Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
X-Xss-Protection
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
CF-Ray
Alt-Svc
X-AspNetMvc-Version
Status
X-Cache-Status
X-DNS-Prefetch-Control
X-Check
X-Iinfo
X-Adblock-Key
X-FRAME-OPTIONS
Timing-Allow-Origin
X-CDN
X-Content-Security-Policy
X-Turbo-Charged-By
X-Permitted-Cross-Domain-Policies
Content-Encoding
P3p
X-Request-ID
X-Template
X-Language
Keep-Alive
X-Type
X-Via
X-AH-Environment
X-Cache-Group
X-Backend
WPE-Backend
X-Pass-Why
X-Buckets
X-Age
X-Server
X-Nginx-Cache-Status
Access-Control-Max-Age
X-Server-Powered-By
X-Pingback
Xkey
X-Varnish-Cache
Grace
Upgrade
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Hacker
X-UA-Device
X-Amz-Request-Id
X-Page-Speed
Cf-Railgun
X-Proxy-Cache
X-Amz-Id-2
X-Robots-Tag
EagleId
X-LiteSpeed-Cache
X-Envoy-Upstream-Service-Time
Request-Context
X-Node
X-Swift-CacheTime
X-Swift-SaveTime
X-Ac
X-Device
Ali-Swift-Global-Savetime
X-Cnection
X-Host
Content-Location
X-Amz-Version-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Lookup
X-WebKit-CSP
Surrogate-Control
X-Backend-Server
X-Server-Id
X-OneAgent-JS-Injection
X-Rack-Cache
X-Px
X-Response-Time
X-Instart-Request-ID
X-CST
Request-Id
X-Readtime
Server-Timing
X-Rq
X-Clacks-Overhead
X-Do-Not-Hack
X-HeyJason
Permitted-Cross-Domain-Policies
Pinterest-Generated-By
EagleEye-TraceId
X-Cloud-Trace-Context
X-Ua-Compatible
Edge-Control
X-Url
X-Application-Context
X-MS-InvokeApp
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country
X-Server-Name
Report-To
Charset
SPRequestGuid
X-DynaTrace-JS-Agent
Allow
X-Country-Code
X-SharePointHealthScore
X-DataDome
Rating
X-Varnish-TTL
X-TTL
X-Ruxit-JS-Agent
X-Cached
X-PC
X-Vname
X-TtlSet
X-ESI
X-Powered-CMS
X-Powered-By-Plesk
X-Recruiting
X-FTR-Request-ID
X-D2id
X-Vhost
NEL
X-CF-Powered-By
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
Public-Key-Pins
X-Upstream-Env
Pinterest-Version
X-Pinterest-Rid
X-Version
X-Cdn-Fetch
X-Exp-Id
X-Geo-Segment
X-Exp-Variant
X-Kinja
X-Kinja-Build
X-Kinja-Server
X-Kinja-Revision
X-F-Cache
X-N
X-DynaTrace
SPIisLatency
SPRequestDuration
X-T
X-VARITI-CCR
X-GoogleNews-Bot
X-Dw-Request-Base-Id
Cartoon
X-Mod-Pagespeed
MS-Author-Via
Content-MD5
Nginx-Cache
RTSS
X-Abt-Application-Version
Feature-Policy
AR-ATIME
AR-CACHE
AR-PoweredBy
X-GitHub-Request-Id
MicrosoftSharePointTeamServices
Verso
X-Dispatcher
X-Navigation-Version
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Shield-Request-Id
X-Amz-Rid
X-Client-IP
X-Goog-Hash
X-Hits
Realpath
X-Forwarded-Proto
X-Server-ID
X-Trace
X-Origin-Cache
X-Cdn
Paypal-Debug-Id
AR-SID
X-Content-Options
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Zen-Fury
Arr-Disable-Session-Affinity
X-Content-Digest
X-Id
X-Grace
X-Kinsta-Cache
TCN
X-B
X-Ttl
Alternate-Protocol
X-Varnish-Age
X-Cache-Key
Fastcgi-Cache
DynaTrace
X-Sol
X-Upstream
X-Ser
MRF-Tech
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-Mrf-Item-Lastmod
Access-Control-Request-Method
X-FastCGI-Cache
X-Pad
X-Fastly-Request-ID
X-Middleton-Display
Display
PB-PID
PB-RID
X-Via-JSL
X-NF-Request-ID
X-Nf-Srv-Version
X-Mobile-Rewrite
X-DIS-Request-ID
X-Vcap-Request-Id
X-User-Agent
Response
X-Middleton-Response
X-IPLB-Instance
Front-End-Https
Pagespeed
X-Acc-Meta-Resource-Type
X-MSEdge-Ref
Rt-Fastcgi-Cache
X-Frontend
X-Cache-Rule
X-PressLabs-Stats
Eomportal-Instance
X-Logged-In
X-Forwarded-For
X-SS-Set-Cookie
X-Cache-Hit
Server-Name
X-Whom
Arc-Version
X-VCache
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Storage-Class
X-XRDS-Location
X-Hostname
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
Host
Tracecode
S
X-Newrelic-App-Data
Cache-Status
Surrogate-Key
X-Country-Code-Real
X-FTR-Realm
X-FTR-Backend
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Expires
X-Analytics
X-Request-Received
X-Request-Processing-Time
Backend-Timing
X-Debug
X-HS-Content-Id
Refresh
X-Instance
X-AOL-HN
X-Contextid
X-Az
X-Proxied
X-Magnolia-Registration
TP-L2-Cache
X-AppVersion
X-Activity-Id
TP-Cache
FilterID
X-XRDS-LOCATION
X-Wix-Server-Artifact-Id
Public-Key-Pins-Report-Only
X-Rid
X-UUID
ServerID
Server-Info
HitInfo
HitType
X-Srv
X-WPE-Loopback-Upstream-Addr
X-HW
Liferay-Portal
X-NWS-LOG-UUID
X-URL
X-B3-Traceid
Cleartype
Service-Worker-Allowed
X-Mobile
X-Webkit-Csp
X-Content-Security-Policy-Report-Only
X-Varnish-Server
AMP-Access-Control-Allow-Source-Origin
X-Varnish-Backend
X-FTR-Cache-Host
X-APP-VERSION
Served-By
X-Revision
X-Cache-Control
Edge-Cache-Tag
X-HS-Cache-Config
X-Cache-Server
X-Amzn-Trace-Id
X-Geo-Country
X-App-Environment
X-PC-Hit
X-Correlation-Id
X-PHP-Backend
Host-Header
Retry-After
X-PC-Key
X-Origin
Source
X-PC-AppVer
X-Request-Guid
X-RateLimit-Remaining
MS-CV
S-Cnection
X-Device-Type
X-Hail-Hydra
X-Varnish-Hostname
X-TT
Server-Node
DC
X-BCube-Filmed-By
Powered-By-ChinaCache
Fastly-Restarts
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-User
X-Handled-By
X-Origin-Upstream-Status
X-Cache-Config
X-Framework
X-Signature
X-B-Cache
X-Cache-2
X-FB-Debug
X-Cache-Operation
X-Page-Id
Accept-Charset
X-Cache-Action
X-Ocache
X-Sucuri-ID
X-TT-TIMESTAMP
X-Origin-Server
X-Debug-Info
Actual-Object-TTL
X-Hyper-Cache
X-PC-Date
X-PC-Host
X-Shield-Cache-Expires
Viewport
X-ADI-VCache
X-WA-Info
NGB
X-Content-Powered-By
X-ATG-Version
X-Cached-By
X-Accel-Expires
X-B3-Sampled
X-Microcachable
Upgrade-Insecure-Requests
X-LB-Cache
Cache
X-Drupal-Cache-Tags
SRV
X-Cache-NE
X-Akam-SW-Version
Filters
AsisCache
X-Generated-By
X-Yottaa-Metrics
X-Yottaa-Optimizations
ServedBy
X-FW-Type
X-FW-Static
X-RequestSource
X-S
X-RTag
X-FW-Server
X-Locale
X-Internal-Host
X-FW-Serve
X-Cacheable-TTL
X-App-Server
X-FW-Hash
X-Seen-By
Content-Script-Type
X-Tumblr-Pixel-1
X-WebKit-CSP-Report-Only
X-Wix-Request-Id
X-TX-ID
X-Tumblr-Pixel-2
Content-Style-Type
X-Distil-CS
X-Amz-Server-Side-Encryption
X-GeoIP
X-Jobs
X-Accel-Buffering
X-Cluster
X-Varnish-Hits
X-HS-Combine-CSS
X-Geo
From-Origin
X-Akamai-Edgescape
X-Daa-Tunnel
X-Esi
X-Sucuri-Cache
X-Adobe-Loc
X-Adobe-Content
X-Varnish-IP
X-Node-Name
X-Varnish-Cache-Hits
X-Varnish-Grace
X-ServedBy
X-GZip
X-Litespeed-Cache
X-Platform-Server
X-Vg-Webcache
X-Edge-Cache
X-RateLimit-Limit
X-UA
X-Edge-Cache-Key
X-Dns-Prefetch-Control
X-Cache-TTL-Remaining
Datacenter
X-Oneagent-Js-Injection
X-Cache-Age
X-GUploader-UploadID
X-CDN-Forward
X-Cache-Remote
HostName
X-NewRelic-App-Data
X-Storage
X-TA-CDN-Provider
X-Mode
X-Region
X-Akamai-Transformed
Cache-Tag
X-Amz-Replication-Status
X-Real-IP
X-Drupal-Cache-Contexts
X-Distributor
Country
X-Source
Meta-Geo
Load-Balancing
Machine
X-RemovedCookies
X-MP-GENERATED-AT
X-Detected-As
X-ProcessESI
X-RN-RSRV
X-Is-Bot
X-Cache-Var
X-Path-Route
X-Cache-Var-Map
X-Rendered-As
X-Feature
X-NCache
X-Guploader-Uploadid
X-Agile-Id
X-Agile-Age
X-Agile
Fastly-SSL
X-Amz-Apigw-Id
X-Amzn-RequestId
ServerName
GEO-INFO
Mn-Server-Ip
X-CDN-Cache
X-Viewer-Country
X-BB-IP
X-Time-Microsecs
X-ApacheServer
X-TWH-CORRELATION-ID
X-Webstats-RespID
X-Kinja-Server-Push
Ohc-File-Size
X-OCL
X-PCL
X-Cache-Bucket
X-Web-Node
X-PERF
Cache-Key
X-Instance-Name
Cache-Name
X-Edge-Location
Backend
X-Pubstack
X-Cluster-Node
X-OVcl-Cache
X-Cache-Category-Id
Azure-InstanceId
X-Akamai-Request-ID
X-Proto
Azure-RegionName
Azure-SiteName
X-Cache-HT
X-EIG-Tracking-Id
Azure-SlotName
Azure-Version
X-Original-Request
X-Upgrade-Enabled
X-OVcl
X-Port
X-Grey
X-Via-Fastly
X-Optimization
X-NodeID
L5d-Success-Class
TWC-GeoIP-Country
X-Meta-Tbi-Cache-Vertical
DB-Nickname
TWC-Device-Class
X-Amz-Meta-Surrogate-Control
Healthy
TWC-GeoIP-LatLong
TWC-Locale-Group
Webcakes-App-Version
LB
Webcakes-App-Name
Webcakes-Region
TWC-Privacy
User-Cache-Control
X-Origin-Hint
X-Birta-Cache-Post
X-Human
X-Xfnlog-Site
X-Zipkin-Id
TWC-Connection-Speed
X-Debug-Cache
X-FC-Vary-Parameters
X-Hosted-By
X-Site-Version
X-ServerID
X-Generation-Time
X-Routing-Service
X-Request-Time
X-Www-Served-By
X-ProxyCache-Status
S-Rt
X-Birta-Served
X-App-Name
X-BYPASS-REASON
X-Proxy
Property-Id
X-CCM-LastModified
X-CCM
X-ProxyCache-Key
X-Section
X-LJ-Flow-ID
X-Varnish-Cacheable
X-Labrador-Cache-Channel
X-AWS-Id
Now
X-TNCMS
Cache-Hits
X-Loop
X-Format
X-SplitTest
X-Access
X-IP
X-VWS-Id
X-JoinUs
X-Surge-Debug
Fastcgi-Useragent
User-Agent
X-Generated
Access-Control-Allow-Method
X-Backend-Name
X-Tumblr-Pixel-3
X-Ezoic-Cdn
X-Render-Type
X-Timing-Wait
X-Proxy-Build
Countrycode
RATING
X-Origin-CC
Selected-FE
X-Hit
X-Tb
X-Time
X-Newrelic-Synthetics
Payment
Ec-Rule-Version
X-Cache-Enabled
X-Real-Ip
X-Nginx-Cache
X-DataStream-Cache-Status
Origin-Cache-Control
X-Dc
X-Unique-ID
Origin-Edge-Control
WP-Super-Cache
X-B3-TraceId
X-L-Path
X-Environment-Context
X-Nc
X-B3-Spanid
X-CACHE-AGE
RequestId
X-UA-Device-Type
X-Correlation-ID
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
Xserver
X-NU-AKA-ACS-Version
X-Varnish-Beresp-Grace
X-Skip-Cache
X-Varnish-Beresp-Status
X-Servedby
X-WR-MODIFICATION
NODE
X-NGENIX-Cache
Access-Control-Request-Headers
Webserver
X-Vgn-Hpd-Reason
X-COUNTRY
X-Be
Time
X-CLOUD-TRACE-CONTEXT
X-Content-Type
X-Upstream-CT
X-ElasticPress-Search
X-Upstream-HT
X-EdgeConnect-Cache-Status
X-Cache-Backend
Warning
Ws
X-Status
X-Croise-Owner
X-A-Ccd
X-A-Dgt
X-A
Www
X-A-Dam
Fastly-Soc-X-Request-Id
GMS-Ver
Fly-Request-Id
X-A-Dcw
Fly-Cache
Host-ID
VivaBuild
Fastcgi-X-Cache-Version
Ajk
Cache-Prefix
BehaviorPad-Version
Sta2Tusw
AKAMAI
Meta-Geo-Continent
Fastcgi-X-Cache
Resin-Trace
Viewtype
Memcached
T-Server
MD5-Digest
X-Developer
X-S-Cookie
X-Rojux
X-Server-By
X-Server-Time
X-SRCache-Key
X-Rewrite-Enabled
X-Region-Sid
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Public
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Via-Edge
X-We-Are-Hiring
X-Wix-Route-ID
Xc-Version
X-Via-CDN
X-VG-WebServer
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
X-User
X-PAYTM-SRV-ID
X-No-Session
X-Cache-Id
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Connection-Hash
X-Cache-Host
X-BBXSRF
X-Amz-Meta-Cache-Control
X-ARC
X-B-Cookie
X-BB-ID
X-D
X-Destination
X-Haproxy-Hostname
X-Haproxy-Ip
X-Logtrace-Id
X-ND-Cache
X-Generated-In
X-G
X-Died
X-DPWN-IS-SECURE
X-Fastly-Cache
X-From
X-A-Wwc
X-Application
Cneonction
X-Cache-Time
X-Request-URI
X-Cdn-Origin
X-Cache-Expires
X-Rebelmouse-Surrogate-Control
Apple-News-Services-Request-Url
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Rebelmouse-Cache-Control
IBM-Web2-Location
X-Core-Value
X-Forwarded-Host
X-Frame-Option
X-Fstrz
Fastly-SWR
X-F5-Cache
X-NX-Host
Fastly-SIE
X-CS
X-Debug-Cookies
X-Debug-Log
X-Phone
X-Cache-CFC
X-Var-Ttl
Request-Time
Server-Int
Origin
Rendered-Blocks
Release
X-Date
X-Accel-Expires-Debug
X-Wikidot-Static-Cache
X-Wikidot-Backend
Odigeo-Trace-Id
X-Cache-Ttl
UCS
V-Age
X-Varnish-Beresp-Ttl
IsBot
X-SIPLIST1
X-Sn-Servicetimems
Uber-Trace-Id
NGX
X-ScT
X-GoCache-CacheStatus
X-Trace-Id
X-StackifyID
X-Webkit-CSP
X-Backend-State
X-Backend-TTL
X-Amz-Meta-S3cmd-Attrs
X-Actual-URL
Web-Mar-Node
Who
X-Block-Status
X-Bug-Bounty
X-Cache-Debug
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-Served-From
X-C
X-Server-Group
X-ServiceProvider
Server-Host
X-Up
X-V
X-VServer
X-WebServer
Thinkindot-CacheControl
X-UnsetCookies
X-Thinkindot-L3
X-Stale
X-UE-Client-Country
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Returned-From-BeforeDispatch
X-Returned-From
X-MI-In-Market
X-Matched-Rule
X-MSEdge-Features
X-FireWall-Port
X-Eu-Site
X-MSEdge-Flight
X-Location
X-Gen-Mode
X-IN-SSL-APIGATEWAY
X-Hnp-Log
Proxy-Connection
X-IN-WAF
X-GeoIP-City
X-Env
X-Edge-IP
X-Ckpd-Fst-Backend
X-Content-Age
X-CGP
X-Cdn-Srv
X-Reboot
X-Passed-To-PostProcessResponse
X-Passed-To-DLL
X-Device-Os
X-Dispatcher-Server
X-Developers
X-Passed-To
X-Passed-To-BeforeDispatch
X-IN-APIGATEWAY
X-GeoIP-Country-Code
HA-Georegion
Ha-Gx-Prefs
HA-Geolon
HA-Geolat
HA-Geocity
HA-Geocountry
HA-Host
HA-Ipaddr
Httpd-Identifier
HTTPS
Heartbleed
HA-Urlpath
HA-Servedtime
HA-Cloudapp
GW-Server
Cache-Cookie-Set-Idcheck
Pramga
Cache-Cookie-Set-From
Backend-Name
Adler-Geo
CDCHOST
Content-Disposition
Esi-Enabled
Fastly-Backend-Name
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
Is-Eu
Cache-Cookie-Set-Lfrom
Powered-By
Pragrma
Ohc-Response-Time
On-Server
Platform
MI-Cache-Age
MI-Cache
NnCoection
Apicache-Version
Apicache-Store
X-TIME
X-Servername
X-Page-Type
X-ShardId
X-Sorting-Hat-PodId
Server-ID
X-Sorting-Hat-FeatureSet
X-Core-Mission
X-Shopify-Stage
REQUESTUUID
X-ShopId
OT-Force-Account-Verify
Request-EU
Request-Country
X-RCS-CacheZone
X-Gannett-Site-Version
X-Hash
X-Hl-Ver
X-Release
X-Response-By
X-Secret
X-Sorting-Hat-PrivacyLevel
X-Epic-Correlation-Id
X-S-Maxage
X-Fetched-On
X-Rocket-Nginx-Bypass
X-Server-IP
X-Sorting-Hat-PodId-Cached
X-Varnish-Id
X-TT-LOGID
PFcat
Kp-EeAlive
X-Backend-Url
X-Ruxit-Js-Agent
X-Backend-Host
X-Sorting-Hat-Section
X-Auto-Login
X-Ver
X-Alternate-Cache-Key
X-Worker
X-Sorting-Hat-ShopId
Drupal-Pagecache-Memcache
X-Node-Id
X-Cache-Srv
X-Via-NSCOPI
MI-API
X-Sorting-Hat-ShopId-Cached
Mime-Version
Dnion-Transfer-Encoding
X-Dynatrace
X-Origin-Date
X-Amz-Meta-S3b-Last-Modified
Version
X-Varnish-HitMiss
X-Crawler
X-Cache-Control-Set-By
X-Origin-Expires
X-Clientip
X-HCF
X-Thanos
X-Svr
X-Bip
X-Info
NtCoent-Length
X-Platform
X-Req
X-Cache-URL
X-P-T
X-Refresh
X-Fastcgi-Cache
Cache-Provider
Country-Code
X-App-Version
X-Origin-TTL
Cteonnt-Length
Processtime
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Storage-Class
X-Yottaa-Sig
X-CSRF-Token
Pagetype
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Pf-Uncompressing
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-HS-Hub-Id
X-Amz-Meta-Sha256
X-Pjax-Url
Accept-Ch
X-Varnish-Url
Arc-Country
FSS-Proxy
FSS-Cache
Memory
X-DC
Ar-Sid
X-EC-Security-Audit
WebServer
X-From-Cache
Brightspot-Id
X-Irp-Debug
X-LiteSpeed-Cache-Control
X-Cache-ASPX
X-Ua
X-NC
X-Csrf-Token
X-LB-CacheStatus
X-LB-Node
SN
X-ROOTCache
COMMERCE-SERVER-SOFTWARE
Sid
PageType
Geoip-City
GeoIp-Country-Code
Geoip-Latitude
X-Atg-Version
Cdn
X-Request-Start
X-Request-UUID
PICS-Label
X-Endurance-Cache-Level
X-Cache-Handler
Dynatrace
X-Cdn-Forward
X-Redis-Cache
CF-IPCountry
X-Wix-Petri-Ex
MIME-Version
X-Load-Cache
X-Rule
X-Ratelimit-Remaining
Dont-Set-Cookie
X-Ratelimit-Limit
If-Modified-Since
X-Fastly-Backend-Reqs
X-Varnish-Action
Edgecast
X-SERVER-NAME
X-Varnish-Beresp-TTL
X-TId
X-GRACE
X-Layer
PROCESSING-IP
BORDER-IP
X-Requestid
X-GDPR
X-Dynatrace-Js-Agent
X-B3-SpanId
X-Sf
X-ServedByHost
X-Tid
Frame-Options
X-Rocket-Nginx-Serving-Static
X-Servedbyhost
X-Fastly-Cache-Hits
RNT-Machine
RNT-Time
X-RequestId
X-Nananana
X-Resolver-IP
X-BE
X-DataStream-MidMile-RTT
X-Key
X-Owner
XServer
X-DataStream-Origin-MEX-Latency
Pics-Label
NodeID
Cf-Ipcountry
X-Cache-TTL
CDN
Node
Powered
Amp-Access-Control-Allow-Source-Origin
CACHE
X-Server-W
X-HTML-Minification-Powered-By
GeoIP-Country-Code
GeoIP-Latitude
Cache-Tags
Web-Mar-Region
GeoIP-City
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
X-ABtesting
We-Hiring
Mail-Subject
X-Flog
X-NWS-UUID-VERIFY
PageSpeed
DataCenter
WZWS-RAY
X-Sentry-ID
X-Shard
X-Powered-By-ANYU
Lfy
X-Varnish-Ttl
ProcessTime
X-VG-WebCache
X-Use-Magma
X-CDN-Pop
X-Ms-Blob-Type
Max-Age
Is-Session-Tracking
Accept-CH
X-Gdpr
Get-Access-Time
X-CDN-Pop-IP
X-Ms-Version
X-Ms-Lease-Status
X-Ms-Request-Id
X-Cf-Powered-By
X-GZIP
X-UPSTREAM-Address
X-PF-Uncompressing
X-Mem
X-PJAX-URL
X-Powered-By-Defense
Magicmarker
X-Cache-FS-Status
X-Varnish-URL
URI
X-GEO
X-ByteArk-Cache
X-FORWARDED-FOR
Xet-Cookie
X-Dw-Trace-Id
X-Front
Hostname
X-Cookie
X-Trv-Request-Id
X-Oa-Upstreams
X-Remote-IP
X-SRV
X-Check-Cacheable
X-NGINX-Cache
X-Unique-Id
X-RPS
X-Ms-Lease-State
X-DW
X-Edge-Server
X-DI
X-DB
X-RSL
X-DSS
RequestUuid
Cdn-Request-Time
X-Aicache-OS
Cdn-Host
Requestid
X-Varnish-ID
True-Client-Country-4JS
X-VG-TLSProxy
X-VID
X-RPM
X-Zalando-Child-Request-Id
X-Zalando-Page-Type
X-Micro-Cache
X-PAGE-TYPE
X-Proxy-Server
X-VarnCache
X-Litespeed-Tag
X-VarnPar1
X-VarnPar2
X-VC
V-Cache
N-Cache
X-Policy
X-Swa-Ws
Group
X-Safe-Firewall
X-SB
Rt-Proxy-Cache
X-Alicdn-Da-Ups-Status
X-Akamai-ERPolicy
X-RAMCache
X-Akamai-ERRuleID
WS
X-Hello
X-Fe
X-Acquia-Application-UUID
X-PARISIEN-Cache-Rendered
SID
X-Acquia-Application-Trace
X-Litespeed-Cache-Control
CF-Cached-On