Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
X-Xss-Protection
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
Alt-Svc
Status
X-AspNetMvc-Version
X-Cache-Status
P3p
X-Check
X-DNS-Prefetch-Control
X-Iinfo
X-Adblock-Key
X-FRAME-OPTIONS
X-CDN
Timing-Allow-Origin
X-Content-Security-Policy
X-Permitted-Cross-Domain-Policies
X-Turbo-Charged-By
Content-Encoding
X-Request-ID
X-Template
X-Language
Keep-Alive
X-Type
X-AH-Environment
X-Via
CF-Ray
X-Cache-Group
X-Backend
WPE-Backend
X-Pass-Why
X-Buckets
X-Age
X-Server
X-Nginx-Cache-Status
Access-Control-Max-Age
X-Server-Powered-By
X-Pingback
Xkey
X-Varnish-Cache
Grace
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Expose-Headers
X-Hacker
X-UA-Device
X-Amz-Request-Id
Cf-Railgun
X-Page-Speed
X-Amz-Id-2
X-Proxy-Cache
X-Robots-Tag
EagleId
X-Envoy-Upstream-Service-Time
Request-Context
X-Node
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Ac
X-Device
X-Cnection
X-Host
Ali-Swift-Global-Savetime
Content-Location
X-Amz-Version-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
Surrogate-Control
X-Backend-Server
X-Server-Id
X-OneAgent-JS-Injection
X-Cache-Lookup
X-Rack-Cache
X-Response-Time
X-Px
X-Instart-Request-ID
Request-Id
Server-Timing
X-CST
X-Readtime
X-Rq
X-Clacks-Overhead
Pinterest-Generated-By
Permitted-Cross-Domain-Policies
X-HeyJason
X-Do-Not-Hack
X-Url
EagleEye-TraceId
X-Ua-Compatible
Edge-Control
X-Application-Context
X-Cloud-Trace-Context
X-Country
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-MS-InvokeApp
Report-To
X-Server-Name
Charset
X-DynaTrace-JS-Agent
SPRequestGuid
X-Country-Code
Allow
X-ESI
X-DataDome
X-SharePointHealthScore
X-Ruxit-JS-Agent
Rating
X-TtlSet
X-PC
X-Vname
X-Varnish-TTL
X-Cached
X-Powered-CMS
X-Powered-By-Plesk
X-Recruiting
X-CF-Powered-By
X-TTL
X-FTR-Request-ID
X-DynaTrace
NEL
X-Vhost
X-D2id
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
Public-Key-Pins
X-Cdn-Fetch
X-Exp-Id
Pinterest-Version
X-Upstream-Env
X-Pinterest-Rid
X-Exp-Variant
X-Geo-Segment
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-Kinja-Server
X-F-Cache
X-Version
X-T
X-GoogleNews-Bot
X-VARITI-CCR
Cartoon
X-N
SPIisLatency
SPRequestDuration
X-Dw-Request-Base-Id
X-Mod-Pagespeed
Content-MD5
X-Abt-Application-Version
MS-Author-Via
RTSS
Nginx-Cache
Feature-Policy
Verso
X-GitHub-Request-Id
X-Dispatcher
X-Goog-Hash
X-Ttl
X-Navigation-Version
X-SRCache-Fetch-Status
MicrosoftSharePointTeamServices
X-SRCache-Store-Status
X-Client-IP
AR-ATIME
AR-CACHE
AR-PoweredBy
X-Amz-Rid
X-Server-ID
Realpath
X-Hits
X-Forwarded-Proto
X-Shield-Request-Id
X-Origin-Cache
X-Cdn
X-Trace
Paypal-Debug-Id
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Content-Options
X-TEC-API-ROOT
X-Zen-Fury
X-Content-Digest
X-Grace
X-Id
X-Kinsta-Cache
DynaTrace
TCN
X-B
Arr-Disable-Session-Affinity
AR-SID
Alternate-Protocol
X-Varnish-Age
X-Cache-Key
Fastcgi-Cache
X-Sol
X-Upstream
MRF-Tech
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Mrf-Cache-Status
Access-Control-Request-Method
X-Ser
Display
X-Middleton-Display
X-Pad
X-Fastly-Request-ID
X-Acc-Meta-Resource-Type
PB-PID
PB-RID
X-Mobile-Rewrite
X-Nf-Srv-Version
X-NF-Request-ID
X-FastCGI-Cache
X-Via-JSL
X-DIS-Request-ID
X-User-Agent
Response
X-Middleton-Response
Pagespeed
X-Vcap-Request-Id
X-Forwarded-For
X-MSEdge-Ref
Front-End-Https
Rt-Fastcgi-Cache
Eomportal-Instance
X-Cache-Rule
X-PressLabs-Stats
X-Frontend
Arc-Version
X-Dns-Prefetch-Control
X-SS-Set-Cookie
X-IPLB-Instance
X-Logged-In
X-Cache-Hit
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Generation
X-VCache
Server-Name
X-Whom
X-Hostname
Host
X-XRDS-Location
Surrogate-Key
S
Tracecode
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Realm
X-FTR-Expires
X-FTR-Cache-Status
X-FTR-DC
X-Request-Processing-Time
X-Request-Received
Backend-Timing
Cache-Status
X-Analytics
X-Debug
X-HS-Content-Id
X-Instance
TP-Cache
X-AOL-HN
TP-L2-Cache
X-Contextid
X-Magnolia-Registration
Refresh
X-Az
X-Proxied
X-Rid
X-AppVersion
X-Activity-Id
X-Litespeed-Cache
FilterID
ServerID
X-Srv
X-XRDS-LOCATION
X-Wix-Server-Artifact-Id
Public-Key-Pins-Report-Only
X-HW
HitType
HitInfo
X-UUID
Server-Info
X-Newrelic-App-Data
Cleartype
X-WPE-Loopback-Upstream-Addr
X-B3-Traceid
X-Webkit-Csp
Liferay-Portal
Service-Worker-Allowed
X-Mobile
X-FTR-Cache-Host
AMP-Access-Control-Allow-Source-Origin
X-Varnish-Server
X-Content-Security-Policy-Report-Only
X-APP-VERSION
X-Cache-Control
X-Varnish-Backend
Served-By
X-Revision
Source
Server-Node
X-NWS-LOG-UUID
X-Amzn-Trace-Id
Host-Header
X-BCube-Filmed-By
X-PHP-Backend
X-Request-Guid
X-TT
X-PC-Key
X-PC-Hit
X-Cache-Server
X-Geo-Country
X-Hail-Hydra
X-App-Environment
X-PC-AppVer
X-Origin-Upstream-Status
X-Handled-By
X-Device-Type
Accept-Charset
MS-CV
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
X-Cache-Operation
X-Varnish-Hostname
X-RateLimit-Remaining
Retry-After
DC
X-Framework
X-B-Cache
X-Signature
X-Page-Id
Powered-By-ChinaCache
X-Cache-Config
X-Cache-2
X-FB-Debug
X-HS-Cache-Config
X-Origin
S-Cnection
Edge-Cache-Tag
X-Origin-Server
X-Correlation-Id
X-URL
Fastly-Restarts
X-Cache-Action
X-ATG-Version
Viewport
X-Sucuri-ID
X-TT-TIMESTAMP
X-Debug-Info
X-Ocache
X-PC-Host
X-PC-Date
Actual-Object-TTL
X-Hyper-Cache
X-B3-Sampled
X-Cached-By
X-WA-Info
NGB
X-Content-Powered-By
X-Shield-Cache-Expires
X-ADI-VCache
X-Microcachable
X-Akam-SW-Version
X-LB-Cache
X-Drupal-Cache-Tags
X-Accel-Expires
Upgrade-Insecure-Requests
AsisCache
X-Cache-NE
X-NewRelic-App-Data
Filters
X-Generated-By
SRV
X-App-Server
X-Yottaa-Optimizations
ServedBy
X-Yottaa-Metrics
X-Tumblr-Pixel-1
X-Distil-CS
X-FW-Hash
X-Cacheable-TTL
X-FW-Server
X-Internal-Host
X-FW-Type
X-FW-Static
X-Tumblr-Pixel-2
X-Locale
X-RequestSource
X-FW-Serve
X-RTag
Content-Style-Type
X-WebKit-CSP-Report-Only
X-Wix-Request-Id
Cache
Content-Script-Type
X-Seen-By
X-Cluster
X-S
X-GeoIP
X-Accel-Buffering
X-Jobs
X-TX-ID
X-Amz-Server-Side-Encryption
X-ServedBy
X-Geo
X-Node-Name
X-Varnish-Hits
X-GUploader-UploadID
From-Origin
X-Varnish-Grace
X-RateLimit-Limit
X-Varnish-Cache-Hits
X-Sucuri-Cache
X-Cache-Age
X-Akamai-Edgescape
Datacenter
X-Varnish-IP
X-Adobe-Loc
X-Adobe-Content
X-Platform-Server
X-HS-Combine-CSS
X-Vg-Webcache
X-UA
X-CLOUD-TRACE-CONTEXT
X-Cache-TTL-Remaining
X-GZip
X-Edge-Cache
X-Edge-Cache-Key
X-CDN-Forward
X-Real-IP
Cache-Tag
X-Storage
X-Cache-Remote
X-Akamai-Transformed
X-Mode
X-Drupal-Cache-Contexts
X-Region
X-Daa-Tunnel
X-Source
X-Amz-Replication-Status
X-Distributor
HostName
X-RN-RSRV
X-Cache-Var
X-Path-Route
X-MP-GENERATED-AT
X-RemovedCookies
X-Is-Bot
X-Detected-As
Machine
X-Rendered-As
Load-Balancing
X-Cache-Var-Map
X-ProcessESI
Meta-Geo
Fastly-SSL
X-Proxy
ServerName
X-Amz-Apigw-Id
X-NCache
X-Amzn-RequestId
Mn-Server-Ip
X-Time-Microsecs
X-PCL
X-Upgrade-Enabled
X-PERF
X-Viewer-Country
Cache-Key
X-OCL
GEO-INFO
X-Kinja-Server-Push
X-Web-Node
X-Webstats-RespID
X-Cache-Category-Id
X-TWH-CORRELATION-ID
X-Agile-Id
X-Akamai-Request-ID
X-Grey
X-BB-IP
X-Agile-Age
X-ApacheServer
X-Agile
Backend
S-Rt
Azure-Version
Azure-SiteName
X-Original-Request
Ohc-File-Size
X-Debug-Cache
X-OVcl
Azure-InstanceId
X-OVcl-Cache
Azure-RegionName
Azure-SlotName
X-FC-Vary-Parameters
X-NodeID
X-Edge-Location
X-Instance-Name
X-Pubstack
X-Amz-Meta-Surrogate-Control
X-EIG-Tracking-Id
X-Human
X-Via-Fastly
X-Cluster-Node
X-CDN-Cache
X-Proto
L5d-Success-Class
Country
X-CCM-LastModified
X-Format
X-CCM
X-Cache-HT
X-Birta-Served
X-Generation-Time
X-Hosted-By
Healthy
X-Meta-Tbi-Cache-Vertical
LB
X-LJ-Flow-ID
X-IP
Property-Id
X-Birta-Cache-Post
User-Cache-Control
TWC-Privacy
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
TWC-Locale-Group
TWC-GeoIP-LatLong
X-App-Name
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-Country
X-AWS-Id
X-Optimization
Now
X-Zipkin-Id
X-Xfnlog-Site
X-VWS-Id
X-BYPASS-REASON
User-Agent
X-Varnish-Cacheable
X-ServerID
X-ProxyCache-Status
X-ProxyCache-Key
X-SplitTest
X-Www-Served-By
X-Origin-Hint
X-Routing-Service
Cache-Name
X-Site-Version
Fastcgi-Useragent
X-Loop
X-TNCMS
Access-Control-Allow-Method
X-Port
X-JoinUs
X-Section
Cache-Hits
X-Labrador-Cache-Channel
X-Access
X-Backend-Name
DB-Nickname
X-Proxy-Build
Selected-FE
X-Generated
X-Timing-Wait
Countrycode
X-Tumblr-Pixel-3
Payment
X-Tb
X-Request-Time
X-Guploader-Uploadid
X-Cache-Bucket
RATING
Ec-Rule-Version
X-Surge-Debug
X-Ezoic-Cdn
X-Origin-CC
X-Esi
X-Dc
X-Time
X-Hit
X-Correlation-ID
WP-Super-Cache
X-Unique-ID
X-Cache-Enabled
X-DataStream-Cache-Status
X-Render-Type
X-TA-CDN-Provider
X-Newrelic-Synthetics
X-Oneagent-Js-Injection
Origin-Edge-Control
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
Origin-Cache-Control
X-Feature
X-Real-Ip
X-B3-Spanid
X-Nginx-Cache
X-B3-TraceId
X-UA-Device-Type
X-Nc
X-Environment-Context
X-L-Path
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-CACHE-AGE
RequestId
X-NU-AKA-ACS-Version
NODE
X-Skip-Cache
Xserver
X-Content-Type
X-NGENIX-Cache
X-Status
X-WR-MODIFICATION
Access-Control-Request-Headers
X-Be
Webserver
X-EdgeConnect-Cache-Status
X-Cache-Backend
X-Vgn-Hpd-Reason
X-Servedby
X-Upstream-CT
X-Upstream-HT
Time
Ws
Apicache-Store
Apicache-Version
Warning
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-PAYTM-SRV-ID
X-Twitter-Response-Tags
X-ElasticPress-Search
Memcached
X-Accel-Expires-Debug
MD5-Digest
X-A-Wwc
X-ND-Cache
Meta-Geo-Continent
X-Planisys-CDN-Cache
IBM-Web2-Location
X-Destination
Fastcgi-X-Cache
Fastcgi-X-Cache-Version
X-Developer
X-Died
X-BBXSRF
Cache-Prefix
X-Date
Fastly-Soc-X-Request-Id
GMS-Ver
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Connection-Hash
X-D
Fly-Cache
Fly-Request-Id
X-BB-ID
Host-ID
X-ARC
X-Generated-In
X-B-Cookie
X-Application
X-GoCache-CacheStatus
X-Haproxy-Ip
X-Haproxy-Hostname
X-G
X-From
Apple-News-Services-Request-Url
X-Fastly-Cache
BehaviorPad-Version
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Ajk
Apple-News-Services-Handled
X-Logtrace-Id
X-Region-Sid
VivaBuild
X-Rewrite-Enabled
X-Rojux
X-SRCache-Key
X-SVT-ORM-RULES
Resin-Trace
X-SVT-ORM-VERSION
Www
X-S-Cookie
X-We-Are-Hiring
X-Via-CDN
X-Via-Edge
X-Server-Time
X-VG-WebServer
X-A-Dgt
X-Fastcgi-Cache
Viewtype
X-Server-By
X-Wix-Route-ID
X-HS-Hub-Id
X-Transaction
X-A-Ccd
T-Server
X-Public
X-Trv-Group
X-A-Dcw
Sta2Tusw
X-A-Dam
X-A
X-User
Xc-Version
X-SIPLIST1
Fastly-SWR
Uber-Trace-Id
Fastly-SIE
X-F5-Cache
X-Cache-Id
X-Cache-Host
Server-Int
X-DPWN-IS-SECURE
X-Up
Request-Time
X-Debug-Cookies
X-Trace-Id
X-CS
X-Debug-Log
X-Cache-Expires
X-Core-Value
X-Var-Ttl
X-Fstrz
X-NX-Host
X-Request-URI
Origin
X-No-Session
Rendered-Blocks
X-Wikidot-Static-Cache
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-IN-SSL-APIGATEWAY
X-IN-WAF
X-IN-APIGATEWAY
X-Phone
NGX
X-Wikidot-Backend
X-Amz-Meta-Cache-Control
UCS
V-Age
AKAMAI
X-ScT
Release
IsBot
X-Webkit-CSP
X-Cache-Ttl
OT-Force-Account-Verify
X-Cache-CFC
Thinkindot-CacheControl
X-Backend-TTL
X-Backend-State
X-Cache-Time
X-Actual-URL
X-Amz-Meta-S3cmd-Attrs
X-Bug-Bounty
Web-Mar-Node
Who
X-Block-Status
Thinkindot-Control
X-Passed-To-BeforeDispatch
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-WebServer
X-Returned-From-PostProcessResponse
X-Served-From
X-Returned-From
X-Worker
X-Hl-Ver
X-RCS-CacheZone
X-Reboot
X-Auto-Login
X-Server-Group
X-VServer
X-Thinkindot-L3
X-UnsetCookies
X-UE-Client-Country
X-TT-LOGID
X-Stale
X-V
X-Server-IP
X-Servername
X-ServiceProvider
X-Sn-Servicetimems
X-Rocket-Nginx-Bypass
X-Via-NSCOPI
X-Env
X-Epic-Correlation-Id
X-Eu-Site
X-FireWall-Port
X-Edge-IP
X-Device-Os
X-Cdn-Srv
X-CGP
X-Ckpd-Fst-Backend
X-Content-Age
X-Forwarded-Host
X-Gen-Mode
X-Node-Id
X-Passed-To
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-MI-In-Market
X-Matched-Rule
X-GeoIP-City
X-GeoIP-Country-Code
X-Hnp-Log
X-Location
X-Cdn-Origin
Thinkindot-CacheControl-Type
HA-Geolon
HA-Geolat
HA-Geocountry
HA-Geocity
HA-Georegion
Ha-Gx-Prefs
HA-Urlpath
HA-Servedtime
HA-Ipaddr
HA-Host
Cneonction
GW-Server
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Backend-Name
CDCHOST
Decoy-Debug-Key
Fastly-Backend-Name
Esi-Enabled
Decoy-Debug-TTL
Decoy-Debug-Status
Httpd-Identifier
HA-Cloudapp
MI-Cache
Pramga
Proxy-Connection
Ohc-Response-Time
MI-Cache-Age
On-Server
Odigeo-Trace-Id
Server-Host
X-C
X-Varnish-Beresp-Ttl
X-Sorting-Hat-PodId
Powered-By
X-Release
X-Croise-Owner
X-ShardId
Request-EU
X-Developers
X-Dispatcher-Server
Request-Country
Content-Disposition
X-Platform
X-Hash
X-Clientip
X-Cache-Control-Set-By
X-Bip
X-Origin-Date
X-Origin-Expires
X-Crawler
X-HCF
X-Fetched-On
X-Core-Mission
Adler-Geo
X-Frame-Option
X-Info
Server-ID
Pragrma
X-Sorting-Hat-FeatureSet
Heartbleed
X-Sorting-Hat-PrivacyLevel
X-Cache-Debug
X-Sorting-Hat-PodId-Cached
Kp-EeAlive
X-Backend-Url
X-Backend-Host
Is-Eu
HTTPS
X-Sorting-Hat-Section
PFcat
X-Cache-Srv
X-Shopify-Stage
X-Thanos
X-Sorting-Hat-ShopId
X-ShopId
Platform
X-Alternate-Cache-Key
X-Response-By
X-Sorting-Hat-ShopId-Cached
X-Varnish-HitMiss
X-TIME
X-Varnish-Id
X-S-Maxage
X-Page-Type
X-Ver
NtCoent-Length
REQUESTUUID
X-Cache-URL
X-MSEdge-Features
Country-Code
X-Refresh
X-MSEdge-Flight
X-StackifyID
NnCoection
Drupal-Pagecache-Memcache
X-Svr
X-Req
Cache-Provider
X-Secret
X-Gannett-Site-Version
Mime-Version
MI-API
X-P-T
Processtime
X-App-Version
X-Pf-Uncompressing
X-Pjax-Url
X-Amz-Meta-S3b-Last-Modified
X-Oss-Hash-Crc64ecma
X-Csrf-Token
X-Oss-Object-Type
Dnion-Transfer-Encoding
X-Origin-TTL
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Storage-Class
X-COUNTRY
X-Cache-ASPX
Version
X-NC
X-EC-Security-Audit
Pagetype
Memory
Ar-Sid
Accept-Ch
X-Amz-Meta-Sha256
SN
X-Varnish-Url
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Kong-Upstream-Latency
WebServer
X-Kong-Proxy-Latency
X-Wix-Petri-Ex
X-Ua
X-Yottaa-Sig
Cteonnt-Length
Geoip-City
GeoIp-Country-Code
FSS-Cache
Geoip-Latitude
X-LiteSpeed-Cache-Control
FSS-Proxy
X-From-Cache
Arc-Country
X-Rule
Dont-Set-Cookie
X-Ruxit-Js-Agent
X-Cache-Handler
Brightspot-Id
X-DC
PageType
X-Irp-Debug
X-CSRF-Token
COMMERCE-SERVER-SOFTWARE
PICS-Label
X-Redis-Cache
MIME-Version
X-LB-Node
X-LB-CacheStatus
CF-IPCountry
X-Cdn-Forward
X-Load-Cache
Cdn
X-Request-Start
X-ROOTCache
X-Varnish-Beresp-TTL
Sid
X-Ratelimit-Remaining
If-Modified-Since
Edgecast
X-Request-UUID
X-SERVER-NAME
X-Endurance-Cache-Level
X-Requestid
X-Sf
X-Fastly-Backend-Reqs
PROCESSING-IP
BORDER-IP
X-GRACE
RNT-Machine
RNT-Time
X-TId
X-Varnish-Action
X-Servedbyhost
X-Varnish-Ttl
X-Ratelimit-Limit
XServer
X-Layer
X-GDPR
X-ServedByHost
X-Tid
X-Dynatrace
X-B3-SpanId
X-Atg-Version
X-RequestId
X-Nananana
X-Resolver-IP
Powered
X-Rocket-Nginx-Serving-Static
X-BE
Frame-Options
X-Cache-TTL
CDN
X-Fastly-Cache-Hits
Cache-Tags
Pics-Label
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
Cf-Ipcountry
Amp-Access-Control-Allow-Source-Origin
NodeID
Node
CACHE
X-Owner
X-Gdpr
X-Key
Dynatrace
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-Server-W
We-Hiring
Mail-Subject
X-HTML-Minification-Powered-By
GeoIP-City
GeoIP-Country-Code
GeoIP-Latitude
X-GZIP
PageSpeed
Web-Mar-Region
X-VG-WebCache
X-Shard
X-UPSTREAM-Address
X-Dynatrace-Js-Agent
X-Ms-Lease-Status
X-Ms-Blob-Type
X-Ms-Request-Id
X-Ms-Version
X-Use-Magma
Hostname
X-ABtesting
Lfy
Accept-CH
X-Varnish-URL
X-Flog
X-Sentry-ID
DataCenter
ProcessTime
X-Alicdn-Da-Ups-Status
X-Aicache-OS
X-Powered-By-ANYU
WZWS-RAY
X-CDN-Pop-IP
X-GEO
True-Client-Country-4JS
X-PF-Uncompressing
Max-Age
Is-Session-Tracking
Get-Access-Time
URI
X-CDN-Pop
X-VG-TLSProxy
Xet-Cookie
X-NWS-UUID-VERIFY
X-Dw-Trace-Id
X-NGINX-Cache
X-Policy
RequestUuid
X-PJAX-URL
X-Trv-Request-Id
X-Swa-Ws
Cdn-Host
X-Oa-Upstreams
Cdn-Request-Time
X-Check-Cacheable
X-Edge-Server
X-Cookie
Requestid
X-Mem
X-Unique-Id
X-Front
X-Org
GEO-REGION-INFO
X-Ms-Lease-State
Rt-Proxy-Cache
X-Cache-FS-Status
X-Powered-By-Defense
X-PAGE-TYPE
X-Remote-IP
X-Varnish-ID
X-VID
X-Akamai-ERPolicy
X-RSL
X-RPS
X-Acquia-Application-Trace
X-VC
X-SB
X-Proxy-Server
X-RPM
X-Acquia-Application-UUID
Magicmarker
SID
X-Litespeed-Cache-Control
X-RAMCache
X-Fe
WS
X-Litespeed-Tag
CF-Cached-On
X-DSS
X-DW
X-DI
X-DB
X-Hello
X-Akamai-ERRuleID