Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
Referrer-Policy
X-Request-Id
X-Xss-Protection
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
Alt-Svc
Status
X-AspNetMvc-Version
X-Cache-Status
X-DNS-Prefetch-Control
P3p
X-Check
X-Iinfo
X-FRAME-OPTIONS
X-Adblock-Key
X-CDN
Timing-Allow-Origin
X-Content-Security-Policy
X-Permitted-Cross-Domain-Policies
X-Turbo-Charged-By
Content-Encoding
X-Template
Keep-Alive
X-Language
X-Type
X-AH-Environment
X-Request-ID
X-Via
X-Cache-Group
X-Backend
WPE-Backend
X-Pass-Why
X-Age
X-Buckets
X-Server
X-Nginx-Cache-Status
Access-Control-Max-Age
X-Server-Powered-By
X-Pingback
Xkey
X-Varnish-Cache
Grace
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Expose-Headers
X-Hacker
X-UA-Device
X-Amz-Request-Id
Cf-Railgun
X-Page-Speed
X-Amz-Id-2
X-Proxy-Cache
X-Robots-Tag
EagleId
X-Envoy-Upstream-Service-Time
Request-Context
X-Node
X-LiteSpeed-Cache
X-Ac
X-Swift-CacheTime
X-Swift-SaveTime
X-Device
X-Cnection
Ali-Swift-Global-Savetime
X-Host
X-Amz-Version-Id
Content-Location
X-WebKit-CSP
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Server-Id
X-Backend-Server
Surrogate-Control
X-OneAgent-JS-Injection
X-Cache-Lookup
X-Rack-Cache
X-Response-Time
X-Px
X-Instart-Request-ID
Server-Timing
X-CST
Request-Id
X-Readtime
X-Rq
X-Url
X-Clacks-Overhead
Pinterest-Generated-By
X-Ua-Compatible
Permitted-Cross-Domain-Policies
X-HeyJason
X-Do-Not-Hack
EagleEye-TraceId
Edge-Control
X-Application-Context
X-Country
X-Cloud-Trace-Context
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-MS-InvokeApp
Report-To
X-Server-Name
Charset
X-ESI
SPRequestGuid
X-Country-Code
X-DynaTrace-JS-Agent
Allow
X-DataDome
X-SharePointHealthScore
Rating
X-Varnish-TTL
X-PC
X-TtlSet
X-Vname
X-Ruxit-JS-Agent
X-Cached
X-Powered-CMS
X-Powered-By-Plesk
X-Recruiting
X-DynaTrace
X-CF-Powered-By
X-FTR-Request-ID
X-Vhost
NEL
X-D2id
X-Ttl
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-F-Cache
X-Geo-Segment
X-Exp-Variant
X-Exp-Id
X-Kinja-Server
X-Cdn-Fetch
X-Kinja
X-Kinja-Revision
X-Kinja-Build
X-Pinterest-Rid
X-Upstream-Env
Pinterest-Version
Public-Key-Pins
X-Version
X-T
Cartoon
X-VARITI-CCR
X-GoogleNews-Bot
X-N
X-Dw-Request-Base-Id
SPIisLatency
SPRequestDuration
X-Mod-Pagespeed
X-Abt-Application-Version
RTSS
Verso
Feature-Policy
X-TTL
Content-MD5
MS-Author-Via
Nginx-Cache
X-GitHub-Request-Id
X-Dispatcher
X-Goog-Hash
X-Navigation-Version
X-Client-IP
X-Amz-Rid
X-Forwarded-Proto
X-SRCache-Store-Status
X-SRCache-Fetch-Status
MicrosoftSharePointTeamServices
X-Hits
Realpath
X-Cdn
X-Origin-Cache
X-Shield-Request-Id
AR-ATIME
AR-PoweredBy
AR-CACHE
X-Trace
Paypal-Debug-Id
X-Server-ID
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Content-Options
DynaTrace
X-TEC-API-VERSION
X-Grace
X-Id
X-Content-Digest
X-Kinsta-Cache
X-Zen-Fury
X-B
TCN
Arr-Disable-Session-Affinity
X-Varnish-Age
Alternate-Protocol
X-Cache-Key
X-Sol
Fastcgi-Cache
AR-SID
X-Upstream
Mrf-Cache-Status
MRF-Tech
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-Acc-Meta-Resource-Type
Access-Control-Request-Method
X-Pad
X-Mobile-Rewrite
PB-RID
PB-PID
Display
X-Middleton-Display
X-FastCGI-Cache
X-Fastly-Request-ID
X-Ser
X-NF-Request-ID
X-Nf-Srv-Version
X-Via-JSL
X-Vcap-Request-Id
Pagespeed
Response
X-Middleton-Response
X-DIS-Request-ID
X-User-Agent
X-MSEdge-Ref
X-Forwarded-For
Eomportal-Instance
Rt-Fastcgi-Cache
X-Frontend
Arc-Version
X-Cache-Rule
X-PressLabs-Stats
X-XRDS-LOCATION
Front-End-Https
X-Cache-Hit
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Metageneration
X-Logged-In
X-SS-Set-Cookie
X-IPLB-Instance
X-VCache
Server-Name
S
X-Hostname
Surrogate-Key
Host
X-Whom
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-DC
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Realm
X-FTR-Expires
Tracecode
X-Request-Received
X-Request-Processing-Time
X-Litespeed-Cache
X-Analytics
Backend-Timing
X-HS-Content-Id
X-Instance
X-Debug
X-Magnolia-Registration
X-AOL-HN
TP-L2-Cache
TP-Cache
Cache-Status
X-HW
Refresh
X-Rid
X-Contextid
X-Proxied
X-Activity-Id
X-AppVersion
X-Srv
X-Az
ServerID
FilterID
Public-Key-Pins-Report-Only
X-Wix-Server-Artifact-Id
Cleartype
HitInfo
HitType
Server-Info
X-UUID
X-B3-Traceid
X-WPE-Loopback-Upstream-Addr
X-XRDS-Location
AMP-Access-Control-Allow-Source-Origin
X-Varnish-Backend
X-FTR-Cache-Host
X-Content-Security-Policy-Report-Only
X-Varnish-Server
X-Mobile
X-APP-VERSION
X-Cache-Control
Service-Worker-Allowed
Served-By
X-Newrelic-App-Data
X-Correlation-Id
Liferay-Portal
X-Origin-Upstream-Status
Accept-Charset
X-TT
Source
X-Amzn-Trace-Id
X-Cache-Server
X-Revision
X-PC-AppVer
X-App-Environment
X-Hail-Hydra
X-PC-Hit
X-Geo-Country
X-Tumblr-User
Server-Node
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Request-Guid
X-BCube-Filmed-By
X-PC-Key
X-B-Cache
MS-CV
X-Framework
X-Device-Type
X-FB-Debug
X-Handled-By
X-Page-Id
X-Signature
Retry-After
X-PHP-Backend
Host-Header
X-Varnish-Hostname
DC
X-Cache-Operation
X-Cache-2
X-Cache-Config
X-Origin-Server
Powered-By-ChinaCache
X-ATG-Version
Viewport
X-RateLimit-Remaining
X-Origin
S-Cnection
X-Cache-Action
X-HS-Cache-Config
Edge-Cache-Tag
X-Debug-Info
X-TT-TIMESTAMP
Fastly-Restarts
X-Ocache
X-Cached-By
X-NewRelic-App-Data
X-NWS-LOG-UUID
X-B3-Sampled
X-PC-Date
X-PC-Host
X-Sucuri-ID
Actual-Object-TTL
X-WA-Info
X-Hyper-Cache
NGB
X-LB-Cache
X-Akam-SW-Version
X-Drupal-Cache-Tags
X-Microcachable
X-Content-Powered-By
X-Shield-Cache-Expires
X-ADI-VCache
X-Accel-Expires
X-Cache-Age
X-Generated-By
SRV
Upgrade-Insecure-Requests
X-Cache-NE
Filters
AsisCache
X-App-Server
X-Distil-CS
ServedBy
X-WebKit-CSP-Report-Only
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Yottaa-Optimizations
X-Locale
Cache
X-FW-Static
X-FW-Server
X-Jobs
X-Internal-Host
X-Yottaa-Metrics
X-FW-Type
X-RequestSource
X-FW-Hash
X-RTag
X-FW-Serve
X-Cluster
X-Seen-By
Content-Script-Type
Content-Style-Type
X-Wix-Request-Id
X-Cacheable-TTL
X-GeoIP
X-Node-Name
X-Accel-Buffering
X-S
X-Varnish-Hits
X-Geo
X-Amz-Server-Side-Encryption
X-TX-ID
From-Origin
Datacenter
X-Varnish-Grace
X-UA
X-Varnish-Cache-Hits
X-CLOUD-TRACE-CONTEXT
X-Platform-Server
X-RateLimit-Limit
X-Adobe-Content
X-GZip
X-Adobe-Loc
X-GUploader-UploadID
X-ServedBy
X-Akamai-Edgescape
X-Varnish-IP
X-Cache-TTL-Remaining
X-Oneagent-Js-Injection
X-Sucuri-Cache
Cache-Tag
X-Webkit-Csp
X-Vg-Webcache
X-HS-Combine-CSS
X-Edge-Cache
X-Edge-Cache-Key
X-CDN-Forward
X-Storage
X-Drupal-Cache-Contexts
X-Mode
X-Akamai-Transformed
X-Region
X-URL
X-Cache-Remote
X-Source
X-Real-IP
X-Guploader-Uploadid
X-Distributor
X-Proxy
X-Amz-Replication-Status
X-Kinja-Server-Push
X-Amzn-RequestId
X-Is-Bot
X-ProcessESI
X-RemovedCookies
X-Rendered-As
X-RN-RSRV
X-Path-Route
X-MP-GENERATED-AT
Load-Balancing
Meta-Geo
X-Detected-As
X-Amz-Apigw-Id
Machine
Fastly-SSL
X-NCache
ServerName
X-Dc
Ohc-File-Size
Mn-Server-Ip
HostName
GEO-INFO
X-FC-Vary-Parameters
X-CDN-Cache
X-Backend-Name
X-ApacheServer
X-BB-IP
X-Agile-Id
X-Agile-Age
X-Agile
Cache-Key
X-Akamai-Request-ID
X-Webstats-RespID
X-Time-Microsecs
X-TWH-CORRELATION-ID
X-Upgrade-Enabled
X-PERF
Backend
X-Proto
Access-Control-Allow-Method
Azure-Version
X-Edge-Location
Azure-InstanceId
Azure-RegionName
Azure-SlotName
Healthy
Azure-SiteName
S-Rt
X-EIG-Tracking-Id
X-Cache-Category-Id
X-Varnish-Cacheable
X-ServerID
X-Pubstack
X-Grey
X-OCL
X-Web-Node
X-Viewer-Country
X-PCL
X-OVcl-Cache
X-OVcl
User-Agent
X-Cache-Var-Map
X-Cache-Var
X-Hosted-By
X-Human
X-Original-Request
X-NodeID
X-JoinUs
X-Amz-Meta-Surrogate-Control
X-Cluster-Node
X-SplitTest
X-Birta-Cache-Post
X-AWS-Id
X-App-Name
X-Timing-Wait
X-Birta-Served
X-Via-Fastly
X-Format
X-ProxyCache-Status
X-CCM-LastModified
LB
X-Access
Property-Id
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Privacy
TWC-Device-Class
TWC-Connection-Speed
Webcakes-Region
Webcakes-App-Version
Selected-FE
X-TNCMS
X-Generated
X-Generation-Time
X-Zipkin-Id
X-Debug-Cache
X-Routing-Service
X-Section
X-Instance-Name
X-Cache-HT
X-Port
L5d-Success-Class
X-Proxy-Build
Now
Cache-Name
X-BYPASS-REASON
X-Origin-Hint
X-LJ-Flow-ID
X-ProxyCache-Key
X-IP
Countrycode
X-VWS-Id
X-Loop
X-Optimization
X-Site-Version
X-Www-Served-By
X-Meta-Tbi-Cache-Vertical
Webcakes-App-Name
User-Cache-Control
DB-Nickname
Fastcgi-Useragent
X-Labrador-Cache-Channel
Payment
X-Tb
X-Xfnlog-Site
Cache-Hits
RATING
X-CCM
X-Tumblr-Pixel-3
X-Time
Country
Ec-Rule-Version
X-Daa-Tunnel
X-Request-Time
X-Real-Ip
X-Surge-Debug
X-DataStream-Cache-Status
X-Newrelic-Synthetics
X-Origin-CC
X-Hit
X-Ezoic-Cdn
X-TA-CDN-Provider
X-Nc
X-Oracle-Dms-Ecid
X-B3-TraceId
X-Oracle-Dms-Rid
X-Feature
WP-Super-Cache
X-Nginx-Cache
X-Cache-Bucket
X-Unique-ID
X-Cache-Enabled
Origin-Cache-Control
X-Render-Type
Origin-Edge-Control
X-B3-Spanid
X-Servedby
X-UA-Device-Type
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
Xserver
X-Esi
X-Status
X-HS-Hub-Id
X-Environment-Context
X-L-Path
RequestId
NODE
X-NGENIX-Cache
X-NU-AKA-ACS-Version
X-Skip-Cache
X-Content-Type
Apicache-Store
Apicache-Version
X-WR-MODIFICATION
Ws
X-EdgeConnect-Cache-Status
X-Correlation-ID
Access-Control-Request-Headers
X-Be
X-Cache-Backend
X-ElasticPress-Search
IBM-Web2-Location
Warning
X-VG-WebServer
Cache-Prefix
BehaviorPad-Version
Fastcgi-X-Cache
Fastcgi-X-Cache-Version
Fastly-Soc-X-Request-Id
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Via-Edge
AKAMAI
Apple-News-Services-Handled
Apple-News-Services-Host
Fly-Cache
Fly-Request-Id
X-Vgn-Hpd-Reason
X-We-Are-Hiring
X-User
X-Upstream-HT
X-Via-CDN
Meta-Geo-Continent
GMS-Ver
Host-ID
MD5-Digest
Memcached
Resin-Trace
X-A-Dcw
X-CF-Lambda-Fn
X-PAYTM-SRV-ID
X-CF-Lambda-Version
X-Connection-Hash
X-No-Session
X-D
X-BBXSRF
X-BB-ID
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-ARC
X-Planisys-CDN-Cache
X-B-Cookie
X-Date
X-ND-Cache
X-Fastly-Cache
X-Died
X-Haproxy-Hostname
X-From
X-G
X-Developer
X-Haproxy-Ip
X-IN-WAF
X-Logtrace-Id
X-IN-SSL-APIGATEWAY
X-IN-APIGATEWAY
X-Destination
X-Public
X-Region-Sid
X-SVT-ORM-VERSION
X-Transaction
X-A
X-A-Ccd
X-A-Dam
X-Trv-Group
Www
X-Upstream-CT
T-Server
Viewtype
X-Twitter-Response-Tags
VivaBuild
X-Generated-In
X-A-Dgt
X-Wix-Route-ID
X-S-Cookie
X-Rojux
X-Rewrite-Enabled
Xc-Version
X-Server-By
X-Application
X-SVT-ORM-RULES
X-A-Wwc
X-SRCache-Key
X-Accel-Expires-Debug
X-Server-Time
Sta2Tusw
Ajk
X-Cache-Ttl
Time
X-GoCache-CacheStatus
X-Webkit-CSP
X-Auto-Login
X-Rebelmouse-Surrogate-Control
X-Cdn-Origin
X-Cache-Host
X-Cache-Expires
IsBot
X-Wikidot-Backend
X-Debug-Log
Fastly-SWR
X-Debug-Cookies
X-CS
X-Core-Value
X-Trace-Id
X-NX-Host
X-SIPLIST1
X-ScT
X-Rocket-Nginx-Bypass
X-Wikidot-Static-Cache
Uber-Trace-Id
V-Age
UCS
Server-Int
Request-Time
NGX
Webserver
X-Amz-Meta-Cache-Control
Origin
Rendered-Blocks
Release
X-Sn-Servicetimems
X-Rebelmouse-Cache-Control
X-Forwarded-Host
X-Up
X-Hl-Ver
X-Via-NSCOPI
X-Phone
Fastly-SIE
X-F5-Cache
X-Var-Ttl
OT-Force-Account-Verify
X-UE-Client-Country
X-Croise-Owner
X-C
X-Actual-URL
MI-Cache
X-HCF
X-Response-By
X-Node-Id
X-Hash
X-Ruxit-Js-Agent
X-Returned-From
X-Amz-Meta-S3cmd-Attrs
X-Release
X-Matched-Rule
X-Returned-From-PostProcessResponse
MI-Cache-Age
X-Passed-To-BeforeDispatch
X-Location
X-Returned-From-DLL
X-GeoIP-Country-Code
Who
X-Passed-To-PostProcessResponse
X-Passed-To-DLL
X-Returned-From-BeforeDispatch
X-Passed-To
X-Backend-State
X-Clientip
X-Request-URI
X-CGP
X-Cdn-Srv
X-Fetched-On
X-Core-Mission
X-Crawler
X-DPWN-IS-SECURE
X-Developers
X-Edge-IP
X-Epic-Correlation-Id
X-Eu-Site
X-Cache-Srv
X-Cache-Id
X-Frame-Option
X-Backend-Url
X-Backend-TTL
X-Backend-Host
X-Platform
X-Reboot
X-Bip
X-Cache-Debug
X-FireWall-Port
X-Cache-Control-Set-By
X-Cache-CFC
X-Bug-Bounty
X-GeoIP-City
X-Server-Group
HA-Cloudapp
HA-Geocity
GW-Server
X-MI-In-Market
X-Server-IP
X-Thanos
HA-Geocountry
HA-Geolat
HA-Ipaddr
HA-Servedtime
HA-Host
Ha-Gx-Prefs
HA-Geolon
HA-Georegion
X-TT-LOGID
X-UnsetCookies
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-Varnish-HitMiss
Backend-Name
X-Ver
X-Fstrz
Cache-Cookie-Set-Lfrom
X-V
Decoy-Debug-Status
Decoy-Debug-TTL
Decoy-Debug-Key
Country-Code
Content-Disposition
HA-Urlpath
X-Thinkindot-L3
Pramga
Thinkindot-CacheControl-Type
Heartbleed
X-Stale
Powered-By
Odigeo-Trace-Id
X-ServiceProvider
Thinkindot-Control
PFcat
On-Server
HTTPS
Thinkindot-CacheControl
Ohc-Response-Time
Server-Host
X-Servername
Proxy-Connection
Cneonction
Mime-Version
X-Env
X-Gen-Mode
X-Hnp-Log
X-Varnish-Id
X-Sorting-Hat-PodId
X-Sorting-Hat-PodId-Cached
X-VServer
X-MSEdge-Flight
X-MSEdge-Features
Fastly-Backend-Name
X-Device-Os
X-Sorting-Hat-ShopId-Cached
Esi-Enabled
X-Ckpd-Fst-Backend
X-Cache-Time
X-Sorting-Hat-ShopId
X-WebServer
X-Sorting-Hat-Section
X-Dispatcher-Server
Httpd-Identifier
X-Block-Status
X-Alternate-Cache-Key
X-Sorting-Hat-PrivacyLevel
X-Shopify-Stage
Adler-Geo
X-RCS-CacheZone
Platform
Server-ID
Pragrma
X-Content-Age
X-Origin-Date
Request-EU
Request-Country
X-Cache-URL
X-Worker
Web-Mar-Node
REQUESTUUID
X-ShopId
X-Origin-Expires
Is-Eu
X-Sorting-Hat-FeatureSet
X-S-Maxage
CDCHOST
X-Info
X-ShardId
NnCoection
X-CACHE-AGE
Dnion-Transfer-Encoding
X-Served-From
X-Refresh
MI-API
Kp-EeAlive
X-Fastcgi-Cache
X-App-Version
NtCoent-Length
X-Req
X-Cache-ASPX
Cache-Provider
X-Svr
X-Pjax-Url
X-Page-Type
X-P-T
X-TIME
X-Varnish-Beresp-Ttl
Version
X-Secret
Processtime
Drupal-Pagecache-Memcache
X-Gannett-Site-Version
X-EC-Security-Audit
X-Origin-TTL
X-CSRF-Token
X-StackifyID
X-Pf-Uncompressing
X-Amz-Meta-S3b-Last-Modified
SN
X-Amz-Meta-Sha256
X-Wix-Petri-Ex
Ar-Sid
Accept-Ch
Memory
X-Oss-Storage-Class
X-Varnish-Url
WebServer
X-Rule
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
Dont-Set-Cookie
X-Oss-Server-Time
X-From-Cache
X-Varnish-Beresp-TTL
Pagetype
GeoIp-Country-Code
X-RateLimit-Limit-Second
Geoip-Latitude
Geoip-City
X-Kong-Proxy-Latency
X-Cache-Handler
X-Kong-Upstream-Latency
X-LiteSpeed-Cache-Control
X-RateLimit-Remaining-Second
PageType
X-Csrf-Token
Cdn
X-NC
FSS-Cache
FSS-Proxy
Arc-Country
X-Ua
X-Load-Cache
X-Yottaa-Sig
Cteonnt-Length
X-Cdn-Forward
X-Irp-Debug
PICS-Label
Brightspot-Id
X-Ratelimit-Remaining
X-Request-Start
X-LB-Node
CF-IPCountry
X-LB-CacheStatus
X-COUNTRY
X-SERVER-NAME
If-Modified-Since
X-Sf
X-Fastly-Backend-Reqs
Edgecast
Sid
X-GRACE
PROCESSING-IP
BORDER-IP
X-ROOTCache
X-Redis-Cache
COMMERCE-SERVER-SOFTWARE
MIME-Version
RNT-Time
RNT-Machine
X-ServedByHost
X-Tid
X-GDPR
X-Request-UUID
X-Dynatrace-Js-Agent
X-Ratelimit-Limit
X-Requestid
X-Endurance-Cache-Level
X-DC
X-B3-SpanId
XServer
X-TId
X-RequestId
X-Varnish-Action
Powered
X-Rocket-Nginx-Serving-Static
X-Servedbyhost
Cache-Tags
X-Resolver-IP
X-BE
X-Layer
X-Nananana
Pics-Label
Frame-Options
Cf-Ipcountry
Node
X-Cache-TTL
Amp-Access-Control-Allow-Source-Origin
X-DataStream-MidMile-RTT
X-Atg-Version
X-DataStream-Origin-MEX-Latency
X-VG-WebCache
X-Fastly-Cache-Hits
NodeID
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
GeoIP-City
X-UPSTREAM-Address
GeoIP-Country-Code
GeoIP-Latitude
X-Gdpr
CDN
We-Hiring
Mail-Subject
PageSpeed
X-Varnish-Ttl
X-Shard
X-HTML-Minification-Powered-By
Hostname
X-Owner
X-Key
CACHE
X-Dynatrace
X-Alicdn-Da-Ups-Status
X-Use-Magma
X-Varnish-URL
X-Ms-Lease-Status
X-Ms-Request-Id
X-Ms-Version
X-Server-W
X-Aicache-OS
X-Ms-Blob-Type
ProcessTime
X-GZIP
Accept-CH
X-PF-Uncompressing
X-Sentry-ID
Lfy
Web-Mar-Region
X-VG-TLSProxy
Dynatrace
Cdn-Host
URI
X-ABtesting
X-GEO
WZWS-RAY
X-Flog
X-Edge-Server
Cdn-Request-Time
X-Unique-Id
X-Swa-Ws
True-Client-Country-4JS
Xet-Cookie
DataCenter
X-Powered-By-ANYU
Group
X-Oa-Upstreams
X-Org
V-Cache
X-Ms-Lease-State
X-PAGE-TYPE
Rt-Proxy-Cache
X-Front
X-Cookie
GEO-REGION-INFO
X-Vcache
X-PJAX-URL
X-Policy
X-Dw-Trace-Id
X-Varnish-ID
N-Cache
X-NGINX-Cache
Requestid
X-CDN-Pop
Is-Session-Tracking
RequestUuid
Get-Access-Time
X-Varnish-Info
X-VC
Max-Age
X-Check-Cacheable
X-M-Reqid
X-M-Log
X-Qnm-Cache
X-NWS-UUID-VERIFY
X-CDN-Pop-IP
X-SB
X-VID
X-Response-Served-From
X-HS-Status
X-RSL
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-External-Request-Id
SID
X-Hello
CF-Cached-On
X-Litespeed-Tag
X-Mem
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Trv-Request-Id
X-RAMCache
X-Proxy-Server
X-DSS
X-DW
X-RPM
X-DI
X-DB
WS
X-Fe
X-Litespeed-Cache-Control
X-RPS