC-AppVer
X-PC-Key
X-Handled-By
X-PC-Hit
X-Cache-2
MS-CV
X-Page-Id
X-TT-TIMESTAMP
DC
Accept-Charset
X-Ocache
Actual-Object-TTL
X-ATG-Version
X-WA-Info
X-Debug-Info
X-Shield-Cache-Expires
X-Origin-Server
X-ADI-VCache
Cache
X-Content-Powered-By
X-PC-Date
X-PC-Host
X-Daa-Tunnel
X-URL
X-HS-Combine-CSS
Upgrade-Insecure-Requests
NGB
X-Accel-Expires
Viewport
X-LB-Cache
X-Microcachable
X-Cache-NE
SRV
X-GeoIP
X-Cached-By
AsisCache
X-Yottaa-Optimizations
X-Generated-By
X-Yottaa-Metrics
X-Amz-Server-Side-Encryption
ServedBy
Filters
X-Jobs
X-Accel-Buffering
X-RequestSource
X-Drupal-Cache-Tags
X-App-Server
X-Akamai-Edgescape
X-Sucuri-Cache
X-S
X-Seen-By
X-WebKit-CSP-Report-Only
X-Wix-Request-Id
X-TX-ID
X-Cacheable-TTL
X-B3-Sampled
X-Feature
X-Cluster
X-FW-Serve
X-Geo
X-FW-Hash
Content-Style-Type
Content-Script-Type
X-Distil-CS
X-FW-Server
X-Locale
X-Internal-Host
X-Tumblr-Pixel-1
X-RTag
X-Akam-SW-Version
X-Varnish-Hits
X-Tumblr-Pixel-2
X-FW-Type
X-Adobe-Content
X-FW-Static
X-Adobe-Loc
From-Origin
X-Varnish-IP
X-Dns-Prefetch-Control
X-Varnish-Cache-Hits
X-Cache-Age
Datacenter
X-Cache-Remote
X-GZip
X-Node-Name
X-Varnish-Grace
X-Edge-Cache-Key
X-Edge-Cache
X-ServedBy
X-Storage
X-Platform-Server
HostName
X-CDN-Forward
X-UA
X-Cache-TTL-Remaining
X-Vg-Webcache
X-Akamai-Transformed
X-NewRelic-App-Data
X-Region
X-RateLimit-Limit
X-Mode
X-Cache-Bucket
Country
Cache-Tag
X-Kinja-Server-Push
X-Amz-Replication-Status
X-Guploader-Uploadid
RATING
X-GUploader-UploadID
X-Distributor
Load-Balancing
X-EIG-Tracking-Id
X-Real-IP
Ohc-File-Size
X-Amzn-RequestId
X-Proto
X-Amz-Apigw-Id
ServerName
X-Source
X-Agile-Id
Fastly-SSL
X-Agile
X-BB-IP
GEO-INFO
X-Agile-Age
Mn-Server-Ip
X-Cache-Category-Id
Machine
X-ProxyCache-Status
X-ProxyCache-Key
X-Web-Node
X-Cache-Var-Map
X-Debug-Cache
X-Detected-As
X-Cache-HT
X-RemovedCookies
X-BYPASS-REASON
Cache-Key
X-Cache-Var
X-Rendered-As
X-Akamai-Request-ID
X-PERF
X-Time-Microsecs
X-ProcessESI
Cache-Name
X-Drupal-Cache-Contexts
L5d-Success-Class
X-Path-Route
X-Viewer-Country
X-Is-Bot
X-RN-RSRV
X-Grey
X-MP-GENERATED-AT
Healthy
X-Optimization
X-ApacheServer
Meta-Geo
X-JoinUs
X-TA-CDN-Provider
X-ServerID
X-Request-Time
X-CCM
X-TWH-CORRELATION-ID
Cache-Hits
X-NCache
X-Xfnlog-Site
X-PCL
Now
X-Human
X-Original-Request
X-OCL
X-Hit
X-Labrador-Cache-Channel
X-Generated
X-NodeID
X-CDN-Cache
X-Cluster-Node
Backend
X-Port
Access-Control-Allow-Method
X-Upgrade-Enabled
X-Webstats-RespID
X-Www-Served-By
Azure-RegionName
Azure-SiteName
X-Hosted-By
Selected-FE
X-Amz-Meta-Surrogate-Control
X-FC-Vary-Parameters
X-Timing-Wait
X-CCM-LastModified
Azure-Version
X-Edge-Location
X-Proxy-Build
Azure-InstanceId
Webcakes-Region
Property-Id
TWC-Locale-Group
TWC-Privacy
X-Render-Type
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Via-Fastly
TWC-Connection-Speed
TWC-Device-Class
X-Instance-Name
X-Pubstack
Azure-SlotName
Webcakes-App-Name
Webcakes-App-Version
S-Rt
X-Proxy
X-Origin-Hint
X-OVcl-Cache
X-OVcl
X-Access
X-AWS-Id
User-Cache-Control
X-App-Name
X-Generation-Time
X-SplitTest
X-Site-Version
X-Section
X-Surge-Debug
X-TNCMS
X-Zipkin-Id
X-VWS-Id
X-Varnish-Cacheable
X-Routing-Service
X-Esi
X-Format
X-Cache-Enabled
X-Birta-Cache-Post
X-Newrelic-Synthetics
X-IP
X-Meta-Tbi-Cache-Vertical
X-Loop
X-LJ-Flow-ID
X-Backend-Name
X-Birta-Served
LB
WP-Super-Cache
DB-Nickname
Countrycode
Fastcgi-Useragent
X-Ezoic-Cdn
X-Origin-CC
X-Real-Ip
X-Nginx-Cache
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
X-Tumblr-Pixel-3
X-Oneagent-Js-Injection
X-Dc
User-Agent
X-Time
Origin-Cache-Control
Origin-Edge-Control
Payment
X-Nc
X-L-Path
X-Litespeed-Cache
X-Tb
X-Environment-Context
X-UA-Device-Type
Ec-Rule-Version
RequestId
X-Unique-ID
Xserver
X-B3-Spanid
X-DataStream-Cache-Status
X-Skip-Cache
X-B3-TraceId
X-Varnish-Beresp-Status
X-NU-AKA-ACS-Version
X-Varnish-Beresp-Grace
Access-Control-Request-Headers
X-Servedby
X-NGENIX-Cache
X-CLOUD-TRACE-CONTEXT
X-WR-MODIFICATION
X-CACHE-AGE
NODE
X-Upstream-HT
Webserver
X-Upstream-CT
X-Be
Time
X-Correlation-ID
X-Vgn-Hpd-Reason
X-EdgeConnect-Cache-Status
X-Croise-Owner
X-Webkit-CSP
Warning
X-CS
X-Died
X-ElasticPress-Search
X-DPWN-IS-SECURE
X-From
X-G
X-Cache-Backend
X-Generated-In
X-Debug-Cookies
X-Debug-Log
X-Destination
X-Developer
X-D
X-Logtrace-Id
X-Var-Ttl
X-A
X-A-Ccd
X-NX-Host
X-S-Cookie
X-A-Dam
Ajk
Cache-Prefix
Fly-Request-Id
Request-Time
Fly-Cache
Resin-Trace
T-Server
X-A-Dcw
X-SRCache-Key
X-ARC
X-Cache-Host
X-Cache-Id
X-Cache-Expires
X-B-Cookie
X-A-Dgt
X-A-Wwc
X-Application
X-Dynatrace
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
IBM-Web2-Location
X-Oss-Object-Type
Ws
X-Status
X-StackifyID
Fastcgi-X-Cache-Version
Xc-Version
X-BB-ID
X-Fstrz
X-Cache-Time
X-Device-Os
X-Dispatcher-Server
Www
Fastly-Soc-X-Request-Id
V-Age
X-BBXSRF
X-Twitter-Response-Tags
X-Planisys-CDN-Cache
X-Release
X-Request-URI
X-PAYTM-SRV-ID
X-No-Session
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Rojux
X-Rewrite-Enabled
X-Region-Sid
X-Public
Apple-News-Services-Request-Url
X-ND-Cache
Apple-News-Services-Handled
X-Fastly-Cache
X-Connection-Hash
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Proxy-Connection
X-Haproxy-Ip
X-WebServer
X-Haproxy-Hostname
AKAMAI
Sta2Tusw
BehaviorPad-Version
X-User
X-VG-WebServer
X-CF-Lambda-Version
Release
Viewtype
X-Via-CDN
X-Via-Edge
X-We-Are-Hiring
VivaBuild
X-CF-Lambda-Fn
Meta-Geo-Continent
Fastcgi-X-Cache
X-Trv-Group
X-Server-Time
Memcached
X-Hash
X-Server-By
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Amz-Meta-Cache-Control
X-Transaction
MD5-Digest
Host-ID
X-Wix-Route-ID
X-UE-Client-Country
Cneonction
X-Fastcgi-Cache
X-Cache-Ttl
X-Varnish-Beresp-Ttl
X-Content-Type
X-Yottaa-Sig
UCS
X-F5-Cache
X-FireWall-Port
X-Core-Value
X-Cdn-Origin
Fastly-SIE
Dnion-Transfer-Encoding
X-CGP
X-Forwarded-Host
Drupal-Pagecache-Memcache
X-Eu-Site
X-GeoIP-City
X-Sorting-Hat-FeatureSet
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShopId
X-ShardId
X-Sorting-Hat-PodId-Cached
X-Sorting-Hat-PrivacyLevel
X-GeoIP-Country-Code
X-Gannett-Site-Version
X-Via-NSCOPI
X-Sorting-Hat-ShopId-Cached
X-Sorting-Hat-Section
X-Frame-Option
X-Cache-CFC
Uber-Trace-Id
Server-Int
X-Actual-URL
X-Amz-Meta-S3cmd-Attrs
Heartbleed
IsBot
NGX
Odigeo-Trace-Id
Pramga
Powered-By
Origin
Rendered-Blocks
Server-Host
HA-Urlpath
HA-Servedtime
HA-Cloudapp
HA-Geocity
GW-Server
X-S-Maxage
X-Cache-Debug
HA-Geocountry
HA-Geolat
HA-Host
HA-Ipaddr
Ha-Gx-Prefs
HA-Georegion
HA-Geolon
Fastly-SWR
X-Sorting-Hat-ShopId
X-Returned-From
X-UnsetCookies
X-Returned-From-BeforeDispatch
X-Sn-Servicetimems
X-Hl-Ver
X-IN-WAF
X-Stale
X-IN-APIGATEWAY
X-Returned-From-DLL
X-Crawler
X-ScT
X-Server-IP
X-Secret
X-Returned-From-PostProcessResponse
X-Wikidot-Backend
X-SIPLIST1
X-Wikidot-Static-Cache
Version
Server-ID
X-IN-SSL-APIGATEWAY
X-Passed-To-DLL
GMS-Ver
X-Passed-To-PostProcessResponse
X-Passed-To-BeforeDispatch
X-CSRF-Token
X-Trace-Id
X-Passed-To
X-Phone
Request-Country
X-Up
X-Auto-Login
Kp-EeAlive
X-Alternate-Cache-Key
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
Request-EU
X-RCS-CacheZone
NnCoection
X-TIME
X-C
X-Backend-Url
X-Block-Status
X-V
X-Ver
Thinkindot-Control
X-Bug-Bounty
Thinkindot-CacheControl
X-Accel-Expires-Debug
X-Date
Pragrma
Thinkindot-CacheControl-Type
X-Worker
X-VServer
X-Backend-State
X-Backend-Host
Who
Web-Mar-Node
X-Backend-TTL
X-Cdn-Srv
X-GoCache-CacheStatus
X-Reboot
X-Gen-Mode
X-Response-By
X-Fetched-On
X-Hnp-Log
X-Location
X-MSEdge-Flight
X-MI-In-Market
X-Matched-Rule
X-Node-Id
Platform
X-Epic-Correlation-Id
X-Env
X-Cache-Srv
X-Server-Group
X-Servername
X-ServiceProvider
X-Thinkindot-L3
X-Served-From
X-MSEdge-Features
X-Developers
X-Edge-IP
X-Core-Mission
X-Content-Age
X-Rocket-Nginx-Bypass
X-TT-LOGID
X-Ckpd-Fst-Backend
HTTPS
Httpd-Identifier
Cache-Cookie-Set-Idcheck
Is-Eu
Mime-Version
X-Origin-Expires
Content-Disposition
Cache-Cookie-Set-Lfrom
Fastly-Backend-Name
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
Esi-Enabled
X-Origin-Date
X-Info
CDCHOST
Backend-Name
Cache-Cookie-Set-From
MI-API
On-Server
Ohc-Response-Time
Country-Code
MI-Cache
Adler-Geo
PFcat
MI-Cache-Age
OT-Force-Account-Verify
X-Page-Type
NtCoent-Length
X-Cache-URL
Cache-Provider
X-Kong-Upstream-Latency
X-Platform
X-Clientip
X-RateLimit-Limit-Second
X-HCF
X-RateLimit-Remaining-Second
REQUESTUUID
X-Kong-Proxy-Latency
X-Cache-Control-Set-By
X-Thanos
X-Svr
Cteonnt-Length
X-Varnish-Id
X-Varnish-HitMiss
X-Bip
FSS-Cache
FSS-Proxy
X-LiteSpeed-Cache-Control
Arc-Country
X-Refresh
Apicache-Store
X-Req
Brightspot-Id
Ar-Sid
Apicache-Version
X-Amz-Meta-S3b-Last-Modified
X-Origin-TTL
X-Irp-Debug
X-P-T
WebServer
X-Ua
X-LB-Node
X-App-Version
X-Pjax-Url
Pagetype
X-Varnish-Url
X-Pf-Uncompressing
Processtime
X-LB-CacheStatus
X-ROOTCache
Sid
Accept-Ch
COMMERCE-SERVER-SOFTWARE
X-Ratelimit-Limit
X-Ruxit-Js-Agent
X-Request-UUID
PageType
X-DC
X-Request-Start
X-From-Cache
X-EC-Security-Audit
Memory
X-Endurance-Cache-Level
X-Amz-Meta-Sha256
If-Modified-Since
X-Ratelimit-Remaining
Dynatrace
X-Load-Cache
Cdn
X-Cache-ASPX
GeoIp-Country-Code
X-Varnish-Action
X-Fastly-Backend-Reqs
Geoip-City
Geoip-Latitude
X-NC
X-Layer
PICS-Label
SN
X-Redis-Cache
X-Atg-Version
X-Cdn-Forward
BORDER-IP
Edgecast
X-COUNTRY
X-GRACE
CF-IPCountry
X-Csrf-Token
PROCESSING-IP
X-Rocket-Nginx-Serving-Static
X-Varnish-Beresp-TTL
MIME-Version
X-Cache-Handler
X-GDPR
Frame-Options
X-ServedByHost
X-Tid
X-Nananana
X-RequestId
X-Requestid
X-TId
NodeID
X-Fastly-Cache-Hits
X-Key
X-Servedbyhost
X-Owner
X-B3-SpanId
X-Resolver-IP
X-NWS-UUID-VERIFY
X-HS-Hub-Id
Dont-Set-Cookie
X-Cf-Powered-By
X-BE
X-Cache-TTL
X-Wix-Petri-Ex
X-Rule
Pics-Label
Cf-Ipcountry
X-Sf
Web-Mar-Region
X-Server-W
CACHE
ProcessTime
X-ABtesting
GeoIP-Country-Code
X-HTML-Minification-Powered-By
X-Sentry-ID
X-Flog
WZWS-RAY
GeoIP-City
RNT-Time
RNT-Machine
GeoIP-Latitude
Node
CDN
X-Tec-Api-Origin
X-Tec-Api-Version
X-SERVER-NAME
X-Tec-Api-Root
X-VG-WebCache
X-FORWARDED-FOR
Get-Access-Time
Lfy
We-Hiring
Mail-Subject
X-DataStream-MidMile-RTT
Is-Session-Tracking
X-Powered-By-ANYU
X-DataStream-Origin-MEX-Latency
PageSpeed
X-Shard
X-Varnish-Ttl
X-CDN-Pop
XServer
X-Dynatrace-Js-Agent
X-CDN-Pop-IP
Max-Age
X-Use-Magma
X-Mem
X-SRV
X-ByteArk-Cache
Powered
DataCenter
X-GZIP
Cache-Tags
Accept-CH
X-Cache-FS-Status
Magicmarker
URI
X-Varnish-URL
X-GEO
X-UPSTREAM-Address
X-Check-Cacheable
X-Front
X-PF-Uncompressing
X-Powered-By-Defense
X-Unique-Id
X-Dw-Trace-Id
Xet-Cookie
X-PJAX-URL
X-Gdpr
Amp-Access-Control-Allow-Source-Origin
X-Trv-Request-Id
X-Cookie
X-Micro-Cache
X-Ms-Blob-Type
X-Oa-Upstreams
X-Zalando-Page-Type
X-Zalando-Child-Request-Id
X-Ms-Version
Hostname
X-NGINX-Cache
X-Ms-Lease-Status
X-Ms-Request-Id
X-Remote-IP
V-Cache
Group
X-VarnPar1
X-VC
X-Fe
X-VarnPar2
X-Aicache-OS
Requestid
RequestUuid
X-SB
X-VarnCache
X-Varnish-ID
X-Safe-Firewall
X-HGenerator
X-PAGE-TYPE
X-Proxy-Server
Rt-Proxy-Cache
X-PARISIEN-Cache-Rendered
N-Cache
X-Acquia-Application-Trace
X-Acquia-Application-UUID
WS
X-Qnm-Cache
WWW-Authenticate
X-Alicdn-Da-Ups-Status
CF-Cached-On
X-RAMCache
X-Hello
X-M-Log
X-M-Reqid
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-ProxyCache-Args
SID
X-Litespeed-Tag