Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
X-Xss-Protection
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
Alt-Svc
Status
X-AspNetMvc-Version
X-Cache-Status
X-DNS-Prefetch-Control
X-Check
P3p
X-Iinfo
X-Adblock-Key
X-FRAME-OPTIONS
X-CDN
Timing-Allow-Origin
X-Content-Security-Policy
X-Permitted-Cross-Domain-Policies
X-Turbo-Charged-By
Content-Encoding
X-Template
X-Language
Keep-Alive
X-Type
X-AH-Environment
X-Via
CF-Ray
X-Cache-Group
X-Backend
WPE-Backend
X-Request-ID
X-Pass-Why
X-Buckets
X-Age
X-Server
X-Nginx-Cache-Status
Access-Control-Max-Age
X-Server-Powered-By
X-Pingback
Xkey
X-Varnish-Cache
Grace
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Expose-Headers
X-Hacker
X-UA-Device
X-Amz-Request-Id
Cf-Railgun
X-Page-Speed
X-Amz-Id-2
X-Proxy-Cache
X-Robots-Tag
EagleId
X-Envoy-Upstream-Service-Time
Request-Context
X-Node
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Ac
X-Device
X-Cnection
X-Host
Ali-Swift-Global-Savetime
Content-Location
X-Amz-Version-Id
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Server-Id
X-WebKit-CSP
Surrogate-Control
X-Backend-Server
X-OneAgent-JS-Injection
X-Cache-Lookup
X-Rack-Cache
X-Response-Time
X-Px
X-Instart-Request-ID
Request-Id
Server-Timing
X-Readtime
X-CST
X-Rq
X-Clacks-Overhead
Pinterest-Generated-By
X-Do-Not-Hack
X-HeyJason
Permitted-Cross-Domain-Policies
EagleEye-TraceId
X-Ua-Compatible
X-Url
Edge-Control
X-Application-Context
X-Cloud-Trace-Context
X-Country
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-MS-InvokeApp
Report-To
X-Server-Name
Charset
X-DynaTrace-JS-Agent
SPRequestGuid
X-Country-Code
Allow
X-ESI
X-DataDome
X-SharePointHealthScore
X-Ruxit-JS-Agent
Rating
X-Varnish-TTL
X-Vname
X-PC
X-TtlSet
X-Cached
X-Powered-CMS
X-Powered-By-Plesk
X-Recruiting
X-CF-Powered-By
X-FTR-Request-ID
X-DynaTrace
NEL
X-Vhost
X-D2id
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
Public-Key-Pins
X-Pinterest-Rid
X-Geo-Segment
X-Upstream-Env
Pinterest-Version
X-Kinja-Revision
X-Kinja
X-Exp-Id
X-Exp-Variant
X-Cdn-Fetch
X-Kinja-Server
X-Kinja-Build
X-F-Cache
X-TTL
X-Version
X-T
X-GoogleNews-Bot
X-VARITI-CCR
X-N
Cartoon
SPIisLatency
SPRequestDuration
X-Dw-Request-Base-Id
X-Mod-Pagespeed
X-Ttl
Content-MD5
X-Abt-Application-Version
MS-Author-Via
RTSS
Nginx-Cache
Feature-Policy
Verso
X-GitHub-Request-Id
X-Dispatcher
X-Navigation-Version
X-Goog-Hash
X-SRCache-Store-Status
MicrosoftSharePointTeamServices
X-SRCache-Fetch-Status
X-Client-IP
AR-PoweredBy
AR-ATIME
X-Amz-Rid
AR-CACHE
Realpath
X-Forwarded-Proto
X-Hits
X-Shield-Request-Id
X-Origin-Cache
X-Cdn
X-Trace
Paypal-Debug-Id
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Content-Options
X-Id
X-Zen-Fury
X-Content-Digest
X-Server-ID
X-Kinsta-Cache
DynaTrace
TCN
X-B
X-Grace
Arr-Disable-Session-Affinity
AR-SID
Alternate-Protocol
X-Varnish-Age
X-Cache-Key
X-Sol
Fastcgi-Cache
X-Upstream
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
MRF-Tech
Access-Control-Request-Method
X-FastCGI-Cache
X-Ser
X-Middleton-Display
Display
X-Pad
X-Acc-Meta-Resource-Type
PB-PID
PB-RID
X-Fastly-Request-ID
X-Mobile-Rewrite
X-Nf-Srv-Version
X-NF-Request-ID
X-Via-JSL
X-DIS-Request-ID
X-Middleton-Response
X-User-Agent
Response
X-Vcap-Request-Id
Pagespeed
X-Forwarded-For
X-MSEdge-Ref
Front-End-Https
Eomportal-Instance
X-Frontend
Rt-Fastcgi-Cache
X-PressLabs-Stats
X-Cache-Rule
Arc-Version
X-IPLB-Instance
X-SS-Set-Cookie
X-Cache-Hit
X-Logged-In
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Metageneration
X-VCache
Server-Name
X-Whom
X-Hostname
Host
X-XRDS-Location
Tracecode
Surrogate-Key
S
X-FTR-DC
X-FTR-Expires
X-FTR-Balancer
X-FTR-Realm
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Backend
X-FTR-Backend-Server
X-Request-Processing-Time
X-Request-Received
X-Analytics
Backend-Timing
Cache-Status
X-Debug
X-HS-Content-Id
X-AOL-HN
TP-Cache
TP-L2-Cache
X-Instance
X-Magnolia-Registration
X-Contextid
X-Litespeed-Cache
X-Az
X-AppVersion
Refresh
X-Activity-Id
X-Proxied
ServerID
FilterID
X-Rid
X-Wix-Server-Artifact-Id
Public-Key-Pins-Report-Only
X-Srv
X-XRDS-LOCATION
X-HW
HitType
HitInfo
Server-Info
X-UUID
X-WPE-Loopback-Upstream-Addr
Cleartype
X-B3-Traceid
X-URL
X-Webkit-Csp
Liferay-Portal
X-Newrelic-App-Data
X-FTR-Cache-Host
Service-Worker-Allowed
X-Content-Security-Policy-Report-Only
AMP-Access-Control-Allow-Source-Origin
X-Varnish-Server
X-Mobile
X-APP-VERSION
Served-By
X-Varnish-Backend
X-Cache-Control
X-Revision
X-Origin-Upstream-Status
Source
X-Amzn-Trace-Id
X-Hail-Hydra
X-PC-AppVer
Host-Header
X-BCube-Filmed-By
X-Geo-Country
Server-Node
X-App-Environment
X-NWS-LOG-UUID
X-Correlation-Id
X-PC-Key
X-PC-Hit
X-TT
Retry-After
X-Device-Type
X-Cache-Server
X-Handled-By
MS-CV
Accept-Charset
X-Request-Guid
X-PHP-Backend
X-RateLimit-Remaining
X-Cache-Operation
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Framework
DC
X-Varnish-Hostname
X-Cache-2
X-B-Cache
X-Signature
X-Page-Id
X-Cache-Config
Powered-By-ChinaCache
X-FB-Debug
Edge-Cache-Tag
S-Cnection
X-Origin
X-HS-Cache-Config
X-Origin-Server
Fastly-Restarts
X-Cache-Action
X-TT-TIMESTAMP
X-ATG-Version
Viewport
X-Sucuri-ID
X-Debug-Info
X-Ocache
X-PC-Date
X-PC-Host
X-B3-Sampled
X-Hyper-Cache
X-NewRelic-App-Data
Actual-Object-TTL
X-WA-Info
X-Cached-By
NGB
X-ADI-VCache
X-Shield-Cache-Expires
X-Content-Powered-By
X-Microcachable
X-Akam-SW-Version
X-Accel-Expires
X-Drupal-Cache-Tags
X-LB-Cache
Upgrade-Insecure-Requests
X-Cache-NE
SRV
X-Generated-By
Filters
AsisCache
X-App-Server
ServedBy
X-Distil-CS
X-Cacheable-TTL
X-Internal-Host
X-Locale
X-RequestSource
X-RTag
X-FW-Type
X-Yottaa-Metrics
X-FW-Serve
X-FW-Server
X-FW-Static
X-Yottaa-Optimizations
X-FW-Hash
X-WebKit-CSP-Report-Only
Cache
X-Seen-By
Content-Style-Type
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Wix-Request-Id
Content-Script-Type
X-GeoIP
X-S
X-Cluster
X-Jobs
X-Accel-Buffering
X-ServedBy
X-TX-ID
X-Amz-Server-Side-Encryption
X-Geo
X-Node-Name
X-Varnish-Hits
From-Origin
X-Varnish-Grace
X-Akamai-Edgescape
X-Cache-Age
X-Varnish-Cache-Hits
X-RateLimit-Limit
X-Varnish-IP
X-Adobe-Content
X-Adobe-Loc
X-Sucuri-Cache
X-Platform-Server
Datacenter
X-GZip
X-Vg-Webcache
X-HS-Combine-CSS
X-GUploader-UploadID
X-UA
X-Dns-Prefetch-Control
X-CLOUD-TRACE-CONTEXT
X-Cache-TTL-Remaining
X-Edge-Cache-Key
X-CDN-Forward
X-Edge-Cache
X-Real-IP
Cache-Tag
X-Storage
X-Cache-Remote
X-Mode
X-Akamai-Transformed
X-Region
X-Drupal-Cache-Contexts
X-Daa-Tunnel
X-Source
X-Amz-Replication-Status
HostName
X-Distributor
X-RN-RSRV
X-Rendered-As
X-Is-Bot
X-Cache-Var-Map
Meta-Geo
X-Cache-Var
X-ProcessESI
Load-Balancing
Machine
X-Detected-As
X-RemovedCookies
X-Path-Route
X-MP-GENERATED-AT
X-Amzn-RequestId
ServerName
Fastly-SSL
X-Amz-Apigw-Id
X-Web-Node
X-PERF
X-Agile
X-Guploader-Uploadid
X-Kinja-Server-Push
X-Agile-Id
X-Grey
X-BB-IP
Cache-Key
X-Viewer-Country
X-Akamai-Request-ID
GEO-INFO
X-CDN-Cache
Ohc-File-Size
X-Cache-Category-Id
X-Agile-Age
Mn-Server-Ip
X-Proxy
X-ApacheServer
X-Time-Microsecs
X-Upgrade-Enabled
X-TWH-CORRELATION-ID
Backend
Azure-Version
Azure-RegionName
Azure-SiteName
Azure-InstanceId
Azure-SlotName
S-Rt
X-NodeID
X-OCL
X-EIG-Tracking-Id
X-Amz-Meta-Surrogate-Control
X-Human
X-Edge-Location
X-Original-Request
X-Webstats-RespID
X-Via-Fastly
X-Cluster-Node
X-PCL
X-Pubstack
X-Debug-Cache
X-Proto
X-Instance-Name
L5d-Success-Class
Country
X-Birta-Served
X-Birta-Cache-Post
X-AWS-Id
X-App-Name
X-Cache-HT
X-CCM
X-Hosted-By
X-Generation-Time
X-Format
X-CCM-LastModified
X-Access
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
TWC-Locale-Group
TWC-Privacy
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
X-LJ-Flow-ID
X-Meta-Tbi-Cache-Vertical
Now
X-Zipkin-Id
X-Xfnlog-Site
X-Www-Served-By
X-BYPASS-REASON
X-FC-Vary-Parameters
X-Varnish-Cacheable
X-ServerID
X-ProxyCache-Status
X-ProxyCache-Key
X-VWS-Id
X-SplitTest
X-OVcl
X-Origin-Hint
X-Optimization
X-NCache
X-OVcl-Cache
X-Port
X-Site-Version
X-Section
X-Routing-Service
Property-Id
X-IP
Cache-Name
Healthy
DB-Nickname
LB
X-TNCMS
User-Cache-Control
X-Labrador-Cache-Channel
Cache-Hits
Access-Control-Allow-Method
X-JoinUs
Fastcgi-Useragent
X-Loop
X-Backend-Name
User-Agent
X-Generated
Selected-FE
Countrycode
X-Proxy-Build
X-Timing-Wait
X-Dc
Payment
X-Tumblr-Pixel-3
X-Tb
Ec-Rule-Version
RATING
X-Request-Time
X-Surge-Debug
X-Origin-CC
X-Esi
X-Ezoic-Cdn
X-Hit
X-Time
X-Cache-Bucket
X-Unique-ID
X-Cache-Enabled
X-DataStream-Cache-Status
WP-Super-Cache
X-Render-Type
X-TA-CDN-Provider
X-Newrelic-Synthetics
X-Nc
X-B3-TraceId
X-Oracle-Dms-Ecid
X-Oneagent-Js-Injection
X-Oracle-Dms-Rid
X-Feature
X-Nginx-Cache
X-Real-Ip
X-B3-Spanid
Origin-Edge-Control
Origin-Cache-Control
X-UA-Device-Type
RequestId
X-Correlation-ID
X-L-Path
X-Environment-Context
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-NU-AKA-ACS-Version
X-CACHE-AGE
Xserver
X-Skip-Cache
NODE
X-NGENIX-Cache
X-Status
X-Content-Type
Access-Control-Request-Headers
X-Be
X-ElasticPress-Search
X-Cache-Backend
X-WR-MODIFICATION
X-EdgeConnect-Cache-Status
Webserver
X-Servedby
X-Vgn-Hpd-Reason
Apicache-Store
Warning
Ws
Apicache-Version
Time
X-CF-Lambda-Fn
X-Server-By
Xc-Version
Fly-Request-Id
Fastly-Soc-X-Request-Id
Fly-Cache
X-Planisys-CDN-Cache
X-SRCache-Key
MD5-Digest
Memcached
Meta-Geo-Continent
Host-ID
GMS-Ver
X-CF-Lambda-Version
X-Wix-Route-ID
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
Fastcgi-X-Cache
X-Server-Time
Apple-News-Services-Handled
X-Generated-In
AKAMAI
Ajk
X-G
X-GoCache-CacheStatus
IBM-Web2-Location
X-No-Session
X-Haproxy-Hostname
BehaviorPad-Version
Cache-Prefix
Resin-Trace
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Connection-Hash
Fastcgi-X-Cache-Version
X-S-Cookie
X-SVT-ORM-RULES
X-Twitter-Response-Tags
X-Destination
X-Trv-Group
X-ARC
X-A
X-B-Cookie
X-Rewrite-Enabled
X-Haproxy-Ip
X-A-Ccd
X-SVT-ORM-VERSION
X-PAYTM-SRV-ID
X-Transaction
X-Application
X-A-Wwc
X-A-Dgt
X-A-Dam
X-Rojux
X-A-Dcw
X-Logtrace-Id
X-ND-Cache
X-Via-Edge
Sta2Tusw
X-Via-CDN
X-Date
X-BBXSRF
X-We-Are-Hiring
X-Public
X-Region-Sid
X-VG-WebServer
X-BB-ID
VivaBuild
Www
X-From
X-D
X-Developer
X-Died
X-User
Viewtype
X-Accel-Expires-Debug
T-Server
X-HS-Hub-Id
X-Upstream-CT
X-Upstream-HT
X-Trace-Id
Request-Time
Uber-Trace-Id
UCS
Rendered-Blocks
V-Age
X-Sn-Servicetimems
Release
X-Var-Ttl
X-NX-Host
Fastly-SWR
IsBot
X-Up
Origin
NGX
X-Cache-Expires
X-SIPLIST1
X-ScT
X-Fastly-Cache
X-F5-Cache
X-Forwarded-Host
X-Fstrz
X-Rebelmouse-Surrogate-Control
X-Request-URI
X-DPWN-IS-SECURE
X-Rebelmouse-Cache-Control
X-Cdn-Origin
X-Cache-Id
X-Cache-Host
X-Core-Value
X-CS
X-Debug-Log
X-Debug-Cookies
Fastly-SIE
Server-Int
X-IN-SSL-APIGATEWAY
X-IN-APIGATEWAY
X-IN-WAF
X-Phone
OT-Force-Account-Verify
X-Cache-Ttl
X-C
X-Webkit-CSP
X-Server-IP
X-Hl-Ver
Thinkindot-Control
X-Servername
X-Returned-From
Who
X-Thinkindot-L3
Web-Mar-Node
X-MI-In-Market
Thinkindot-CacheControl-Type
X-Location
X-Developers
Cache-Cookie-Set-From
Proxy-Connection
X-GeoIP-City
X-Served-From
X-Server-Group
Backend-Name
X-TT-LOGID
Server-Host
X-UE-Client-Country
Thinkindot-CacheControl
Decoy-Debug-TTL
X-Backend-Url
X-Matched-Rule
X-Backend-TTL
X-Backend-State
X-Backend-Host
X-Cdn-Srv
X-Bug-Bounty
X-Passed-To-DLL
X-Cache-Time
X-GeoIP-Country-Code
X-Cache-Debug
X-Cache-CFC
X-CGP
X-Ckpd-Fst-Backend
Cneonction
X-Content-Age
X-Stale
X-Device-Os
X-Croise-Owner
X-Returned-From-BeforeDispatch
X-Actual-URL
X-Amz-Meta-S3cmd-Attrs
X-Returned-From-DLL
X-Amz-Meta-Cache-Control
X-ServiceProvider
X-RCS-CacheZone
Pramga
HA-Geocountry
HA-Geolat
HA-Geocity
HA-Cloudapp
X-FireWall-Port
GW-Server
HA-Geolon
HA-Georegion
Powered-By
HA-Urlpath
HA-Ipaddr
HA-Host
Ha-Gx-Prefs
X-VServer
X-WebServer
Fastly-Backend-Name
Decoy-Debug-Status
X-Passed-To
X-Frame-Option
Esi-Enabled
X-Auto-Login
Decoy-Debug-Key
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Worker
X-Reboot
X-Returned-From-PostProcessResponse
Heartbleed
HA-Servedtime
X-Passed-To-PostProcessResponse
Content-Disposition
X-Edge-IP
X-Env
Cache-Cookie-Set-Idcheck
MI-Cache
Ohc-Response-Time
Odigeo-Trace-Id
Cache-Cookie-Set-Lfrom
MI-Cache-Age
On-Server
X-Node-Id
X-UnsetCookies
X-Via-NSCOPI
X-Passed-To-BeforeDispatch
X-Epic-Correlation-Id
HTTPS
Httpd-Identifier
X-V
X-Eu-Site
CDCHOST
X-Varnish-Beresp-Ttl
X-Gen-Mode
X-ShopId
X-Dispatcher-Server
X-Shopify-Stage
X-ShardId
X-Core-Mission
X-Platform
X-Varnish-HitMiss
X-Fetched-On
X-Thanos
X-Rocket-Nginx-Bypass
X-HCF
Platform
PFcat
X-Response-By
Pragrma
X-Clientip
X-Cache-Srv
Request-Country
X-Release
Kp-EeAlive
X-Origin-Expires
X-Bip
X-Ver
X-Origin-Date
X-Cache-Control-Set-By
Is-Eu
REQUESTUUID
Request-EU
X-Sorting-Hat-PodId
X-Sorting-Hat-PodId-Cached
X-Sorting-Hat-PrivacyLevel
X-Sorting-Hat-FeatureSet
X-Block-Status
X-Info
Adler-Geo
Server-ID
X-Alternate-Cache-Key
X-Hash
X-Hnp-Log
X-Crawler
X-Sorting-Hat-ShopId-Cached
X-Sorting-Hat-ShopId
X-Sorting-Hat-Section
NnCoection
Mime-Version
X-TIME
X-Refresh
X-S-Maxage
NtCoent-Length
X-Cache-URL
X-Page-Type
Country-Code
X-MSEdge-Features
X-MSEdge-Flight
X-Varnish-Id
X-StackifyID
Drupal-Pagecache-Memcache
Cache-Provider
X-Req
MI-API
X-Fastcgi-Cache
X-Gannett-Site-Version
X-Secret
X-P-T
X-Svr
X-App-Version
Processtime
X-Amz-Meta-S3b-Last-Modified
X-Pjax-Url
X-COUNTRY
X-Oss-Server-Time
X-Oss-Request-Id
X-Csrf-Token
X-Origin-TTL
Dnion-Transfer-Encoding
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Pf-Uncompressing
X-Cache-ASPX
Version
Pagetype
X-EC-Security-Audit
X-Amz-Meta-Sha256
Accept-Ch
Memory
Ar-Sid
WebServer
X-RateLimit-Limit-Second
SN
X-Varnish-Url
X-RateLimit-Remaining-Second
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Cteonnt-Length
X-Yottaa-Sig
X-Wix-Petri-Ex
X-NC
X-Ua
X-LiteSpeed-Cache-Control
X-From-Cache
Arc-Country
FSS-Cache
FSS-Proxy
X-GRACE
Geoip-Latitude
GeoIp-Country-Code
Geoip-City
Dont-Set-Cookie
X-Ruxit-Js-Agent
Brightspot-Id
X-Irp-Debug
X-Cache-Handler
PageType
X-CSRF-Token
COMMERCE-SERVER-SOFTWARE
X-Redis-Cache
X-LB-Node
X-Rule
PICS-Label
X-LB-CacheStatus
Cdn
X-Load-Cache
X-Cdn-Forward
X-Request-Start
X-DC
X-ROOTCache
Sid
CF-IPCountry
X-Varnish-Beresp-TTL
X-Endurance-Cache-Level
MIME-Version
X-Ratelimit-Remaining
If-Modified-Since
X-Request-UUID
Edgecast
X-SERVER-NAME
X-Fastly-Backend-Reqs
PROCESSING-IP
BORDER-IP
X-Sf
X-Requestid
X-GDPR
X-TId
RNT-Time
RNT-Machine
X-Varnish-Action
X-Servedbyhost
XServer
X-Ratelimit-Limit
X-Tid
X-Layer
X-ServedByHost
X-B3-SpanId
X-RequestId
X-Atg-Version
X-Dynatrace
X-Nananana
Frame-Options
X-BE
X-Rocket-Nginx-Serving-Static
X-Resolver-IP
X-Cache-TTL
Cache-Tags
Powered
X-Fastly-Cache-Hits
Cf-Ipcountry
Pics-Label
X-DataStream-Origin-MEX-Latency
CDN
X-DataStream-MidMile-RTT
NodeID
Node
Amp-Access-Control-Allow-Source-Origin
CACHE
X-Key
X-Owner
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
Dynatrace
GeoIP-City
Mail-Subject
X-HTML-Minification-Powered-By
GeoIP-Country-Code
We-Hiring
GeoIP-Latitude
X-Server-W
X-Gdpr
PageSpeed
Web-Mar-Region
X-Varnish-Ttl
X-Shard
X-Dynatrace-Js-Agent
X-VG-WebCache
X-UPSTREAM-Address
X-Ms-Lease-Status
X-Ms-Blob-Type
X-Ms-Request-Id
X-Use-Magma
X-Ms-Version
Lfy
WZWS-RAY
X-ABtesting
X-Flog
Hostname
X-Sentry-ID
Accept-CH
X-Varnish-URL
X-GZIP
DataCenter
ProcessTime
X-PF-Uncompressing
X-Powered-By-ANYU
X-Alicdn-Da-Ups-Status
X-Aicache-OS
True-Client-Country-4JS
Max-Age
X-GEO
X-CDN-Pop-IP
Get-Access-Time
X-CDN-Pop
X-VG-TLSProxy
Is-Session-Tracking
URI
Xet-Cookie
X-Dw-Trace-Id
X-NGINX-Cache
X-NWS-UUID-VERIFY
X-Edge-Server
Cdn-Request-Time
Cdn-Host
X-Front
X-PJAX-URL
X-Swa-Ws
X-Policy
X-Check-Cacheable
X-Cookie
X-Mem
X-Trv-Request-Id
X-Oa-Upstreams
X-Unique-Id
X-Ms-Lease-State
RequestUuid
Requestid
X-Cache-FS-Status
X-Varnish-ID
X-PAGE-TYPE
Rt-Proxy-Cache
X-Org
GEO-REGION-INFO
X-Powered-By-Defense
X-Remote-IP
Group
V-Cache
X-RAMCache
X-Akamai-ERPolicy
X-VID
X-Acquia-Application-UUID
X-RSL
X-Akamai-ERRuleID
X-Hello
X-VC
X-SB
SID
CF-Cached-On
X-RPS
X-RPM
Magicmarker
X-Fe
X-Litespeed-Tag
X-Litespeed-Cache-Control
X-DB
X-DI
WS
X-Acquia-Application-Trace
X-DW
X-DSS
X-Proxy-Server