Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
X-Xss-Protection
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
Alt-Svc
Status
X-AspNetMvc-Version
X-Cache-Status
X-DNS-Prefetch-Control
X-Check
P3p
X-Iinfo
X-Adblock-Key
X-FRAME-OPTIONS
X-CDN
Timing-Allow-Origin
X-Content-Security-Policy
X-Permitted-Cross-Domain-Policies
X-Turbo-Charged-By
Content-Encoding
X-Template
X-Language
Keep-Alive
X-Type
X-AH-Environment
X-Via
CF-Ray
X-Cache-Group
X-Backend
WPE-Backend
X-Request-ID
X-Pass-Why
X-Buckets
X-Age
X-Server
X-Nginx-Cache-Status
Access-Control-Max-Age
X-Server-Powered-By
X-Pingback
Xkey
X-Varnish-Cache
Grace
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Expose-Headers
X-Hacker
X-UA-Device
X-Amz-Request-Id
X-Page-Speed
Cf-Railgun
X-Amz-Id-2
X-Proxy-Cache
X-Robots-Tag
EagleId
X-Envoy-Upstream-Service-Time
Request-Context
X-Node
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Ac
X-Device
X-Cnection
X-Host
Ali-Swift-Global-Savetime
Content-Location
X-Amz-Version-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Server-Id
Surrogate-Control
X-Backend-Server
X-OneAgent-JS-Injection
X-Cache-Lookup
X-Rack-Cache
X-Response-Time
X-Px
X-Instart-Request-ID
Request-Id
Server-Timing
X-Readtime
X-Rq
X-CST
X-Clacks-Overhead
Pinterest-Generated-By
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
X-HeyJason
EagleEye-TraceId
X-Ua-Compatible
X-Url
Edge-Control
X-Application-Context
X-Cloud-Trace-Context
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-MS-InvokeApp
X-Country
Report-To
X-Server-Name
Charset
X-DynaTrace-JS-Agent
SPRequestGuid
X-Country-Code
Allow
X-DataDome
X-SharePointHealthScore
X-Ruxit-JS-Agent
X-ESI
Rating
X-Varnish-TTL
X-TtlSet
X-Vname
X-PC
X-Cached
X-Powered-CMS
X-Powered-By-Plesk
X-Recruiting
X-CF-Powered-By
X-FTR-Request-ID
X-TTL
X-Vhost
NEL
X-D2id
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-DynaTrace
Public-Key-Pins
X-Kinja-Build
X-Kinja-Revision
X-Geo-Segment
X-Kinja-Server
X-Kinja
X-Pinterest-Rid
X-Upstream-Env
X-Cdn-Fetch
Pinterest-Version
X-Exp-Variant
X-Exp-Id
X-F-Cache
X-Version
X-N
X-VARITI-CCR
X-T
X-GoogleNews-Bot
Cartoon
SPRequestDuration
SPIisLatency
X-Dw-Request-Base-Id
X-Mod-Pagespeed
Content-MD5
X-Abt-Application-Version
RTSS
MS-Author-Via
Nginx-Cache
Feature-Policy
Verso
X-GitHub-Request-Id
X-Dispatcher
X-Goog-Hash
X-Ttl
X-Navigation-Version
X-SRCache-Store-Status
MicrosoftSharePointTeamServices
X-SRCache-Fetch-Status
AR-CACHE
AR-PoweredBy
AR-ATIME
X-Amz-Rid
X-Client-IP
Realpath
X-Hits
X-Forwarded-Proto
X-Shield-Request-Id
X-Origin-Cache
X-Cdn
X-Trace
Paypal-Debug-Id
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Content-Options
X-Content-Digest
X-Grace
X-Zen-Fury
X-Id
X-Server-ID
X-Kinsta-Cache
TCN
X-B
Arr-Disable-Session-Affinity
DynaTrace
AR-SID
Alternate-Protocol
X-Varnish-Age
X-Cache-Key
X-Sol
Fastcgi-Cache
X-Upstream
MRF-Tech
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Mrf-Section-Lastmod
Access-Control-Request-Method
X-FastCGI-Cache
X-Ser
Display
X-Middleton-Display
X-Pad
PB-RID
PB-PID
X-Acc-Meta-Resource-Type
X-Fastly-Request-ID
X-Mobile-Rewrite
X-NF-Request-ID
X-Nf-Srv-Version
X-Via-JSL
X-DIS-Request-ID
Response
X-Middleton-Response
X-User-Agent
X-Vcap-Request-Id
Pagespeed
X-Forwarded-For
X-MSEdge-Ref
Front-End-Https
Rt-Fastcgi-Cache
Eomportal-Instance
X-Cache-Rule
X-PressLabs-Stats
X-Frontend
Arc-Version
X-IPLB-Instance
X-SS-Set-Cookie
X-Cache-Hit
X-Logged-In
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-VCache
Server-Name
X-Whom
X-Hostname
X-XRDS-Location
Host
Surrogate-Key
Tracecode
X-Country-Code-Real
X-FTR-Expires
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
S
X-Request-Received
X-Request-Processing-Time
Backend-Timing
X-Analytics
Cache-Status
X-Debug
X-HS-Content-Id
X-AOL-HN
X-Instance
TP-Cache
TP-L2-Cache
X-Contextid
Refresh
X-Az
X-Proxied
X-Magnolia-Registration
X-AppVersion
X-Litespeed-Cache
X-Activity-Id
ServerID
FilterID
X-Rid
Public-Key-Pins-Report-Only
X-Wix-Server-Artifact-Id
X-Srv
X-XRDS-LOCATION
X-HW
X-B3-Traceid
Server-Info
X-UUID
HitType
HitInfo
X-Newrelic-App-Data
X-WPE-Loopback-Upstream-Addr
Cleartype
X-URL
X-APP-VERSION
X-FTR-Cache-Host
Service-Worker-Allowed
Liferay-Portal
X-Mobile
AMP-Access-Control-Allow-Source-Origin
X-Varnish-Server
X-Content-Security-Policy-Report-Only
X-Cache-Control
Served-By
X-Varnish-Backend
X-Cache-Server
X-Revision
X-Amzn-Trace-Id
Source
X-PHP-Backend
X-Request-Guid
Server-Node
Host-Header
X-App-Environment
X-PC-Hit
X-PC-Key
X-PC-AppVer
X-Geo-Country
X-Hail-Hydra
X-BCube-Filmed-By
X-NWS-LOG-UUID
Retry-After
Accept-Charset
MS-CV
X-Origin-Upstream-Status
X-Handled-By
X-TT
X-RateLimit-Remaining
X-Device-Type
X-Cache-2
X-Varnish-Hostname
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
DC
X-Cache-Operation
X-B-Cache
Powered-By-ChinaCache
X-Framework
X-Signature
X-Cache-Config
X-FB-Debug
Edge-Cache-Tag
X-HS-Cache-Config
S-Cnection
X-Page-Id
X-Origin
X-Origin-Server
X-Correlation-Id
Fastly-Restarts
X-Cache-Action
X-Debug-Info
X-Sucuri-ID
X-TT-TIMESTAMP
X-Ocache
Viewport
X-PC-Host
X-PC-Date
X-ATG-Version
Actual-Object-TTL
X-B3-Sampled
X-Hyper-Cache
X-Cached-By
X-WA-Info
X-Shield-Cache-Expires
X-ADI-VCache
NGB
X-Content-Powered-By
X-Webkit-Csp
X-Microcachable
X-Accel-Expires
X-Akam-SW-Version
X-Drupal-Cache-Tags
X-LB-Cache
Upgrade-Insecure-Requests
Filters
X-Cache-NE
X-NewRelic-App-Data
AsisCache
SRV
X-Generated-By
ServedBy
X-Yottaa-Metrics
X-App-Server
X-Yottaa-Optimizations
X-FW-Serve
X-FW-Hash
X-Cacheable-TTL
X-FW-Static
X-Internal-Host
X-RTag
X-RequestSource
X-Locale
Cache
X-FW-Type
X-FW-Server
X-Distil-CS
X-Wix-Request-Id
X-GeoIP
X-Seen-By
X-Tumblr-Pixel-1
Content-Script-Type
Content-Style-Type
X-Tumblr-Pixel-2
X-WebKit-CSP-Report-Only
X-Jobs
X-Accel-Buffering
X-S
X-Amz-Server-Side-Encryption
X-TX-ID
X-Cluster
X-ServedBy
X-Node-Name
X-GUploader-UploadID
X-Varnish-Hits
X-Geo
From-Origin
X-UA
X-Varnish-Grace
X-Akamai-Edgescape
X-RateLimit-Limit
X-Sucuri-Cache
X-Varnish-Cache-Hits
X-Cache-Age
X-CDN-Forward
X-Adobe-Content
X-Adobe-Loc
X-Varnish-IP
X-Platform-Server
X-GZip
X-HS-Combine-CSS
X-Vg-Webcache
X-Dns-Prefetch-Control
Datacenter
X-Cache-TTL-Remaining
X-CLOUD-TRACE-CONTEXT
X-Edge-Cache-Key
X-Edge-Cache
Cache-Tag
X-Real-IP
X-Storage
X-Cache-Remote
X-Akamai-Transformed
X-Mode
X-Region
X-Esi
X-Drupal-Cache-Contexts
X-Daa-Tunnel
X-Amz-Replication-Status
X-Source
HostName
X-Distributor
X-Rendered-As
X-RN-RSRV
X-Cache-Var-Map
X-Detected-As
X-MP-GENERATED-AT
X-ProcessESI
X-Is-Bot
X-Cache-Var
X-RemovedCookies
Machine
X-Path-Route
Meta-Geo
Load-Balancing
X-Amzn-RequestId
Fastly-SSL
X-Amz-Apigw-Id
ServerName
X-Proxy
X-NCache
X-PERF
X-BB-IP
X-Upgrade-Enabled
X-Time-Microsecs
X-TWH-CORRELATION-ID
X-Webstats-RespID
Cache-Key
X-CDN-Cache
X-Cache-Category-Id
GEO-INFO
X-OCL
X-Akamai-Request-ID
X-Grey
X-PCL
X-Agile-Id
X-Agile-Age
X-Agile
X-Kinja-Server-Push
X-Viewer-Country
X-Web-Node
Mn-Server-Ip
X-ApacheServer
L5d-Success-Class
X-OVcl-Cache
Azure-RegionName
X-Amz-Meta-Surrogate-Control
Azure-InstanceId
Azure-SiteName
Azure-SlotName
Azure-Version
Backend
Ohc-File-Size
X-Original-Request
X-Cluster-Node
X-Human
X-Edge-Location
X-Via-Fastly
X-FC-Vary-Parameters
S-Rt
Country
X-Pubstack
X-Proto
X-Instance-Name
X-Debug-Cache
X-OVcl
X-NodeID
X-EIG-Tracking-Id
Webcakes-App-Version
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-LatLong
User-Cache-Control
Webcakes-App-Name
TWC-Connection-Speed
Property-Id
TWC-Privacy
TWC-Locale-Group
X-LJ-Flow-ID
X-Optimization
X-Generation-Time
X-Meta-Tbi-Cache-Vertical
X-Format
X-Origin-Hint
X-Hosted-By
X-Section
X-IP
X-SplitTest
X-ServerID
X-Routing-Service
X-Site-Version
X-Port
X-VWS-Id
X-Birta-Cache-Post
X-Birta-Served
X-AWS-Id
X-App-Name
X-Access
X-Cache-HT
X-CCM
X-Www-Served-By
X-Zipkin-Id
X-Xfnlog-Site
X-CCM-LastModified
Webcakes-Region
LB
Healthy
User-Agent
Cache-Name
DB-Nickname
Cache-Hits
X-ProxyCache-Status
X-Labrador-Cache-Channel
X-Loop
Access-Control-Allow-Method
X-Varnish-Cacheable
X-TNCMS
X-ProxyCache-Key
Now
Fastcgi-Useragent
X-BYPASS-REASON
X-JoinUs
X-Generated
Selected-FE
X-Timing-Wait
X-Proxy-Build
X-Tb
X-Request-Time
Countrycode
Payment
X-Backend-Name
X-Tumblr-Pixel-3
X-Guploader-Uploadid
Ec-Rule-Version
X-Cache-Bucket
RATING
X-Surge-Debug
X-Dc
X-Ezoic-Cdn
X-Origin-CC
X-Hit
X-Unique-ID
X-Correlation-ID
WP-Super-Cache
X-Cache-Enabled
X-DataStream-Cache-Status
X-Time
X-Render-Type
X-TA-CDN-Provider
X-B3-Spanid
X-Oracle-Dms-Ecid
Origin-Edge-Control
X-Oneagent-Js-Injection
Origin-Cache-Control
X-Oracle-Dms-Rid
X-Real-Ip
X-Newrelic-Synthetics
X-Feature
X-UA-Device-Type
X-Nginx-Cache
X-Nc
X-Environment-Context
RequestId
X-L-Path
NODE
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-CACHE-AGE
X-NU-AKA-ACS-Version
X-Skip-Cache
X-B3-TraceId
X-Be
X-Status
X-Content-Type
X-NGENIX-Cache
X-WR-MODIFICATION
Access-Control-Request-Headers
X-COUNTRY
Webserver
X-Vgn-Hpd-Reason
X-Servedby
Xserver
X-Cache-Backend
X-EdgeConnect-Cache-Status
X-ElasticPress-Search
Ws
X-Upstream-HT
Apicache-Store
Warning
Time
X-Upstream-CT
Apicache-Version
Ajk
Fastcgi-X-Cache-Version
Apple-News-Services-Request-Url
MD5-Digest
Cache-Prefix
Fastcgi-X-Cache
Host-ID
Fastly-Soc-X-Request-Id
X-GoCache-CacheStatus
Fly-Cache
Resin-Trace
Memcached
Meta-Geo-Continent
Apple-News-Services-Host
BehaviorPad-Version
Fly-Request-Id
Sta2Tusw
Apple-News-Services-Handled
Www
Apple-News-Services-Parsed-Url
VivaBuild
GMS-Ver
T-Server
Viewtype
AKAMAI
X-Connection-Hash
X-Rojux
X-Rewrite-Enabled
X-S-Cookie
X-Server-By
X-Server-Time
X-Region-Sid
X-Public
X-PAYTM-SRV-ID
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-SRCache-Key
X-SVT-ORM-RULES
X-Via-Edge
X-Via-CDN
X-We-Are-Hiring
X-Wix-Route-ID
Xc-Version
X-VG-WebServer
X-User
X-SVT-ORM-VERSION
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
X-No-Session
X-ND-Cache
X-B-Cookie
X-ARC
X-BB-ID
X-BBXSRF
X-CF-Lambda-Fn
X-Application
X-A-Wwc
X-A-Ccd
X-A-Dam
X-A-Dcw
X-A-Dgt
X-CF-Lambda-Version
X-D
X-Generated-In
X-G
X-Haproxy-Hostname
X-Haproxy-Ip
X-Logtrace-Id
X-From
X-Fastly-Cache
X-Date
X-Destination
X-Developer
X-Died
X-A
X-Accel-Expires-Debug
X-HS-Hub-Id
IBM-Web2-Location
Server-Int
Request-Time
Rendered-Blocks
X-Fstrz
Uber-Trace-Id
UCS
Fastly-SWR
Release
Origin
X-IN-APIGATEWAY
X-NX-Host
X-IN-SSL-APIGATEWAY
X-SIPLIST1
X-Sn-Servicetimems
V-Age
IsBot
X-IN-WAF
X-Trace-Id
X-Cdn-Origin
X-Debug-Cookies
X-Debug-Log
X-Var-Ttl
X-Up
X-Core-Value
X-CS
X-Cache-Id
X-Cache-Host
X-Wikidot-Static-Cache
X-F5-Cache
Fastly-SIE
X-Wikidot-Backend
X-Amz-Meta-Cache-Control
X-Cache-Expires
X-DPWN-IS-SECURE
X-Forwarded-Host
NGX
X-ScT
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Request-URI
X-Phone
X-C
X-Cache-Ttl
X-TIME
OT-Force-Account-Verify
X-Webkit-CSP
X-Worker
Who
X-Served-From
X-Eu-Site
X-Epic-Correlation-Id
X-WebServer
Cneonction
X-FireWall-Port
X-Reboot
X-RCS-CacheZone
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Stale
X-Servername
Cache-Cookie-Set-From
X-Auto-Login
Thinkindot-Control
X-Server-IP
X-Actual-URL
X-Thinkindot-L3
X-Frame-Option
X-Server-Group
Backend-Name
Web-Mar-Node
X-Amz-Meta-S3cmd-Attrs
X-V
X-Cdn-Srv
X-Returned-From-BeforeDispatch
X-Returned-From
X-Via-NSCOPI
X-Cache-Time
X-UE-Client-Country
X-Returned-From-DLL
X-Content-Age
X-Returned-From-PostProcessResponse
X-UnsetCookies
X-Ckpd-Fst-Backend
X-CGP
X-TT-LOGID
X-Cache-Debug
X-Backend-Host
X-Backend-State
X-VServer
Fastly-Backend-Name
X-Edge-IP
X-Backend-TTL
X-Backend-Url
X-Bug-Bounty
X-Cache-CFC
X-Block-Status
X-Developers
X-Device-Os
X-Env
Server-Host
HA-Host
HA-Ipaddr
Ha-Gx-Prefs
HA-Georegion
HA-Geolon
HA-Servedtime
HA-Urlpath
Decoy-Debug-Key
Content-Disposition
HTTPS
Httpd-Identifier
Heartbleed
HA-Geolat
HA-Geocountry
Esi-Enabled
X-Passed-To
X-Passed-To-BeforeDispatch
X-Passed-To-PostProcessResponse
X-Passed-To-DLL
Decoy-Debug-TTL
Decoy-Debug-Status
HA-Geocity
HA-Cloudapp
GW-Server
X-Node-Id
X-Matched-Rule
X-MI-In-Market
CDCHOST
On-Server
Ohc-Response-Time
Odigeo-Trace-Id
X-Hnp-Log
Cache-Cookie-Set-Lfrom
Proxy-Connection
Pramga
Powered-By
X-ServiceProvider
MI-Cache-Age
MI-Cache
X-Gen-Mode
X-Location
X-GeoIP-City
Cache-Cookie-Set-Idcheck
X-GeoIP-Country-Code
X-Varnish-Beresp-Ttl
X-ShopId
NtCoent-Length
X-Sorting-Hat-ShopId-Cached
X-Origin-Expires
X-Origin-Date
X-ShardId
X-Sorting-Hat-ShopId
X-Sorting-Hat-PrivacyLevel
X-Dispatcher-Server
X-Sorting-Hat-PodId-Cached
X-Sorting-Hat-PodId
X-Release
X-Sorting-Hat-Section
X-Shopify-Stage
X-Hash
X-Sorting-Hat-FeatureSet
X-Fetched-On
X-Croise-Owner
X-Response-By
X-Alternate-Cache-Key
Platform
PFcat
X-Bip
Pragrma
Request-Country
REQUESTUUID
Request-EU
X-Clientip
X-Core-Mission
X-Rocket-Nginx-Bypass
X-Thanos
Adler-Geo
X-Info
X-Hl-Ver
X-Crawler
Is-Eu
Server-ID
Kp-EeAlive
X-Cache-Srv
X-Ver
X-Varnish-Id
NnCoection
X-StackifyID
X-Cache-Control-Set-By
X-S-Maxage
X-Varnish-HitMiss
X-Refresh
X-Page-Type
X-HCF
X-Cache-URL
X-MSEdge-Features
X-MSEdge-Flight
X-Platform
X-Req
X-Secret
X-Svr
X-P-T
Mime-Version
MI-API
X-Gannett-Site-Version
Cache-Provider
Country-Code
X-Fastcgi-Cache
Drupal-Pagecache-Memcache
Processtime
X-Amz-Meta-S3b-Last-Modified
X-Pf-Uncompressing
X-Csrf-Token
X-Oss-Hash-Crc64ecma
Dnion-Transfer-Encoding
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Server-Time
Accept-Ch
X-Cache-ASPX
X-Pjax-Url
Version
Pagetype
X-NC
X-Origin-TTL
Memory
X-EC-Security-Audit
X-Amz-Meta-Sha256
Ar-Sid
X-RateLimit-Remaining-Second
SN
X-RateLimit-Limit-Second
GeoIp-Country-Code
Geoip-Latitude
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
WebServer
Geoip-City
X-App-Version
X-Yottaa-Sig
Cteonnt-Length
X-Wix-Petri-Ex
X-From-Cache
FSS-Cache
X-Varnish-Url
Arc-Country
X-LiteSpeed-Cache-Control
FSS-Proxy
X-Ruxit-Js-Agent
Dont-Set-Cookie
X-Rule
X-DC
X-Irp-Debug
X-Cache-Handler
PICS-Label
Brightspot-Id
X-CSRF-Token
COMMERCE-SERVER-SOFTWARE
MIME-Version
X-LB-CacheStatus
CF-IPCountry
X-LB-Node
PageType
X-Redis-Cache
X-Ua
X-Dynatrace
X-Load-Cache
Cdn
X-Varnish-Beresp-TTL
X-ROOTCache
Sid
X-Request-Start
X-Ratelimit-Remaining
X-Endurance-Cache-Level
If-Modified-Since
Edgecast
X-Request-UUID
XServer
X-SERVER-NAME
X-GRACE
X-Fastly-Backend-Reqs
BORDER-IP
X-Sf
PROCESSING-IP
X-Cdn-Forward
X-Requestid
X-Atg-Version
X-TId
X-Servedbyhost
RNT-Machine
RNT-Time
X-Varnish-Action
X-Ratelimit-Limit
X-Tid
X-Layer
X-GDPR
X-ServedByHost
X-RequestId
Dynatrace
Powered
X-Rocket-Nginx-Serving-Static
X-Resolver-IP
X-B3-SpanId
Frame-Options
CDN
X-Nananana
X-Cache-TTL
X-Fastly-Cache-Hits
Cache-Tags
X-BE
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
Pics-Label
Cf-Ipcountry
NodeID
Amp-Access-Control-Allow-Source-Origin
CACHE
X-Gdpr
X-Key
X-Owner
X-Tec-Api-Version
Node
X-Tec-Api-Root
X-Tec-Api-Origin
X-HTML-Minification-Powered-By
X-Server-W
Mail-Subject
We-Hiring
DataCenter
PageSpeed
X-Shard
X-Dynatrace-Js-Agent
GeoIP-City
X-VG-WebCache
X-UPSTREAM-Address
Web-Mar-Region
GeoIP-Latitude
X-Varnish-Ttl
GeoIP-Country-Code
X-Ms-Blob-Type
X-Ms-Request-Id
X-Use-Magma
X-Ms-Lease-Status
X-Ms-Version
X-ABtesting
X-Flog
Lfy
Hostname
X-Sentry-ID
X-Varnish-URL
ProcessTime
X-GZIP
X-Aicache-OS
URI
Accept-CH
WZWS-RAY
X-Powered-By-ANYU
X-Alicdn-Da-Ups-Status
X-VG-TLSProxy
Max-Age
Is-Session-Tracking
X-PJAX-URL
True-Client-Country-4JS
X-CDN-Pop-IP
X-GEO
X-PF-Uncompressing
Get-Access-Time
X-CDN-Pop
Xet-Cookie
X-Dw-Trace-Id
X-NWS-UUID-VERIFY
X-NGINX-Cache
X-Policy
X-Swa-Ws
X-Edge-Server
X-Trv-Request-Id
X-Front
X-Check-Cacheable
Cdn-Request-Time
Cdn-Host
X-Oa-Upstreams
X-Cookie
X-Mem
X-Unique-Id
X-Powered-By-Defense
GEO-REGION-INFO
X-Cache-FS-Status
X-PAGE-TYPE
X-Ms-Lease-State
Requestid
X-Remote-IP
X-Varnish-ID
X-Org
RequestUuid
Rt-Proxy-Cache
X-RPS
X-RPM
X-RSL
V-Cache
X-VID
X-Proxy-Server
Group
Magicmarker
X-DI
X-Hello
X-Fe
WS
CF-Cached-On
X-Litespeed-Tag
X-RAMCache
X-Akamai-ERRuleID
X-Akamai-ERPolicy
SID
X-DSS
X-DB
X-Acquia-Application-Trace
X-Litespeed-Cache-Control
X-Acquia-Application-UUID
X-DW