Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
X-Powered-By
X-Content-Type-Options
Strict-Transport-Security
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Varnish
X-Xss-Protection
X-Amz-Cf-Id
Referrer-Policy
X-Request-Id
X-AspNet-Version
X-Timer
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
CF-Ray
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
Alt-Svc
X-AspNetMvc-Version
Status
X-Cache-Status
X-DNS-Prefetch-Control
X-Check
X-FRAME-OPTIONS
X-Iinfo
X-Adblock-Key
Timing-Allow-Origin
X-CDN
X-Content-Security-Policy
X-Turbo-Charged-By
X-Permitted-Cross-Domain-Policies
Content-Encoding
X-Template
X-Language
Keep-Alive
X-Via
X-Type
X-AH-Environment
X-Backend
X-Cache-Group
X-Nginx-Cache-Status
X-Buckets
WPE-Backend
X-Pass-Why
X-Server
X-Age
X-Server-Powered-By
Access-Control-Max-Age
X-Pingback
X-Request-ID
Xkey
X-Varnish-Cache
Grace
Access-Control-Expose-Headers
Upgrade
P3p
X-Drupal-Dynamic-Cache
X-Hacker
X-UA-Device
X-Amz-Request-Id
X-Page-Speed
Cf-Railgun
X-LiteSpeed-Cache
X-Proxy-Cache
EagleId
X-Amz-Id-2
X-Robots-Tag
X-Swift-CacheTime
X-Swift-SaveTime
X-Envoy-Upstream-Service-Time
Ali-Swift-Global-Savetime
Request-Context
X-Node
X-Device
X-Ac
Content-Location
X-Host
X-Cnection
X-Amz-Version-Id
X-Cache-Lookup
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Surrogate-Control
X-Backend-Server
X-Server-Id
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Rack-Cache
X-Instart-Request-ID
X-CST
X-Px
X-Response-Time
Request-Id
X-Readtime
X-Rq
Server-Timing
X-Ua-Compatible
Permitted-Cross-Domain-Policies
X-HeyJason
X-Do-Not-Hack
X-Clacks-Overhead
X-Cloud-Trace-Context
EagleEye-TraceId
X-Url
Pinterest-Generated-By
Edge-Control
X-Application-Context
X-MS-InvokeApp
X-Country
X-Server-Name
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Allow
X-DynaTrace-JS-Agent
Charset
SPRequestGuid
Report-To
X-SharePointHealthScore
X-Country-Code
X-ESI
X-DataDome
X-Ruxit-JS-Agent
X-Cached
X-Varnish-TTL
X-PC
X-TtlSet
X-Vname
Rating
X-TTL
X-Powered-CMS
X-Powered-By-Plesk
X-Recruiting
Public-Key-Pins
X-Cdn
X-FTR-Request-ID
X-D2id
X-N
SPRequestDuration
X-Version
SPIisLatency
MS-Author-Via
X-Vhost
NEL
X-Kinja
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja-Server
X-Geo-Segment
X-Kinja-Build
X-Exp-Id
X-Exp-Variant
X-Pinterest-Rid
X-Upstream-Env
Pinterest-Version
X-F-Cache
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Dw-Request-Base-Id
X-DynaTrace
X-CF-Powered-By
X-VARITI-CCR
Cartoon
X-T
X-GoogleNews-Bot
X-Mod-Pagespeed
Content-MD5
AR-ATIME
AR-PoweredBy
AR-CACHE
Nginx-Cache
RTSS
MicrosoftSharePointTeamServices
X-GitHub-Request-Id
X-Abt-Application-Version
Feature-Policy
X-Shield-Request-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Verso
X-Trace
AR-SID
X-Amz-Rid
X-Navigation-Version
X-Server-ID
X-Dispatcher
X-Forwarded-Proto
X-Client-IP
X-Hits
Realpath
X-Goog-Hash
X-Origin-Cache
Arr-Disable-Session-Affinity
Paypal-Debug-Id
X-Kinsta-Cache
X-Zen-Fury
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Id
X-Ttl
X-Content-Options
TCN
X-B
X-Content-Digest
X-Grace
X-Ser
X-Varnish-Age
X-Cache-Key
Alternate-Protocol
X-Sol
Fastcgi-Cache
X-Upstream
DynaTrace
X-Via-JSL
Access-Control-Request-Method
X-Mrf-Item-Lastmod
X-Fastly-Request-ID
MRF-Tech
X-Mrf-Section-Lastmod
Mrf-Cache-Status
Display
X-Middleton-Display
X-Pad
X-Vcap-Request-Id
X-Nf-Srv-Version
X-NF-Request-ID
X-DIS-Request-ID
X-IPLB-Instance
X-FastCGI-Cache
Response
X-Middleton-Response
PB-PID
PB-RID
X-User-Agent
X-SS-Set-Cookie
X-XRDS-LOCATION
X-Mobile-Rewrite
Front-End-Https
X-Logged-In
Rt-Fastcgi-Cache
X-Frontend
Pagespeed
Eomportal-Instance
X-Cache-Rule
X-PressLabs-Stats
X-MSEdge-Ref
Server-Name
X-Whom
X-Newrelic-App-Data
Host
X-Forwarded-For
X-Hostname
S
X-NWS-LOG-UUID
X-VCache
X-Acc-Meta-Resource-Type
X-Cache-Hit
Tracecode
Cache-Status
Liferay-Portal
X-Debug
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Metageneration
Arc-Version
X-UUID
X-AOL-HN
X-HS-Content-Id
X-Request-Processing-Time
HitInfo
Server-Info
X-Request-Received
HitType
X-Webkit-Csp
X-FTR-DC
FilterID
X-Analytics
X-FTR-Backend
Surrogate-Key
X-Country-Code-Real
X-FTR-Expires
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Cache-Status
Backend-Timing
X-FTR-Realm
Public-Key-Pins-Report-Only
X-Wix-Server-Artifact-Id
X-Instance
X-Magnolia-Registration
TP-Cache
TP-L2-Cache
Refresh
X-Rid
X-Contextid
ServerID
X-Proxied
X-Activity-Id
X-Az
X-AppVersion
X-Correlation-Id
X-HS-Cache-Config
Edge-Cache-Tag
X-Srv
X-Content-Security-Policy-Report-Only
X-Varnish-Server
Service-Worker-Allowed
X-WPE-Loopback-Upstream-Addr
X-B3-Traceid
AMP-Access-Control-Allow-Source-Origin
X-HW
S-Cnection
X-Mobile
X-Origin
Cleartype
X-Revision
X-XRDS-Location
Served-By
Source
X-Sucuri-ID
X-Varnish-Backend
X-APP-VERSION
X-FTR-Cache-Host
X-Amzn-Trace-Id
Fastly-Restarts
Powered-By-ChinaCache
X-TT
X-RateLimit-Remaining
X-App-Environment
X-Geo-Country
X-B-Cache
X-Signature
X-Device-Type
X-Framework
X-PHP-Backend
X-Tumblr-Pixel
X-Cache-Config
X-Cache-Action
X-Tumblr-Pixel-0
X-Tumblr-User
X-FB-Debug
X-Varnish-Hostname
Retry-After
X-Hyper-Cache
X-Cache-Server
X-Cache-Operation
X-Origin-Upstream-Status
X-Cache-Control
X-PC-Hit
X-Hail-Hydra
Host-Header
Server-Node
X-TT-TIMESTAMP
X-PC-Key
X-PC-AppVer
X-Request-Guid
X-BCube-Filmed-By
X-Handled-By
X-Cache-2
X-Page-Id
Accept-Charset
MS-CV
X-ATG-Version
X-Ocache
DC
Actual-Object-TTL
X-WA-Info
X-Debug-Info
X-ADI-VCache
X-Shield-Cache-Expires
X-Origin-Server
Cache
X-URL
X-Daa-Tunnel
X-Content-Powered-By
X-PC-Host
X-PC-Date
X-HS-Combine-CSS
Upgrade-Insecure-Requests
NGB
X-Accel-Expires
Viewport
X-Microcachable
X-LB-Cache
X-Cache-NE
X-Cached-By
X-Sucuri-Cache
AsisCache
X-GeoIP
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Feature
X-Generated-By
X-Amz-Server-Side-Encryption
X-Akamai-Edgescape
ServedBy
SRV
X-Accel-Buffering
Filters
X-RequestSource
X-Jobs
X-App-Server
X-Cacheable-TTL
X-Dns-Prefetch-Control
X-Drupal-Cache-Tags
X-Seen-By
X-S
X-Wix-Request-Id
X-TX-ID
X-WebKit-CSP-Report-Only
X-Adobe-Content
X-Cluster
X-Adobe-Loc
From-Origin
X-Geo
Content-Script-Type
Content-Style-Type
X-Tumblr-Pixel-1
X-Internal-Host
X-FW-Type
X-Varnish-IP
X-Varnish-Hits
X-RTag
X-Tumblr-Pixel-2
X-FW-Static
X-Locale
X-FW-Server
X-FW-Hash
X-FW-Serve
X-Distil-CS
X-Cache-Age
X-B3-Sampled
Datacenter
X-Akam-SW-Version
X-Varnish-Cache-Hits
X-Cache-Remote
HostName
X-Storage
X-Edge-Cache-Key
X-GZip
X-Guploader-Uploadid
X-UA
X-Edge-Cache
X-Varnish-Grace
X-Node-Name
X-Platform-Server
X-CDN-Forward
X-ServedBy
X-Vg-Webcache
X-Cache-TTL-Remaining
X-Akamai-Transformed
X-Kinja-Server-Push
X-Region
X-Cache-Bucket
RATING
X-RateLimit-Limit
X-Mode
Country
Cache-Tag
X-Amz-Replication-Status
X-Distributor
X-Real-Ip
X-NewRelic-App-Data
X-EIG-Tracking-Id
X-TA-CDN-Provider
Load-Balancing
X-Proto
Ohc-File-Size
X-Amzn-RequestId
X-Amz-Apigw-Id
ServerName
Mn-Server-Ip
X-Agile
X-Agile-Age
X-BB-IP
X-Agile-Id
X-Source
GEO-INFO
Fastly-SSL
X-ProxyCache-Status
X-Akamai-Request-ID
X-ProxyCache-Key
Healthy
L5d-Success-Class
X-ApacheServer
Cache-Key
Meta-Geo
Machine
X-Detected-As
X-Rendered-As
X-RemovedCookies
X-ProcessESI
X-PERF
X-RN-RSRV
X-Time-Microsecs
Cache-Name
X-Web-Node
X-Viewer-Country
X-Path-Route
X-Optimization
X-Cache-Var-Map
X-Cache-Var
X-Cache-HT
X-BYPASS-REASON
X-Debug-Cache
X-MP-GENERATED-AT
X-Is-Bot
X-Grey
X-Cache-Category-Id
X-JoinUs
X-Webstats-RespID
Cache-Hits
WP-Super-Cache
X-Hit
X-NCache
X-CCM
X-Drupal-Cache-Contexts
X-ServerID
X-Request-Time
X-TWH-CORRELATION-ID
Backend
X-Generated
Access-Control-Allow-Method
X-CDN-Cache
X-Human
X-Xfnlog-Site
X-Ezoic-Cdn
Now
X-Cluster-Node
X-Port
X-Original-Request
X-PCL
X-OCL
X-Upgrade-Enabled
X-NodeID
X-Labrador-Cache-Channel
S-Rt
TWC-Connection-Speed
TWC-GeoIP-Country
TWC-Locale-Group
TWC-GeoIP-LatLong
X-Pubstack
X-Render-Type
Azure-SlotName
Azure-SiteName
Azure-Version
X-Proxy
Azure-RegionName
Azure-InstanceId
Property-Id
Webcakes-Region
X-Origin-Hint
X-CCM-LastModified
X-Via-Fastly
X-Edge-Location
X-Hosted-By
X-FC-Vary-Parameters
X-OVcl
X-Cache-Enabled
Webcakes-App-Version
Webcakes-App-Name
X-Instance-Name
X-Amz-Meta-Surrogate-Control
X-Www-Served-By
X-OVcl-Cache
TWC-Privacy
TWC-Device-Class
Selected-FE
X-Timing-Wait
X-Proxy-Build
X-Routing-Service
X-Generation-Time
User-Cache-Control
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
LB
X-Nginx-Cache
X-Format
X-IP
X-Loop
X-LJ-Flow-ID
X-Varnish-Cacheable
X-Meta-Tbi-Cache-Vertical
X-Section
X-Birta-Served
X-Nc
X-Site-Version
X-Backend-Name
DB-Nickname
X-AWS-Id
X-App-Name
X-TNCMS
X-Access
X-Zipkin-Id
X-VWS-Id
X-SplitTest
X-Surge-Debug
X-Birta-Cache-Post
X-Oneagent-Js-Injection
Countrycode
Fastcgi-Useragent
X-Dc
X-Newrelic-Synthetics
X-Real-IP
X-Origin-CC
Origin-Cache-Control
Origin-Edge-Control
User-Agent
X-Tumblr-Pixel-3
X-GUploader-UploadID
X-Environment-Context
RequestId
X-L-Path
Payment
X-Tb
X-Time
Xserver
X-UA-Device-Type
Ec-Rule-Version
X-B3-TraceId
X-Unique-ID
X-B3-Spanid
X-Servedby
X-Skip-Cache
X-DataStream-Cache-Status
X-NU-AKA-ACS-Version
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
Access-Control-Request-Headers
X-NGENIX-Cache
X-Esi
X-WR-MODIFICATION
X-Be
X-Upstream-CT
X-Upstream-HT
Time
NODE
Webserver
X-Cache-Ttl
X-Webkit-CSP
X-Vgn-Hpd-Reason
X-CACHE-AGE
X-EdgeConnect-Cache-Status
X-Croise-Owner
X-Oss-Hash-Crc64ecma
X-CSRF-Token
X-Oss-Object-Type
X-Dynatrace
X-Oss-Request-Id
X-Oss-Storage-Class
Warning
X-Oss-Server-Time
X-NX-Host
Fly-Request-Id
X-A
T-Server
Fly-Cache
V-Age
X-Developer
X-Debug-Cookies
X-D
X-Cache-Backend
X-ARC
X-Debug-Log
X-Destination
Resin-Trace
Request-Time
X-A-Ccd
X-Logtrace-Id
X-Died
X-SRCache-Key
X-Cache-Host
X-A-Dcw
Cache-Prefix
X-Fastcgi-Cache
X-A-Dgt
X-Cache-Expires
X-Generated-In
X-Application
X-G
X-Var-Ttl
X-A-Wwc
Ajk
X-Cache-Id
X-S-Cookie
X-From
X-CS
X-ElasticPress-Search
X-A-Dam
X-DPWN-IS-SECURE
X-B-Cookie
Ws
X-Status
X-StackifyID
X-Yottaa-Sig
IBM-Web2-Location
Mime-Version
X-Dispatcher-Server
X-Cache-Time
X-Device-Os
X-Fstrz
Apple-News-Services-Host
X-Public
X-Planisys-CDN-TTL
X-Region-Sid
X-Rewrite-Enabled
X-Rojux
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Haproxy-Ip
X-Haproxy-Hostname
X-ND-Cache
X-No-Session
X-PAYTM-SRV-ID
X-Server-By
X-Server-Time
X-Via-Edge
X-Via-CDN
X-We-Are-Hiring
X-Wix-Route-ID
Xc-Version
X-VG-WebServer
X-User
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
X-Fastly-Cache
X-Connection-Hash
BehaviorPad-Version
Apple-News-Services-Request-Url
Fastcgi-X-Cache
Fastcgi-X-Cache-Version
Fastly-Soc-X-Request-Id
Apple-News-Services-Parsed-Url
Proxy-Connection
X-Request-URI
X-Release
X-WebServer
AKAMAI
Apple-News-Services-Handled
Host-ID
MD5-Digest
X-BB-ID
X-Amz-Meta-Cache-Control
X-BBXSRF
X-CF-Lambda-Fn
X-CF-Lambda-Version
Www
VivaBuild
Meta-Geo-Continent
Memcached
Release
Sta2Tusw
Viewtype
X-Hash
X-UE-Client-Country
Cneonction
UCS
X-TIME
X-Varnish-Beresp-Ttl
X-Passed-To-PostProcessResponse
X-Phone
X-Eu-Site
X-Epic-Correlation-Id
X-Via-NSCOPI
X-Passed-To-DLL
X-F5-Cache
Rendered-Blocks
Server-Host
X-Passed-To
X-Rebelmouse-Cache-Control
X-Passed-To-BeforeDispatch
Server-Int
X-Sorting-Hat-ShopId
X-GeoIP-Country-Code
X-Shopify-Stage
X-ShardId
X-Rebelmouse-Surrogate-Control
X-S-Maxage
X-Sorting-Hat-FeatureSet
X-Sorting-Hat-PodId
X-FireWall-Port
X-Sorting-Hat-Section
X-Sorting-Hat-PrivacyLevel
X-Sorting-Hat-PodId-Cached
X-Sorting-Hat-ShopId-Cached
Powered-By
Ha-Gx-Prefs
HA-Host
HA-Georegion
HA-Geolon
HA-Geolat
HA-Ipaddr
HA-Servedtime
X-GeoIP-City
IsBot
X-Gannett-Site-Version
Heartbleed
HA-Urlpath
HA-Geocountry
HA-Geocity
Drupal-Pagecache-Memcache
Odigeo-Trace-Id
Origin
X-Forwarded-Host
X-Returned-From
NGX
Fastly-SIE
HA-Cloudapp
GW-Server
Fastly-SWR
X-Frame-Option
Pramga
X-ShopId
GMS-Ver
X-Amz-Meta-S3cmd-Attrs
X-Actual-URL
X-Cdn-Origin
X-Stale
X-Cache-CFC
X-SIPLIST1
X-Sn-Servicetimems
X-Content-Type
X-Trace-Id
Dnion-Transfer-Encoding
X-Auto-Login
X-Up
X-UnsetCookies
X-CGP
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Alternate-Cache-Key
X-Crawler
Version
Kp-EeAlive
X-ScT
X-Secret
Request-EU
Uber-Trace-Id
X-RCS-CacheZone
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-Returned-From-BeforeDispatch
X-IN-WAF
X-IN-SSL-APIGATEWAY
X-Core-Value
Server-ID
X-Hl-Ver
X-Cache-Debug
X-Server-IP
X-IN-APIGATEWAY
Request-Country
NtCoent-Length
NnCoection
X-C
X-Backend-State
X-Backend-TTL
X-Block-Status
X-Gen-Mode
MI-API
X-Cdn-Srv
X-Backend-Url
Platform
Web-Mar-Node
Who
X-Core-Mission
X-Fetched-On
Thinkindot-CacheControl
X-Developers
Thinkindot-CacheControl-Type
X-Env
X-Edge-IP
X-Content-Age
X-Ckpd-Fst-Backend
Ohc-Response-Time
X-Backend-Host
MI-Cache-Age
On-Server
OT-Force-Account-Verify
Pragrma
Thinkindot-Control
PFcat
MI-Cache
X-MI-In-Market
X-Rocket-Nginx-Bypass
X-Origin-Date
X-Info
X-Served-From
X-Server-Group
X-Origin-Expires
X-Response-By
Adler-Geo
X-RateLimit-Limit-Second
X-GoCache-CacheStatus
X-Reboot
X-Servername
X-ServiceProvider
Country-Code
X-Bug-Bounty
X-Accel-Expires-Debug
X-Date
X-Worker
X-VServer
X-Thinkindot-L3
X-TT-LOGID
X-V
X-Ver
X-Node-Id
X-RateLimit-Remaining-Second
X-Location
X-Matched-Rule
X-MSEdge-Flight
Esi-Enabled
Fastly-Backend-Name
HTTPS
X-Hnp-Log
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Httpd-Identifier
Decoy-Debug-Status
Decoy-Debug-TTL
Cache-Cookie-Set-From
X-MSEdge-Features
Backend-Name
Is-Eu
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Decoy-Debug-Key
Content-Disposition
X-Cache-Srv
CDCHOST
FSS-Proxy
FSS-Cache
X-HCF
X-Cache-URL
X-Thanos
X-Platform
X-Svr
X-Varnish-HitMiss
X-Varnish-Id
Cteonnt-Length
X-Clientip
Arc-Country
REQUESTUUID
X-Page-Type
Brightspot-Id
X-Cache-Control-Set-By
Cache-Provider
X-Bip
X-Correlation-ID
X-Refresh
X-Req
X-Amz-Meta-S3b-Last-Modified
X-Irp-Debug
X-LiteSpeed-Cache-Control
WebServer
Apicache-Store
Apicache-Version
X-CLOUD-TRACE-CONTEXT
X-Pjax-Url
X-LB-CacheStatus
X-LB-Node
X-Varnish-Url
X-App-Version
X-P-T
Processtime
PageType
X-Origin-TTL
X-Pf-Uncompressing
Sid
X-ROOTCache
X-Ratelimit-Limit
X-Ruxit-Js-Agent
X-Ua
X-Request-Start
X-From-Cache
Accept-Ch
X-Request-UUID
COMMERCE-SERVER-SOFTWARE
X-Ratelimit-Remaining
If-Modified-Since
X-EC-Security-Audit
Cdn
Pagetype
Memory
X-Endurance-Cache-Level
Dynatrace
X-DC
GeoIp-Country-Code
X-Amz-Meta-Sha256
Geoip-City
X-Varnish-Action
Geoip-Latitude
X-Load-Cache
X-Fastly-Backend-Reqs
X-Layer
X-Cache-ASPX
X-COUNTRY
X-GRACE
X-Cdn-Forward
PROCESSING-IP
SN
PICS-Label
BORDER-IP
X-GDPR
Edgecast
X-ServedByHost
X-Redis-Cache
CF-IPCountry
X-Tid
Ar-Sid
X-Varnish-Beresp-TTL
X-RequestId
Frame-Options
X-Rocket-Nginx-Serving-Static
X-NC
X-Atg-Version
X-Cache-Handler
X-Fastly-Cache-Hits
NodeID
X-Csrf-Token
X-Nananana
X-Key
X-Resolver-IP
X-Owner
X-B3-SpanId
X-NWS-UUID-VERIFY
MIME-Version
X-Cf-Powered-By
X-TId
X-Requestid
Dont-Set-Cookie
Web-Mar-Region
Cf-Ipcountry
X-Server-W
X-Servedbyhost
Pics-Label
CACHE
X-Flog
X-ABtesting
X-Sf
WZWS-RAY
X-HTML-Minification-Powered-By
X-BE
X-Rule
X-Sentry-ID
ProcessTime
X-Tec-Api-Version
Node
X-Tec-Api-Origin
X-Tec-Api-Root
Get-Access-Time
X-HS-Hub-Id
X-Cache-TTL
GeoIP-City
GeoIP-Country-Code
We-Hiring
Mail-Subject
GeoIP-Latitude
X-DataStream-MidMile-RTT
X-Powered-By-ANYU
X-VG-WebCache
X-FORWARDED-FOR
RNT-Machine
X-DataStream-Origin-MEX-Latency
Lfy
Is-Session-Tracking
RNT-Time
X-Wix-Petri-Ex
PageSpeed
X-CDN-Pop
Max-Age
X-Shard
X-CDN-Pop-IP
X-Varnish-Ttl
X-Dynatrace-Js-Agent
CDN
X-Use-Magma
X-SRV
X-Mem
X-ByteArk-Cache
XServer
X-GZIP
Powered
Accept-CH
URI
Magicmarker
X-Cache-FS-Status
X-GEO
X-Check-Cacheable
X-Ms-Request-Id
DataCenter
X-Ms-Lease-Status
X-Powered-By-Defense
X-UPSTREAM-Address
Cache-Tags
X-PF-Uncompressing
X-Ms-Version
X-Front
X-Ms-Blob-Type
X-Unique-Id
X-Dw-Trace-Id
X-Zalando-Page-Type
Amp-Access-Control-Allow-Source-Origin
X-Fe
X-Oa-Upstreams
X-Cookie
X-Varnish-URL
X-Micro-Cache
X-PAGE-TYPE
X-Trv-Request-Id
X-Remote-IP
X-Zalando-Child-Request-Id
Xet-Cookie
Group
Srv
V-Cache
X-VC
X-VarnPar2
X-Proxy-Server
X-Safe-Firewall
X-VarnCache
X-PJAX-URL
X-VarnPar1
X-SB
N-Cache
X-Aicache-OS
Rt-Proxy-Cache
X-PARISIEN-Cache-Rendered
X-Varnish-ID
X-HGenerator
RequestUuid
Hostname
X-NGINX-Cache
X-Akamai-ERRuleID
X-M-Log
X-RAMCache
WS
X-Akamai-ERPolicy
X-Gdpr
WWW-Authenticate
Requestid
X-Hello
X-M-Reqid
X-Alicdn-Da-Ups-Status
X-ProxyCache-Args
X-Litespeed-Tag
X-Qnm-Cache
X-Acquia-Application-Trace
CF-Cached-On
SID
X-Acquia-Application-UUID