Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Xss-Protection
X-Served-By
X-Varnish
X-Amz-Cf-Id
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
CF-Ray
Alt-Svc
Status
X-AspNetMvc-Version
X-Cache-Status
X-DNS-Prefetch-Control
X-Check
X-Iinfo
X-Adblock-Key
X-FRAME-OPTIONS
X-CDN
Timing-Allow-Origin
X-Content-Security-Policy
X-Turbo-Charged-By
X-Permitted-Cross-Domain-Policies
Content-Encoding
P3p
X-Template
X-Language
Keep-Alive
X-Type
X-AH-Environment
X-Via
X-Cache-Group
X-Backend
WPE-Backend
X-Request-ID
X-Pass-Why
X-Buckets
X-Age
X-Server
X-Nginx-Cache-Status
Access-Control-Max-Age
X-Server-Powered-By
X-Pingback
Xkey
X-Varnish-Cache
Grace
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Expose-Headers
X-Hacker
X-UA-Device
X-Amz-Request-Id
X-Page-Speed
Cf-Railgun
X-Amz-Id-2
X-Proxy-Cache
X-Robots-Tag
EagleId
X-Envoy-Upstream-Service-Time
X-LiteSpeed-Cache
Request-Context
X-Node
X-Swift-SaveTime
X-Swift-CacheTime
X-Ac
X-Device
Ali-Swift-Global-Savetime
X-Cnection
X-Host
Content-Location
X-Amz-Version-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Server-Id
Surrogate-Control
X-Backend-Server
X-Cache-Lookup
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Rack-Cache
X-Response-Time
X-Px
X-Instart-Request-ID
Request-Id
X-Readtime
X-CST
Server-Timing
X-Rq
X-Clacks-Overhead
Permitted-Cross-Domain-Policies
X-Do-Not-Hack
X-HeyJason
Pinterest-Generated-By
EagleEye-TraceId
X-Ua-Compatible
X-Url
Edge-Control
X-Cloud-Trace-Context
X-Application-Context
X-MS-InvokeApp
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country
Report-To
X-DynaTrace-JS-Agent
X-Server-Name
Charset
SPRequestGuid
X-Country-Code
Allow
X-SharePointHealthScore
X-DataDome
X-ESI
X-Ruxit-JS-Agent
Rating
X-Varnish-TTL
X-PC
X-Vname
X-TtlSet
X-Cached
X-Powered-CMS
X-TTL
X-Powered-By-Plesk
X-Recruiting
X-CF-Powered-By
X-FTR-Request-ID
NEL
X-D2id
X-Vhost
X-ORACLE-DMS-ECID
X-DynaTrace
X-ORACLE-DMS-RID
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Env
Public-Key-Pins
X-F-Cache
X-Cdn-Fetch
X-Geo-Segment
X-Exp-Variant
X-Kinja-Server
X-Exp-Id
X-Kinja-Revision
X-Kinja
X-Kinja-Build
X-Version
X-T
X-N
X-VARITI-CCR
SPRequestDuration
SPIisLatency
X-Dw-Request-Base-Id
Cartoon
X-GoogleNews-Bot
X-Mod-Pagespeed
MS-Author-Via
X-Abt-Application-Version
Content-MD5
RTSS
Nginx-Cache
Feature-Policy
Verso
X-GitHub-Request-Id
X-Dispatcher
AR-ATIME
AR-CACHE
AR-PoweredBy
MicrosoftSharePointTeamServices
X-Navigation-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Goog-Hash
X-Client-IP
X-Amz-Rid
Realpath
X-Shield-Request-Id
X-Hits
X-Forwarded-Proto
X-Origin-Cache
X-Trace
X-Cdn
X-Ttl
Paypal-Debug-Id
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Content-Options
X-Content-Digest
X-Zen-Fury
X-Id
X-Server-ID
X-Kinsta-Cache
TCN
Arr-Disable-Session-Affinity
X-B
AR-SID
X-Grace
DynaTrace
Alternate-Protocol
X-Varnish-Age
Fastcgi-Cache
X-Sol
X-Cache-Key
X-Upstream
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Mrf-Cache-Status
MRF-Tech
Access-Control-Request-Method
X-Ser
X-Pad
X-Fastly-Request-ID
PB-PID
PB-RID
X-Middleton-Display
Display
X-Mobile-Rewrite
X-NF-Request-ID
X-Nf-Srv-Version
X-FastCGI-Cache
X-Via-JSL
X-Acc-Meta-Resource-Type
X-DIS-Request-ID
X-Vcap-Request-Id
X-User-Agent
X-Middleton-Response
Response
Front-End-Https
X-Forwarded-For
X-MSEdge-Ref
Rt-Fastcgi-Cache
Pagespeed
X-IPLB-Instance
X-Cache-Rule
X-Frontend
X-PressLabs-Stats
X-SS-Set-Cookie
Eomportal-Instance
X-Logged-In
X-Cache-Hit
Arc-Version
X-Whom
Server-Name
X-Goog-Stored-Content-Length
X-VCache
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Hostname
X-Webkit-Csp
Host
X-XRDS-Location
Tracecode
Surrogate-Key
S
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Expires
X-FTR-Realm
Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Backend
X-Request-Processing-Time
X-Request-Received
Backend-Timing
X-Debug
X-Analytics
X-HS-Content-Id
Refresh
X-AOL-HN
X-Instance
TP-L2-Cache
TP-Cache
X-Proxied
X-Magnolia-Registration
X-Contextid
X-Activity-Id
X-AppVersion
X-Az
Public-Key-Pins-Report-Only
X-Rid
X-Wix-Server-Artifact-Id
X-Srv
X-XRDS-LOCATION
ServerID
FilterID
X-UUID
HitType
HitInfo
Server-Info
X-HW
X-Newrelic-App-Data
X-WPE-Loopback-Upstream-Addr
Cleartype
X-B3-Traceid
X-URL
Liferay-Portal
Service-Worker-Allowed
X-Varnish-Server
X-Mobile
X-NWS-LOG-UUID
X-Content-Security-Policy-Report-Only
AMP-Access-Control-Allow-Source-Origin
X-FTR-Cache-Host
X-APP-VERSION
X-Varnish-Backend
X-Cache-Control
Served-By
X-Revision
X-Cache-Server
Source
X-Amzn-Trace-Id
X-Correlation-Id
X-BCube-Filmed-By
X-Geo-Country
Server-Node
X-PHP-Backend
X-Request-Guid
X-RateLimit-Remaining
X-Hail-Hydra
Host-Header
Edge-Cache-Tag
MS-CV
X-Device-Type
X-Varnish-Hostname
X-TT
X-PC-Key
X-PC-Hit
X-Handled-By
X-PC-AppVer
X-App-Environment
Retry-After
X-HS-Cache-Config
X-Origin
DC
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel
X-Cache-Operation
X-B-Cache
X-Signature
Powered-By-ChinaCache
S-Cnection
X-Framework
X-Cache-2
X-Origin-Upstream-Status
X-FB-Debug
X-Cache-Config
Fastly-Restarts
X-Litespeed-Cache
Accept-Charset
X-Origin-Server
X-Page-Id
X-Cache-Action
X-TT-TIMESTAMP
X-Sucuri-ID
X-Ocache
X-Debug-Info
Viewport
X-PC-Date
Actual-Object-TTL
X-PC-Host
X-ADI-VCache
X-Shield-Cache-Expires
X-Hyper-Cache
X-ATG-Version
X-B3-Sampled
X-Cached-By
X-WA-Info
NGB
X-Content-Powered-By
X-Accel-Expires
X-Microcachable
X-Drupal-Cache-Tags
X-LB-Cache
Upgrade-Insecure-Requests
X-Akam-SW-Version
SRV
X-Cache-NE
AsisCache
Filters
X-Generated-By
Cache
X-NewRelic-App-Data
X-Yottaa-Metrics
ServedBy
X-Yottaa-Optimizations
X-App-Server
X-FW-Hash
X-RTag
X-FW-Type
X-FW-Static
X-FW-Serve
X-RequestSource
X-FW-Server
Content-Script-Type
X-Locale
X-GeoIP
Content-Style-Type
X-Internal-Host
X-S
X-Wix-Request-Id
X-Distil-CS
X-WebKit-CSP-Report-Only
X-Tumblr-Pixel-1
X-Seen-By
X-Cacheable-TTL
X-Tumblr-Pixel-2
X-Accel-Buffering
X-Jobs
X-Amz-Server-Side-Encryption
X-TX-ID
X-Cluster
X-Varnish-Hits
X-Geo
X-ServedBy
From-Origin
X-Node-Name
X-Akamai-Edgescape
X-Sucuri-Cache
X-Adobe-Loc
X-RateLimit-Limit
X-Adobe-Content
X-Varnish-IP
X-Varnish-Grace
X-HS-Combine-CSS
X-Varnish-Cache-Hits
X-GZip
X-Cache-Age
X-Platform-Server
X-UA
X-Vg-Webcache
X-Cache-TTL-Remaining
X-Dns-Prefetch-Control
Datacenter
X-Edge-Cache
X-Daa-Tunnel
X-GUploader-UploadID
X-Edge-Cache-Key
X-CDN-Forward
X-Cache-Remote
X-Storage
Cache-Tag
X-Akamai-Transformed
X-Region
X-Mode
HostName
X-Drupal-Cache-Contexts
X-Amz-Replication-Status
X-Real-IP
X-Esi
X-Source
X-Distributor
X-Path-Route
X-Rendered-As
Meta-Geo
X-RemovedCookies
X-MP-GENERATED-AT
Machine
X-Cache-Var-Map
X-ProcessESI
X-RN-RSRV
X-Cache-Var
X-Detected-As
X-Is-Bot
Load-Balancing
X-Amz-Apigw-Id
X-NCache
ServerName
X-Amzn-RequestId
Fastly-SSL
Country
X-Guploader-Uploadid
X-Kinja-Server-Push
X-Webstats-RespID
X-CDN-Cache
X-TWH-CORRELATION-ID
X-Upgrade-Enabled
Mn-Server-Ip
X-Viewer-Country
X-PERF
GEO-INFO
Cache-Key
X-BB-IP
X-Grey
X-OCL
X-NodeID
X-PCL
X-Time-Microsecs
X-Akamai-Request-ID
X-Agile-Id
X-Agile-Age
X-Agile
X-ApacheServer
X-Cache-Category-Id
Azure-SlotName
Azure-SiteName
Azure-RegionName
X-Proto
X-Port
Azure-Version
X-EIG-Tracking-Id
X-OVcl-Cache
X-OVcl
X-Amz-Meta-Surrogate-Control
Azure-InstanceId
L5d-Success-Class
X-Optimization
Ohc-File-Size
X-Original-Request
X-TA-CDN-Provider
Cache-Name
X-Pubstack
X-Via-Fastly
X-Cache-HT
Backend
X-Web-Node
X-Debug-Cache
DB-Nickname
X-App-Name
Healthy
TWC-Connection-Speed
User-Cache-Control
X-AWS-Id
TWC-Locale-Group
TWC-Privacy
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Device-Class
LB
X-Birta-Cache-Post
Webcakes-Region
Webcakes-App-Version
X-CCM
Property-Id
X-Access
Webcakes-App-Name
X-Format
X-Edge-Location
X-Generation-Time
X-Birta-Served
S-Rt
X-Cluster-Node
X-CCM-LastModified
X-Labrador-Cache-Channel
X-VWS-Id
X-ServerID
X-Origin-Hint
X-Www-Served-By
X-BYPASS-REASON
X-Routing-Service
X-SplitTest
X-ProxyCache-Status
X-Section
X-Meta-Tbi-Cache-Vertical
X-ProxyCache-Key
X-Hosted-By
X-FC-Vary-Parameters
X-Instance-Name
X-Proxy
X-Zipkin-Id
X-LJ-Flow-ID
X-Xfnlog-Site
X-Human
Now
X-TNCMS
Cache-Hits
X-Request-Time
User-Agent
Fastcgi-Useragent
X-Varnish-Cacheable
X-Loop
X-Site-Version
Access-Control-Allow-Method
X-JoinUs
X-CLOUD-TRACE-CONTEXT
X-Surge-Debug
X-IP
X-Tumblr-Pixel-3
X-Cache-Bucket
X-Generated
X-Backend-Name
Payment
X-Tb
X-Timing-Wait
RATING
X-Ezoic-Cdn
Countrycode
Selected-FE
X-Proxy-Build
X-Time
Ec-Rule-Version
X-Hit
X-Origin-CC
X-Render-Type
X-Dc
X-Real-Ip
X-Cache-Enabled
X-Feature
X-DataStream-Cache-Status
WP-Super-Cache
X-Unique-ID
X-Newrelic-Synthetics
Origin-Edge-Control
X-Nc
X-Nginx-Cache
Origin-Cache-Control
X-B3-TraceId
X-Oneagent-Js-Injection
X-B3-Spanid
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Environment-Context
X-L-Path
X-UA-Device-Type
RequestId
X-Correlation-ID
X-Varnish-Beresp-Grace
X-NU-AKA-ACS-Version
X-Varnish-Beresp-Status
X-Skip-Cache
Xserver
X-CACHE-AGE
NODE
X-NGENIX-Cache
X-WR-MODIFICATION
Access-Control-Request-Headers
Webserver
X-Content-Type
X-Status
X-ElasticPress-Search
X-Vgn-Hpd-Reason
X-COUNTRY
X-Be
X-Upstream-HT
Time
X-EdgeConnect-Cache-Status
X-Upstream-CT
X-Cache-Backend
X-Servedby
Warning
Ws
X-A-Dgt
Xc-Version
Meta-Geo-Continent
X-Logtrace-Id
X-A-Dcw
X-Wix-Route-ID
X-ND-Cache
Memcached
X-A-Wwc
X-No-Session
X-A-Dam
X-A-Ccd
X-Haproxy-Ip
MD5-Digest
X-Haproxy-Hostname
Ajk
X-ARC
X-Connection-Hash
X-B-Cookie
X-D
X-Date
X-Destination
Cache-Prefix
X-Cache-Host
Fastcgi-X-Cache
Fly-Request-Id
X-CF-Lambda-Fn
Fly-Cache
Fastly-Soc-X-Request-Id
Fastcgi-X-Cache-Version
X-CF-Lambda-Version
X-Developer
X-Application
X-Amz-Meta-Cache-Control
X-DPWN-IS-SECURE
Host-ID
X-Fastly-Cache
X-From
X-Accel-Expires-Debug
X-G
X-A
AKAMAI
X-Died
BehaviorPad-Version
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
Apple-News-Services-Host
X-Generated-In
X-We-Are-Hiring
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-SRCache-Key
Resin-Trace
X-Transaction
X-User
X-Twitter-Response-Tags
X-Trv-Group
X-Server-Time
T-Server
Sta2Tusw
X-Region-Sid
X-BBXSRF
X-Rewrite-Enabled
X-Rojux
X-Server-By
X-S-Cookie
Viewtype
GMS-Ver
X-BB-ID
VivaBuild
X-Via-Edge
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-PAYTM-SRV-ID
X-Planisys-CDN-TTL
Www
X-Cache-Id
X-VG-WebServer
X-Via-CDN
X-Public
X-Croise-Owner
X-GoCache-CacheStatus
IBM-Web2-Location
X-Fastcgi-Cache
Odigeo-Trace-Id
X-Phone
X-CS
X-ScT
X-Debug-Cookies
Release
X-Debug-Log
X-Rebelmouse-Surrogate-Control
X-Wikidot-Static-Cache
Request-Time
X-Request-URI
X-Cdn-Origin
X-Cache-Time
Fastly-SWR
Fastly-SIE
NGX
X-Rebelmouse-Cache-Control
X-NX-Host
Rendered-Blocks
Server-Int
X-Core-Value
X-Varnish-Beresp-Ttl
Apicache-Store
Apicache-Version
X-Fstrz
X-Frame-Option
X-Trace-Id
UCS
X-Up
IsBot
Origin
V-Age
X-Cache-Expires
X-Forwarded-Host
X-Var-Ttl
X-Sn-Servicetimems
X-SIPLIST1
X-FireWall-Port
X-Cache-CFC
X-Wikidot-Backend
X-F5-Cache
Cneonction
X-C
X-Webkit-CSP
X-Cache-Ttl
X-Backend-Url
X-Backend-State
X-Backend-TTL
Who
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Server-Host
Thinkindot-Control
Uber-Trace-Id
X-Amz-Meta-S3cmd-Attrs
X-Actual-URL
X-Backend-Host
X-Location
X-V
X-UnsetCookies
X-UE-Client-Country
X-TT-LOGID
X-VServer
X-Passed-To-PostProcessResponse
X-Passed-To
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-Thinkindot-L3
X-Stale
X-Returned-From-DLL
X-Reboot
X-Returned-From-BeforeDispatch
X-Returned-From
X-Returned-From-PostProcessResponse
X-Served-From
X-ServiceProvider
X-Servername
X-Server-IP
X-WebServer
X-Worker
X-Developers
X-Device-Os
X-Dispatcher-Server
X-Epic-Correlation-Id
X-Content-Age
X-Ckpd-Fst-Backend
X-Bug-Bounty
X-Cache-Debug
X-CGP
X-Eu-Site
X-Gen-Mode
X-Matched-Rule
X-MI-In-Market
X-IN-APIGATEWAY
X-IN-SSL-APIGATEWAY
X-IN-WAF
X-GeoIP-City
X-GeoIP-Country-Code
X-Hnp-Log
X-Block-Status
MI-Cache
HA-Geolat
HA-Geolon
HA-Geocountry
HA-Geocity
HA-Cloudapp
HA-Georegion
Ha-Gx-Prefs
HA-Urlpath
Heartbleed
HA-Servedtime
HA-Ipaddr
HA-Host
GW-Server
Fastly-Backend-Name
Backend-Name
Cache-Cookie-Set-From
Adler-Geo
OT-Force-Account-Verify
X-StackifyID
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Decoy-Debug-Status
Esi-Enabled
Decoy-Debug-Key
Content-Disposition
CDCHOST
HTTPS
Decoy-Debug-TTL
Ohc-Response-Time
Pramga
Proxy-Connection
MI-Cache-Age
Is-Eu
Pragrma
Platform
Powered-By
On-Server
X-TIME
X-Sorting-Hat-ShopId-Cached
X-Edge-IP
X-Alternate-Cache-Key
X-Env
Request-Country
X-Rocket-Nginx-Bypass
X-Response-By
X-Shopify-Stage
X-ShopId
X-Ver
X-Varnish-Id
Server-ID
X-MSEdge-Features
X-Page-Type
X-MSEdge-Flight
X-Node-Id
X-Hash
X-Core-Mission
X-Fetched-On
X-Hl-Ver
X-Release
X-RCS-CacheZone
X-Auto-Login
Request-EU
X-ShardId
PFcat
X-Sorting-Hat-PodId
Web-Mar-Node
X-Sorting-Hat-Section
REQUESTUUID
X-Via-NSCOPI
X-Server-Group
MI-API
X-S-Maxage
Httpd-Identifier
Kp-EeAlive
X-Sorting-Hat-PrivacyLevel
X-Sorting-Hat-PodId-Cached
X-Sorting-Hat-ShopId
X-Sorting-Hat-FeatureSet
NnCoection
X-Cache-Srv
X-Cdn-Srv
Mime-Version
X-HS-Hub-Id
X-Platform
X-Thanos
X-Gannett-Site-Version
X-Origin-Expires
NtCoent-Length
X-Amz-Meta-S3b-Last-Modified
X-Secret
Drupal-Pagecache-Memcache
X-Bip
X-Origin-Date
X-Crawler
X-HCF
X-Cache-Control-Set-By
X-Clientip
X-Cache-URL
X-Info
X-Varnish-HitMiss
Country-Code
X-Req
Cache-Provider
X-Svr
Processtime
X-P-T
X-Refresh
Dnion-Transfer-Encoding
X-App-Version
Version
X-Origin-TTL
X-Pf-Uncompressing
X-Pjax-Url
X-Amz-Meta-Sha256
X-Oss-Storage-Class
X-Csrf-Token
Pagetype
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Server-Time
Cteonnt-Length
Accept-Ch
X-Kong-Proxy-Latency
X-From-Cache
Ar-Sid
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Yottaa-Sig
X-Kong-Upstream-Latency
X-Cache-ASPX
Memory
X-Varnish-Url
FSS-Proxy
FSS-Cache
WebServer
Arc-Country
X-EC-Security-Audit
X-CSRF-Token
X-NC
X-GRACE
X-Ua
Geoip-Latitude
X-Irp-Debug
Geoip-City
X-LiteSpeed-Cache-Control
Brightspot-Id
GeoIp-Country-Code
X-DC
X-Ruxit-Js-Agent
SN
PageType
X-Dynatrace
X-Wix-Petri-Ex
If-Modified-Since
Cdn
X-LB-Node
X-Rule
X-Cache-Handler
X-ROOTCache
Sid
PICS-Label
X-LB-CacheStatus
Dont-Set-Cookie
X-Cdn-Forward
COMMERCE-SERVER-SOFTWARE
X-Load-Cache
X-Endurance-Cache-Level
X-Request-Start
X-Request-UUID
X-Redis-Cache
CF-IPCountry
X-Ratelimit-Remaining
MIME-Version
Edgecast
X-Fastly-Backend-Reqs
X-SERVER-NAME
X-Varnish-Beresp-TTL
X-Requestid
X-TId
PROCESSING-IP
X-Varnish-Action
BORDER-IP
X-Atg-Version
X-GDPR
X-Layer
X-Sf
X-Servedbyhost
X-Ratelimit-Limit
X-ServedByHost
RNT-Time
RNT-Machine
X-Tid
XServer
X-B3-SpanId
Dynatrace
X-Rocket-Nginx-Serving-Static
Frame-Options
X-RequestId
X-Nananana
X-Fastly-Cache-Hits
X-BE
X-Resolver-IP
Powered
Pics-Label
Cf-Ipcountry
X-Cache-TTL
CDN
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
Node
Cache-Tags
X-Key
NodeID
Amp-Access-Control-Allow-Source-Origin
X-Owner
CACHE
X-HTML-Minification-Powered-By
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
We-Hiring
Mail-Subject
Web-Mar-Region
GeoIP-City
GeoIP-Country-Code
X-Server-W
GeoIP-Latitude
DataCenter
PageSpeed
X-Varnish-Ttl
X-Flog
X-Gdpr
X-ABtesting
X-VG-WebCache
X-Shard
X-Dynatrace-Js-Agent
X-Use-Magma
Accept-CH
X-UPSTREAM-Address
WZWS-RAY
X-Sentry-ID
X-Powered-By-ANYU
Lfy
ProcessTime
X-GZIP
X-NWS-UUID-VERIFY
X-PF-Uncompressing
Max-Age
X-CDN-Pop-IP
Get-Access-Time
Is-Session-Tracking
X-Varnish-URL
X-CDN-Pop
Hostname
X-Ms-Lease-Status
X-Ms-Request-Id
X-Ms-Blob-Type
X-Ms-Version
URI
X-Aicache-OS
X-Mem
X-GEO
X-Dw-Trace-Id
X-NGINX-Cache
X-Alicdn-Da-Ups-Status
X-CACHE-KEY
Xet-Cookie
X-Cookie
X-PJAX-URL
X-Trv-Request-Id
X-Check-Cacheable
X-Cache-FS-Status
Cdn-Host
Cdn-Request-Time
X-Oa-Upstreams
X-Front
X-VG-TLSProxy
X-Remote-IP
True-Client-Country-4JS
X-Edge-Server
X-Powered-By-Defense
X-Unique-Id
Magicmarker
X-Swa-Ws
X-Policy
X-Ms-Lease-State
X-Varnish-ID
Requestid
RequestUuid
X-ByteArk-Cache
X-PAGE-TYPE
X-Proxy-Server
X-RPS
X-RPM
X-Zalando-Page-Type
X-DW
X-RSL
CF-Cached-On
Rt-Proxy-Cache
X-Hello
X-Akamai-ERRuleID
X-VID
X-DSS
X-DB
X-Acquia-Application-UUID
X-Fe
SID
X-Acquia-Application-Trace
WS
X-Litespeed-Tag
X-Litespeed-Cache-Control
X-RAMCache
X-Zalando-Child-Request-Id
X-Akamai-ERPolicy
X-Micro-Cache
X-DI