Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
Referrer-Policy
X-Request-Id
X-Xss-Protection
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
Alt-Svc
Status
X-AspNetMvc-Version
X-Cache-Status
X-DNS-Prefetch-Control
P3p
X-Check
X-Iinfo
X-FRAME-OPTIONS
X-Adblock-Key
X-CDN
Timing-Allow-Origin
X-Content-Security-Policy
X-Permitted-Cross-Domain-Policies
X-Turbo-Charged-By
Content-Encoding
Keep-Alive
X-Template
X-Language
X-Type
X-AH-Environment
X-Request-ID
X-Via
X-Cache-Group
X-Backend
WPE-Backend
X-Pass-Why
X-Age
X-Buckets
X-Server
X-Nginx-Cache-Status
Access-Control-Max-Age
X-Server-Powered-By
X-Pingback
Xkey
X-Varnish-Cache
Grace
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Expose-Headers
X-Hacker
X-UA-Device
X-Amz-Request-Id
Cf-Railgun
X-Page-Speed
X-Amz-Id-2
X-Proxy-Cache
X-Robots-Tag
EagleId
X-Envoy-Upstream-Service-Time
Request-Context
X-Node
X-LiteSpeed-Cache
X-Ac
X-Swift-CacheTime
X-Swift-SaveTime
X-Device
X-Cnection
X-Host
Ali-Swift-Global-Savetime
X-Amz-Version-Id
Content-Location
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Server-Id
X-Backend-Server
Surrogate-Control
X-Cache-Lookup
X-Rack-Cache
X-OneAgent-JS-Injection
X-Response-Time
X-Px
X-Instart-Request-ID
Server-Timing
X-CST
Request-Id
X-Rq
X-Readtime
X-Url
X-Clacks-Overhead
Pinterest-Generated-By
X-Ua-Compatible
X-HeyJason
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
EagleEye-TraceId
Edge-Control
X-Country
X-Application-Context
X-Cloud-Trace-Context
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-MS-InvokeApp
Report-To
X-Server-Name
Charset
X-DynaTrace-JS-Agent
X-ESI
SPRequestGuid
X-Country-Code
Allow
X-DataDome
X-SharePointHealthScore
Rating
X-Varnish-TTL
X-Vname
X-TtlSet
X-PC
X-Cached
X-Ruxit-JS-Agent
X-Powered-CMS
X-Recruiting
X-Powered-By-Plesk
X-DynaTrace
X-CF-Powered-By
X-FTR-Request-ID
X-Vhost
NEL
X-D2id
X-Ttl
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-F-Cache
X-Kinja-Build
X-Geo-Segment
X-Exp-Variant
X-Cdn-Fetch
X-Kinja
X-Exp-Id
X-Kinja-Revision
X-Kinja-Server
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Env
Public-Key-Pins
X-Version
X-T
Cartoon
X-VARITI-CCR
X-GoogleNews-Bot
X-N
X-Dw-Request-Base-Id
SPIisLatency
SPRequestDuration
X-Mod-Pagespeed
X-Abt-Application-Version
RTSS
Verso
Feature-Policy
X-TTL
Content-MD5
MS-Author-Via
Nginx-Cache
X-GitHub-Request-Id
X-Dispatcher
X-Goog-Hash
X-Navigation-Version
X-Client-IP
X-Amz-Rid
X-Forwarded-Proto
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Hits
MicrosoftSharePointTeamServices
X-Cdn
Realpath
X-Origin-Cache
X-Shield-Request-Id
AR-PoweredBy
AR-ATIME
AR-CACHE
X-Trace
Paypal-Debug-Id
X-Server-ID
DynaTrace
X-Content-Options
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Grace
X-Id
X-Kinsta-Cache
X-Zen-Fury
X-Content-Digest
TCN
X-B
Arr-Disable-Session-Affinity
X-Varnish-Age
Alternate-Protocol
X-Cache-Key
X-Sol
AR-SID
Fastcgi-Cache
X-Upstream
MRF-Tech
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Acc-Meta-Resource-Type
Access-Control-Request-Method
X-Pad
X-Middleton-Display
Display
PB-PID
X-Mobile-Rewrite
PB-RID
X-Fastly-Request-ID
X-Ser
X-Nf-Srv-Version
X-NF-Request-ID
X-FastCGI-Cache
X-Via-JSL
X-User-Agent
X-DIS-Request-ID
Pagespeed
X-Vcap-Request-Id
X-Middleton-Response
Response
X-Forwarded-For
X-MSEdge-Ref
Arc-Version
Eomportal-Instance
X-Frontend
Rt-Fastcgi-Cache
X-Cache-Rule
X-PressLabs-Stats
Front-End-Https
X-Cache-Hit
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Logged-In
X-IPLB-Instance
X-XRDS-LOCATION
X-SS-Set-Cookie
X-VCache
Server-Name
Surrogate-Key
X-Hostname
S
Host
X-Whom
X-FTR-DC
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Backend
X-FTR-Expires
Tracecode
X-Request-Processing-Time
X-Request-Received
X-Analytics
X-Litespeed-Cache
Backend-Timing
X-HS-Content-Id
X-Debug
TP-L2-Cache
TP-Cache
Cache-Status
X-AOL-HN
X-Magnolia-Registration
X-HW
X-Instance
X-Rid
Refresh
X-Contextid
X-Srv
X-Az
ServerID
X-Activity-Id
FilterID
X-Proxied
X-AppVersion
Public-Key-Pins-Report-Only
X-Wix-Server-Artifact-Id
X-XRDS-Location
Cleartype
HitType
Server-Info
HitInfo
X-UUID
X-B3-Traceid
X-WPE-Loopback-Upstream-Addr
X-Varnish-Backend
X-FTR-Cache-Host
X-Content-Security-Policy-Report-Only
X-Mobile
X-Varnish-Server
X-Cache-Control
X-APP-VERSION
Service-Worker-Allowed
Served-By
X-Correlation-Id
X-Newrelic-App-Data
AMP-Access-Control-Allow-Source-Origin
Accept-Charset
Liferay-Portal
X-Origin-Upstream-Status
X-Cache-Server
Source
X-Amzn-Trace-Id
X-TT
X-Revision
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Hail-Hydra
X-Geo-Country
Server-Node
X-PC-AppVer
X-Request-Guid
X-BCube-Filmed-By
X-PC-Key
X-PC-Hit
X-App-Environment
X-Framework
Host-Header
X-Page-Id
X-Handled-By
X-Varnish-Hostname
X-PHP-Backend
Retry-After
MS-CV
X-B-Cache
X-FB-Debug
X-Signature
X-Device-Type
X-Cache-Operation
X-Cache-2
DC
X-Cache-Config
X-Origin-Server
Powered-By-ChinaCache
X-ATG-Version
Viewport
X-RateLimit-Remaining
X-Origin
S-Cnection
X-HS-Cache-Config
X-Cache-Action
Edge-Cache-Tag
X-Debug-Info
X-Webkit-Csp
Fastly-Restarts
X-TT-TIMESTAMP
X-Ocache
X-Cached-By
X-NWS-LOG-UUID
X-NewRelic-App-Data
X-B3-Sampled
X-Oneagent-Js-Injection
X-PC-Host
X-PC-Date
Actual-Object-TTL
X-Sucuri-ID
X-Hyper-Cache
X-WA-Info
X-Akam-SW-Version
NGB
X-LB-Cache
X-Drupal-Cache-Tags
X-Microcachable
X-Content-Powered-By
X-ADI-VCache
X-Shield-Cache-Expires
X-Accel-Expires
X-Cache-Age
SRV
Upgrade-Insecure-Requests
AsisCache
Filters
X-App-Server
X-Generated-By
X-Cache-NE
X-Distil-CS
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-WebKit-CSP-Report-Only
ServedBy
X-Jobs
X-Internal-Host
X-Yottaa-Metrics
X-FW-Server
Cache
X-Yottaa-Optimizations
X-RequestSource
X-Locale
X-RTag
X-FW-Type
X-Cluster
X-FW-Hash
X-FW-Serve
X-FW-Static
Content-Style-Type
X-Cacheable-TTL
X-GeoIP
Content-Script-Type
X-Wix-Request-Id
X-Seen-By
X-Accel-Buffering
X-Node-Name
X-S
X-Varnish-Hits
X-Geo
X-Amz-Server-Side-Encryption
X-TX-ID
Datacenter
From-Origin
X-Varnish-Grace
X-Platform-Server
X-Varnish-Cache-Hits
X-CLOUD-TRACE-CONTEXT
X-Adobe-Loc
X-ServedBy
X-GZip
X-RateLimit-Limit
X-GUploader-UploadID
X-Adobe-Content
X-Varnish-IP
X-Akamai-Edgescape
X-Vg-Webcache
X-Cache-TTL-Remaining
X-Sucuri-Cache
X-UA
Cache-Tag
X-Edge-Cache-Key
X-Edge-Cache
X-HS-Combine-CSS
X-CDN-Forward
X-Storage
X-Mode
X-Drupal-Cache-Contexts
X-Akamai-Transformed
X-URL
X-Region
X-Source
X-Real-IP
X-Cache-Remote
X-Distributor
X-Guploader-Uploadid
X-Amz-Replication-Status
X-Proxy
X-Kinja-Server-Push
Load-Balancing
X-Amz-Apigw-Id
X-ProcessESI
X-RemovedCookies
X-Rendered-As
X-RN-RSRV
X-Amzn-RequestId
X-Path-Route
X-Detected-As
X-Is-Bot
X-MP-GENERATED-AT
Meta-Geo
Machine
Ohc-File-Size
ServerName
X-Dc
X-NCache
Fastly-SSL
X-Agile-Id
X-PERF
Cache-Key
Mn-Server-Ip
X-Proto
Backend
X-Agile
X-Agile-Age
HostName
X-Backend-Name
X-FC-Vary-Parameters
X-Upgrade-Enabled
X-Webstats-RespID
X-TWH-CORRELATION-ID
X-CDN-Cache
X-ApacheServer
X-BB-IP
GEO-INFO
X-Time-Microsecs
Azure-Version
X-JoinUs
X-ServerID
User-Agent
X-Edge-Location
Azure-InstanceId
Azure-SiteName
Azure-RegionName
Azure-SlotName
X-OVcl-Cache
X-Cache-Var-Map
X-Cache-Var
X-Cluster-Node
X-EIG-Tracking-Id
X-Human
X-Hosted-By
X-NodeID
X-Amz-Meta-Surrogate-Control
X-Varnish-Cacheable
X-Pubstack
X-OVcl
X-Original-Request
X-Akamai-Request-ID
S-Rt
Healthy
Access-Control-Allow-Method
X-OCL
X-Cache-Category-Id
X-PCL
X-Web-Node
X-Viewer-Country
X-Grey
X-Debug-Cache
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Connection-Speed
X-Port
X-Optimization
X-VWS-Id
TWC-Privacy
Selected-FE
X-Instance-Name
X-Origin-Hint
Webcakes-Region
X-CCM-LastModified
X-Birta-Served
X-Birta-Cache-Post
X-Format
X-Generated
X-IP
X-Generation-Time
X-Via-Fastly
X-AWS-Id
X-Proxy-Build
Webcakes-App-Version
X-Access
X-ProxyCache-Key
X-App-Name
X-ProxyCache-Status
Webcakes-App-Name
Property-Id
Cache-Name
LB
L5d-Success-Class
X-Loop
X-Meta-Tbi-Cache-Vertical
Now
X-Section
X-Site-Version
X-TNCMS
X-Www-Served-By
X-Timing-Wait
X-SplitTest
X-Zipkin-Id
X-LJ-Flow-ID
X-Routing-Service
Countrycode
X-Cache-HT
X-BYPASS-REASON
User-Cache-Control
DB-Nickname
X-Labrador-Cache-Channel
Fastcgi-Useragent
Payment
X-Tb
RATING
Cache-Hits
X-Xfnlog-Site
X-CCM
Country
Ec-Rule-Version
X-Time
X-Tumblr-Pixel-3
X-Request-Time
X-Real-Ip
X-Daa-Tunnel
X-Surge-Debug
X-Origin-CC
X-DataStream-Cache-Status
X-Ezoic-Cdn
X-TA-CDN-Provider
X-Newrelic-Synthetics
X-Hit
X-Unique-ID
X-Nc
X-B3-TraceId
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Feature
WP-Super-Cache
X-Nginx-Cache
X-Cache-Bucket
X-Cache-Enabled
X-Render-Type
Origin-Edge-Control
Origin-Cache-Control
X-Ruxit-Js-Agent
X-B3-Spanid
X-Servedby
Xserver
X-Varnish-Beresp-Status
X-UA-Device-Type
X-Varnish-Beresp-Grace
X-L-Path
X-HS-Hub-Id
X-Esi
X-Status
X-Environment-Context
RequestId
X-NU-AKA-ACS-Version
NODE
X-NGENIX-Cache
Apicache-Store
X-Skip-Cache
X-Content-Type
Apicache-Version
X-WR-MODIFICATION
X-Fastcgi-Cache
Access-Control-Request-Headers
Ws
X-EdgeConnect-Cache-Status
X-Correlation-ID
X-ElasticPress-Search
X-Cache-Backend
X-Be
IBM-Web2-Location
Warning
X-Upstream-CT
X-Upstream-HT
Resin-Trace
X-User
AKAMAI
X-SVT-ORM-VERSION
X-Server-Time
X-Via-Edge
X-SRCache-Key
X-SVT-ORM-RULES
X-Trv-Group
X-Transaction
X-Twitter-Response-Tags
X-Via-CDN
Fastcgi-X-Cache-Version
Fastly-Soc-X-Request-Id
Fly-Cache
Fly-Request-Id
Fastcgi-X-Cache
Cache-Prefix
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
BehaviorPad-Version
GMS-Ver
Host-ID
X-VG-WebServer
Meta-Geo-Continent
Apple-News-Services-Handled
Memcached
X-Vgn-Hpd-Reason
X-Server-By
MD5-Digest
Apple-News-Services-Host
X-We-Are-Hiring
X-Planisys-CDN-Rules
X-Destination
X-Date
X-D
X-Connection-Hash
X-A-Ccd
X-Developer
X-From
X-Fastly-Cache
X-Died
X-A
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Accel-Expires-Debug
X-Application
X-B-Cookie
X-ARC
X-A-Wwc
X-A-Dgt
X-BBXSRF
X-BB-ID
X-A-Dam
X-A-Dcw
Www
X-G
X-Public
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
T-Server
X-Region-Sid
Xc-Version
X-S-Cookie
X-Wix-Route-ID
X-Rojux
X-Rewrite-Enabled
X-PAYTM-SRV-ID
X-No-Session
X-IN-APIGATEWAY
X-Haproxy-Ip
X-Haproxy-Hostname
X-Generated-In
VivaBuild
X-IN-SSL-APIGATEWAY
Viewtype
X-ND-Cache
X-Logtrace-Id
X-IN-WAF
Sta2Tusw
Ajk
X-Cache-Ttl
X-Webkit-CSP
X-GoCache-CacheStatus
Time
X-Cdn-Origin
X-Rebelmouse-Surrogate-Control
X-Cache-Expires
IsBot
X-Rebelmouse-Cache-Control
X-Cache-Host
X-Core-Value
X-Debug-Cookies
Webserver
X-CS
X-Trace-Id
X-Auto-Login
X-Wikidot-Backend
X-NX-Host
Origin
X-ScT
X-Rocket-Nginx-Bypass
Uber-Trace-Id
UCS
X-Wikidot-Static-Cache
V-Age
Server-Int
X-SIPLIST1
X-Amz-Meta-Cache-Control
X-UE-Client-Country
X-Sn-Servicetimems
Release
Request-Time
Rendered-Blocks
NGX
OT-Force-Account-Verify
Fastly-SWR
X-Hl-Ver
X-Phone
X-Forwarded-Host
X-F5-Cache
X-Via-NSCOPI
Fastly-SIE
X-Debug-Log
X-Up
X-Var-Ttl
X-C
X-Croise-Owner
X-Returned-From-BeforeDispatch
X-HCF
X-GeoIP-Country-Code
X-Response-By
X-Amz-Meta-S3cmd-Attrs
X-Returned-From
X-Hash
X-Actual-URL
X-Passed-To-DLL
X-Matched-Rule
Who
X-Passed-To
MI-Cache-Age
X-Node-Id
X-Server-Group
X-Location
X-Returned-From-DLL
X-Passed-To-PostProcessResponse
X-Release
X-Returned-From-PostProcessResponse
X-Passed-To-BeforeDispatch
MI-Cache
X-Backend-State
X-Cdn-Srv
X-CGP
X-Epic-Correlation-Id
X-Eu-Site
X-Fetched-On
X-Clientip
X-Core-Mission
X-Developers
X-Request-URI
X-DPWN-IS-SECURE
X-Crawler
X-Edge-IP
X-Cache-Srv
X-Cache-Id
X-Backend-TTL
X-Backend-Url
X-Backend-Host
X-Frame-Option
X-Platform
X-Reboot
X-Bip
X-Cache-Debug
X-FireWall-Port
X-Cache-Control-Set-By
X-Cache-CFC
X-Bug-Bounty
X-GeoIP-City
X-Server-IP
HA-Geocountry
HA-Geolat
HA-Geocity
HA-Cloudapp
X-Thinkindot-L3
GW-Server
HA-Geolon
HA-Georegion
HA-Servedtime
HA-Urlpath
HA-Ipaddr
HA-Host
Ha-Gx-Prefs
X-UnsetCookies
Decoy-Debug-TTL
X-Varnish-HitMiss
Cache-Cookie-Set-From
X-Fstrz
Backend-Name
X-Ver
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Decoy-Debug-Key
Decoy-Debug-Status
Country-Code
Content-Disposition
X-V
Heartbleed
X-Thanos
Powered-By
PFcat
On-Server
Ohc-Response-Time
X-MI-In-Market
Server-Host
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-ServiceProvider
Odigeo-Trace-Id
Pramga
X-Stale
Proxy-Connection
HTTPS
Mime-Version
Cneonction
X-Varnish-Id
X-Env
X-Sorting-Hat-PodId
Request-EU
Esi-Enabled
X-Worker
X-Dispatcher-Server
Request-Country
X-WebServer
X-Sorting-Hat-PrivacyLevel
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-Block-Status
Fastly-Backend-Name
X-MSEdge-Features
X-Content-Age
Httpd-Identifier
X-Sorting-Hat-FeatureSet
X-Sorting-Hat-Section
X-VServer
X-Device-Os
X-Sorting-Hat-PodId-Cached
X-Origin-Expires
X-Servername
X-TT-LOGID
X-S-Maxage
Web-Mar-Node
X-Cache-Time
Server-ID
X-Ckpd-Fst-Backend
Platform
X-RCS-CacheZone
X-MSEdge-Flight
X-ShardId
X-Info
X-Shopify-Stage
X-Gen-Mode
Is-Eu
CDCHOST
REQUESTUUID
Pragrma
X-Hnp-Log
X-ShopId
X-Sorting-Hat-ShopId-Cached
X-Origin-Date
Adler-Geo
X-CACHE-AGE
NnCoection
Dnion-Transfer-Encoding
X-Served-From
X-Refresh
Kp-EeAlive
X-Cache-URL
MI-API
X-App-Version
NtCoent-Length
X-Req
X-Cache-ASPX
Cache-Provider
X-Svr
X-Pjax-Url
X-Page-Type
X-P-T
X-Varnish-Beresp-Ttl
X-TIME
X-Secret
Processtime
Version
X-Gannett-Site-Version
X-EC-Security-Audit
Drupal-Pagecache-Memcache
X-Origin-TTL
X-StackifyID
X-Amz-Meta-S3b-Last-Modified
X-Pf-Uncompressing
SN
Ar-Sid
X-Amz-Meta-Sha256
X-Wix-Petri-Ex
X-Csrf-Token
X-Varnish-Url
Memory
X-Oss-Storage-Class
X-Rule
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
WebServer
X-Oss-Server-Time
X-Oss-Object-Type
Dont-Set-Cookie
Accept-Ch
X-Ua
X-From-Cache
X-CSRF-Token
X-Varnish-Beresp-TTL
Pagetype
GeoIp-Country-Code
Geoip-Latitude
X-LiteSpeed-Cache-Control
X-RateLimit-Limit-Second
X-Cache-Handler
X-RateLimit-Remaining-Second
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Geoip-City
PageType
X-NC
FSS-Proxy
Cdn
FSS-Cache
Arc-Country
X-Load-Cache
X-Yottaa-Sig
Cteonnt-Length
Brightspot-Id
X-Cdn-Forward
PICS-Label
X-Irp-Debug
X-Ratelimit-Remaining
X-LB-Node
X-LB-CacheStatus
CF-IPCountry
X-Request-Start
X-COUNTRY
X-SERVER-NAME
If-Modified-Since
X-Sf
Edgecast
X-Fastly-Backend-Reqs
Sid
X-Redis-Cache
BORDER-IP
PROCESSING-IP
X-ROOTCache
X-GRACE
MIME-Version
COMMERCE-SERVER-SOFTWARE
RNT-Machine
RNT-Time
X-GDPR
X-Tid
X-Request-UUID
X-Ratelimit-Limit
X-Requestid
X-ServedByHost
X-B3-SpanId
Amp-Access-Control-Allow-Source-Origin
X-DC
X-Endurance-Cache-Level
X-RequestId
X-TId
XServer
Powered
X-Varnish-Action
Cache-Tags
X-Servedbyhost
X-Rocket-Nginx-Serving-Static
X-Resolver-IP
X-BE
X-Layer
X-Nananana
Pics-Label
Cf-Ipcountry
Frame-Options
X-Cache-TTL
Node
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Atg-Version
X-Fastly-Cache-Hits
NodeID
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-UPSTREAM-Address
We-Hiring
Mail-Subject
GeoIP-Country-Code
GeoIP-City
X-Gdpr
CDN
GeoIP-Latitude
PageSpeed
X-VG-WebCache
X-Owner
X-Shard
X-HTML-Minification-Powered-By
X-Key
Hostname
X-Varnish-Ttl
X-Dynatrace-Js-Agent
CACHE
X-Use-Magma
X-Dynatrace
X-Ms-Lease-Status
Accept-CH
X-Aicache-OS
X-Ms-Blob-Type
X-Varnish-URL
X-Alicdn-Da-Ups-Status
X-Ms-Version
X-Ms-Request-Id
X-Server-W
ProcessTime
X-GZIP
Lfy
X-VG-TLSProxy
Web-Mar-Region
X-PF-Uncompressing
X-Sentry-ID
Dynatrace
X-GEO
WZWS-RAY
Cdn-Host
X-ABtesting
True-Client-Country-4JS
Cdn-Request-Time
X-Swa-Ws
URI
X-Flog
X-Edge-Server
DataCenter
Xet-Cookie
X-Org
X-Powered-By-ANYU
X-Oa-Upstreams
X-PAGE-TYPE
GEO-REGION-INFO
X-Cookie
X-Ms-Lease-State
V-Cache
Group
X-Policy
X-Front
X-Vcache
X-PJAX-URL
Rt-Proxy-Cache
X-Dw-Trace-Id
X-Unique-Id
X-Varnish-ID
X-NGINX-Cache
Requestid
N-Cache
X-Check-Cacheable
Is-Session-Tracking
RequestUuid
Get-Access-Time
X-Varnish-Info
X-VC
X-CDN-Pop
Max-Age
X-NWS-UUID-VERIFY
X-M-Reqid
X-Qnm-Cache
X-M-Log
X-CDN-Pop-IP
X-SB
X-VID
X-ServerName
X-Response-Served-From
X-Amzn-Remapped-Date
X-RSL
X-Amzn-Remapped-Connection
X-External-Request-Id
X-Mem
X-Hello
CF-Cached-On
X-Litespeed-Tag
SID
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Trv-Request-Id
X-RAMCache
X-Proxy-Server
X-DSS
X-DW
X-RPM
X-DI
X-DB
WS
X-Fe
X-Litespeed-Cache-Control
X-RPS