Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
Strict-Transport-Security
X-Powered-By
X-Content-Type-Options
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
Referrer-Policy
X-Xss-Protection
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
CF-Ray
Alt-Svc
X-AspNetMvc-Version
Status
X-Cache-Status
X-DNS-Prefetch-Control
X-Check
X-Iinfo
X-Adblock-Key
Timing-Allow-Origin
X-FRAME-OPTIONS
X-CDN
X-Content-Security-Policy
X-Turbo-Charged-By
X-Permitted-Cross-Domain-Policies
Content-Encoding
P3p
X-Request-ID
X-Template
X-Language
Keep-Alive
X-Via
X-Type
X-AH-Environment
X-Cache-Group
X-Backend
WPE-Backend
X-Pass-Why
X-Buckets
X-Age
X-Nginx-Cache-Status
X-Server
Access-Control-Max-Age
X-Server-Powered-By
X-Pingback
Xkey
X-Varnish-Cache
Grace
Access-Control-Expose-Headers
Upgrade
X-Drupal-Dynamic-Cache
X-Hacker
X-UA-Device
X-Amz-Request-Id
X-Page-Speed
Cf-Railgun
X-Proxy-Cache
X-Amz-Id-2
X-Robots-Tag
EagleId
X-LiteSpeed-Cache
X-Envoy-Upstream-Service-Time
X-Swift-CacheTime
X-Swift-SaveTime
Request-Context
X-Node
Ali-Swift-Global-Savetime
X-Device
X-Ac
X-Cnection
Content-Location
X-Host
X-Amz-Version-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Lookup
X-WebKit-CSP
Surrogate-Control
X-Backend-Server
X-Server-Id
X-OneAgent-JS-Injection
X-Rack-Cache
X-Instart-Request-ID
X-Px
X-Response-Time
X-CST
Request-Id
X-Readtime
Server-Timing
X-Rq
X-Clacks-Overhead
Permitted-Cross-Domain-Policies
X-HeyJason
X-Do-Not-Hack
X-Cloud-Trace-Context
Pinterest-Generated-By
EagleEye-TraceId
Edge-Control
X-Ua-Compatible
X-Url
X-Application-Context
X-MS-InvokeApp
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country
X-Server-Name
Report-To
Charset
SPRequestGuid
X-DynaTrace-JS-Agent
Allow
X-Country-Code
X-SharePointHealthScore
X-TTL
X-DataDome
Rating
X-Varnish-TTL
X-Ruxit-JS-Agent
X-Cached
X-PC
X-Vname
X-TtlSet
X-Powered-CMS
X-ESI
X-Powered-By-Plesk
X-Recruiting
X-FTR-Request-ID
X-D2id
NEL
X-Vhost
Public-Key-Pins
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Env
X-Version
X-Geo-Segment
X-F-Cache
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
SPRequestDuration
X-CF-Powered-By
X-N
SPIisLatency
X-T
X-VARITI-CCR
X-Dw-Request-Base-Id
X-GoogleNews-Bot
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
Cartoon
X-Mod-Pagespeed
X-DynaTrace
MS-Author-Via
Content-MD5
Nginx-Cache
RTSS
X-Abt-Application-Version
AR-CACHE
AR-PoweredBy
AR-ATIME
Feature-Policy
MicrosoftSharePointTeamServices
X-GitHub-Request-Id
X-SRCache-Store-Status
Verso
X-SRCache-Fetch-Status
X-Shield-Request-Id
X-Navigation-Version
X-Dispatcher
X-Amz-Rid
X-Client-IP
X-Hits
Realpath
X-Goog-Hash
X-Server-ID
X-Forwarded-Proto
X-Trace
X-Origin-Cache
X-Cdn
AR-SID
Paypal-Debug-Id
Arr-Disable-Session-Affinity
X-Content-Options
X-TEC-API-ROOT
X-Zen-Fury
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Content-Digest
X-Id
X-Kinsta-Cache
TCN
X-B
X-Grace
Alternate-Protocol
X-Cache-Key
X-Varnish-Age
Fastcgi-Cache
X-Sol
X-Ser
X-Upstream
DynaTrace
MRF-Tech
X-Ttl
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Mrf-Cache-Status
Access-Control-Request-Method
X-FastCGI-Cache
X-Pad
X-Fastly-Request-ID
X-Via-JSL
X-Middleton-Display
PB-RID
Display
PB-PID
X-NF-Request-ID
X-Nf-Srv-Version
X-DIS-Request-ID
X-Vcap-Request-Id
X-Mobile-Rewrite
X-IPLB-Instance
Response
X-User-Agent
X-Middleton-Response
Front-End-Https
Pagespeed
Rt-Fastcgi-Cache
X-MSEdge-Ref
X-SS-Set-Cookie
Eomportal-Instance
X-Cache-Rule
X-PressLabs-Stats
X-Frontend
X-Logged-In
X-Acc-Meta-Resource-Type
X-Cache-Hit
X-Whom
Server-Name
X-Forwarded-For
X-VCache
X-Newrelic-App-Data
Arc-Version
X-Hostname
X-XRDS-Location
Host
Tracecode
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Generation
Cache-Status
S
X-FTR-Backend
X-FTR-Backend-Server
X-Country-Code-Real
Surrogate-Key
X-Request-Processing-Time
X-Request-Received
X-Debug
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Expires
X-FTR-Realm
X-FTR-DC
X-Analytics
Backend-Timing
X-HS-Content-Id
Refresh
X-Instance
X-Contextid
X-AOL-HN
X-Activity-Id
FilterID
X-Proxied
TP-Cache
X-UUID
X-AppVersion
TP-L2-Cache
X-Magnolia-Registration
X-Az
X-NWS-LOG-UUID
X-Wix-Server-Artifact-Id
Public-Key-Pins-Report-Only
X-Rid
X-XRDS-LOCATION
Liferay-Portal
Server-Info
ServerID
HitType
HitInfo
X-HW
X-WPE-Loopback-Upstream-Addr
X-URL
X-Srv
X-B3-Traceid
Service-Worker-Allowed
AMP-Access-Control-Allow-Source-Origin
X-Mobile
Cleartype
X-Content-Security-Policy-Report-Only
X-Webkit-Csp
X-Varnish-Server
X-Varnish-Backend
X-FTR-Cache-Host
X-APP-VERSION
Edge-Cache-Tag
X-HS-Cache-Config
X-Revision
Served-By
X-Origin
X-Cache-Control
Fastly-Restarts
X-Cache-Server
X-Amzn-Trace-Id
X-Geo-Country
S-Cnection
X-RateLimit-Remaining
Source
X-App-Environment
X-Correlation-Id
X-PHP-Backend
X-PC-Hit
X-Request-Guid
Retry-After
X-PC-AppVer
X-PC-Key
Host-Header
X-TT
Server-Node
X-Device-Type
MS-CV
X-Varnish-Hostname
X-Hail-Hydra
X-Tumblr-User
X-Tumblr-Pixel-0
DC
X-Origin-Upstream-Status
X-Tumblr-Pixel
X-Handled-By
X-BCube-Filmed-By
Powered-By-ChinaCache
X-Cache-Config
X-Signature
X-B-Cache
X-Framework
X-FB-Debug
X-Cache-2
X-Cache-Operation
X-Page-Id
Accept-Charset
X-Cache-Action
X-Ocache
X-Sucuri-ID
X-TT-TIMESTAMP
X-Origin-Server
X-Debug-Info
Actual-Object-TTL
X-Hyper-Cache
X-ADI-VCache
X-Shield-Cache-Expires
X-PC-Date
X-PC-Host
Viewport
X-WA-Info
NGB
Cache
X-Content-Powered-By
X-Accel-Expires
X-Microcachable
X-Esi
Upgrade-Insecure-Requests
X-Cached-By
X-B3-Sampled
X-ATG-Version
SRV
X-Drupal-Cache-Tags
X-LB-Cache
X-Cache-NE
Filters
AsisCache
X-Akam-SW-Version
ServedBy
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Internal-Host
X-Generated-By
X-FW-Type
X-FW-Static
X-S
X-TX-ID
X-RTag
X-RequestSource
X-Locale
X-FW-Server
X-FW-Serve
X-Cacheable-TTL
X-Amz-Server-Side-Encryption
X-FW-Hash
X-Daa-Tunnel
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
Content-Style-Type
X-WebKit-CSP-Report-Only
X-HS-Combine-CSS
X-Seen-By
Content-Script-Type
X-Distil-CS
X-GeoIP
X-Wix-Request-Id
X-Accel-Buffering
X-Jobs
X-App-Server
From-Origin
X-Cluster
X-Varnish-Hits
X-Akamai-Edgescape
X-Geo
X-Adobe-Content
X-Sucuri-Cache
X-Adobe-Loc
X-Varnish-IP
X-Varnish-Grace
X-Varnish-Cache-Hits
X-ServedBy
X-Node-Name
X-GZip
X-Platform-Server
X-Edge-Cache-Key
X-Vg-Webcache
X-Edge-Cache
X-Cache-Remote
X-Dns-Prefetch-Control
HostName
Datacenter
X-Cache-TTL-Remaining
X-CDN-Forward
X-Feature
X-Storage
X-Oneagent-Js-Injection
X-Region
X-RateLimit-Limit
X-Mode
X-UA
X-Akamai-Transformed
X-GUploader-UploadID
X-Amz-Replication-Status
X-Cache-Age
Cache-Tag
X-Real-IP
Country
X-NewRelic-App-Data
X-Distributor
X-Cache-Bucket
X-Drupal-Cache-Contexts
X-Source
X-RN-RSRV
X-Is-Bot
Machine
X-Rendered-As
Meta-Geo
X-ProcessESI
X-Cache-Var-Map
X-Cache-Var
Load-Balancing
X-MP-GENERATED-AT
X-RemovedCookies
X-Path-Route
X-Detected-As
X-Agile
X-Amzn-RequestId
Fastly-SSL
X-Agile-Age
ServerName
X-NCache
Ohc-File-Size
X-Guploader-Uploadid
X-Agile-Id
X-Amz-Apigw-Id
X-ApacheServer
X-OCL
X-CDN-Cache
X-TWH-CORRELATION-ID
X-Time-Microsecs
X-BB-IP
X-Viewer-Country
X-Webstats-RespID
X-PCL
X-Kinja-Server-Push
Mn-Server-Ip
X-PERF
X-Web-Node
GEO-INFO
X-Port
L5d-Success-Class
X-Edge-Location
Azure-RegionName
X-Optimization
Cache-Name
Azure-InstanceId
X-Pubstack
Cache-Key
X-Grey
X-Cache-HT
X-Proto
X-Cache-Category-Id
X-Cluster-Node
Azure-SiteName
X-OVcl-Cache
X-NodeID
X-Original-Request
Azure-Version
X-Via-Fastly
X-EIG-Tracking-Id
X-Request-Time
X-Upgrade-Enabled
X-OVcl
Azure-SlotName
Backend
X-Instance-Name
X-Akamai-Request-ID
S-Rt
TWC-Connection-Speed
X-Amz-Meta-Surrogate-Control
TWC-GeoIP-Country
Webcakes-App-Name
DB-Nickname
Webcakes-App-Version
Webcakes-Region
User-Cache-Control
TWC-Privacy
LB
Healthy
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Device-Class
X-Oracle-Dms-Rid
X-Www-Served-By
X-Xfnlog-Site
X-Routing-Service
X-ServerID
X-Human
X-App-Name
X-Zipkin-Id
Property-Id
X-Meta-Tbi-Cache-Vertical
X-Origin-Hint
X-Proxy
X-ProxyCache-Key
X-Render-Type
X-ProxyCache-Status
X-Hosted-By
X-Oracle-Dms-Ecid
X-CCM
X-CCM-LastModified
X-BYPASS-REASON
X-Birta-Served
X-Birta-Cache-Post
X-Generation-Time
X-Debug-Cache
X-FC-Vary-Parameters
X-Site-Version
X-LJ-Flow-ID
X-SplitTest
X-Loop
X-Format
X-VWS-Id
X-AWS-Id
X-Varnish-Cacheable
X-IP
X-Surge-Debug
X-Labrador-Cache-Channel
X-Access
X-Section
X-TNCMS
Cache-Hits
Now
X-JoinUs
Fastcgi-Useragent
Access-Control-Allow-Method
X-Generated
User-Agent
X-Newrelic-Synthetics
X-Backend-Name
X-Ezoic-Cdn
X-Tumblr-Pixel-3
X-Hit
X-TA-CDN-Provider
X-Timing-Wait
X-Nginx-Cache
X-Proxy-Build
Countrycode
Selected-FE
RATING
X-Origin-CC
X-Time
X-Tb
X-Cache-Enabled
X-Real-Ip
WP-Super-Cache
Payment
X-CACHE-AGE
Ec-Rule-Version
Origin-Edge-Control
Origin-Cache-Control
X-Unique-ID
X-DataStream-Cache-Status
X-Environment-Context
X-L-Path
X-B3-Spanid
X-Nc
X-B3-TraceId
X-Correlation-ID
RequestId
X-Dc
X-UA-Device-Type
Xserver
X-NU-AKA-ACS-Version
X-Skip-Cache
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-NGENIX-Cache
X-Servedby
X-Dynatrace
NODE
Access-Control-Request-Headers
X-Litespeed-Cache
Webserver
X-WR-MODIFICATION
X-Vgn-Hpd-Reason
Time
X-Upstream-CT
X-Upstream-HT
X-Be
X-Croise-Owner
X-COUNTRY
X-ElasticPress-Search
X-EdgeConnect-Cache-Status
X-Content-Type
X-Cache-Backend
Warning
X-Varnish-Beresp-Ttl
Ws
X-D
X-Destination
X-Connection-Hash
X-Developer
Cache-Prefix
X-BBXSRF
X-Died
X-No-Session
X-ND-Cache
Fastcgi-X-Cache
X-A-Ccd
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Cache-Id
X-Cache-Host
Fly-Request-Id
Fastcgi-X-Cache-Version
Meta-Geo-Continent
Fastly-Soc-X-Request-Id
Fly-Cache
X-A-Dam
MD5-Digest
X-G
X-Haproxy-Hostname
X-Haproxy-Ip
X-From
Host-ID
X-Amz-Meta-Cache-Control
X-Application
X-Generated-In
X-ARC
X-B-Cookie
X-A-Wwc
X-BB-ID
BehaviorPad-Version
X-Logtrace-Id
X-DPWN-IS-SECURE
AKAMAI
Ajk
X-Fastly-Cache
X-A-Dgt
X-A-Dcw
Memcached
X-Planisys-CDN-Rules
X-Transaction
Sta2Tusw
X-We-Are-Hiring
Viewtype
X-User
X-Rewrite-Enabled
X-Rojux
X-S-Cookie
X-A
X-Server-By
X-SRCache-Key
X-VG-WebServer
X-SVT-ORM-RULES
X-Via-CDN
X-Via-Edge
Cneonction
X-Server-Time
X-SVT-ORM-VERSION
VivaBuild
Xc-Version
X-Wix-Route-ID
X-Planisys-CDN-Cache
Resin-Trace
X-Public
T-Server
X-PAYTM-SRV-ID
Www
X-Trv-Group
X-Twitter-Response-Tags
X-Region-Sid
X-Planisys-CDN-TTL
X-StackifyID
IBM-Web2-Location
UCS
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Var-Ttl
Apple-News-Services-Handled
Apple-News-Services-Request-Url
Server-Int
X-CS
X-Wikidot-Static-Cache
Fastly-SIE
Fastly-SWR
GMS-Ver
X-Cdn-Origin
X-Cache-Expires
X-Wikidot-Backend
X-Debug-Log
Release
X-Debug-Cookies
X-Core-Value
Rendered-Blocks
X-Cache-CFC
X-Fstrz
X-Rebelmouse-Surrogate-Control
Origin
V-Age
Uber-Trace-Id
IsBot
X-Status
X-Request-URI
NGX
Odigeo-Trace-Id
X-ScT
Request-Time
X-SIPLIST1
X-Cache-Time
X-Forwarded-Host
X-Phone
X-F5-Cache
X-Sn-Servicetimems
X-Frame-Option
X-Trace-Id
X-NX-Host
X-Rebelmouse-Cache-Control
X-Webkit-CSP
X-Cache-Ttl
X-C
Server-Host
Who
X-Actual-URL
Thinkindot-CacheControl-Type
X-Backend-TTL
Thinkindot-CacheControl
Thinkindot-Control
X-Block-Status
X-Cache-Debug
X-Backend-State
Web-Mar-Node
X-MSEdge-Flight
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-Secret
X-Served-From
X-Returned-From-BeforeDispatch
X-Returned-From
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Reboot
X-Server-Group
X-ServiceProvider
X-VServer
X-WebServer
X-Accel-Expires-Debug
X-Date
X-V
X-Up
X-Stale
X-Thinkindot-L3
X-UE-Client-Country
X-UnsetCookies
X-Passed-To
X-MSEdge-Features
X-Edge-IP
X-Env
X-Eu-Site
X-FireWall-Port
X-Dispatcher-Server
X-Device-Os
X-CGP
X-Ckpd-Fst-Backend
X-Content-Age
X-Developers
X-Gannett-Site-Version
X-Gen-Mode
X-IN-WAF
X-Location
X-Matched-Rule
X-MI-In-Market
X-IN-SSL-APIGATEWAY
X-IN-APIGATEWAY
X-GeoIP-City
X-GeoIP-Country-Code
X-GoCache-CacheStatus
X-Hnp-Log
X-Cdn-Srv
X-Amz-Meta-S3cmd-Attrs
HA-Georegion
Ha-Gx-Prefs
HA-Geolon
HA-Geolat
HA-Geocity
HA-Geocountry
HA-Host
HA-Ipaddr
Httpd-Identifier
HTTPS
Heartbleed
HA-Urlpath
HA-Servedtime
HA-Cloudapp
GW-Server
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
Backend-Name
X-TIME
Adler-Geo
CDCHOST
Content-Disposition
Drupal-Pagecache-Memcache
Fastly-Backend-Name
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
Is-Eu
Esi-Enabled
Ohc-Response-Time
MI-Cache-Age
MI-Cache
On-Server
Platform
Pramga
Pragrma
Powered-By
MI-API
Proxy-Connection
X-Ruxit-Js-Agent
NnCoection
X-Shopify-Stage
X-Epic-Correlation-Id
X-ShopId
X-Fetched-On
X-ShardId
X-Varnish-Id
X-Sorting-Hat-FeatureSet
X-TT-LOGID
X-Sorting-Hat-PodId-Cached
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
Apicache-Version
X-Bug-Bounty
Request-Country
X-Servername
X-Hl-Ver
X-Hash
X-RCS-CacheZone
REQUESTUUID
X-Page-Type
Version
X-Release
X-Response-By
X-Server-IP
Apicache-Store
X-S-Maxage
X-Rocket-Nginx-Bypass
Request-EU
X-Sorting-Hat-PrivacyLevel
Server-ID
Kp-EeAlive
X-Auto-Login
X-Node-Id
X-Sorting-Hat-ShopId
X-Sorting-Hat-ShopId-Cached
X-Cache-Srv
X-Via-NSCOPI
X-Backend-Url
X-Backend-Host
X-Sorting-Hat-Section
X-Ver
X-Core-Mission
X-Worker
PFcat
Mime-Version
X-Thanos
X-Oss-Storage-Class
X-Origin-Expires
X-Varnish-HitMiss
X-CSRF-Token
X-Origin-Date
X-Bip
X-Cache-Control-Set-By
X-HCF
Dnion-Transfer-Encoding
OT-Force-Account-Verify
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Clientip
X-Svr
X-Crawler
X-Oss-Request-Id
X-Oss-Server-Time
X-Amz-Meta-S3b-Last-Modified
X-Info
NtCoent-Length
X-Refresh
X-Yottaa-Sig
Country-Code
X-Platform
X-Cache-URL
X-Fastcgi-Cache
X-P-T
Cache-Provider
X-DC
X-Origin-TTL
X-App-Version
X-Kong-Upstream-Latency
X-RateLimit-Limit-Second
X-Kong-Proxy-Latency
X-Req
X-RateLimit-Remaining-Second
FSS-Proxy
FSS-Cache
Pagetype
Arc-Country
X-Ua
Processtime
X-Varnish-Url
X-Pf-Uncompressing
Cteonnt-Length
X-Atg-Version
Dynatrace
Ar-Sid
Memory
X-Irp-Debug
X-EC-Security-Audit
Accept-Ch
X-LiteSpeed-Cache-Control
Brightspot-Id
X-CLOUD-TRACE-CONTEXT
COMMERCE-SERVER-SOFTWARE
X-Amz-Meta-Sha256
X-Pjax-Url
X-From-Cache
WebServer
X-NC
X-ROOTCache
Sid
X-Cache-ASPX
X-LB-Node
X-LB-CacheStatus
PageType
X-Request-Start
X-Request-UUID
X-HS-Hub-Id
X-Ratelimit-Limit
SN
X-Csrf-Token
Cdn
Geoip-Latitude
PICS-Label
X-Endurance-Cache-Level
Geoip-City
GeoIp-Country-Code
X-Cdn-Forward
Edgecast
X-Fastly-Backend-Reqs
X-Varnish-Action
If-Modified-Since
CF-IPCountry
X-Redis-Cache
X-Ratelimit-Remaining
MIME-Version
X-Load-Cache
X-Layer
X-Cache-Handler
X-SERVER-NAME
Dont-Set-Cookie
PROCESSING-IP
X-Requestid
X-GRACE
BORDER-IP
X-TId
X-Wix-Petri-Ex
X-GDPR
X-Rocket-Nginx-Serving-Static
X-Varnish-Beresp-TTL
Frame-Options
X-Servedbyhost
X-Tid
X-ServedByHost
X-Dynatrace-Js-Agent
X-B3-SpanId
X-Nananana
X-Sf
X-RequestId
X-Rule
X-Fastly-Cache-Hits
X-Owner
X-Key
RNT-Time
RNT-Machine
NodeID
X-BE
X-Resolver-IP
X-Cache-TTL
Pics-Label
X-Cf-Powered-By
Cf-Ipcountry
CDN
Web-Mar-Region
X-Server-W
GeoIP-City
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
Node
GeoIP-Country-Code
GeoIP-Latitude
X-NWS-UUID-VERIFY
CACHE
Powered
WZWS-RAY
X-Flog
X-HTML-Minification-Powered-By
X-ABtesting
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
XServer
ProcessTime
We-Hiring
X-FORWARDED-FOR
Mail-Subject
Cache-Tags
X-Sentry-ID
Lfy
X-Powered-By-ANYU
DataCenter
PageSpeed
X-Shard
X-CDN-Pop
X-VG-WebCache
Get-Access-Time
X-CDN-Pop-IP
Is-Session-Tracking
Max-Age
X-Varnish-Ttl
X-Use-Magma
Amp-Access-Control-Allow-Source-Origin
Accept-CH
X-SRV
X-ByteArk-Cache
X-Mem
X-GZIP
URI
Magicmarker
X-Gdpr
X-PJAX-URL
X-Cache-FS-Status
X-PF-Uncompressing
X-UPSTREAM-Address
X-Check-Cacheable
X-Front
X-GEO
X-Powered-By-Defense
Xet-Cookie
X-Dw-Trace-Id
X-Varnish-URL
X-Cookie
X-Micro-Cache
X-Ms-Request-Id
X-Ms-Blob-Type
X-Oa-Upstreams
X-Zalando-Child-Request-Id
X-Zalando-Page-Type
X-Ms-Lease-Status
X-Remote-IP
X-Ms-Version
X-Trv-Request-Id
Group
X-Unique-Id
V-Cache
X-Aicache-OS
X-Varnish-ID
Requestid
RequestUuid
X-VarnCache
X-VC
N-Cache
X-VarnPar2
X-PARISIEN-Cache-Rendered
X-Safe-Firewall
X-SB
Rt-Proxy-Cache
X-VarnPar1
X-Proxy-Server
X-PAGE-TYPE
X-NGINX-Cache
Hostname
X-Akamai-ERPolicy
X-Litespeed-Cache-Control
X-Hello
WS
X-HGenerator
X-RAMCache
X-Qnm-Cache
X-Fe
X-M-Log
X-Litespeed-Tag
WWW-Authenticate
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Akamai-ERRuleID
X-Alicdn-Da-Ups-Status
SID
X-M-Reqid
CF-Cached-On