Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
X-Powered-By
Strict-Transport-Security
X-Content-Type-Options
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
X-Xss-Protection
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
X-Generator
Content-Security-Policy-Report-Only
CF-Ray
Alt-Svc
X-AspNetMvc-Version
Status
X-Cache-Status
X-DNS-Prefetch-Control
X-Check
X-Iinfo
X-Adblock-Key
Timing-Allow-Origin
X-FRAME-OPTIONS
X-CDN
X-Content-Security-Policy
X-Turbo-Charged-By
X-Permitted-Cross-Domain-Policies
Content-Encoding
X-Template
X-Language
Keep-Alive
X-Via
X-Type
X-AH-Environment
P3p
X-Backend
X-Cache-Group
WPE-Backend
X-Pass-Why
X-Buckets
X-Nginx-Cache-Status
X-Server
X-Age
X-Server-Powered-By
Access-Control-Max-Age
X-Pingback
Xkey
X-Varnish-Cache
X-Request-ID
Grace
Access-Control-Expose-Headers
Upgrade
X-Drupal-Dynamic-Cache
X-Hacker
X-UA-Device
X-Amz-Request-Id
X-Page-Speed
Cf-Railgun
X-Proxy-Cache
X-Amz-Id-2
EagleId
X-Robots-Tag
X-LiteSpeed-Cache
X-Ua-Compatible
X-Swift-SaveTime
X-Swift-CacheTime
X-Envoy-Upstream-Service-Time
Request-Context
X-Node
Ali-Swift-Global-Savetime
X-Ac
X-Device
Content-Location
X-Host
X-Cnection
X-Amz-Version-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Lookup
X-Server-Id
X-WebKit-CSP
Surrogate-Control
X-Backend-Server
X-OneAgent-JS-Injection
X-Rack-Cache
X-Instart-Request-ID
X-Px
X-Response-Time
X-CST
Request-Id
X-Readtime
Server-Timing
X-Rq
Permitted-Cross-Domain-Policies
X-Do-Not-Hack
X-Clacks-Overhead
X-HeyJason
X-Cloud-Trace-Context
Pinterest-Generated-By
EagleEye-TraceId
X-Url
Edge-Control
X-Application-Context
X-MS-InvokeApp
X-Country
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Allow
Charset
Report-To
X-Server-Name
SPRequestGuid
X-DynaTrace-JS-Agent
X-Country-Code
X-SharePointHealthScore
X-DataDome
X-TTL
X-Ruxit-JS-Agent
X-Varnish-TTL
Rating
X-Cached
X-TtlSet
X-Vname
X-PC
X-ESI
X-Powered-CMS
X-Powered-By-Plesk
X-Recruiting
Public-Key-Pins
X-FTR-Request-ID
X-D2id
NEL
X-Vhost
X-Version
X-Kinja-Revision
X-Kinja-Server
X-Geo-Segment
X-Kinja
X-Kinja-Build
X-F-Cache
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Env
X-N
X-CF-Powered-By
SPRequestDuration
SPIisLatency
MS-Author-Via
X-VARITI-CCR
X-Dw-Request-Base-Id
Cartoon
X-T
X-GoogleNews-Bot
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Mod-Pagespeed
X-DynaTrace
Content-MD5
X-Cdn
AR-PoweredBy
AR-CACHE
AR-ATIME
Nginx-Cache
RTSS
X-Abt-Application-Version
Feature-Policy
X-GitHub-Request-Id
MicrosoftSharePointTeamServices
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Verso
X-Shield-Request-Id
X-Dispatcher
X-Amz-Rid
X-Navigation-Version
X-Trace
X-Goog-Hash
X-Forwarded-Proto
X-Hits
X-Client-IP
Realpath
X-Origin-Cache
AR-SID
Arr-Disable-Session-Affinity
Paypal-Debug-Id
X-Kinsta-Cache
X-Server-ID
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Grace
X-Zen-Fury
X-Content-Options
X-Id
TCN
X-B
X-Content-Digest
X-Varnish-Age
X-Cache-Key
Alternate-Protocol
X-Ser
Fastcgi-Cache
X-Sol
X-Upstream
X-Ttl
Access-Control-Request-Method
DynaTrace
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Mrf-Section-Lastmod
MRF-Tech
X-Via-JSL
X-Pad
X-Fastly-Request-ID
X-FastCGI-Cache
X-Middleton-Display
Display
X-Vcap-Request-Id
X-Nf-Srv-Version
X-NF-Request-ID
X-DIS-Request-ID
PB-RID
PB-PID
X-IPLB-Instance
X-Mobile-Rewrite
X-User-Agent
Response
X-Middleton-Response
Front-End-Https
X-Frontend
X-SS-Set-Cookie
Pagespeed
Rt-Fastcgi-Cache
X-Cache-Rule
X-Logged-In
Eomportal-Instance
X-MSEdge-Ref
X-PressLabs-Stats
X-Whom
Server-Name
X-Acc-Meta-Resource-Type
X-Newrelic-App-Data
X-VCache
X-Forwarded-For
X-Cache-Hit
X-Hostname
Host
X-XRDS-LOCATION
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
Tracecode
S
Arc-Version
Cache-Status
X-NWS-LOG-UUID
X-Debug
X-FTR-Expires
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-Backend
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Balancer
X-HS-Content-Id
Surrogate-Key
X-Request-Received
X-Request-Processing-Time
Liferay-Portal
X-Analytics
Backend-Timing
X-AOL-HN
X-UUID
FilterID
X-Wix-Server-Artifact-Id
X-Instance
X-Magnolia-Registration
Public-Key-Pins-Report-Only
HitInfo
Server-Info
TP-Cache
TP-L2-Cache
HitType
Refresh
X-Contextid
ServerID
X-Rid
X-XRDS-Location
X-Proxied
X-Activity-Id
X-Az
X-AppVersion
X-B3-Traceid
X-WPE-Loopback-Upstream-Addr
AMP-Access-Control-Allow-Source-Origin
X-HW
X-Srv
X-Content-Security-Policy-Report-Only
X-Webkit-Csp
Service-Worker-Allowed
Cleartype
X-Varnish-Server
Edge-Cache-Tag
X-HS-Cache-Config
X-APP-VERSION
X-Mobile
X-Correlation-Id
X-FTR-Cache-Host
X-Varnish-Backend
X-Revision
Served-By
S-Cnection
X-Origin
X-Amzn-Trace-Id
Fastly-Restarts
Source
X-Geo-Country
X-PHP-Backend
X-RateLimit-Remaining
X-Cache-Control
X-App-Environment
Retry-After
X-Cache-Config
X-Framework
X-B-Cache
X-TT
X-Signature
X-FB-Debug
X-Varnish-Hostname
X-Cache-Server
X-Cache-Operation
X-Device-Type
Powered-By-ChinaCache
X-Request-Guid
X-PC-AppVer
X-PC-Key
X-PC-Hit
X-BCube-Filmed-By
X-Hail-Hydra
X-Tumblr-User
Host-Header
Server-Node
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Origin-Upstream-Status
X-Handled-By
MS-CV
X-Cache-Action
Accept-Charset
X-Sucuri-ID
X-Page-Id
X-Cache-2
DC
X-URL
X-TT-TIMESTAMP
X-Hyper-Cache
X-Ocache
X-Debug-Info
Actual-Object-TTL
X-Origin-Server
X-WA-Info
Cache
X-Shield-Cache-Expires
X-ADI-VCache
X-PC-Date
X-PC-Host
Viewport
X-ATG-Version
X-Content-Powered-By
NGB
Upgrade-Insecure-Requests
X-Accel-Expires
X-Microcachable
X-Cached-By
X-LB-Cache
X-Cache-NE
X-Daa-Tunnel
SRV
X-Drupal-Cache-Tags
AsisCache
X-B3-Sampled
X-HS-Combine-CSS
Filters
X-Accel-Buffering
X-Generated-By
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cacheable-TTL
X-Jobs
X-Akam-SW-Version
X-Amz-Server-Side-Encryption
X-App-Server
ServedBy
X-RequestSource
X-Seen-By
X-TX-ID
X-GeoIP
X-Wix-Request-Id
X-S
X-WebKit-CSP-Report-Only
X-Cluster
X-Geo
X-Varnish-Hits
X-RTag
X-Distil-CS
X-FW-Hash
X-Akamai-Edgescape
X-FW-Type
X-FW-Serve
X-Esi
X-FW-Server
X-Internal-Host
X-Locale
X-FW-Static
From-Origin
X-Tumblr-Pixel-2
Content-Style-Type
X-Tumblr-Pixel-1
X-Sucuri-Cache
Content-Script-Type
X-Adobe-Loc
X-Adobe-Content
X-Varnish-IP
X-Varnish-Cache-Hits
X-Feature
Datacenter
X-GZip
X-Varnish-Grace
X-Cache-Remote
X-CDN-Forward
HostName
X-Dns-Prefetch-Control
X-Node-Name
X-Storage
X-Platform-Server
X-Edge-Cache
X-ServedBy
X-Edge-Cache-Key
X-Cache-TTL-Remaining
X-Vg-Webcache
X-Cache-Age
X-UA
X-Akamai-Transformed
X-RateLimit-Limit
X-Region
X-Mode
X-Guploader-Uploadid
Cache-Tag
X-GUploader-UploadID
X-Amz-Replication-Status
X-Cache-Bucket
X-NewRelic-App-Data
Country
X-Distributor
Load-Balancing
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Real-IP
X-Drupal-Cache-Contexts
Fastly-SSL
X-Agile
X-Agile-Id
X-Proto
Ohc-File-Size
ServerName
X-Source
X-Kinja-Server-Push
X-Agile-Age
X-EIG-Tracking-Id
X-MP-GENERATED-AT
X-Path-Route
X-Cache-Category-Id
X-BB-IP
X-Is-Bot
X-Grey
X-Cache-Var-Map
X-Cache-Var
X-Detected-As
X-ProcessESI
X-RemovedCookies
X-Web-Node
Meta-Geo
Machine
GEO-INFO
X-Viewer-Country
X-Time-Microsecs
X-Akamai-Request-ID
X-Rendered-As
X-RN-RSRV
Cache-Key
X-JoinUs
X-Oracle-Dms-Rid
Cache-Hits
Cache-Name
X-Optimization
X-ProxyCache-Status
X-Debug-Cache
X-Cache-HT
Healthy
L5d-Success-Class
Mn-Server-Ip
X-ApacheServer
X-ProxyCache-Key
X-NCache
RATING
X-Oracle-Dms-Ecid
X-BYPASS-REASON
X-CCM
X-PERF
X-Webstats-RespID
X-CDN-Cache
X-Xfnlog-Site
X-TWH-CORRELATION-ID
Backend
Now
X-ServerID
X-Upgrade-Enabled
X-Request-Time
X-OCL
X-NodeID
X-Labrador-Cache-Channel
X-Port
X-Generated
X-PCL
Access-Control-Allow-Method
Azure-InstanceId
Azure-SlotName
Azure-RegionName
Azure-SiteName
Azure-Version
X-Hosted-By
X-OVcl
X-OVcl-Cache
X-Pubstack
X-Via-Fastly
X-Original-Request
X-Instance-Name
X-Amz-Meta-Surrogate-Control
X-Cluster-Node
X-Edge-Location
X-Human
S-Rt
X-FC-Vary-Parameters
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
X-Access
X-App-Name
X-Www-Served-By
X-AWS-Id
User-Cache-Control
TWC-Privacy
TWC-Connection-Speed
Property-Id
TWC-Device-Class
TWC-GeoIP-Country
TWC-Locale-Group
TWC-GeoIP-LatLong
X-Birta-Cache-Post
X-Birta-Served
X-Loop
X-LJ-Flow-ID
X-IP
X-Meta-Tbi-Cache-Vertical
X-Render-Type
X-Proxy
X-Origin-Hint
X-Routing-Service
X-Section
X-CCM-LastModified
X-Surge-Debug
X-SplitTest
X-Format
X-Generation-Time
X-Site-Version
LB
X-TNCMS
X-Proxy-Build
DB-Nickname
X-Timing-Wait
X-Varnish-Cacheable
X-VWS-Id
X-Zipkin-Id
Selected-FE
X-Newrelic-Synthetics
Fastcgi-Useragent
X-Backend-Name
X-Nginx-Cache
Countrycode
X-Hit
X-Real-Ip
X-TA-CDN-Provider
X-Time
X-Ezoic-Cdn
WP-Super-Cache
X-Tumblr-Pixel-3
User-Agent
X-Cache-Enabled
X-Origin-CC
Payment
X-Tb
Origin-Cache-Control
Origin-Edge-Control
X-L-Path
Ec-Rule-Version
X-Nc
X-Environment-Context
X-Unique-ID
X-CACHE-AGE
X-B3-Spanid
X-Dc
X-Oneagent-Js-Injection
X-DataStream-Cache-Status
Xserver
X-UA-Device-Type
RequestId
X-Servedby
X-Skip-Cache
X-NU-AKA-ACS-Version
Access-Control-Request-Headers
X-Dynatrace
X-NGENIX-Cache
X-Varnish-Beresp-Grace
X-Litespeed-Cache
X-Varnish-Beresp-Status
NODE
X-B3-TraceId
Webserver
X-Correlation-ID
X-Upstream-HT
Time
X-WR-MODIFICATION
X-Upstream-CT
X-Vgn-Hpd-Reason
X-Be
X-EdgeConnect-Cache-Status
X-Croise-Owner
Warning
X-DPWN-IS-SECURE
X-A-Dam
X-A-Ccd
X-Generated-In
X-Died
X-A-Dgt
X-A-Wwc
X-Application
X-From
X-Logtrace-Id
X-ElasticPress-Search
X-A-Dcw
X-B-Cookie
X-D
X-SRCache-Key
X-Cache-Id
X-ARC
X-S-Cookie
Cache-Prefix
Ajk
Fly-Request-Id
X-Developer
X-Cache-Host
V-Age
X-A
X-Destination
X-Cache-Backend
T-Server
Resin-Trace
X-G
Fly-Cache
X-Status
X-Content-Type
X-Varnish-Beresp-Ttl
Ws
Cneonction
IBM-Web2-Location
Request-Time
Memcached
X-NX-Host
Meta-Geo-Continent
X-Cache-Expires
X-Debug-Log
X-Fstrz
X-Debug-Cookies
X-CS
X-Cache-Time
X-Request-URI
X-Var-Ttl
X-Cache-Ttl
Host-ID
Fastly-Soc-X-Request-Id
BehaviorPad-Version
Fastcgi-X-Cache
Apple-News-Services-Request-Url
MD5-Digest
AKAMAI
Fastcgi-X-Cache-Version
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-UE-Client-Country
X-User
X-CF-Lambda-Fn
Xc-Version
X-Server-By
X-CF-Lambda-Version
X-Connection-Hash
X-BB-ID
X-Server-Time
Viewtype
VivaBuild
Www
X-Amz-Meta-Cache-Control
X-Rojux
X-Rewrite-Enabled
X-Planisys-CDN-TTL
X-Public
X-PAYTM-SRV-ID
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-No-Session
X-ND-Cache
X-Fastly-Cache
X-Haproxy-Hostname
X-Region-Sid
X-Haproxy-Ip
Sta2Tusw
X-BBXSRF
X-Twitter-Response-Tags
X-Trv-Group
X-Via-CDN
X-Via-Edge
X-Wix-Route-ID
X-We-Are-Hiring
X-Transaction
X-VG-WebServer
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Webkit-CSP
X-StackifyID
UCS
X-GeoIP-Country-Code
Fastly-SWR
Origin
X-Gannett-Site-Version
X-Forwarded-Host
Release
X-Sn-Servicetimems
X-FireWall-Port
X-IN-WAF
X-Frame-Option
X-Rebelmouse-Cache-Control
X-IN-APIGATEWAY
NGX
X-Hash
X-Phone
GMS-Ver
X-IN-SSL-APIGATEWAY
X-Wikidot-Static-Cache
Uber-Trace-Id
Fastly-SIE
Odigeo-Trace-Id
X-Wikidot-Backend
X-Rebelmouse-Surrogate-Control
X-Core-Value
X-Up
X-Sorting-Hat-PodId
X-Cache-CFC
X-Sorting-Hat-FeatureSet
X-Shopify-Stage
X-Sorting-Hat-PodId-Cached
X-Via-NSCOPI
X-Sorting-Hat-ShopId-Cached
X-Sorting-Hat-ShopId
Rendered-Blocks
X-Sorting-Hat-Section
X-ShopId
X-ShardId
X-Secret
X-WebServer
X-ScT
X-Trace-Id
X-Epic-Correlation-Id
Server-Int
X-RCS-CacheZone
X-S-Maxage
X-Cdn-Origin
X-Release
Drupal-Pagecache-Memcache
X-F5-Cache
X-Sorting-Hat-PrivacyLevel
X-Alternate-Cache-Key
Server-ID
Request-EU
Request-Country
Proxy-Connection
Version
X-Dispatcher-Server
X-Device-Os
X-Oss-Request-Id
X-C
X-Oss-Storage-Class
X-Oss-Server-Time
X-CSRF-Token
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
Pragrma
Powered-By
Platform
Pramga
X-Returned-From-DLL
X-Returned-From
Thinkindot-CacheControl-Type
Thinkindot-Control
Web-Mar-Node
Thinkindot-CacheControl
X-Reboot
X-Returned-From-PostProcessResponse
Server-Host
X-Response-By
X-Returned-From-BeforeDispatch
Ohc-Response-Time
X-Server-IP
X-Server-Group
MI-API
IsBot
Is-Eu
Heartbleed
Httpd-Identifier
MI-Cache
MI-Cache-Age
On-Server
OT-Force-Account-Verify
Who
X-GeoIP-City
X-Served-From
X-Rocket-Nginx-Bypass
PFcat
X-Amz-Meta-S3cmd-Attrs
X-Location
X-CGP
X-Ckpd-Fst-Backend
X-Matched-Rule
X-Cdn-Srv
X-MSEdge-Features
X-MI-In-Market
X-GoCache-CacheStatus
X-Content-Age
X-Edge-IP
X-Env
X-Developers
X-Hnp-Log
X-Core-Mission
X-Eu-Site
X-MSEdge-Flight
X-Cache-Srv
HA-Urlpath
X-Backend-Host
X-Fastcgi-Cache
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-Actual-URL
X-Backend-State
X-Backend-TTL
X-Cache-Debug
X-Node-Id
X-Block-Status
X-Fetched-On
X-Backend-Url
X-Passed-To
X-Passed-To-PostProcessResponse
HTTPS
Kp-EeAlive
Decoy-Debug-Key
Content-Disposition
X-Thinkindot-L3
Decoy-Debug-Status
Decoy-Debug-TTL
X-Origin-Expires
X-Page-Type
Esi-Enabled
X-Worker
X-VServer
CDCHOST
Adler-Geo
X-UnsetCookies
HA-Servedtime
X-TT-LOGID
X-V
X-Ver
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Fastly-Backend-Name
X-Origin-Date
HA-Geolon
X-Hl-Ver
HA-Geolat
X-Crawler
HA-Georegion
Ha-Gx-Prefs
X-Gen-Mode
HA-Ipaddr
X-Date
HA-Host
X-Info
HA-Geocountry
X-SIPLIST1
X-Accel-Expires-Debug
X-Auto-Login
X-Stale
X-ServiceProvider
X-Servername
HA-Geocity
HA-Cloudapp
GW-Server
Backend-Name
Mime-Version
X-Yottaa-Sig
NnCoection
X-Varnish-Id
X-Varnish-HitMiss
X-Bip
X-Thanos
X-Cache-Control-Set-By
X-Cache-URL
REQUESTUUID
X-Svr
X-Platform
Dnion-Transfer-Encoding
X-HCF
Country-Code
X-TIME
X-Clientip
X-Bug-Bounty
Apicache-Store
Apicache-Version
X-Refresh
X-Req
Cache-Provider
X-Amz-Meta-S3b-Last-Modified
X-Origin-TTL
NtCoent-Length
X-COUNTRY
X-Kong-Proxy-Latency
X-RateLimit-Limit-Second
X-Kong-Upstream-Latency
X-RateLimit-Remaining-Second
X-P-T
X-Varnish-Url
Cteonnt-Length
FSS-Proxy
FSS-Cache
X-DC
X-Pf-Uncompressing
X-Ua
Brightspot-Id
Arc-Country
X-LiteSpeed-Cache-Control
Ar-Sid
Processtime
WebServer
Accept-Ch
X-Irp-Debug
Dynatrace
Pagetype
COMMERCE-SERVER-SOFTWARE
X-CLOUD-TRACE-CONTEXT
X-Pjax-Url
X-App-Version
X-From-Cache
Memory
X-LB-Node
X-LB-CacheStatus
X-EC-Security-Audit
PageType
X-Amz-Meta-Sha256
X-Atg-Version
Sid
X-ROOTCache
X-Ratelimit-Limit
X-Ruxit-Js-Agent
X-Request-UUID
X-Cache-ASPX
If-Modified-Since
X-Request-Start
X-NC
Geoip-City
GeoIp-Country-Code
X-Ratelimit-Remaining
SN
Geoip-Latitude
X-Fastly-Backend-Reqs
X-Endurance-Cache-Level
Cdn
X-Load-Cache
PICS-Label
X-Varnish-Action
X-HS-Hub-Id
X-Csrf-Token
X-Layer
X-Redis-Cache
Edgecast
CF-IPCountry
X-SERVER-NAME
MIME-Version
X-Cache-Handler
X-GRACE
BORDER-IP
X-Cdn-Forward
PROCESSING-IP
X-GDPR
X-Tid
X-ServedByHost
X-Varnish-Beresp-TTL
X-Rocket-Nginx-Serving-Static
X-Dynatrace-Js-Agent
X-Nananana
Dont-Set-Cookie
X-Requestid
X-Wix-Petri-Ex
X-RequestId
X-TId
Frame-Options
NodeID
X-Servedbyhost
X-Fastly-Cache-Hits
X-Owner
X-Resolver-IP
X-Key
X-B3-SpanId
X-Rule
X-Sf
X-NWS-UUID-VERIFY
X-Cache-TTL
RNT-Time
X-Cf-Powered-By
Cf-Ipcountry
RNT-Machine
X-BE
X-Server-W
Web-Mar-Region
Pics-Label
CDN
CACHE
ProcessTime
WZWS-RAY
X-DataStream-MidMile-RTT
X-Flog
X-Sentry-ID
GeoIP-Latitude
X-ABtesting
X-HTML-Minification-Powered-By
X-DataStream-Origin-MEX-Latency
GeoIP-City
GeoIP-Country-Code
X-Tec-Api-Root
X-Tec-Api-Version
Node
X-Tec-Api-Origin
Powered
X-Powered-By-ANYU
X-FORWARDED-FOR
Get-Access-Time
X-VG-WebCache
Mail-Subject
Is-Session-Tracking
Lfy
We-Hiring
PageSpeed
Max-Age
X-Shard
XServer
Cache-Tags
X-Varnish-Ttl
X-CDN-Pop-IP
X-CDN-Pop
X-Use-Magma
DataCenter
X-SRV
X-ByteArk-Cache
X-Mem
X-GZIP
X-PJAX-URL
Magicmarker
Accept-CH
URI
X-Cache-FS-Status
X-Powered-By-Defense
X-UPSTREAM-Address
X-Check-Cacheable
X-Gdpr
X-PF-Uncompressing
X-Front
X-GEO
X-Unique-Id
Xet-Cookie
X-Dw-Trace-Id
X-Zalando-Child-Request-Id
X-Oa-Upstreams
Amp-Access-Control-Allow-Source-Origin
X-Cookie
X-Varnish-URL
X-Zalando-Page-Type
X-Ms-Blob-Type
X-Micro-Cache
X-Remote-IP
X-Ms-Request-Id
X-Ms-Lease-Status
X-Ms-Version
X-Trv-Request-Id
V-Cache
Group
X-Fe
X-HGenerator
RequestUuid
Rt-Proxy-Cache
X-Safe-Firewall
X-SB
N-Cache
X-VarnCache
X-Aicache-OS
X-VarnPar2
X-VC
X-Proxy-Server
X-Varnish-ID
X-PAGE-TYPE
Requestid
X-VarnPar1
X-PARISIEN-Cache-Rendered
Hostname
X-NGINX-Cache
X-Litespeed-Cache-Control
X-RAMCache
X-M-Reqid
WS
X-M-Log
X-Hello
X-Akamai-ERPolicy
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-ProxyCache-Args
X-Akamai-ERRuleID
CF-Cached-On
X-Alicdn-Da-Ups-Status
WWW-Authenticate
X-Qnm-Cache
X-Litespeed-Tag
SID