Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
X-Powered-By
Strict-Transport-Security
X-Content-Type-Options
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
X-Xss-Protection
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
CF-Ray
X-Generator
Content-Security-Policy-Report-Only
Alt-Svc
X-AspNetMvc-Version
Status
X-Cache-Status
X-DNS-Prefetch-Control
X-Check
X-Iinfo
X-Adblock-Key
X-FRAME-OPTIONS
Timing-Allow-Origin
X-CDN
X-Content-Security-Policy
X-Turbo-Charged-By
X-Permitted-Cross-Domain-Policies
Content-Encoding
X-Template
X-Language
Keep-Alive
X-Via
X-Type
X-AH-Environment
X-Backend
X-Cache-Group
WPE-Backend
X-Pass-Why
X-Nginx-Cache-Status
X-Buckets
X-Server
X-Age
X-Server-Powered-By
Access-Control-Max-Age
X-Pingback
Xkey
X-Request-ID
X-Varnish-Cache
Grace
Access-Control-Expose-Headers
Upgrade
X-Drupal-Dynamic-Cache
X-Hacker
X-UA-Device
X-Amz-Request-Id
P3p
X-Page-Speed
Cf-Railgun
X-Proxy-Cache
X-Amz-Id-2
EagleId
X-Robots-Tag
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Envoy-Upstream-Service-Time
Request-Context
Ali-Swift-Global-Savetime
X-Node
X-Ac
X-Device
Content-Location
X-Host
X-Cnection
X-Amz-Version-Id
X-Cache-Lookup
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Surrogate-Control
X-Server-Id
X-Backend-Server
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Rack-Cache
X-Instart-Request-ID
X-Px
X-CST
X-Response-Time
Request-Id
X-Readtime
Server-Timing
X-Rq
Permitted-Cross-Domain-Policies
X-HeyJason
X-Do-Not-Hack
X-Clacks-Overhead
X-Cloud-Trace-Context
X-Url
EagleEye-TraceId
Pinterest-Generated-By
X-Ua-Compatible
Edge-Control
X-Application-Context
X-Country
X-MS-InvokeApp
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Allow
X-DynaTrace-JS-Agent
Charset
X-Server-Name
Report-To
SPRequestGuid
X-Country-Code
X-SharePointHealthScore
X-DataDome
X-Ruxit-JS-Agent
X-TTL
X-Varnish-TTL
X-Cached
X-ESI
Rating
X-TtlSet
X-PC
X-Vname
X-Powered-CMS
X-Powered-By-Plesk
X-Recruiting
Public-Key-Pins
X-FTR-Request-ID
X-D2id
X-Vhost
NEL
X-Version
X-F-Cache
X-Cdn-Fetch
X-Exp-Id
Pinterest-Version
X-Geo-Segment
X-Exp-Variant
X-Kinja-Build
X-Kinja-Revision
X-Pinterest-Rid
X-Upstream-Env
X-Kinja
X-Kinja-Server
X-CF-Powered-By
X-N
SPIisLatency
SPRequestDuration
MS-Author-Via
X-DynaTrace
X-Dw-Request-Base-Id
Cartoon
X-VARITI-CCR
X-Cdn
X-T
X-Mod-Pagespeed
X-GoogleNews-Bot
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
Content-MD5
AR-ATIME
AR-PoweredBy
AR-CACHE
Nginx-Cache
RTSS
X-Abt-Application-Version
X-GitHub-Request-Id
MicrosoftSharePointTeamServices
Feature-Policy
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Verso
X-Shield-Request-Id
X-Amz-Rid
X-Navigation-Version
X-Dispatcher
X-Trace
X-Forwarded-Proto
X-Hits
X-Client-IP
X-Goog-Hash
Realpath
X-Origin-Cache
AR-SID
X-Server-ID
Arr-Disable-Session-Affinity
Paypal-Debug-Id
X-Kinsta-Cache
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Zen-Fury
X-Id
X-Content-Options
TCN
X-Content-Digest
X-B
X-Grace
X-Varnish-Age
Alternate-Protocol
X-Ser
X-Ttl
X-Sol
Fastcgi-Cache
X-Cache-Key
DynaTrace
X-Upstream
Access-Control-Request-Method
X-Via-JSL
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Mrf-Cache-Status
MRF-Tech
X-Pad
X-Fastly-Request-ID
X-Middleton-Display
Display
X-Nf-Srv-Version
X-Vcap-Request-Id
X-NF-Request-ID
X-DIS-Request-ID
X-IPLB-Instance
PB-RID
PB-PID
Response
X-Middleton-Response
X-FastCGI-Cache
X-User-Agent
X-Mobile-Rewrite
Front-End-Https
X-SS-Set-Cookie
Pagespeed
X-Frontend
Rt-Fastcgi-Cache
X-Logged-In
X-Cache-Rule
Eomportal-Instance
X-MSEdge-Ref
X-Webkit-Csp
X-PressLabs-Stats
Server-Name
X-Whom
X-Acc-Meta-Resource-Type
X-Cache-Hit
X-Newrelic-App-Data
X-VCache
Host
X-Hostname
S
Tracecode
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Generation
X-NWS-LOG-UUID
X-Forwarded-For
Cache-Status
X-XRDS-LOCATION
Arc-Version
X-Debug
Liferay-Portal
X-FTR-Backend-Server
X-FTR-Expires
X-FTR-Realm
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Balancer
X-Country-Code-Real
X-Request-Received
X-AOL-HN
Surrogate-Key
X-HS-Content-Id
X-XRDS-Location
X-Request-Processing-Time
X-Analytics
Backend-Timing
X-UUID
Server-Info
HitType
HitInfo
FilterID
X-Wix-Server-Artifact-Id
X-Magnolia-Registration
TP-Cache
Public-Key-Pins-Report-Only
TP-L2-Cache
X-Instance
Refresh
X-Contextid
X-Rid
ServerID
X-Az
X-Activity-Id
X-AppVersion
X-Proxied
AMP-Access-Control-Allow-Source-Origin
X-WPE-Loopback-Upstream-Addr
X-Srv
X-Content-Security-Policy-Report-Only
X-HW
Service-Worker-Allowed
X-HS-Cache-Config
Edge-Cache-Tag
X-Varnish-Server
X-Correlation-Id
Cleartype
X-B3-Traceid
X-Mobile
X-Origin
X-Revision
X-Varnish-Backend
S-Cnection
X-FTR-Cache-Host
Served-By
Fastly-Restarts
Source
X-Amzn-Trace-Id
X-Geo-Country
X-TT
X-APP-VERSION
X-PHP-Backend
X-RateLimit-Remaining
X-FB-Debug
X-Cache-Config
X-App-Environment
Powered-By-ChinaCache
X-Signature
X-Framework
Retry-After
X-B-Cache
X-Varnish-Hostname
X-Cache-Server
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Device-Type
X-Tumblr-User
X-Cache-Operation
X-Cache-Control
X-Sucuri-ID
X-BCube-Filmed-By
X-Cache-Action
X-PC-Key
X-Hail-Hydra
Host-Header
X-PC-AppVer
X-Request-Guid
X-PC-Hit
Server-Node
X-Cache-2
MS-CV
X-Page-Id
Accept-Charset
X-Handled-By
DC
X-Hyper-Cache
X-TT-TIMESTAMP
X-Origin-Upstream-Status
X-Ocache
X-Debug-Info
Actual-Object-TTL
X-Origin-Server
X-WA-Info
X-Shield-Cache-Expires
X-ADI-VCache
Cache
X-ATG-Version
X-PC-Date
X-PC-Host
Viewport
X-Content-Powered-By
NGB
Upgrade-Insecure-Requests
X-Accel-Expires
X-Microcachable
X-LB-Cache
X-Daa-Tunnel
SRV
X-HS-Combine-CSS
X-Cache-NE
X-Cached-By
X-URL
AsisCache
X-Drupal-Cache-Tags
X-Amz-Server-Side-Encryption
X-Accel-Buffering
X-Yottaa-Metrics
X-Generated-By
X-Yottaa-Optimizations
Filters
X-Jobs
X-App-Server
X-B3-Sampled
ServedBy
X-Cacheable-TTL
X-Akam-SW-Version
X-GeoIP
X-TX-ID
X-Wix-Request-Id
X-WebKit-CSP-Report-Only
X-Seen-By
X-RequestSource
X-S
X-Sucuri-Cache
X-Cluster
X-Akamai-Edgescape
X-FW-Server
X-FW-Static
X-Varnish-Hits
X-RTag
From-Origin
X-Geo
X-FW-Type
X-Distil-CS
X-FW-Serve
X-FW-Hash
X-Locale
X-Tumblr-Pixel-2
X-Internal-Host
X-Tumblr-Pixel-1
X-Adobe-Content
Content-Script-Type
X-Adobe-Loc
Content-Style-Type
X-Varnish-IP
Datacenter
X-Feature
X-Dns-Prefetch-Control
X-Varnish-Cache-Hits
X-Cache-Remote
X-GZip
HostName
X-Varnish-Grace
X-Storage
X-Cache-Age
X-Node-Name
X-Platform-Server
X-Edge-Cache-Key
X-Edge-Cache
X-Cache-TTL-Remaining
X-Vg-Webcache
X-ServedBy
X-Esi
X-Akamai-Transformed
X-CDN-Forward
X-Region
X-Guploader-Uploadid
X-RateLimit-Limit
X-NewRelic-App-Data
X-Mode
X-Cache-Bucket
Cache-Tag
Country
X-Amz-Replication-Status
X-UA
X-Distributor
X-Kinja-Server-Push
Load-Balancing
RATING
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
ServerName
X-Drupal-Cache-Contexts
X-Source
X-Agile-Id
X-Agile-Age
X-GUploader-UploadID
Fastly-SSL
Ohc-File-Size
X-Agile
X-Proto
Machine
X-ProxyCache-Status
X-ProxyCache-Key
Cache-Key
X-MP-GENERATED-AT
X-RN-RSRV
X-EIG-Tracking-Id
X-Rendered-As
X-PERF
X-Path-Route
X-BYPASS-REASON
X-ProcessESI
X-RemovedCookies
X-BB-IP
X-ApacheServer
X-Cache-Category-Id
Mn-Server-Ip
X-Cache-Var-Map
Meta-Geo
X-Detected-As
GEO-INFO
X-Is-Bot
X-Cache-Var
X-Akamai-Request-ID
X-Time-Microsecs
X-Viewer-Country
X-Web-Node
X-Grey
X-JoinUs
X-Real-IP
X-NCache
X-Debug-Cache
Healthy
X-Optimization
Cache-Name
X-Request-Time
X-CCM
L5d-Success-Class
Cache-Hits
X-Webstats-RespID
X-Cache-HT
X-Labrador-Cache-Channel
Backend
X-Generated
X-CDN-Cache
Now
X-OCL
X-ServerID
X-Port
X-PCL
X-TWH-CORRELATION-ID
X-Upgrade-Enabled
X-NodeID
X-Xfnlog-Site
Access-Control-Allow-Method
Azure-RegionName
Azure-SiteName
Azure-SlotName
Azure-Version
S-Rt
Azure-InstanceId
X-Hosted-By
X-OVcl
X-Original-Request
X-OVcl-Cache
X-Pubstack
X-Via-Fastly
X-Render-Type
X-TA-CDN-Provider
X-Instance-Name
X-Edge-Location
X-Cluster-Node
X-FC-Vary-Parameters
X-Real-Ip
X-Human
X-Amz-Meta-Surrogate-Control
X-Hit
WP-Super-Cache
X-App-Name
X-Access
X-AWS-Id
X-Backend-Name
X-CCM-LastModified
X-Birta-Served
X-Birta-Cache-Post
Webcakes-Region
Webcakes-App-Version
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
TWC-GeoIP-LatLong
TWC-Locale-Group
Webcakes-App-Name
User-Cache-Control
TWC-Privacy
X-Format
X-LJ-Flow-ID
X-Surge-Debug
X-SplitTest
X-Site-Version
X-TNCMS
X-Varnish-Cacheable
X-Zipkin-Id
X-Www-Served-By
X-VWS-Id
X-Section
X-Routing-Service
X-Meta-Tbi-Cache-Vertical
X-Loop
Property-Id
X-Nginx-Cache
X-Origin-Hint
X-Proxy
Selected-FE
X-Generation-Time
X-IP
X-Timing-Wait
LB
DB-Nickname
X-Proxy-Build
Fastcgi-Useragent
X-Time
Countrycode
X-Ezoic-Cdn
X-Newrelic-Synthetics
X-Cache-Enabled
X-Tumblr-Pixel-3
User-Agent
X-Origin-CC
X-Nc
Payment
Origin-Edge-Control
Origin-Cache-Control
X-B3-TraceId
X-Oneagent-Js-Injection
X-Tb
X-Dc
Xserver
X-L-Path
X-Environment-Context
Ec-Rule-Version
X-DataStream-Cache-Status
X-Unique-ID
X-Servedby
X-UA-Device-Type
RequestId
X-B3-Spanid
X-CACHE-AGE
X-Skip-Cache
X-Litespeed-Cache
X-NU-AKA-ACS-Version
Access-Control-Request-Headers
X-NGENIX-Cache
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Fastcgi-Cache
Webserver
X-Upstream-CT
X-WR-MODIFICATION
X-Upstream-HT
Time
X-Vgn-Hpd-Reason
NODE
X-EdgeConnect-Cache-Status
X-Cache-Ttl
X-Croise-Owner
Warning
X-Varnish-Beresp-Ttl
X-Correlation-ID
X-Developer
X-A-Dgt
Fly-Cache
X-A-Wwc
X-G
X-ElasticPress-Search
Ajk
X-Destination
X-DPWN-IS-SECURE
Resin-Trace
X-B-Cookie
X-Application
X-A
X-ARC
X-Generated-In
X-S-Cookie
X-Cache-Id
X-From
X-Cache-Backend
Fly-Request-Id
X-A-Dcw
V-Age
X-D
X-Cache-Host
X-Logtrace-Id
X-A-Ccd
T-Server
X-A-Dam
X-Died
Cache-Prefix
X-SRCache-Key
X-Status
X-Be
IBM-Web2-Location
Ws
X-Webkit-CSP
X-Rojux
Request-Time
X-Content-Type
Apple-News-Services-Handled
Fastcgi-X-Cache-Version
AKAMAI
Apple-News-Services-Host
Fastcgi-X-Cache
Apple-News-Services-Request-Url
BehaviorPad-Version
X-Var-Ttl
Fastly-Soc-X-Request-Id
Meta-Geo-Continent
X-UE-Client-Country
Memcached
Apple-News-Services-Parsed-Url
Host-ID
MD5-Digest
X-Cache-Expires
Www
X-Public
X-Transaction
X-Debug-Cookies
X-CF-Lambda-Fn
X-Debug-Log
X-Trv-Group
X-Twitter-Response-Tags
X-BB-ID
X-VG-WebServer
X-BBXSRF
X-SVT-ORM-RULES
X-CS
X-CF-Lambda-Version
X-Planisys-CDN-TTL
X-No-Session
X-Request-URI
X-ND-Cache
X-Haproxy-Ip
X-Haproxy-Hostname
X-PAYTM-SRV-ID
X-Planisys-CDN-Cache
X-Connection-Hash
X-Planisys-CDN-Rules
X-SVT-ORM-VERSION
X-Fastly-Cache
X-Via-CDN
X-User
Viewtype
X-Fstrz
VivaBuild
X-Wix-Route-ID
Xc-Version
X-NX-Host
Sta2Tusw
X-Region-Sid
X-Server-By
X-Cache-Time
X-Server-Time
X-Rewrite-Enabled
X-Via-Edge
X-Amz-Meta-Cache-Control
Cneonction
X-We-Are-Hiring
UCS
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Server-Time
X-Dynatrace
X-StackifyID
X-Oss-Storage-Class
X-Oss-Object-Type
X-Shopify-Stage
X-Release
X-ShardId
X-Sorting-Hat-FeatureSet
X-S-Maxage
X-ShopId
X-RCS-CacheZone
X-IN-WAF
X-Wikidot-Static-Cache
X-Epic-Correlation-Id
X-F5-Cache
X-FireWall-Port
X-Forwarded-Host
X-Core-Value
X-Trace-Id
X-Up
X-Cache-CFC
X-Cdn-Origin
X-Frame-Option
X-Gannett-Site-Version
X-Rebelmouse-Surrogate-Control
X-Secret
X-ScT
X-Rebelmouse-Cache-Control
X-SIPLIST1
X-GeoIP-Country-Code
X-Phone
X-Sn-Servicetimems
X-IN-SSL-APIGATEWAY
X-Wikidot-Backend
X-WebServer
Drupal-Pagecache-Memcache
Fastly-SIE
X-Via-NSCOPI
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId-Cached
X-Sorting-Hat-PrivacyLevel
X-Sorting-Hat-Section
Fastly-SWR
IsBot
Server-Int
GMS-Ver
Uber-Trace-Id
Rendered-Blocks
Release
NGX
Odigeo-Trace-Id
Origin
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId-Cached
X-Alternate-Cache-Key
X-Auto-Login
X-Device-Os
Server-ID
Request-EU
Dnion-Transfer-Encoding
Proxy-Connection
Request-Country
Version
X-Dispatcher-Server
X-Hl-Ver
X-IN-APIGATEWAY
X-Hash
Mime-Version
X-Yottaa-Sig
X-C
X-Cache-Debug
X-Env
X-Block-Status
X-Backend-Url
X-Edge-IP
X-Backend-TTL
X-Cdn-Srv
X-Content-Age
X-Backend-State
X-Cache-Srv
X-Core-Mission
X-Developers
X-CGP
X-Ckpd-Fst-Backend
Thinkindot-CacheControl-Type
PFcat
Platform
Powered-By
OT-Force-Account-Verify
On-Server
MI-Cache
MI-Cache-Age
Ohc-Response-Time
Pragrma
Pramga
Who
X-Actual-URL
X-Amz-Meta-S3cmd-Attrs
Web-Mar-Node
Thinkindot-Control
Server-Host
Thinkindot-CacheControl
X-Eu-Site
X-Backend-Host
X-Matched-Rule
X-ServiceProvider
X-Stale
X-CSRF-Token
X-Server-IP
X-Server-Group
X-Returned-From-PostProcessResponse
X-Rocket-Nginx-Bypass
X-Served-From
X-Thinkindot-L3
X-TT-LOGID
X-Worker
X-Accel-Expires-Debug
X-Date
X-VServer
X-Ver
X-UnsetCookies
X-V
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
MI-API
X-MI-In-Market
X-MSEdge-Features
X-Location
X-Hnp-Log
X-Gen-Mode
X-GoCache-CacheStatus
X-MSEdge-Flight
X-Node-Id
X-Reboot
X-Response-By
X-Returned-From
X-Passed-To-PostProcessResponse
X-Passed-To-DLL
X-Passed-To
X-Passed-To-BeforeDispatch
X-Fetched-On
X-GeoIP-City
HA-Geolat
HA-Geolon
HA-Geocountry
HA-Geocity
HA-Cloudapp
Decoy-Debug-TTL
Backend-Name
HA-Host
Ha-Gx-Prefs
Kp-EeAlive
HA-Georegion
GW-Server
X-Origin-Date
Esi-Enabled
X-Page-Type
Content-Disposition
Decoy-Debug-Key
Decoy-Debug-Status
X-Origin-Expires
Fastly-Backend-Name
X-Crawler
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
CDCHOST
HA-Ipaddr
Cache-Cookie-Set-From
Httpd-Identifier
Heartbleed
HTTPS
HA-Servedtime
X-Info
Country-Code
HA-Urlpath
Is-Eu
Adler-Geo
X-Ua
NnCoection
X-Cache-URL
X-HCF
X-Cache-Control-Set-By
X-Bug-Bounty
X-Clientip
X-Thanos
X-Svr
X-Varnish-HitMiss
X-Varnish-Id
X-Platform
X-Bip
REQUESTUUID
X-Servername
Apicache-Version
Apicache-Store
X-App-Version
NtCoent-Length
X-Req
X-Refresh
X-RateLimit-Remaining-Second
Cache-Provider
X-Kong-Upstream-Latency
Cteonnt-Length
X-RateLimit-Limit-Second
X-Amz-Meta-S3b-Last-Modified
X-Kong-Proxy-Latency
X-Origin-TTL
FSS-Cache
FSS-Proxy
X-TIME
Brightspot-Id
X-LiteSpeed-Cache-Control
Arc-Country
X-P-T
X-Varnish-Url
X-Irp-Debug
Ar-Sid
WebServer
X-CLOUD-TRACE-CONTEXT
X-DC
X-LB-Node
Processtime
X-Pf-Uncompressing
X-LB-CacheStatus
X-Pjax-Url
PageType
COMMERCE-SERVER-SOFTWARE
Pagetype
X-EC-Security-Audit
X-GRACE
Sid
X-ROOTCache
Accept-Ch
Memory
X-Ratelimit-Limit
X-Ruxit-Js-Agent
X-Request-Start
X-From-Cache
X-Request-UUID
X-Amz-Meta-Sha256
If-Modified-Since
X-Ratelimit-Remaining
X-Cache-ASPX
Cdn
X-Endurance-Cache-Level
X-Atg-Version
Dynatrace
X-Load-Cache
X-Cdn-Forward
X-Varnish-Action
SN
X-Csrf-Token
X-NC
Edgecast
X-Fastly-Backend-Reqs
Geoip-City
X-Layer
Geoip-Latitude
GeoIp-Country-Code
PICS-Label
X-SERVER-NAME
CF-IPCountry
X-Redis-Cache
BORDER-IP
X-COUNTRY
PROCESSING-IP
X-Rocket-Nginx-Serving-Static
X-GDPR
X-Cache-Handler
X-Nananana
MIME-Version
X-HS-Hub-Id
X-Tid
X-TId
X-Requestid
Frame-Options
X-ServedByHost
X-Varnish-Beresp-TTL
X-B3-SpanId
X-RequestId
X-Fastly-Cache-Hits
NodeID
X-Servedbyhost
Dont-Set-Cookie
X-Key
X-Wix-Petri-Ex
X-BE
X-Owner
X-Resolver-IP
X-NWS-UUID-VERIFY
X-FORWARDED-FOR
Pics-Label
X-Sf
X-Cf-Powered-By
X-Rule
Cf-Ipcountry
X-Server-W
RNT-Machine
GeoIP-City
GeoIP-Country-Code
GeoIP-Latitude
Node
RNT-Time
Web-Mar-Region
CACHE
ProcessTime
X-Cache-TTL
X-Flog
WZWS-RAY
X-HTML-Minification-Powered-By
X-Sentry-ID
X-ABtesting
X-Tec-Api-Version
CDN
X-Tec-Api-Root
X-Tec-Api-Origin
Get-Access-Time
Lfy
X-Powered-By-ANYU
Mail-Subject
X-VG-WebCache
X-DataStream-Origin-MEX-Latency
Is-Session-Tracking
X-DataStream-MidMile-RTT
We-Hiring
PageSpeed
Max-Age
X-Dynatrace-Js-Agent
X-Varnish-Ttl
X-CDN-Pop
X-Shard
Powered
X-CDN-Pop-IP
X-Use-Magma
Cache-Tags
X-ByteArk-Cache
X-SRV
X-Mem
Accept-CH
X-GZIP
XServer
X-Cache-FS-Status
URI
X-PF-Uncompressing
Magicmarker
X-Powered-By-Defense
X-PJAX-URL
X-CACHE-KEY
X-Check-Cacheable
X-Front
DataCenter
X-GEO
X-UPSTREAM-Address
Xet-Cookie
X-Unique-Id
X-Dw-Trace-Id
X-Trv-Request-Id
X-Gdpr
X-Ms-Version
X-Varnish-URL
X-Cookie
X-Oa-Upstreams
X-Zalando-Child-Request-Id
Amp-Access-Control-Allow-Source-Origin
X-Micro-Cache
X-Ms-Request-Id
X-Zalando-Page-Type
X-Ms-Lease-Status
X-Ms-Blob-Type
X-Remote-IP
V-Cache
Group
X-PARISIEN-Cache-Rendered
X-Safe-Firewall
X-Varnish-ID
X-Aicache-OS
Requestid
RequestUuid
N-Cache
Rt-Proxy-Cache
X-SB
X-VC
X-PAGE-TYPE
X-VarnPar1
X-VarnPar2
X-HGenerator
X-VarnCache
X-Proxy-Server
X-Fe
X-NGINX-Cache
Hostname
X-RAMCache
X-ServerName
X-Acquia-Application-Trace
WS
X-Acquia-Application-UUID
X-Alicdn-Da-Ups-Status
X-Qnm-Cache
X-Akamai-ERRuleID
X-ProxyCache-Args
CF-Cached-On
X-Akamai-ERPolicy
X-Litespeed-Tag
SID
X-Hello
X-M-Log
X-M-Reqid
WWW-Authenticate