Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Xss-Protection
X-Served-By
X-Varnish
X-Amz-Cf-Id
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
Alt-Svc
Status
X-AspNetMvc-Version
X-Cache-Status
X-DNS-Prefetch-Control
X-Check
X-Iinfo
X-FRAME-OPTIONS
X-Adblock-Key
X-CDN
Timing-Allow-Origin
X-Content-Security-Policy
X-Permitted-Cross-Domain-Policies
X-Turbo-Charged-By
P3p
X-Request-ID
Content-Encoding
X-Template
X-Language
Keep-Alive
X-Type
X-AH-Environment
CF-Ray
X-Via
X-Cache-Group
X-Backend
WPE-Backend
X-Pass-Why
X-Age
X-Buckets
X-Server
X-Nginx-Cache-Status
Access-Control-Max-Age
X-Server-Powered-By
X-Pingback
Xkey
X-Varnish-Cache
Grace
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Expose-Headers
X-Hacker
X-UA-Device
X-Amz-Request-Id
X-Page-Speed
Cf-Railgun
X-Amz-Id-2
X-Proxy-Cache
X-Robots-Tag
X-Envoy-Upstream-Service-Time
EagleId
Request-Context
X-Node
X-LiteSpeed-Cache
X-Ac
X-Device
X-Swift-CacheTime
X-Swift-SaveTime
X-Cnection
X-Host
Ali-Swift-Global-Savetime
Content-Location
X-Amz-Version-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Server-Id
Surrogate-Control
X-Backend-Server
X-OneAgent-JS-Injection
X-Cache-Lookup
X-Rack-Cache
X-Response-Time
X-Px
X-Instart-Request-ID
Request-Id
X-Readtime
Server-Timing
X-Rq
X-CST
X-Clacks-Overhead
Permitted-Cross-Domain-Policies
X-HeyJason
X-Do-Not-Hack
Pinterest-Generated-By
X-Ua-Compatible
X-Url
EagleEye-TraceId
Edge-Control
X-Cloud-Trace-Context
X-Application-Context
X-Country
X-MS-InvokeApp
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Report-To
X-Server-Name
Charset
X-DynaTrace-JS-Agent
SPRequestGuid
X-Country-Code
Allow
X-ESI
X-DataDome
X-SharePointHealthScore
X-Ruxit-JS-Agent
Rating
X-Varnish-TTL
X-Vname
X-PC
X-TtlSet
X-Cached
X-Powered-CMS
X-Powered-By-Plesk
X-Recruiting
X-CF-Powered-By
X-DynaTrace
X-FTR-Request-ID
NEL
X-Vhost
X-D2id
X-TTL
Public-Key-Pins
Pinterest-Version
X-Upstream-Env
X-Pinterest-Rid
X-Kinja-Build
X-Kinja-Server
X-Exp-Id
X-Kinja-Revision
X-Kinja
X-Cdn-Fetch
X-Exp-Variant
X-Geo-Segment
X-F-Cache
X-Version
X-VARITI-CCR
X-N
X-T
X-GoogleNews-Bot
Cartoon
SPIisLatency
SPRequestDuration
X-Dw-Request-Base-Id
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Mod-Pagespeed
MS-Author-Via
X-Abt-Application-Version
Content-MD5
RTSS
Nginx-Cache
Feature-Policy
X-Ttl
Verso
X-GitHub-Request-Id
X-Dispatcher
X-Navigation-Version
MicrosoftSharePointTeamServices
AR-ATIME
X-SRCache-Store-Status
AR-CACHE
X-Goog-Hash
X-SRCache-Fetch-Status
AR-PoweredBy
X-Amz-Rid
X-Client-IP
X-Hits
Realpath
X-Forwarded-Proto
X-Shield-Request-Id
X-Cdn
X-Origin-Cache
X-Trace
Paypal-Debug-Id
X-Server-ID
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Content-Options
X-Grace
X-Zen-Fury
X-Id
X-Content-Digest
X-Kinsta-Cache
TCN
DynaTrace
X-B
Arr-Disable-Session-Affinity
AR-SID
Alternate-Protocol
X-Varnish-Age
X-Cache-Key
X-Sol
X-Upstream
Fastcgi-Cache
MRF-Tech
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Mrf-Section-Lastmod
Access-Control-Request-Method
X-Ser
X-Pad
Display
X-Middleton-Display
X-Fastly-Request-ID
X-Acc-Meta-Resource-Type
PB-PID
PB-RID
X-Mobile-Rewrite
X-Nf-Srv-Version
X-NF-Request-ID
X-Via-JSL
X-FastCGI-Cache
X-DIS-Request-ID
Response
X-Middleton-Response
X-User-Agent
X-Vcap-Request-Id
Pagespeed
X-Forwarded-For
Front-End-Https
Rt-Fastcgi-Cache
X-MSEdge-Ref
X-Cache-Rule
Eomportal-Instance
X-PressLabs-Stats
X-Frontend
X-IPLB-Instance
X-SS-Set-Cookie
X-Logged-In
Arc-Version
X-Cache-Hit
Server-Name
X-Whom
X-Goog-Stored-Content-Length
X-VCache
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Hostname
X-XRDS-LOCATION
Host
Tracecode
Surrogate-Key
X-Litespeed-Cache
S
X-FTR-Realm
X-FTR-Expires
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Balancer
X-Request-Processing-Time
X-Request-Received
Cache-Status
X-Analytics
Backend-Timing
X-Debug
X-HS-Content-Id
Refresh
X-AOL-HN
TP-L2-Cache
X-Instance
TP-Cache
X-Magnolia-Registration
X-Contextid
X-Rid
X-Proxied
X-Activity-Id
X-AppVersion
X-Az
X-Newrelic-App-Data
Public-Key-Pins-Report-Only
FilterID
ServerID
X-Srv
X-Wix-Server-Artifact-Id
X-XRDS-Location
Server-Info
X-HW
HitType
X-UUID
X-B3-Traceid
HitInfo
X-WPE-Loopback-Upstream-Addr
Cleartype
Liferay-Portal
X-APP-VERSION
Service-Worker-Allowed
X-Mobile
X-Varnish-Server
X-Content-Security-Policy-Report-Only
X-FTR-Cache-Host
AMP-Access-Control-Allow-Source-Origin
X-Varnish-Backend
Served-By
X-Cache-Control
X-Correlation-Id
X-Revision
X-Amzn-Trace-Id
X-Geo-Country
X-Cache-Server
Source
X-Hail-Hydra
X-BCube-Filmed-By
Server-Node
Retry-After
X-PC-AppVer
X-PC-Hit
X-TT
X-Request-Guid
X-PHP-Backend
X-PC-Key
Host-Header
X-App-Environment
X-Handled-By
X-Device-Type
MS-CV
X-Varnish-Hostname
Accept-Charset
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-NWS-LOG-UUID
X-Origin-Upstream-Status
X-Cache-Operation
DC
X-Origin
X-Framework
X-RateLimit-Remaining
X-Cache-Config
X-URL
X-HS-Cache-Config
X-B-Cache
Edge-Cache-Tag
X-Cache-2
X-Page-Id
X-Signature
Powered-By-ChinaCache
X-FB-Debug
S-Cnection
X-Origin-Server
Fastly-Restarts
X-Cache-Action
X-TT-TIMESTAMP
X-Sucuri-ID
X-Debug-Info
X-ATG-Version
X-Ocache
Viewport
X-PC-Date
X-PC-Host
Actual-Object-TTL
X-Webkit-Csp
X-B3-Sampled
X-WA-Info
X-ADI-VCache
X-Hyper-Cache
X-Shield-Cache-Expires
X-Cached-By
NGB
X-Content-Powered-By
X-Microcachable
X-Accel-Expires
X-Akam-SW-Version
X-LB-Cache
X-Drupal-Cache-Tags
Upgrade-Insecure-Requests
X-Cache-NE
Filters
AsisCache
SRV
X-Generated-By
ServedBy
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-App-Server
X-Cacheable-TTL
X-FW-Hash
Cache
X-Locale
X-S
X-FW-Serve
X-RTag
X-Tumblr-Pixel-2
X-RequestSource
X-Tumblr-Pixel-1
X-FW-Type
X-FW-Server
X-FW-Static
X-WebKit-CSP-Report-Only
X-Internal-Host
X-Distil-CS
X-Wix-Request-Id
X-Seen-By
Content-Script-Type
X-GeoIP
Content-Style-Type
X-TX-ID
X-Amz-Server-Side-Encryption
X-Cluster
X-Jobs
X-Accel-Buffering
X-Varnish-Hits
X-NewRelic-App-Data
X-Geo
From-Origin
X-Node-Name
X-Cache-Age
X-ServedBy
X-UA
X-Adobe-Loc
X-Adobe-Content
X-Varnish-IP
X-Varnish-Cache-Hits
X-Sucuri-Cache
X-Varnish-Grace
X-Akamai-Edgescape
X-Dns-Prefetch-Control
X-RateLimit-Limit
X-Platform-Server
X-GZip
Datacenter
X-HS-Combine-CSS
X-CDN-Forward
X-Vg-Webcache
X-Cache-TTL-Remaining
X-Edge-Cache
X-Edge-Cache-Key
X-GUploader-UploadID
X-Storage
X-Cache-Remote
Cache-Tag
X-Akamai-Transformed
X-Mode
X-Region
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
HostName
X-Drupal-Cache-Contexts
X-Amz-Replication-Status
X-Daa-Tunnel
X-Distributor
X-Real-IP
X-Source
X-Guploader-Uploadid
X-Kinja-Server-Push
X-MP-GENERATED-AT
X-RN-RSRV
X-RemovedCookies
X-Is-Bot
X-Rendered-As
Meta-Geo
X-ProcessESI
X-Cache-Var-Map
X-Detected-As
Machine
X-Cache-Var
X-Path-Route
Load-Balancing
Fastly-SSL
X-Agile
ServerName
X-Amzn-RequestId
X-NCache
X-Agile-Id
X-Amz-Apigw-Id
X-Agile-Age
X-Proxy
X-Time-Microsecs
X-PERF
X-NodeID
X-TWH-CORRELATION-ID
X-Upgrade-Enabled
X-Webstats-RespID
X-Web-Node
X-Viewer-Country
X-Grey
Mn-Server-Ip
Cache-Key
X-Cache-Category-Id
X-Akamai-Request-ID
X-ApacheServer
X-OCL
X-PCL
X-CDN-Cache
X-BB-IP
GEO-INFO
Country
X-Instance-Name
X-Human
S-Rt
X-Amz-Meta-Surrogate-Control
X-Optimization
X-Cache-HT
X-Original-Request
L5d-Success-Class
X-EIG-Tracking-Id
X-Edge-Location
Azure-Version
Backend
X-Cluster-Node
Cache-Name
Azure-SlotName
Azure-SiteName
X-Debug-Cache
Azure-InstanceId
Azure-RegionName
X-OVcl-Cache
X-OVcl
X-FC-Vary-Parameters
X-Via-Fastly
X-BYPASS-REASON
Ohc-File-Size
X-ProxyCache-Key
X-ProxyCache-Status
X-Pubstack
X-Proto
X-ServerID
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
X-Birta-Served
TWC-GeoIP-LatLong
TWC-Privacy
X-App-Name
Webcakes-App-Version
Webcakes-Region
Webcakes-App-Name
X-AWS-Id
X-Access
X-Birta-Cache-Post
User-Cache-Control
TWC-Locale-Group
X-Format
X-VWS-Id
X-CLOUD-TRACE-CONTEXT
X-SplitTest
X-Site-Version
X-Www-Served-By
X-Xfnlog-Site
X-Varnish-Cacheable
Now
X-Zipkin-Id
X-Section
X-Routing-Service
X-IP
X-Hosted-By
X-CCM-LastModified
X-Labrador-Cache-Channel
X-LJ-Flow-ID
X-Port
X-Origin-Hint
X-Meta-Tbi-Cache-Vertical
X-CCM
X-Generation-Time
DB-Nickname
LB
Healthy
Property-Id
X-Loop
X-TNCMS
Cache-Hits
Fastcgi-Useragent
X-Backend-Name
X-JoinUs
X-Request-Time
User-Agent
Access-Control-Allow-Method
X-Generated
X-Proxy-Build
RATING
X-Timing-Wait
X-Time
X-Surge-Debug
Selected-FE
Countrycode
X-Tumblr-Pixel-3
X-Esi
X-Tb
Payment
X-Dc
X-Cache-Bucket
X-Real-Ip
Ec-Rule-Version
X-Ezoic-Cdn
X-Origin-CC
X-Hit
X-TA-CDN-Provider
X-Render-Type
X-Nc
X-Cache-Enabled
X-Unique-ID
X-Oneagent-Js-Injection
X-DataStream-Cache-Status
WP-Super-Cache
X-Nginx-Cache
X-Feature
X-B3-Spanid
X-Newrelic-Synthetics
Origin-Cache-Control
Origin-Edge-Control
X-L-Path
X-Environment-Context
X-UA-Device-Type
RequestId
X-Varnish-Beresp-Status
NODE
Xserver
X-Varnish-Beresp-Grace
X-B3-TraceId
X-NU-AKA-ACS-Version
X-Skip-Cache
X-Correlation-ID
X-NGENIX-Cache
X-Be
X-Content-Type
X-CACHE-AGE
X-WR-MODIFICATION
X-Servedby
Access-Control-Request-Headers
X-Status
X-Cache-Backend
X-Vgn-Hpd-Reason
X-EdgeConnect-Cache-Status
X-Fastcgi-Cache
X-ElasticPress-Search
X-Upstream-HT
X-Upstream-CT
Webserver
Warning
Ws
Time
Fly-Cache
Fly-Request-Id
GMS-Ver
Host-ID
Fastcgi-X-Cache-Version
Fastly-Soc-X-Request-Id
X-DPWN-IS-SECURE
X-Region-Sid
X-Via-Edge
X-Public
X-Server-Time
X-Developer
X-Died
X-Planisys-CDN-Cache
X-VG-WebServer
Apple-News-Services-Request-Url
X-Via-CDN
AKAMAI
X-S-Cookie
X-Rojux
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Rewrite-Enabled
X-No-Session
X-Planisys-CDN-Rules
X-PAYTM-SRV-ID
Apicache-Store
Apicache-Version
Fastcgi-X-Cache
X-Server-By
Cache-Prefix
BehaviorPad-Version
Ajk
Apple-News-Services-Handled
X-Planisys-CDN-TTL
X-Generated-In
Viewtype
X-BBXSRF
X-BB-ID
X-Haproxy-Hostname
X-Twitter-Response-Tags
X-G
Resin-Trace
X-Haproxy-Ip
X-From
X-SRCache-Key
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Application
X-Wix-Route-ID
T-Server
X-Transaction
X-Amz-Meta-Cache-Control
Xc-Version
X-Trv-Group
X-B-Cookie
Sta2Tusw
X-ARC
VivaBuild
X-Logtrace-Id
X-ND-Cache
X-A
X-User
MD5-Digest
X-D
X-A-Ccd
X-Date
X-A-Dgt
X-A-Dcw
X-A-Dam
X-Fastly-Cache
X-A-Wwc
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Cache-Id
X-Cache-Host
Meta-Geo-Continent
X-Accel-Expires-Debug
X-Connection-Hash
Memcached
Www
X-Destination
X-We-Are-Hiring
IBM-Web2-Location
X-Cache-Ttl
X-GoCache-CacheStatus
X-Webkit-CSP
X-Frame-Option
Fastly-SWR
UCS
X-Cache-Expires
Fastly-SIE
X-Cache-Time
Uber-Trace-Id
X-FireWall-Port
X-Cdn-Origin
X-Forwarded-Host
V-Age
X-Cache-CFC
X-Wikidot-Static-Cache
X-Var-Ttl
X-Wikidot-Backend
X-Up
X-Fstrz
X-Sn-Servicetimems
X-IN-SSL-APIGATEWAY
Release
X-NX-Host
IsBot
X-SIPLIST1
X-IN-APIGATEWAY
X-ScT
X-Request-URI
Rendered-Blocks
X-Debug-Log
X-Trace-Id
Server-Int
Request-Time
Origin
X-F5-Cache
X-Debug-Cookies
X-Rebelmouse-Cache-Control
X-CS
X-Phone
X-Rebelmouse-Surrogate-Control
X-IN-WAF
NGX
X-Core-Value
Odigeo-Trace-Id
X-C
X-GeoIP-City
X-UnsetCookies
Who
X-Hnp-Log
X-GeoIP-Country-Code
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-V
Thinkindot-Control
X-Thinkindot-L3
X-Stale
Web-Mar-Node
X-UE-Client-Country
X-TT-LOGID
Server-Host
X-Backend-Url
X-Rocket-Nginx-Bypass
X-Developers
Cneonction
X-Croise-Owner
X-Ckpd-Fst-Backend
X-Content-Age
X-Device-Os
X-Dispatcher-Server
X-Epic-Correlation-Id
X-Eu-Site
X-Env
X-Edge-IP
X-Via-NSCOPI
X-CGP
X-Cdn-Srv
X-Worker
X-Auto-Login
X-Amz-Meta-S3cmd-Attrs
X-Actual-URL
X-Gen-Mode
X-WebServer
X-Backend-Host
X-Backend-State
X-Cache-Debug
X-Hl-Ver
X-Bug-Bounty
X-Block-Status
X-Backend-TTL
X-VServer
Proxy-Connection
Backend-Name
HA-Cloudapp
GW-Server
X-Reboot
Cache-Cookie-Set-From
X-Served-From
HA-Geocity
HA-Geocountry
HA-Host
Decoy-Debug-Key
Ha-Gx-Prefs
HA-Georegion
HA-Geolat
HA-Geolon
Cache-Cookie-Set-Idcheck
X-Passed-To
Esi-Enabled
X-Server-IP
Content-Disposition
X-Server-Group
Decoy-Debug-Status
Decoy-Debug-TTL
X-Servername
Fastly-Backend-Name
X-Passed-To-DLL
X-Passed-To-BeforeDispatch
X-Passed-To-PostProcessResponse
Cache-Cookie-Set-Lfrom
X-ServiceProvider
CDCHOST
HA-Servedtime
HA-Ipaddr
On-Server
X-Location
Ohc-Response-Time
MI-Cache-Age
X-Returned-From
MI-Cache
Platform
Adler-Geo
Pramga
X-RCS-CacheZone
Pragrma
OT-Force-Account-Verify
Powered-By
X-MI-In-Market
X-Matched-Rule
Heartbleed
Is-Eu
X-Node-Id
HTTPS
Httpd-Identifier
HA-Urlpath
X-Returned-From-PostProcessResponse
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
Mime-Version
X-HS-Hub-Id
X-Release
X-Response-By
X-S-Maxage
X-Platform
X-Thanos
X-Info
X-Varnish-HitMiss
X-Shopify-Stage
X-Sorting-Hat-PodId
X-MSEdge-Features
X-MSEdge-Flight
X-Sorting-Hat-FeatureSet
X-Sorting-Hat-PodId-Cached
X-Sorting-Hat-PrivacyLevel
X-Sorting-Hat-Section
X-Hash
X-Sorting-Hat-ShopId
X-Sorting-Hat-ShopId-Cached
X-Varnish-Id
X-Ver
X-ShopId
X-Crawler
X-HCF
X-ShardId
X-Clientip
X-Cache-Control-Set-By
X-Bip
X-Origin-Date
X-Origin-Expires
X-Fetched-On
Request-Country
NtCoent-Length
REQUESTUUID
Server-ID
X-Varnish-Beresp-Ttl
PFcat
Kp-EeAlive
X-Core-Mission
MI-API
X-Alternate-Cache-Key
Request-EU
X-Cache-Srv
X-StackifyID
NnCoection
X-Cache-URL
Drupal-Pagecache-Memcache
X-Svr
X-Secret
X-Page-Type
Country-Code
X-Gannett-Site-Version
X-Refresh
X-TIME
Cache-Provider
X-Amz-Meta-S3b-Last-Modified
X-P-T
X-Req
X-COUNTRY
Dnion-Transfer-Encoding
Processtime
Version
X-Pjax-Url
X-Pf-Uncompressing
X-Origin-TTL
X-Amz-Meta-Sha256
X-Cache-ASPX
Ar-Sid
Accept-Ch
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Server-Time
X-RateLimit-Limit-Second
X-Csrf-Token
X-RateLimit-Remaining-Second
WebServer
X-From-Cache
X-Varnish-Url
X-EC-Security-Audit
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-App-Version
Pagetype
Memory
X-Yottaa-Sig
Cteonnt-Length
GeoIp-Country-Code
Geoip-Latitude
X-CSRF-Token
SN
Geoip-City
X-LiteSpeed-Cache-Control
FSS-Proxy
FSS-Cache
Arc-Country
X-Ruxit-Js-Agent
Brightspot-Id
PageType
X-Irp-Debug
X-Wix-Petri-Ex
X-NC
X-Cache-Handler
X-Ua
Cdn
X-Rule
X-LB-Node
X-LB-CacheStatus
Dont-Set-Cookie
PICS-Label
X-Load-Cache
X-Redis-Cache
CF-IPCountry
If-Modified-Since
X-DC
X-Varnish-Beresp-TTL
X-ROOTCache
Sid
X-Request-Start
X-Ratelimit-Remaining
COMMERCE-SERVER-SOFTWARE
Edgecast
X-Request-UUID
X-Endurance-Cache-Level
X-SERVER-NAME
X-GRACE
MIME-Version
X-Fastly-Backend-Reqs
BORDER-IP
PROCESSING-IP
X-Cdn-Forward
X-Tid
X-Varnish-Action
X-GDPR
X-ServedByHost
X-Sf
X-Ratelimit-Limit
X-Layer
X-Requestid
RNT-Time
RNT-Machine
X-TId
X-RequestId
X-Dynatrace
X-Servedbyhost
X-Atg-Version
X-B3-SpanId
X-Resolver-IP
X-Rocket-Nginx-Serving-Static
XServer
Frame-Options
X-Nananana
X-Fastly-Cache-Hits
Powered
X-BE
Cache-Tags
X-Cache-TTL
NodeID
Cf-Ipcountry
Pics-Label
Amp-Access-Control-Allow-Source-Origin
CDN
CACHE
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Owner
X-Key
X-Tec-Api-Origin
X-Tec-Api-Version
Dynatrace
X-Tec-Api-Root
Node
X-HTML-Minification-Powered-By
Mail-Subject
We-Hiring
X-Server-W
PageSpeed
X-Shard
X-Dynatrace-Js-Agent
GeoIP-Latitude
X-Gdpr
GeoIP-Country-Code
GeoIP-City
X-VG-WebCache
X-Varnish-Ttl
Web-Mar-Region
X-Use-Magma
X-UPSTREAM-Address
X-Flog
X-ABtesting
Lfy
X-Sentry-ID
X-GZIP
ProcessTime
DataCenter
X-Powered-By-ANYU
Accept-CH
WZWS-RAY
X-Varnish-URL
Hostname
X-Ms-Lease-Status
X-Ms-Version
X-Ms-Request-Id
X-Ms-Blob-Type
URI
X-CDN-Pop-IP
X-PF-Uncompressing
X-Aicache-OS
Get-Access-Time
Is-Session-Tracking
X-GEO
X-CDN-Pop
FastCGI-Cache
Max-Age
X-NWS-UUID-VERIFY
X-Alicdn-Da-Ups-Status
X-NGINX-Cache
X-Dw-Trace-Id
Xet-Cookie
X-Trv-Request-Id
X-PAGE-TYPE
X-PJAX-URL
X-Edge-Server
X-Mem
X-VG-TLSProxy
Cdn-Host
X-Check-Cacheable
X-Oa-Upstreams
Cdn-Request-Time
X-Cookie
True-Client-Country-4JS
X-Unique-Id
RequestUuid
Requestid
X-Varnish-ID
X-Ms-Lease-State
X-Swa-Ws
X-Powered-By-Defense
X-Policy
X-Remote-IP
X-Front
X-Cache-FS-Status
X-DW
X-DSS
Rt-Proxy-Cache
X-DI
X-VID
X-RSL
X-RPS
GEO-REGION-INFO
X-RPM
X-Proxy-Server
X-Akamai-ERRuleID
X-Hello
X-Akamai-ERPolicy
X-Acquia-Application-UUID
Magicmarker
X-Acquia-Application-Trace
CF-Cached-On
X-Litespeed-Tag
X-Fe
X-Litespeed-Cache-Control
WS
X-RAMCache
SID
X-DB