Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
X-Powered-By
X-Content-Type-Options
Strict-Transport-Security
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Varnish
X-Xss-Protection
X-Amz-Cf-Id
Referrer-Policy
X-Request-Id
X-AspNet-Version
X-Timer
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
CF-Ray
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
Alt-Svc
X-AspNetMvc-Version
Status
X-Cache-Status
X-DNS-Prefetch-Control
X-Check
X-FRAME-OPTIONS
X-Iinfo
X-Adblock-Key
Timing-Allow-Origin
X-CDN
X-Content-Security-Policy
X-Turbo-Charged-By
X-Permitted-Cross-Domain-Policies
Content-Encoding
X-Template
X-Language
Keep-Alive
X-Via
X-Type
X-AH-Environment
X-Backend
X-Cache-Group
X-Nginx-Cache-Status
X-Buckets
WPE-Backend
X-Pass-Why
X-Server
X-Age
X-Server-Powered-By
Access-Control-Max-Age
X-Pingback
X-Request-ID
Xkey
X-Varnish-Cache
Grace
Access-Control-Expose-Headers
Upgrade
P3p
X-Drupal-Dynamic-Cache
X-Hacker
X-UA-Device
X-Amz-Request-Id
X-Page-Speed
Cf-Railgun
X-Proxy-Cache
EagleId
X-Amz-Id-2
X-LiteSpeed-Cache
X-Robots-Tag
X-Swift-CacheTime
X-Swift-SaveTime
X-Envoy-Upstream-Service-Time
Ali-Swift-Global-Savetime
Request-Context
X-Node
X-Device
X-Ac
Content-Location
X-Host
X-Cnection
X-Amz-Version-Id
X-Cache-Lookup
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Surrogate-Control
X-Backend-Server
X-Server-Id
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Rack-Cache
X-Instart-Request-ID
X-CST
X-Px
X-Response-Time
Request-Id
X-Readtime
X-Rq
Server-Timing
X-Ua-Compatible
X-HeyJason
Permitted-Cross-Domain-Policies
X-Do-Not-Hack
X-Clacks-Overhead
X-Cloud-Trace-Context
EagleEye-TraceId
X-Url
Pinterest-Generated-By
Edge-Control
X-Application-Context
X-MS-InvokeApp
X-Country
X-Server-Name
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Allow
X-DynaTrace-JS-Agent
Charset
SPRequestGuid
Report-To
X-SharePointHealthScore
X-Country-Code
X-ESI
X-DataDome
X-Ruxit-JS-Agent
X-Cached
X-Varnish-TTL
X-TtlSet
X-Vname
X-PC
Rating
X-TTL
X-Powered-CMS
X-Powered-By-Plesk
X-Recruiting
Public-Key-Pins
X-Cdn
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-FTR-Request-ID
X-D2id
SPIisLatency
X-Version
X-N
SPRequestDuration
MS-Author-Via
NEL
X-Vhost
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Revision
X-Kinja-Server
X-Kinja-Build
X-Kinja
X-Exp-Id
X-Geo-Segment
X-Upstream-Env
Pinterest-Version
X-Pinterest-Rid
X-F-Cache
X-Dw-Request-Base-Id
X-DynaTrace
X-CF-Powered-By
X-VARITI-CCR
Cartoon
X-T
X-GoogleNews-Bot
X-Mod-Pagespeed
Content-MD5
AR-CACHE
AR-PoweredBy
AR-ATIME
Nginx-Cache
MicrosoftSharePointTeamServices
RTSS
X-GitHub-Request-Id
X-Abt-Application-Version
X-Shield-Request-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Feature-Policy
X-Trace
Verso
X-Amz-Rid
AR-SID
X-Navigation-Version
X-Server-ID
X-Dispatcher
X-Forwarded-Proto
X-Client-IP
X-Hits
Realpath
X-Goog-Hash
X-Origin-Cache
Arr-Disable-Session-Affinity
Paypal-Debug-Id
X-Kinsta-Cache
X-Zen-Fury
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Id
X-Content-Options
X-Ttl
X-B
TCN
X-Grace
X-Content-Digest
X-Ser
X-Cache-Key
X-Varnish-Age
Alternate-Protocol
X-Sol
Fastcgi-Cache
X-Upstream
DynaTrace
X-Via-JSL
Access-Control-Request-Method
X-Fastly-Request-ID
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Mrf-Cache-Status
MRF-Tech
X-Pad
Display
X-Middleton-Display
X-Vcap-Request-Id
X-NF-Request-ID
X-Nf-Srv-Version
X-IPLB-Instance
X-DIS-Request-ID
X-FastCGI-Cache
Response
X-Middleton-Response
PB-PID
PB-RID
X-User-Agent
X-SS-Set-Cookie
X-Mobile-Rewrite
Front-End-Https
Pagespeed
X-Frontend
X-Logged-In
Rt-Fastcgi-Cache
Eomportal-Instance
X-Cache-Rule
X-PressLabs-Stats
X-MSEdge-Ref
X-Whom
Server-Name
X-XRDS-LOCATION
X-Forwarded-For
Host
X-VCache
S
X-Hostname
X-NWS-LOG-UUID
X-Cache-Hit
X-Acc-Meta-Resource-Type
Tracecode
X-Newrelic-App-Data
Liferay-Portal
Cache-Status
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Generation
X-Debug
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
Arc-Version
X-UUID
X-AOL-HN
X-Request-Processing-Time
X-HS-Content-Id
X-Request-Received
X-FTR-Cache-Status
X-Webkit-Csp
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Expires
Backend-Timing
X-FTR-Realm
X-FTR-Backend
X-FTR-Balancer
FilterID
X-Analytics
X-Country-Code-Real
Surrogate-Key
HitInfo
Server-Info
HitType
TP-L2-Cache
TP-Cache
X-Wix-Server-Artifact-Id
X-Magnolia-Registration
X-Instance
Public-Key-Pins-Report-Only
Refresh
X-Contextid
X-Rid
ServerID
X-Activity-Id
X-AppVersion
X-Az
X-Proxied
X-HS-Cache-Config
Edge-Cache-Tag
X-XRDS-Location
X-Srv
X-Correlation-Id
X-Content-Security-Policy-Report-Only
Service-Worker-Allowed
X-Varnish-Server
X-WPE-Loopback-Upstream-Addr
AMP-Access-Control-Allow-Source-Origin
X-B3-Traceid
X-HW
X-Origin
X-Mobile
Cleartype
S-Cnection
X-Revision
Served-By
Source
X-Varnish-Backend
X-APP-VERSION
X-Sucuri-ID
Fastly-Restarts
X-Amzn-Trace-Id
X-FTR-Cache-Host
X-TT
X-Geo-Country
X-App-Environment
Powered-By-ChinaCache
X-Framework
X-Device-Type
X-B-Cache
X-RateLimit-Remaining
X-PHP-Backend
X-Signature
Retry-After
X-Hyper-Cache
X-Tumblr-User
X-Cache-Config
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Cache-Action
X-FB-Debug
X-Origin-Upstream-Status
X-Cache-Server
X-Cache-Operation
X-Varnish-Hostname
X-Cache-Control
Server-Node
Host-Header
X-BCube-Filmed-By
X-Handled-By
X-TT-TIMESTAMP
X-Request-Guid
X-PC-Key
X-PC-AppVer
X-Hail-Hydra
X-PC-Hit
MS-CV
X-Page-Id
X-Cache-2
DC
Accept-Charset
X-ATG-Version
X-Ocache
Actual-Object-TTL
X-WA-Info
X-ADI-VCache
X-Debug-Info
X-Shield-Cache-Expires
X-Origin-Server
Cache
X-URL
X-Daa-Tunnel
X-Content-Powered-By
X-PC-Host
X-HS-Combine-CSS
X-PC-Date
Upgrade-Insecure-Requests
X-Accel-Expires
NGB
Viewport
X-LB-Cache
SRV
X-Cache-NE
X-Microcachable
AsisCache
X-GeoIP
X-Generated-By
X-Cached-By
X-Yottaa-Optimizations
X-Sucuri-Cache
X-Feature
X-Yottaa-Metrics
Filters
X-Jobs
X-Amz-Server-Side-Encryption
X-Accel-Buffering
X-Akamai-Edgescape
X-RequestSource
ServedBy
X-Drupal-Cache-Tags
X-Dns-Prefetch-Control
X-WebKit-CSP-Report-Only
X-App-Server
X-Wix-Request-Id
X-Seen-By
X-S
X-Cacheable-TTL
X-TX-ID
X-Adobe-Loc
X-Cluster
X-Adobe-Content
X-FW-Serve
X-FW-Server
X-Internal-Host
X-FW-Hash
From-Origin
X-RTag
X-Tumblr-Pixel-1
X-Distil-CS
X-FW-Static
Content-Style-Type
X-Geo
X-Varnish-IP
Content-Script-Type
X-FW-Type
X-Locale
X-Tumblr-Pixel-2
X-Akam-SW-Version
X-Varnish-Hits
X-B3-Sampled
X-Cache-Age
X-Varnish-Cache-Hits
X-Cache-Remote
Datacenter
X-UA
X-Edge-Cache-Key
X-GZip
X-Edge-Cache
X-Varnish-Grace
X-Storage
X-Node-Name
HostName
X-Platform-Server
X-NewRelic-App-Data
X-ServedBy
X-CDN-Forward
X-Akamai-Transformed
X-Vg-Webcache
X-Kinja-Server-Push
X-Cache-TTL-Remaining
X-Region
X-Cache-Bucket
X-RateLimit-Limit
X-Mode
RATING
X-Guploader-Uploadid
Country
Cache-Tag
X-Amz-Replication-Status
X-Distributor
Load-Balancing
X-EIG-Tracking-Id
X-TA-CDN-Provider
Ohc-File-Size
X-Amz-Apigw-Id
ServerName
X-Amzn-RequestId
Fastly-SSL
X-BB-IP
GEO-INFO
X-Agile-Age
Mn-Server-Ip
X-Source
X-Proto
X-Agile
X-Agile-Id
X-Cache-Category-Id
X-ProxyCache-Status
X-Debug-Cache
X-RemovedCookies
X-ProxyCache-Key
Meta-Geo
X-BYPASS-REASON
Cache-Key
X-Akamai-Request-ID
X-Detected-As
X-Grey
X-Web-Node
X-Cache-Var-Map
Cache-Name
X-Cache-Var
X-Rendered-As
X-Cache-HT
X-Optimization
X-ApacheServer
X-Path-Route
L5d-Success-Class
X-Time-Microsecs
X-ProcessESI
X-MP-GENERATED-AT
X-RN-RSRV
X-Viewer-Country
Healthy
Machine
X-Is-Bot
X-PERF
X-JoinUs
X-Real-IP
X-NCache
X-Request-Time
WP-Super-Cache
X-Drupal-Cache-Contexts
X-GUploader-UploadID
X-CCM
Cache-Hits
X-ServerID
X-Hit
X-TWH-CORRELATION-ID
X-CDN-Cache
X-Ezoic-Cdn
X-NodeID
X-OCL
X-Cluster-Node
X-Labrador-Cache-Channel
X-Webstats-RespID
X-Human
X-Xfnlog-Site
X-PCL
X-Generated
X-Original-Request
X-Upgrade-Enabled
Access-Control-Allow-Method
Backend
X-Port
Now
X-Amz-Meta-Surrogate-Control
X-Edge-Location
Webcakes-Region
X-FC-Vary-Parameters
Azure-Version
X-Proxy-Build
Selected-FE
X-Timing-Wait
X-Cache-Enabled
X-CCM-LastModified
Azure-InstanceId
Azure-SiteName
X-Real-Ip
Azure-RegionName
Azure-SlotName
X-Instance-Name
X-Render-Type
X-Pubstack
X-Proxy
X-OVcl-Cache
TWC-GeoIP-Country
TWC-Device-Class
Property-Id
S-Rt
TWC-Connection-Speed
Webcakes-App-Version
X-OVcl
Webcakes-App-Name
X-Hosted-By
X-Www-Served-By
X-Origin-Hint
TWC-Privacy
TWC-GeoIP-LatLong
X-Via-Fastly
TWC-Locale-Group
X-App-Name
X-AWS-Id
User-Cache-Control
X-Access
X-Format
X-Routing-Service
X-Varnish-Cacheable
X-Meta-Tbi-Cache-Vertical
X-Section
X-Site-Version
X-Surge-Debug
X-SplitTest
X-Loop
X-LJ-Flow-ID
X-Birta-Cache-Post
X-Backend-Name
X-TNCMS
X-Generation-Time
X-IP
X-VWS-Id
X-Zipkin-Id
X-Birta-Served
LB
DB-Nickname
X-Oneagent-Js-Injection
X-Dc
Fastcgi-Useragent
Countrycode
X-Newrelic-Synthetics
X-Origin-CC
X-Nginx-Cache
Origin-Cache-Control
User-Agent
X-Tumblr-Pixel-3
Origin-Edge-Control
X-Nc
RequestId
X-L-Path
X-Environment-Context
Payment
X-Tb
X-Time
X-UA-Device-Type
Ec-Rule-Version
X-B3-TraceId
X-Unique-ID
Xserver
X-B3-Spanid
X-DataStream-Cache-Status
X-Skip-Cache
X-Servedby
X-NU-AKA-ACS-Version
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
Access-Control-Request-Headers
X-NGENIX-Cache
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
X-Esi
X-Be
X-WR-MODIFICATION
X-Upstream-CT
Time
NODE
X-Upstream-HT
Webserver
X-Webkit-CSP
X-Vgn-Hpd-Reason
X-EdgeConnect-Cache-Status
X-CACHE-AGE
X-Croise-Owner
X-Oss-Storage-Class
X-Dynatrace
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
Warning
X-Oss-Server-Time
X-Oss-Request-Id
X-DPWN-IS-SECURE
X-ElasticPress-Search
X-NX-Host
X-Logtrace-Id
X-G
X-Generated-In
X-From
X-Debug-Log
X-Application
X-A-Wwc
X-A-Dgt
X-A-Dcw
X-ARC
X-B-Cookie
X-S-Cookie
X-Cache-Host
X-Cache-Expires
X-A-Dam
X-A-Ccd
Fly-Cache
Fly-Request-Id
Request-Time
Resin-Trace
T-Server
X-A
Ajk
Cache-Prefix
X-Cache-Backend
X-Cache-Id
X-Var-Ttl
X-SRCache-Key
X-Destination
X-Died
X-Developer
X-Fastcgi-Cache
X-Debug-Cookies
X-CS
X-Cache-Ttl
X-D
Ws
X-Varnish-Beresp-Ttl
X-StackifyID
X-Yottaa-Sig
IBM-Web2-Location
X-Dispatcher-Server
X-Device-Os
X-Wix-Route-ID
X-Cache-Time
Xc-Version
V-Age
X-Fstrz
X-SVT-ORM-RULES
Fastcgi-X-Cache-Version
Fastcgi-X-Cache
Fastly-Soc-X-Request-Id
X-Connection-Hash
Host-ID
BehaviorPad-Version
X-Fastly-Cache
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Proxy-Connection
Apple-News-Services-Request-Url
X-Haproxy-Hostname
X-CF-Lambda-Version
MD5-Digest
Viewtype
VivaBuild
Meta-Geo-Continent
Release
Sta2Tusw
Www
X-Amz-Meta-Cache-Control
X-CF-Lambda-Fn
Memcached
X-BBXSRF
X-BB-ID
Apple-News-Services-Handled
AKAMAI
X-Transaction
X-Trv-Group
X-SVT-ORM-VERSION
X-Server-Time
X-Request-URI
X-Hash
X-Twitter-Response-Tags
X-Via-Edge
X-Via-CDN
X-VG-WebServer
X-User
X-Server-By
X-Rojux
X-No-Session
X-PAYTM-SRV-ID
X-WebServer
X-ND-Cache
X-Haproxy-Ip
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Rewrite-Enabled
X-Region-Sid
X-Public
X-Planisys-CDN-TTL
X-We-Are-Hiring
X-UE-Client-Country
X-Correlation-ID
Cneonction
X-CSRF-Token
X-TIME
UCS
X-Status
X-Forwarded-Host
X-Frame-Option
X-Gannett-Site-Version
X-F5-Cache
Dnion-Transfer-Encoding
X-CGP
Drupal-Pagecache-Memcache
X-Core-Value
X-GeoIP-City
X-Eu-Site
X-FireWall-Port
X-Sorting-Hat-ShopId-Cached
X-Shopify-Stage
X-Sorting-Hat-FeatureSet
X-ShopId
X-ShardId
X-Passed-To
X-Sorting-Hat-PodId
X-Sorting-Hat-PodId-Cached
Fastly-SIE
Powered-By
X-Sorting-Hat-Section
X-Sorting-Hat-PrivacyLevel
X-Via-NSCOPI
X-Cdn-Origin
X-Actual-URL
Uber-Trace-Id
X-Amz-Meta-S3cmd-Attrs
IsBot
Heartbleed
X-Cache-CFC
NGX
Odigeo-Trace-Id
Rendered-Blocks
Pramga
Server-Host
Origin
Server-Int
HA-Urlpath
HA-Servedtime
HA-Cloudapp
HA-Geocity
GW-Server
X-Cache-Debug
X-Release
HA-Geocountry
HA-Geolat
HA-Host
HA-Ipaddr
Ha-Gx-Prefs
HA-Georegion
HA-Geolon
Fastly-SWR
X-Sorting-Hat-ShopId
X-Returned-From-PostProcessResponse
X-Content-Type
X-ScT
X-Secret
Version
X-Returned-From-DLL
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Auto-Login
X-Returned-From-BeforeDispatch
X-Passed-To-BeforeDispatch
X-Server-IP
X-Crawler
X-Sn-Servicetimems
X-Stale
X-Trace-Id
Mime-Version
X-SIPLIST1
X-Up
X-Alternate-Cache-Key
X-UnsetCookies
X-Hl-Ver
X-Returned-From
Request-Country
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-IN-WAF
X-Phone
X-Passed-To-PostProcessResponse
X-RCS-CacheZone
Kp-EeAlive
X-Passed-To-DLL
X-IN-SSL-APIGATEWAY
Request-EU
X-IN-APIGATEWAY
GMS-Ver
NnCoection
NtCoent-Length
X-C
X-Backend-Host
X-Date
Thinkindot-Control
X-Worker
Who
X-TT-LOGID
Pragrma
X-Accel-Expires-Debug
X-V
Web-Mar-Node
X-Bug-Bounty
X-Backend-TTL
X-VServer
X-Backend-Url
X-Block-Status
X-Backend-State
Thinkindot-CacheControl
X-Ver
Thinkindot-CacheControl-Type
X-Served-From
X-Location
X-Matched-Rule
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-GoCache-CacheStatus
X-Hnp-Log
X-MI-In-Market
X-Reboot
X-MSEdge-Flight
X-Node-Id
X-MSEdge-Features
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-GeoIP-Country-Code
X-Response-By
X-Server-Group
X-Content-Age
X-Cdn-Srv
X-Servername
X-Cache-Srv
X-ServiceProvider
X-Core-Mission
X-Developers
X-Rocket-Nginx-Bypass
X-Gen-Mode
X-Epic-Correlation-Id
X-Env
X-Edge-IP
X-Thinkindot-L3
X-Ckpd-Fst-Backend
X-Page-Type
X-Origin-Expires
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
MI-API
Adler-Geo
Esi-Enabled
X-Origin-Date
Httpd-Identifier
Platform
X-Info
HTTPS
Fastly-Backend-Name
Is-Eu
CDCHOST
Content-Disposition
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
Country-Code
Backend-Name
PFcat
Cache-Cookie-Set-Idcheck
On-Server
Server-ID
MI-Cache
Ohc-Response-Time
X-S-Maxage
MI-Cache-Age
FSS-Proxy
FSS-Cache
X-HCF
X-Cache-URL
Arc-Country
X-Clientip
X-Fetched-On
X-Platform
X-Cache-Control-Set-By
X-Varnish-Id
X-Varnish-HitMiss
Cteonnt-Length
X-Thanos
X-Svr
Brightspot-Id
REQUESTUUID
Cache-Provider
X-Bip
OT-Force-Account-Verify
X-Irp-Debug
X-Refresh
X-LiteSpeed-Cache-Control
WebServer
X-Req
X-Amz-Meta-S3b-Last-Modified
X-CLOUD-TRACE-CONTEXT
Apicache-Version
Apicache-Store
X-App-Version
X-LB-CacheStatus
X-Pjax-Url
X-P-T
X-LB-Node
Processtime
X-Origin-TTL
X-ROOTCache
X-Pf-Uncompressing
Sid
X-Varnish-Url
Pagetype
X-Ruxit-Js-Agent
X-Ratelimit-Limit
X-Request-UUID
Accept-Ch
PageType
X-Ua
X-Request-Start
X-From-Cache
COMMERCE-SERVER-SOFTWARE
X-EC-Security-Audit
Memory
X-Endurance-Cache-Level
X-Ratelimit-Remaining
Dynatrace
X-Load-Cache
X-Amz-Meta-Sha256
X-DC
Cdn
Geoip-City
X-Varnish-Action
X-Litespeed-Cache
GeoIp-Country-Code
If-Modified-Since
Geoip-Latitude
X-Layer
X-Cache-ASPX
X-Cdn-Forward
X-Fastly-Backend-Reqs
X-GRACE
X-COUNTRY
BORDER-IP
PICS-Label
PROCESSING-IP
SN
X-NC
X-Redis-Cache
Ar-Sid
CF-IPCountry
Edgecast
X-Csrf-Token
X-ServedByHost
X-Tid
X-Rocket-Nginx-Serving-Static
Frame-Options
X-GDPR
X-Varnish-Beresp-TTL
X-Atg-Version
MIME-Version
X-Cache-Handler
NodeID
X-RequestId
X-Fastly-Cache-Hits
X-Nananana
X-Requestid
X-TId
X-Resolver-IP
X-Key
X-B3-SpanId
X-Owner
X-NWS-UUID-VERIFY
X-Cf-Powered-By
X-Servedbyhost
Dont-Set-Cookie
Pics-Label
Cf-Ipcountry
Web-Mar-Region
X-Server-W
CACHE
X-Cache-TTL
X-Sentry-ID
X-Sf
X-Flog
X-ABtesting
X-HTML-Minification-Powered-By
X-BE
WZWS-RAY
X-Rule
ProcessTime
Node
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-Powered-By-ANYU
X-Wix-Petri-Ex
Get-Access-Time
GeoIP-City
Is-Session-Tracking
GeoIP-Latitude
GeoIP-Country-Code
X-DataStream-Origin-MEX-Latency
RNT-Machine
RNT-Time
We-Hiring
Mail-Subject
X-VG-WebCache
X-DataStream-MidMile-RTT
X-FORWARDED-FOR
Lfy
X-HS-Hub-Id
PageSpeed
CDN
X-CDN-Pop
X-CDN-Pop-IP
X-Shard
Max-Age
X-Varnish-Ttl
X-Dynatrace-Js-Agent
XServer
X-Use-Magma
X-Mem
X-ByteArk-Cache
X-SRV
X-GZIP
DataCenter
Magicmarker
URI
Powered
X-Cache-FS-Status
Accept-CH
X-UPSTREAM-Address
Cache-Tags
X-Varnish-URL
X-PF-Uncompressing
X-Front
X-Check-Cacheable
X-GEO
X-Powered-By-Defense
X-Unique-Id
X-Dw-Trace-Id
X-Zalando-Page-Type
Amp-Access-Control-Allow-Source-Origin
X-Fe
X-Zalando-Child-Request-Id
X-NGINX-Cache
X-Oa-Upstreams
X-Cookie
X-Micro-Cache
X-Ms-Blob-Type
X-Ms-Lease-Status
X-Ms-Version
X-Ms-Request-Id
X-Remote-IP
Hostname
X-Trv-Request-Id
Xet-Cookie
Group
V-Cache
N-Cache
X-PJAX-URL
X-Safe-Firewall
X-Varnish-ID
X-Aicache-OS
X-Gdpr
RequestUuid
X-HGenerator
X-VarnPar2
X-VarnPar1
X-VC
X-SB
X-PAGE-TYPE
X-PARISIEN-Cache-Rendered
Rt-Proxy-Cache
X-VarnCache
X-Proxy-Server
WWW-Authenticate
X-Qnm-Cache
X-RAMCache
X-ProxyCache-Args
X-Acquia-Application-Trace
WS
Requestid
SID
CF-Cached-On
X-Alicdn-Da-Ups-Status
X-M-Log
X-Litespeed-Tag
X-Hello
X-M-Reqid
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Acquia-Application-UUID