Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Xss-Protection
X-Served-By
X-Varnish
X-Amz-Cf-Id
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
X-Generator
Content-Security-Policy-Report-Only
CF-Ray
Alt-Svc
Status
X-AspNetMvc-Version
X-Cache-Status
X-DNS-Prefetch-Control
X-Check
X-Iinfo
X-Adblock-Key
X-FRAME-OPTIONS
Timing-Allow-Origin
X-CDN
X-Content-Security-Policy
X-Turbo-Charged-By
X-Permitted-Cross-Domain-Policies
Content-Encoding
P3p
X-Request-ID
X-Template
X-Language
Keep-Alive
X-Type
X-Via
X-AH-Environment
X-Cache-Group
X-Backend
WPE-Backend
X-Pass-Why
X-Buckets
X-Age
X-Server
X-Nginx-Cache-Status
Access-Control-Max-Age
X-Server-Powered-By
X-Pingback
Xkey
X-Varnish-Cache
Grace
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
Upgrade
X-Hacker
X-UA-Device
X-Amz-Request-Id
X-Page-Speed
Cf-Railgun
X-Amz-Id-2
X-Proxy-Cache
X-Robots-Tag
EagleId
X-LiteSpeed-Cache
X-Envoy-Upstream-Service-Time
Request-Context
X-Node
X-Swift-CacheTime
X-Swift-SaveTime
X-Ac
X-Device
Ali-Swift-Global-Savetime
X-Cnection
X-Host
Content-Location
X-Amz-Version-Id
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Lookup
Surrogate-Control
X-WebKit-CSP
X-Backend-Server
X-Server-Id
X-OneAgent-JS-Injection
X-Rack-Cache
X-Response-Time
X-Instart-Request-ID
X-Px
X-CST
Request-Id
X-Readtime
Server-Timing
X-Rq
X-Clacks-Overhead
X-Do-Not-Hack
X-HeyJason
Permitted-Cross-Domain-Policies
Pinterest-Generated-By
EagleEye-TraceId
X-Cloud-Trace-Context
Edge-Control
X-Ua-Compatible
X-Url
X-Application-Context
X-MS-InvokeApp
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country
Report-To
X-DynaTrace-JS-Agent
X-Server-Name
Charset
SPRequestGuid
Allow
X-Country-Code
X-SharePointHealthScore
X-DataDome
X-Ruxit-JS-Agent
Rating
X-TTL
X-Cached
X-TtlSet
X-PC
X-Vname
X-Varnish-TTL
X-ESI
X-Powered-CMS
X-Powered-By-Plesk
X-Recruiting
X-FTR-Request-ID
X-D2id
NEL
X-CF-Powered-By
X-Vhost
Public-Key-Pins
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
Pinterest-Version
X-Upstream-Env
X-Pinterest-Rid
X-F-Cache
X-Version
X-Kinja
X-Cdn-Fetch
X-Exp-Id
X-Geo-Segment
X-Kinja-Server
X-Kinja-Revision
X-Exp-Variant
X-Kinja-Build
X-DynaTrace
SPRequestDuration
SPIisLatency
X-T
X-N
X-Dw-Request-Base-Id
X-VARITI-CCR
Cartoon
X-GoogleNews-Bot
X-Mod-Pagespeed
MS-Author-Via
Nginx-Cache
Content-MD5
RTSS
X-Abt-Application-Version
Feature-Policy
AR-ATIME
AR-CACHE
AR-PoweredBy
X-GitHub-Request-Id
Verso
MicrosoftSharePointTeamServices
X-Navigation-Version
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Dispatcher
X-Shield-Request-Id
X-Client-IP
X-Goog-Hash
X-Amz-Rid
X-Hits
X-Forwarded-Proto
X-Server-ID
Realpath
X-Trace
X-Origin-Cache
X-Cdn
Paypal-Debug-Id
AR-SID
X-Content-Options
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
Arr-Disable-Session-Affinity
X-Zen-Fury
X-Id
X-Content-Digest
X-Grace
X-Kinsta-Cache
TCN
X-B
X-Ttl
Alternate-Protocol
X-Varnish-Age
X-Cache-Key
Fastcgi-Cache
DynaTrace
X-Sol
X-Upstream
X-Ser
Access-Control-Request-Method
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Mrf-Cache-Status
MRF-Tech
X-Pad
X-Fastly-Request-ID
X-Middleton-Display
Display
PB-PID
PB-RID
X-FastCGI-Cache
X-Via-JSL
X-NF-Request-ID
X-Nf-Srv-Version
X-Mobile-Rewrite
X-Vcap-Request-Id
X-DIS-Request-ID
X-User-Agent
X-Middleton-Response
X-IPLB-Instance
Response
Front-End-Https
X-Acc-Meta-Resource-Type
Rt-Fastcgi-Cache
Pagespeed
X-SS-Set-Cookie
X-MSEdge-Ref
X-Cache-Rule
X-Frontend
X-PressLabs-Stats
X-Logged-In
X-Forwarded-For
Eomportal-Instance
X-Cache-Hit
X-Whom
Server-Name
Arc-Version
X-Hostname
X-VCache
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Generation
Host
Tracecode
X-XRDS-Location
X-Newrelic-App-Data
S
Cache-Status
Surrogate-Key
X-FTR-Realm
X-FTR-Expires
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-DC
X-Debug
X-Request-Received
Backend-Timing
X-Analytics
X-Request-Processing-Time
X-HS-Content-Id
TP-Cache
TP-L2-Cache
X-Instance
X-AOL-HN
X-Proxied
Refresh
X-Contextid
FilterID
X-Rid
X-Wix-Server-Artifact-Id
X-Magnolia-Registration
X-XRDS-LOCATION
Public-Key-Pins-Report-Only
ServerID
X-UUID
X-Az
X-AppVersion
X-Activity-Id
Server-Info
HitType
HitInfo
X-Srv
X-HW
Liferay-Portal
X-WPE-Loopback-Upstream-Addr
X-NWS-LOG-UUID
X-URL
X-B3-Traceid
AMP-Access-Control-Allow-Source-Origin
Service-Worker-Allowed
Cleartype
X-Varnish-Server
X-Webkit-Csp
X-Mobile
X-Content-Security-Policy-Report-Only
Served-By
X-FTR-Cache-Host
X-APP-VERSION
X-Varnish-Backend
X-Cache-Control
X-Revision
Edge-Cache-Tag
X-HS-Cache-Config
X-Geo-Country
Source
X-Amzn-Trace-Id
X-Origin
X-PHP-Backend
X-BCube-Filmed-By
X-Request-Guid
X-App-Environment
X-Cache-Server
X-RateLimit-Remaining
X-PC-Key
X-Varnish-Hostname
X-PC-Hit
S-Cnection
Host-Header
X-Handled-By
X-TT
X-PC-AppVer
X-Hail-Hydra
Server-Node
X-Tumblr-Pixel
DC
X-Device-Type
X-Cache-Operation
Fastly-Restarts
Retry-After
Powered-By-ChinaCache
X-Tumblr-User
X-Tumblr-Pixel-0
X-Origin-Upstream-Status
MS-CV
X-Signature
X-B-Cache
X-Cache-Config
X-Cache-2
X-Framework
X-FB-Debug
X-Page-Id
Accept-Charset
X-Correlation-Id
X-Cache-Action
X-Ocache
X-Sucuri-ID
X-TT-TIMESTAMP
X-Origin-Server
X-Debug-Info
Actual-Object-TTL
X-Hyper-Cache
X-ADI-VCache
X-Shield-Cache-Expires
X-PC-Host
X-PC-Date
Viewport
X-WA-Info
NGB
X-Accel-Expires
X-Content-Powered-By
X-Cached-By
X-ATG-Version
X-B3-Sampled
X-Microcachable
Upgrade-Insecure-Requests
Cache
X-LB-Cache
X-Drupal-Cache-Tags
SRV
X-Cache-NE
X-Akam-SW-Version
AsisCache
X-Generated-By
Filters
X-Yottaa-Optimizations
ServedBy
X-Yottaa-Metrics
X-App-Server
X-Internal-Host
X-TX-ID
X-RequestSource
X-Amz-Server-Side-Encryption
X-Tumblr-Pixel-2
X-Wix-Request-Id
X-Tumblr-Pixel-1
X-FW-Static
X-FW-Hash
X-FW-Type
X-FW-Server
X-Cacheable-TTL
X-Seen-By
X-Distil-CS
X-FW-Serve
X-S
X-Locale
X-WebKit-CSP-Report-Only
X-GeoIP
X-RTag
X-Jobs
X-Accel-Buffering
X-Cluster
From-Origin
X-ServedBy
X-Geo
X-HS-Combine-CSS
X-Varnish-Hits
Content-Script-Type
X-Akamai-Edgescape
Content-Style-Type
X-Daa-Tunnel
X-Adobe-Loc
X-Sucuri-Cache
X-Adobe-Content
X-Esi
X-Varnish-Grace
X-Node-Name
X-Varnish-Cache-Hits
X-GUploader-UploadID
X-Varnish-IP
X-Platform-Server
X-Litespeed-Cache
X-RateLimit-Limit
X-TA-CDN-Provider
X-Vg-Webcache
X-Edge-Cache-Key
X-Dns-Prefetch-Control
X-Edge-Cache
X-Cache-TTL-Remaining
Datacenter
X-GZip
X-Cache-Remote
X-CDN-Forward
X-Storage
X-NewRelic-App-Data
X-Real-IP
HostName
X-UA
X-Mode
X-Region
X-Akamai-Transformed
X-Cache-Age
Cache-Tag
X-Amz-Replication-Status
X-Drupal-Cache-Contexts
X-Distributor
X-Source
Country
X-Is-Bot
X-Path-Route
X-MP-GENERATED-AT
X-Detected-As
X-ProcessESI
X-RemovedCookies
X-RN-RSRV
X-Rendered-As
Meta-Geo
Load-Balancing
X-Cache-Var-Map
X-Cache-Var
Machine
X-Agile-Id
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Agile
X-Agile-Age
Fastly-SSL
X-Feature
X-Port
X-Akamai-Request-ID
X-PERF
X-BB-IP
GEO-INFO
X-Cache-Bucket
X-NCache
X-Kinja-Server-Push
X-OCL
X-ApacheServer
X-TWH-CORRELATION-ID
X-Webstats-RespID
X-PCL
Cache-Key
Ohc-File-Size
X-Grey
X-Web-Node
X-Cache-Category-Id
Mn-Server-Ip
ServerName
X-Viewer-Country
Azure-SlotName
X-NodeID
Azure-SiteName
X-Instance-Name
X-EIG-Tracking-Id
X-Cluster-Node
X-CDN-Cache
X-Human
Azure-InstanceId
Azure-Version
Azure-RegionName
Cache-Name
S-Rt
L5d-Success-Class
X-Time-Microsecs
X-Upgrade-Enabled
X-Amz-Meta-Surrogate-Control
X-Debug-Cache
X-Pubstack
X-Proto
Webcakes-Region
Webcakes-App-Version
X-Cache-HT
User-Cache-Control
X-CCM
Webcakes-App-Name
X-Birta-Served
DB-Nickname
X-App-Name
TWC-Locale-Group
Healthy
Backend
X-Birta-Cache-Post
X-BYPASS-REASON
X-Hosted-By
X-Edge-Location
X-Proxy
TWC-Device-Class
X-Via-Fastly
X-Origin-Hint
X-ProxyCache-Key
X-ProxyCache-Status
TWC-GeoIP-Country
Property-Id
X-ServerID
X-Routing-Service
X-Request-Time
X-Optimization
X-Original-Request
X-Generation-Time
X-Meta-Tbi-Cache-Vertical
TWC-Connection-Speed
X-Format
X-FC-Vary-Parameters
X-IP
TWC-Privacy
X-Xfnlog-Site
TWC-GeoIP-LatLong
X-Labrador-Cache-Channel
X-Zipkin-Id
X-Loop
X-Access
LB
X-TNCMS
X-Section
Fastcgi-Useragent
Cache-Hits
Now
X-OVcl-Cache
User-Agent
X-JoinUs
Access-Control-Allow-Method
X-OVcl
X-Varnish-Cacheable
X-Generated
X-VWS-Id
X-Www-Served-By
X-SplitTest
X-Site-Version
X-LJ-Flow-ID
X-AWS-Id
X-CCM-LastModified
X-Tumblr-Pixel-3
X-Backend-Name
X-Surge-Debug
X-Ezoic-Cdn
X-Render-Type
X-Guploader-Uploadid
Selected-FE
X-Hit
RATING
X-Proxy-Build
X-Tb
X-Timing-Wait
Payment
Countrycode
X-Origin-CC
X-Newrelic-Synthetics
X-Time
X-Cache-Enabled
Ec-Rule-Version
X-Correlation-ID
X-CACHE-AGE
X-Nginx-Cache
X-Unique-ID
Origin-Cache-Control
X-DataStream-Cache-Status
Origin-Edge-Control
WP-Super-Cache
X-L-Path
X-B3-Spanid
X-Environment-Context
X-Oneagent-Js-Injection
X-B3-TraceId
X-Real-Ip
X-UA-Device-Type
X-Dc
X-Nc
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
RequestId
Xserver
X-NU-AKA-ACS-Version
NODE
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Skip-Cache
X-WR-MODIFICATION
X-NGENIX-Cache
Access-Control-Request-Headers
Webserver
X-Vgn-Hpd-Reason
X-ElasticPress-Search
X-COUNTRY
X-Content-Type
X-CLOUD-TRACE-CONTEXT
Time
X-Upstream-CT
X-Be
X-Upstream-HT
X-Cache-Backend
X-EdgeConnect-Cache-Status
X-Servedby
X-Varnish-Beresp-Ttl
X-Status
Ws
Warning
X-A-Wwc
X-Amz-Meta-Cache-Control
X-Application
X-ARC
X-A-Dgt
X-A-Dcw
X-Fastly-Cache
X-A-Ccd
X-A-Dam
Cache-Prefix
X-B-Cookie
Fastcgi-X-Cache-Version
X-Planisys-CDN-TTL
X-Public
X-We-Are-Hiring
X-Planisys-CDN-Rules
Xc-Version
X-BB-ID
X-Haproxy-Ip
X-BBXSRF
X-Logtrace-Id
Fastly-Soc-X-Request-Id
Apple-News-Services-Handled
Ajk
MD5-Digest
Memcached
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Host-ID
BehaviorPad-Version
Apple-News-Services-Request-Url
Meta-Geo-Continent
Fly-Request-Id
X-ND-Cache
Www
X-A
Fly-Cache
VivaBuild
Viewtype
Resin-Trace
Sta2Tusw
T-Server
GMS-Ver
X-Wix-Route-ID
X-Server-Time
X-SRCache-Key
X-Cache-Host
X-Cache-Id
X-CF-Lambda-Fn
X-SVT-ORM-RULES
X-Region-Sid
X-Trv-Group
X-G
X-Transaction
X-SVT-ORM-VERSION
X-CF-Lambda-Version
X-DPWN-IS-SECURE
X-Rewrite-Enabled
X-Haproxy-Hostname
X-Planisys-CDN-Cache
X-Connection-Hash
X-Rojux
X-Died
X-Server-By
X-Generated-In
X-S-Cookie
Fastcgi-X-Cache
X-Twitter-Response-Tags
X-D
X-Developer
X-User
X-Via-CDN
X-VG-WebServer
X-PAYTM-SRV-ID
X-Destination
X-From
X-Via-Edge
X-Croise-Owner
X-Accel-Expires-Debug
X-Cache-CFC
IBM-Web2-Location
IsBot
X-Core-Value
X-F5-Cache
X-ScT
X-Wikidot-Static-Cache
X-CS
X-Rebelmouse-Cache-Control
Fastly-SIE
Fastly-SWR
X-Wikidot-Backend
X-Request-URI
X-NX-Host
X-Debug-Cookies
Release
X-No-Session
X-SIPLIST1
V-Age
UCS
X-Up
X-Cache-Expires
X-FireWall-Port
X-Rebelmouse-Surrogate-Control
X-Fstrz
Uber-Trace-Id
X-Debug-Log
Rendered-Blocks
X-Phone
Origin
Request-Time
X-Cache-Time
X-Var-Ttl
Server-Int
X-Date
Odigeo-Trace-Id
NGX
X-GoCache-CacheStatus
AKAMAI
X-Fastcgi-Cache
X-StackifyID
X-Webkit-CSP
Cneonction
X-Passed-To
X-Passed-To-DLL
X-MSEdge-Flight
X-Passed-To-BeforeDispatch
X-MSEdge-Features
X-IN-APIGATEWAY
X-IN-SSL-APIGATEWAY
X-IN-WAF
X-Passed-To-PostProcessResponse
X-Location
Proxy-Connection
On-Server
Ohc-Response-Time
X-Served-From
X-Server-Group
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
Pramga
X-Returned-From
Platform
X-Hnp-Log
Who
X-Backend-State
X-Backend-Host
X-Content-Age
X-Device-Os
X-Ckpd-Fst-Backend
X-Backend-Url
X-Block-Status
X-Cdn-Origin
X-Cdn-Srv
X-CGP
X-Amz-Meta-S3cmd-Attrs
X-Dispatcher-Server
X-Frame-Option
X-Gen-Mode
X-Server-IP
Web-Mar-Node
X-Cache-Ttl
X-Forwarded-Host
X-Env
X-Actual-URL
X-Epic-Correlation-Id
X-Eu-Site
X-GeoIP-Country-Code
X-Returned-From-PostProcessResponse
HA-Cloudapp
HA-Geocity
GW-Server
Backend-Name
X-Stale
HA-Geocountry
HA-Geolat
HA-Host
HA-Ipaddr
Ha-Gx-Prefs
X-Servername
HA-Geolon
X-Trace-Id
X-TT-LOGID
Esi-Enabled
CDCHOST
X-VServer
X-WebServer
X-Worker
Fastly-Backend-Name
X-V
X-UnsetCookies
X-UE-Client-Country
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
HA-Servedtime
HA-Georegion
Httpd-Identifier
Adler-Geo
X-Sn-Servicetimems
HA-Urlpath
Is-Eu
Apicache-Version
OT-Force-Account-Verify
X-TIME
Apicache-Store
X-Edge-IP
X-Shopify-Stage
X-Core-Mission
X-Developers
X-Sorting-Hat-FeatureSet
X-Cache-Debug
X-ShopId
X-ShardId
X-Cache-Srv
X-ServiceProvider
X-Secret
X-S-Maxage
X-Rocket-Nginx-Bypass
X-Via-NSCOPI
X-MI-In-Market
X-Response-By
X-Hash
Content-Disposition
X-RCS-CacheZone
X-Hl-Ver
X-Sorting-Hat-PrivacyLevel
X-Node-Id
X-Sorting-Hat-Section
X-GeoIP-City
X-Reboot
X-Sorting-Hat-ShopId-Cached
X-Thinkindot-L3
X-Sorting-Hat-PodId
X-Sorting-Hat-PodId-Cached
X-Sorting-Hat-ShopId
X-Release
X-Gannett-Site-Version
X-Page-Type
X-Matched-Rule
MI-API
PFcat
Decoy-Debug-Status
X-Auto-Login
X-Backend-TTL
Request-Country
Powered-By
Pragrma
Decoy-Debug-TTL
X-Alternate-Cache-Key
Request-EU
MI-Cache-Age
MI-Cache
Drupal-Pagecache-Memcache
Decoy-Debug-Key
HTTPS
Thinkindot-CacheControl-Type
X-Bug-Bounty
Server-ID
Thinkindot-Control
Server-Host
Heartbleed
Kp-EeAlive
X-C
Thinkindot-CacheControl
NnCoection
Dnion-Transfer-Encoding
X-Dynatrace
REQUESTUUID
X-Info
X-HCF
X-Origin-Expires
X-Thanos
X-Platform
X-Origin-Date
X-Ver
X-Fetched-On
Version
NtCoent-Length
X-Clientip
X-Varnish-HitMiss
X-Crawler
X-Cache-Control-Set-By
X-Bip
X-Varnish-Id
X-Cache-URL
X-Amz-Meta-S3b-Last-Modified
X-Refresh
X-Svr
Country-Code
Cache-Provider
X-Req
Mime-Version
X-Origin-TTL
X-Oss-Storage-Class
X-P-T
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
Cteonnt-Length
X-Pf-Uncompressing
X-Oss-Server-Time
X-DC
X-App-Version
X-CSRF-Token
X-Yottaa-Sig
X-RateLimit-Remaining-Second
Pagetype
X-Ua
X-RateLimit-Limit-Second
X-Kong-Upstream-Latency
Processtime
X-Kong-Proxy-Latency
X-HS-Hub-Id
X-NC
Ar-Sid
Memory
Accept-Ch
X-Amz-Meta-Sha256
Arc-Country
X-EC-Security-Audit
X-From-Cache
FSS-Proxy
FSS-Cache
X-Varnish-Url
X-Irp-Debug
X-LiteSpeed-Cache-Control
WebServer
X-Pjax-Url
Brightspot-Id
X-Csrf-Token
X-Cache-ASPX
X-Ruxit-Js-Agent
SN
Geoip-Latitude
X-ROOTCache
GeoIp-Country-Code
Sid
PageType
Geoip-City
X-LB-Node
X-LB-CacheStatus
COMMERCE-SERVER-SOFTWARE
X-Atg-Version
PICS-Label
X-Request-UUID
X-Request-Start
CF-IPCountry
MIME-Version
Dynatrace
X-Redis-Cache
X-Cache-Handler
Cdn
X-Endurance-Cache-Level
X-Ratelimit-Remaining
X-Rule
X-Cdn-Forward
Dont-Set-Cookie
X-Wix-Petri-Ex
X-Load-Cache
X-Fastly-Backend-Reqs
Edgecast
X-Ratelimit-Limit
X-Varnish-Action
If-Modified-Since
X-SERVER-NAME
X-Layer
X-GRACE
X-Requestid
PROCESSING-IP
X-TId
BORDER-IP
X-Servedbyhost
X-Varnish-Beresp-TTL
Frame-Options
X-Tid
X-ServedByHost
X-GDPR
X-Varnish-Ttl
X-Sf
X-Rocket-Nginx-Serving-Static
X-B3-SpanId
X-RequestId
RNT-Time
X-Fastly-Cache-Hits
RNT-Machine
X-Nananana
X-BE
X-Resolver-IP
CDN
X-Key
XServer
NodeID
X-Owner
X-Cache-TTL
Powered
Cf-Ipcountry
Pics-Label
CACHE
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Server-W
GeoIP-Latitude
Web-Mar-Region
X-HTML-Minification-Powered-By
GeoIP-City
Cache-Tags
GeoIP-Country-Code
Node
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
Mail-Subject
X-Flog
We-Hiring
X-ABtesting
DataCenter
PageSpeed
WZWS-RAY
X-NWS-UUID-VERIFY
X-Gdpr
X-Shard
X-Sentry-ID
ProcessTime
Lfy
X-Powered-By-ANYU
X-VG-WebCache
X-GZIP
X-Dynatrace-Js-Agent
Amp-Access-Control-Allow-Source-Origin
X-Use-Magma
X-Ms-Version
X-Ms-Lease-Status
X-Ms-Blob-Type
X-Ms-Request-Id
Get-Access-Time
X-CDN-Pop-IP
Is-Session-Tracking
Max-Age
X-CDN-Pop
X-Cf-Powered-By
Accept-CH
X-Mem
X-PF-Uncompressing
X-PJAX-URL
URI
X-Varnish-URL
Magicmarker
X-GEO
X-UPSTREAM-Address
X-FORWARDED-FOR
X-Powered-By-Defense
X-Cache-FS-Status
X-ByteArk-Cache
X-Dw-Trace-Id
X-Front
Xet-Cookie
Hostname
X-Cookie
X-Oa-Upstreams
X-SRV
Requestid
X-Trv-Request-Id
X-Check-Cacheable
X-Remote-IP
X-NGINX-Cache
X-Unique-Id
X-RPS
X-Zalando-Page-Type
X-Zalando-Child-Request-Id
X-Aicache-OS
X-Varnish-ID
RequestUuid
X-VID
X-RSL
X-VG-TLSProxy
X-RPM
X-Proxy-Server
X-DW
X-Edge-Server
X-PAGE-TYPE
X-DI
X-DSS
X-Ms-Lease-State
X-DB
X-Micro-Cache
Cdn-Host
X-Alicdn-Da-Ups-Status
Cdn-Request-Time
True-Client-Country-4JS
X-Litespeed-Cache-Control
X-Fe
X-Policy
X-Akamai-ERRuleID
X-SB
X-Safe-Firewall
Rt-Proxy-Cache
X-PARISIEN-Cache-Rendered
N-Cache
Group
X-VC
X-VarnPar1
X-VarnCache
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Litespeed-Tag
SID
X-RAMCache
CF-Cached-On
X-Hello
V-Cache
X-Akamai-ERPolicy
X-VarnPar2
WS