Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
X-Xss-Protection
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
CF-Ray
Alt-Svc
Status
X-AspNetMvc-Version
X-Cache-Status
X-DNS-Prefetch-Control
X-Check
X-Iinfo
X-Adblock-Key
X-FRAME-OPTIONS
X-CDN
Timing-Allow-Origin
X-Content-Security-Policy
X-Turbo-Charged-By
X-Permitted-Cross-Domain-Policies
Content-Encoding
P3p
X-Template
X-Language
Keep-Alive
X-Type
X-AH-Environment
X-Via
X-Cache-Group
X-Backend
WPE-Backend
X-Request-ID
X-Pass-Why
X-Buckets
X-Age
X-Server
X-Nginx-Cache-Status
Access-Control-Max-Age
X-Server-Powered-By
X-Pingback
Xkey
X-Varnish-Cache
Grace
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Expose-Headers
X-Hacker
X-UA-Device
X-Amz-Request-Id
X-Page-Speed
Cf-Railgun
X-Amz-Id-2
X-Proxy-Cache
X-Robots-Tag
EagleId
X-Ua-Compatible
X-Envoy-Upstream-Service-Time
X-LiteSpeed-Cache
Request-Context
X-Node
X-Swift-CacheTime
X-Swift-SaveTime
X-Ac
X-Device
Ali-Swift-Global-Savetime
X-Cnection
X-Host
Content-Location
X-Amz-Version-Id
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Surrogate-Control
X-WebKit-CSP
X-Backend-Server
X-Cache-Lookup
X-Server-Id
X-OneAgent-JS-Injection
X-Rack-Cache
X-Response-Time
X-Px
X-Instart-Request-ID
Request-Id
X-CST
Server-Timing
X-Readtime
X-Rq
X-Clacks-Overhead
X-HeyJason
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
Pinterest-Generated-By
EagleEye-TraceId
X-Url
Edge-Control
X-Cloud-Trace-Context
X-Application-Context
X-MS-InvokeApp
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country
Report-To
X-Server-Name
Charset
SPRequestGuid
X-DynaTrace-JS-Agent
X-Country-Code
Allow
X-SharePointHealthScore
X-DataDome
X-ESI
Rating
X-Varnish-TTL
X-Ruxit-JS-Agent
X-Vname
X-PC
X-TtlSet
X-Cached
X-Powered-CMS
X-Powered-By-Plesk
X-Recruiting
X-CF-Powered-By
X-TTL
X-FTR-Request-ID
NEL
X-Vhost
X-D2id
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-DynaTrace
X-Pinterest-Rid
Pinterest-Version
Public-Key-Pins
X-Upstream-Env
X-Kinja-Server
X-F-Cache
X-Kinja-Revision
X-Kinja
X-Exp-Id
X-Exp-Variant
X-Geo-Segment
X-Kinja-Build
X-Cdn-Fetch
X-Version
X-VARITI-CCR
X-T
X-N
X-GoogleNews-Bot
SPIisLatency
SPRequestDuration
X-Dw-Request-Base-Id
Cartoon
X-Mod-Pagespeed
MS-Author-Via
X-Abt-Application-Version
RTSS
Content-MD5
Nginx-Cache
Feature-Policy
Verso
X-GitHub-Request-Id
X-Dispatcher
AR-PoweredBy
AR-ATIME
AR-CACHE
X-Navigation-Version
MicrosoftSharePointTeamServices
X-Ttl
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Goog-Hash
X-Client-IP
X-Amz-Rid
X-Hits
Realpath
X-Server-ID
X-Shield-Request-Id
X-Forwarded-Proto
X-Origin-Cache
X-Trace
X-Cdn
Paypal-Debug-Id
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Content-Options
X-TEC-API-ROOT
X-Content-Digest
X-Zen-Fury
X-Id
X-Grace
X-Kinsta-Cache
Arr-Disable-Session-Affinity
TCN
X-B
AR-SID
DynaTrace
Alternate-Protocol
X-Varnish-Age
X-Cache-Key
Fastcgi-Cache
X-Sol
X-Upstream
X-Mrf-Section-Lastmod
Mrf-Cache-Status
MRF-Tech
X-Mrf-Item-Lastmod
Access-Control-Request-Method
X-Ser
X-FastCGI-Cache
X-Pad
X-Fastly-Request-ID
Display
X-Middleton-Display
PB-RID
PB-PID
X-Mobile-Rewrite
X-NF-Request-ID
X-Nf-Srv-Version
X-Via-JSL
X-Acc-Meta-Resource-Type
X-DIS-Request-ID
X-Vcap-Request-Id
X-User-Agent
X-Middleton-Response
Response
X-Forwarded-For
Front-End-Https
Pagespeed
Rt-Fastcgi-Cache
X-MSEdge-Ref
X-IPLB-Instance
X-PressLabs-Stats
X-SS-Set-Cookie
Eomportal-Instance
X-Cache-Rule
X-Frontend
X-Logged-In
X-Cache-Hit
Arc-Version
Server-Name
X-Whom
X-Goog-Generation
X-VCache
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Hostname
Host
X-XRDS-Location
Tracecode
Surrogate-Key
S
X-FTR-Realm
X-FTR-Expires
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Backend
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Balancer
Cache-Status
X-Request-Processing-Time
X-Request-Received
Backend-Timing
X-Analytics
X-Debug
X-HS-Content-Id
X-Instance
Refresh
X-Contextid
X-AOL-HN
X-AppVersion
TP-L2-Cache
TP-Cache
X-Proxied
X-Activity-Id
X-Az
X-Magnolia-Registration
Public-Key-Pins-Report-Only
FilterID
X-Srv
X-Rid
X-Wix-Server-Artifact-Id
X-XRDS-LOCATION
ServerID
X-UUID
Server-Info
HitType
HitInfo
X-HW
X-WPE-Loopback-Upstream-Addr
X-Newrelic-App-Data
X-URL
X-B3-Traceid
Cleartype
Liferay-Portal
Service-Worker-Allowed
X-Webkit-Csp
X-Mobile
X-Content-Security-Policy-Report-Only
X-Varnish-Server
X-NWS-LOG-UUID
X-FTR-Cache-Host
X-Varnish-Backend
X-APP-VERSION
Served-By
X-Cache-Control
AMP-Access-Control-Allow-Source-Origin
X-Revision
Source
X-Geo-Country
X-Cache-Server
X-Amzn-Trace-Id
X-Correlation-Id
X-Request-Guid
X-PHP-Backend
X-PC-Key
Server-Node
Host-Header
Retry-After
X-PC-AppVer
X-Hail-Hydra
X-App-Environment
X-PC-Hit
X-Device-Type
MS-CV
X-RateLimit-Remaining
X-TT
X-Varnish-Hostname
X-BCube-Filmed-By
X-Origin
X-Handled-By
X-Tumblr-User
X-HS-Cache-Config
DC
X-Tumblr-Pixel-0
X-Tumblr-Pixel
Edge-Cache-Tag
X-Cache-2
X-Framework
X-B-Cache
X-Origin-Upstream-Status
Powered-By-ChinaCache
X-Signature
S-Cnection
X-FB-Debug
X-Cache-Operation
X-Cache-Config
Fastly-Restarts
X-Page-Id
X-Litespeed-Cache
Accept-Charset
X-Origin-Server
X-Cache-Action
X-TT-TIMESTAMP
X-Sucuri-ID
X-Debug-Info
X-Ocache
Viewport
X-PC-Host
X-PC-Date
Actual-Object-TTL
X-ATG-Version
X-Shield-Cache-Expires
X-ADI-VCache
X-Hyper-Cache
X-B3-Sampled
X-WA-Info
X-Cached-By
X-Content-Powered-By
NGB
X-Microcachable
X-Accel-Expires
X-Drupal-Cache-Tags
Upgrade-Insecure-Requests
X-Akam-SW-Version
X-LB-Cache
SRV
X-Cache-NE
Filters
AsisCache
X-NewRelic-App-Data
X-Generated-By
Cache
X-App-Server
X-Yottaa-Metrics
X-Yottaa-Optimizations
ServedBy
X-FW-Serve
X-FW-Hash
X-RTag
X-FW-Server
X-Cacheable-TTL
X-RequestSource
X-S
X-FW-Type
X-Internal-Host
X-FW-Static
X-Locale
X-Tumblr-Pixel-1
X-Distil-CS
X-Seen-By
X-WebKit-CSP-Report-Only
X-Tumblr-Pixel-2
X-Wix-Request-Id
Content-Style-Type
Content-Script-Type
X-GeoIP
X-TX-ID
X-Jobs
X-Amz-Server-Side-Encryption
X-Accel-Buffering
X-Varnish-Hits
X-Cluster
X-Geo
From-Origin
X-Node-Name
X-Akamai-Edgescape
X-UA
X-Adobe-Content
X-Adobe-Loc
X-Sucuri-Cache
X-Varnish-Grace
X-Varnish-Cache-Hits
X-RateLimit-Limit
X-ServedBy
X-Cache-Age
X-HS-Combine-CSS
X-Varnish-IP
X-GZip
X-Platform-Server
X-Vg-Webcache
X-Dns-Prefetch-Control
X-Cache-TTL-Remaining
Datacenter
X-Daa-Tunnel
X-Edge-Cache
X-GUploader-UploadID
X-Edge-Cache-Key
X-CDN-Forward
X-Cache-Remote
X-Storage
X-Oneagent-Js-Injection
Cache-Tag
X-Akamai-Transformed
X-Region
X-Mode
HostName
X-Real-IP
X-Amz-Replication-Status
X-Drupal-Cache-Contexts
X-Esi
X-Distributor
X-Source
X-Is-Bot
Load-Balancing
Machine
X-MP-GENERATED-AT
X-RN-RSRV
X-Detected-As
X-Cache-Var
X-Cache-Var-Map
X-RemovedCookies
X-Path-Route
X-Rendered-As
Meta-Geo
X-ProcessESI
Fastly-SSL
Country
X-Amz-Apigw-Id
ServerName
X-Amzn-RequestId
X-NCache
X-Agile
X-Guploader-Uploadid
X-Agile-Age
X-Agile-Id
X-ApacheServer
Mn-Server-Ip
X-PERF
X-Akamai-Request-ID
X-OCL
X-BB-IP
X-Time-Microsecs
X-PCL
X-TWH-CORRELATION-ID
X-Web-Node
X-CDN-Cache
X-Webstats-RespID
X-Viewer-Country
GEO-INFO
X-Kinja-Server-Push
Cache-Key
Backend
Cache-Name
X-Edge-Location
X-Instance-Name
X-Amz-Meta-Surrogate-Control
Azure-Version
X-Via-Fastly
Azure-RegionName
Azure-InstanceId
Azure-SiteName
X-NodeID
X-Upgrade-Enabled
Azure-SlotName
X-Pubstack
L5d-Success-Class
X-Cluster-Node
X-Original-Request
X-Cache-Category-Id
X-Proto
X-Grey
X-Cache-HT
Ohc-File-Size
X-OVcl
X-OVcl-Cache
X-TA-CDN-Provider
X-EIG-Tracking-Id
X-Optimization
X-Routing-Service
TWC-Connection-Speed
Property-Id
S-Rt
User-Cache-Control
X-Origin-Hint
LB
TWC-GeoIP-Country
TWC-Device-Class
X-Section
Healthy
DB-Nickname
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Privacy
Webcakes-Region
X-Birta-Cache-Post
X-ProxyCache-Key
X-ProxyCache-Status
X-Proxy
X-Hosted-By
X-AWS-Id
X-FC-Vary-Parameters
X-Birta-Served
X-ServerID
X-Debug-Cache
X-Port
X-Format
X-CCM-LastModified
X-Generation-Time
X-CCM
X-App-Name
X-BYPASS-REASON
X-Access
X-VWS-Id
Webcakes-App-Version
Webcakes-App-Name
X-Meta-Tbi-Cache-Vertical
X-SplitTest
X-Site-Version
X-LJ-Flow-ID
X-Human
X-Www-Served-By
X-Zipkin-Id
X-Xfnlog-Site
X-Loop
X-Labrador-Cache-Channel
X-IP
X-Request-Time
Cache-Hits
X-TNCMS
X-Varnish-Cacheable
Now
Fastcgi-Useragent
User-Agent
X-Cache-Bucket
X-JoinUs
X-Generated
X-CLOUD-TRACE-CONTEXT
X-Surge-Debug
Access-Control-Allow-Method
X-Tumblr-Pixel-3
X-Backend-Name
X-Tb
Payment
X-Timing-Wait
X-Proxy-Build
X-Time
Selected-FE
Countrycode
RATING
X-Ezoic-Cdn
X-Hit
X-Origin-CC
Ec-Rule-Version
X-Dc
X-Render-Type
X-Real-Ip
X-Feature
X-Cache-Enabled
WP-Super-Cache
X-DataStream-Cache-Status
X-Unique-ID
X-Newrelic-Synthetics
Origin-Edge-Control
X-Nc
Origin-Cache-Control
X-Nginx-Cache
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
X-B3-TraceId
X-B3-Spanid
X-Environment-Context
X-L-Path
X-UA-Device-Type
X-Correlation-ID
RequestId
X-NU-AKA-ACS-Version
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Skip-Cache
X-Servedby
X-CACHE-AGE
NODE
Xserver
X-NGENIX-Cache
Access-Control-Request-Headers
X-WR-MODIFICATION
X-Content-Type
X-Vgn-Hpd-Reason
X-COUNTRY
X-Status
Webserver
X-Be
X-ElasticPress-Search
Time
X-Cache-Backend
X-EdgeConnect-Cache-Status
X-Upstream-CT
X-Upstream-HT
Ws
Warning
X-From
X-G
X-A-Dgt
Host-ID
X-DPWN-IS-SECURE
X-A-Wwc
X-Region-Sid
X-A-Dcw
X-Fastly-Cache
X-A-Dam
X-Logtrace-Id
X-Wix-Route-ID
Memcached
X-BBXSRF
X-We-Are-Hiring
MD5-Digest
Www
X-A-Ccd
X-A
X-Haproxy-Hostname
X-Haproxy-Ip
X-Generated-In
X-Accel-Expires-Debug
X-ARC
X-CF-Lambda-Version
X-Application
X-Connection-Hash
X-D
X-Cache-Id
X-CF-Lambda-Fn
Fastcgi-X-Cache
Fly-Cache
Fly-Request-Id
Fastly-Soc-X-Request-Id
X-B-Cookie
Fastcgi-X-Cache-Version
Cache-Prefix
X-Date
AKAMAI
Apple-News-Services-Handled
Ajk
X-Cache-Host
X-Died
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
BehaviorPad-Version
X-Destination
X-Developer
X-Amz-Meta-Cache-Control
Apple-News-Services-Request-Url
Meta-Geo-Continent
Xc-Version
X-Transaction
X-Rojux
X-S-Cookie
Sta2Tusw
Resin-Trace
X-Trv-Group
X-BB-ID
X-Via-Edge
X-Rewrite-Enabled
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Public
X-Server-Time
T-Server
X-Server-By
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
GMS-Ver
X-Planisys-CDN-Cache
X-SRCache-Key
X-PAYTM-SRV-ID
X-Twitter-Response-Tags
X-User
VivaBuild
X-No-Session
X-VG-WebServer
Viewtype
X-ND-Cache
X-Via-CDN
IBM-Web2-Location
X-Croise-Owner
X-GoCache-CacheStatus
X-CS
X-Core-Value
X-Debug-Cookies
X-Cache-CFC
X-Debug-Log
X-NX-Host
X-Sn-Servicetimems
X-Rebelmouse-Surrogate-Control
Fastly-SIE
Fastly-SWR
X-Wikidot-Backend
X-Cdn-Origin
X-Wikidot-Static-Cache
X-SIPLIST1
X-Cache-Expires
X-Cache-Time
X-Request-URI
X-Rebelmouse-Cache-Control
X-ScT
X-Trace-Id
Apicache-Version
Apicache-Store
X-FireWall-Port
Request-Time
Odigeo-Trace-Id
X-Forwarded-Host
X-Frame-Option
V-Age
Origin
X-Fstrz
X-Phone
X-F5-Cache
Uber-Trace-Id
X-Var-Ttl
NGX
IsBot
Rendered-Blocks
UCS
Server-Int
Release
X-Cache-Ttl
X-C
Cneonction
X-Webkit-CSP
X-Backend-TTL
X-Backend-State
Who
Thinkindot-CacheControl
X-IN-WAF
Server-Host
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Actual-URL
Web-Mar-Node
X-Amz-Meta-S3cmd-Attrs
X-Gen-Mode
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-UnsetCookies
X-UE-Client-Country
X-Up
X-V
X-MI-In-Market
X-Passed-To
X-Passed-To-BeforeDispatch
X-TT-LOGID
X-Thinkindot-L3
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Returned-From
X-Reboot
X-Served-From
X-Stale
X-ServiceProvider
X-Server-Group
X-VServer
X-WebServer
X-Content-Age
X-Developers
X-Device-Os
X-Dispatcher-Server
X-Ckpd-Fst-Backend
X-CGP
X-Bug-Bounty
X-Cache-Debug
X-Cdn-Srv
X-Edge-IP
X-Env
X-GeoIP-Country-Code
X-Hnp-Log
X-Location
X-Matched-Rule
X-IN-APIGATEWAY
X-IN-SSL-APIGATEWAY
X-Epic-Correlation-Id
X-Eu-Site
X-GeoIP-City
X-Block-Status
Pragrma
HA-Geocountry
HA-Geolat
HA-Geocity
HA-Cloudapp
GW-Server
HA-Geolon
HA-Georegion
HA-Servedtime
HA-Urlpath
HA-Ipaddr
HA-Host
Ha-Gx-Prefs
X-StackifyID
Fastly-Backend-Name
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Backend-Name
Adler-Geo
OT-Force-Account-Verify
Cache-Cookie-Set-Lfrom
CDCHOST
Esi-Enabled
Decoy-Debug-TTL
Decoy-Debug-Key
Content-Disposition
Heartbleed
Decoy-Debug-Status
MI-Cache-Age
MI-Cache
Platform
Proxy-Connection
On-Server
Is-Eu
Powered-By
Httpd-Identifier
Pramga
HTTPS
Ohc-Response-Time
X-Varnish-Beresp-Ttl
X-TIME
X-Sorting-Hat-PodId
X-Sorting-Hat-PodId-Cached
X-Sorting-Hat-PrivacyLevel
Request-EU
Request-Country
X-Auto-Login
X-Sorting-Hat-ShopId-Cached
X-Sorting-Hat-FeatureSet
X-Sorting-Hat-ShopId
X-Sorting-Hat-Section
X-Fetched-On
X-Via-NSCOPI
X-Release
X-Hash
X-Ruxit-Js-Agent
X-MSEdge-Features
X-Page-Type
X-MSEdge-Flight
X-Rocket-Nginx-Bypass
X-Response-By
X-Servername
X-ShardId
X-ShopId
NnCoection
X-Server-IP
REQUESTUUID
X-S-Maxage
X-Shopify-Stage
Server-ID
X-RCS-CacheZone
X-Cache-Srv
X-Ver
X-Worker
X-Hl-Ver
MI-API
X-Backend-Url
X-Backend-Host
X-Varnish-Id
Kp-EeAlive
X-Core-Mission
X-Node-Id
PFcat
X-Alternate-Cache-Key
Mime-Version
X-Gannett-Site-Version
X-Amz-Meta-S3b-Last-Modified
X-Origin-Date
X-Thanos
X-Clientip
X-Origin-Expires
X-Varnish-HitMiss
X-Bip
X-Secret
Drupal-Pagecache-Memcache
NtCoent-Length
X-Info
X-Cache-URL
X-Cache-Control-Set-By
X-HCF
X-HS-Hub-Id
X-Crawler
X-Platform
X-P-T
X-Fastcgi-Cache
Country-Code
X-Svr
X-Refresh
Processtime
Cache-Provider
X-Req
Version
Dnion-Transfer-Encoding
X-App-Version
X-Origin-TTL
X-Pjax-Url
X-Amz-Meta-Sha256
X-Pf-Uncompressing
Cteonnt-Length
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
Pagetype
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Server-Time
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-RateLimit-Remaining-Second
Ar-Sid
X-Yottaa-Sig
X-Cache-ASPX
X-RateLimit-Limit-Second
Memory
X-EC-Security-Audit
Accept-Ch
X-CSRF-Token
X-Csrf-Token
X-From-Cache
FSS-Proxy
FSS-Cache
Arc-Country
X-Varnish-Url
WebServer
X-NC
Geoip-City
X-LiteSpeed-Cache-Control
Brightspot-Id
SN
GeoIp-Country-Code
Geoip-Latitude
X-Irp-Debug
X-DC
PageType
X-Wix-Petri-Ex
X-Dynatrace
Dont-Set-Cookie
X-Rule
X-ROOTCache
Cdn
If-Modified-Since
X-LB-Node
X-Redis-Cache
X-Ua
PICS-Label
Sid
X-Cache-Handler
X-LB-CacheStatus
COMMERCE-SERVER-SOFTWARE
X-Cdn-Forward
X-Request-Start
CF-IPCountry
X-Request-UUID
X-Varnish-Beresp-TTL
X-Load-Cache
X-Endurance-Cache-Level
X-Ratelimit-Remaining
MIME-Version
X-Fastly-Backend-Reqs
Edgecast
X-SERVER-NAME
PROCESSING-IP
X-GRACE
X-Requestid
X-Atg-Version
BORDER-IP
X-Varnish-Action
X-TId
X-Sf
X-Dynatrace-Js-Agent
X-GDPR
X-Layer
X-ServedByHost
X-Ratelimit-Limit
RNT-Time
X-Tid
RNT-Machine
X-Servedbyhost
X-B3-SpanId
XServer
Dynatrace
X-RequestId
Frame-Options
Amp-Access-Control-Allow-Source-Origin
X-Rocket-Nginx-Serving-Static
X-Nananana
X-BE
X-Resolver-IP
X-Fastly-Cache-Hits
Powered
Pics-Label
Cf-Ipcountry
X-Cache-TTL
CDN
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
Node
X-Key
Cache-Tags
NodeID
X-Owner
CACHE
X-HTML-Minification-Powered-By
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
Mail-Subject
We-Hiring
X-Server-W
GeoIP-Latitude
GeoIP-Country-Code
GeoIP-City
Web-Mar-Region
PageSpeed
DataCenter
X-ABtesting
X-Varnish-Ttl
X-VG-WebCache
X-Shard
X-Gdpr
X-Flog
X-Use-Magma
X-Sentry-ID
X-UPSTREAM-Address
Lfy
X-Powered-By-ANYU
Accept-CH
WZWS-RAY
ProcessTime
X-NWS-UUID-VERIFY
X-GZIP
X-PF-Uncompressing
Max-Age
Is-Session-Tracking
X-CDN-Pop-IP
Get-Access-Time
X-Varnish-URL
X-CDN-Pop
X-Ms-Blob-Type
X-Ms-Lease-Status
X-Ms-Version
X-Ms-Request-Id
Hostname
X-Aicache-OS
X-GEO
X-Mem
X-Alicdn-Da-Ups-Status
X-Dw-Trace-Id
Xet-Cookie
X-NGINX-Cache
X-Powered-By-Defense
X-Remote-IP
X-Cache-FS-Status
X-Trv-Request-Id
X-Edge-Server
X-Oa-Upstreams
Cdn-Request-Time
URI
True-Client-Country-4JS
Cdn-Host
X-Front
X-VG-TLSProxy
X-Check-Cacheable
X-PJAX-URL
X-Cookie
X-Unique-Id
Magicmarker
X-PAGE-TYPE
Requestid
X-Varnish-ID
RequestUuid
X-Proxy-Server
X-Swa-Ws
X-Ms-Lease-State
X-Policy
X-ByteArk-Cache
X-DI
Rt-Proxy-Cache
X-ServerName
X-VID
X-RSL
X-RPM
X-DW
X-DB
X-RPS
X-DSS
X-Zalando-Page-Type
X-Acquia-Application-Trace
CF-Cached-On
X-Hello
X-Akamai-ERRuleID
X-Acquia-Application-UUID
X-Akamai-ERPolicy
X-Micro-Cache
X-Litespeed-Tag
WS
X-Fe
X-RAMCache
X-Zalando-Child-Request-Id
SID
X-Litespeed-Cache-Control