Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
X-Xss-Protection
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
Alt-Svc
Status
X-AspNetMvc-Version
X-Cache-Status
X-DNS-Prefetch-Control
X-Check
P3p
X-Iinfo
X-Adblock-Key
X-FRAME-OPTIONS
X-CDN
Timing-Allow-Origin
X-Content-Security-Policy
X-Permitted-Cross-Domain-Policies
X-Turbo-Charged-By
Content-Encoding
X-Request-ID
X-Template
X-Language
Keep-Alive
X-Type
X-AH-Environment
X-Via
CF-Ray
X-Cache-Group
X-Backend
WPE-Backend
X-Pass-Why
X-Buckets
X-Age
X-Server
X-Nginx-Cache-Status
Access-Control-Max-Age
X-Server-Powered-By
X-Pingback
Xkey
X-Varnish-Cache
Grace
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
Upgrade
X-Hacker
X-UA-Device
X-Amz-Request-Id
Cf-Railgun
X-Page-Speed
X-Amz-Id-2
X-Proxy-Cache
X-Robots-Tag
EagleId
X-Envoy-Upstream-Service-Time
Request-Context
X-Node
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Ac
X-Device
X-Cnection
X-Host
Ali-Swift-Global-Savetime
Content-Location
X-Amz-Version-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
Surrogate-Control
X-Backend-Server
X-Server-Id
X-OneAgent-JS-Injection
X-Cache-Lookup
X-Rack-Cache
X-Response-Time
X-Px
X-Instart-Request-ID
Request-Id
X-Readtime
X-CST
Server-Timing
X-Rq
X-Clacks-Overhead
Pinterest-Generated-By
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
X-HeyJason
X-Url
EagleEye-TraceId
X-Ua-Compatible
Edge-Control
X-Application-Context
X-Cloud-Trace-Context
X-Country
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-MS-InvokeApp
Report-To
X-Server-Name
Charset
X-DynaTrace-JS-Agent
SPRequestGuid
X-Country-Code
Allow
X-ESI
X-DataDome
X-SharePointHealthScore
X-Ruxit-JS-Agent
Rating
X-PC
X-TtlSet
X-Vname
X-Cached
X-Varnish-TTL
X-Powered-CMS
X-Powered-By-Plesk
X-Recruiting
X-CF-Powered-By
X-FTR-Request-ID
X-TTL
X-DynaTrace
NEL
X-Vhost
X-D2id
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
Public-Key-Pins
Pinterest-Version
X-Kinja-Build
X-Kinja
X-Pinterest-Rid
X-Exp-Variant
X-Exp-Id
X-Upstream-Env
X-Cdn-Fetch
X-Kinja-Server
X-Geo-Segment
X-Kinja-Revision
X-F-Cache
X-Version
X-N
X-GoogleNews-Bot
X-VARITI-CCR
Cartoon
SPIisLatency
SPRequestDuration
X-Dw-Request-Base-Id
X-T
X-Mod-Pagespeed
Content-MD5
X-Abt-Application-Version
MS-Author-Via
RTSS
Nginx-Cache
Feature-Policy
Verso
X-GitHub-Request-Id
X-Dispatcher
X-Goog-Hash
X-Ttl
X-Navigation-Version
X-SRCache-Store-Status
X-SRCache-Fetch-Status
MicrosoftSharePointTeamServices
X-Server-ID
X-Client-IP
AR-ATIME
AR-PoweredBy
AR-CACHE
X-Amz-Rid
X-Hits
Realpath
X-Forwarded-Proto
X-Shield-Request-Id
X-Origin-Cache
X-Cdn
X-Trace
Paypal-Debug-Id
X-TEC-API-ROOT
X-Content-Options
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Zen-Fury
X-Content-Digest
X-Kinsta-Cache
DynaTrace
TCN
X-Id
X-Grace
Arr-Disable-Session-Affinity
X-B
AR-SID
Alternate-Protocol
X-Varnish-Age
X-Cache-Key
X-Sol
Fastcgi-Cache
X-Upstream
X-Mrf-Item-Lastmod
MRF-Tech
Mrf-Cache-Status
X-Mrf-Section-Lastmod
Access-Control-Request-Method
X-Ser
X-Middleton-Display
Display
X-FastCGI-Cache
X-Pad
X-Fastly-Request-ID
X-Acc-Meta-Resource-Type
PB-RID
PB-PID
X-Mobile-Rewrite
X-NF-Request-ID
X-Nf-Srv-Version
X-Via-JSL
X-DIS-Request-ID
X-Vcap-Request-Id
X-Middleton-Response
Response
X-User-Agent
Pagespeed
X-Forwarded-For
Front-End-Https
Rt-Fastcgi-Cache
X-MSEdge-Ref
X-Cache-Rule
Eomportal-Instance
X-Frontend
X-PressLabs-Stats
X-SS-Set-Cookie
X-Cache-Hit
X-IPLB-Instance
Arc-Version
X-Logged-In
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-VCache
Server-Name
X-Whom
X-Hostname
Host
X-XRDS-Location
Surrogate-Key
S
X-FTR-Backend
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Expires
Tracecode
X-Analytics
Backend-Timing
Cache-Status
X-Debug
X-HS-Content-Id
TP-L2-Cache
TP-Cache
X-Request-Processing-Time
X-Request-Received
Refresh
X-AOL-HN
X-Contextid
X-Instance
X-Magnolia-Registration
X-Litespeed-Cache
X-Proxied
X-Rid
FilterID
X-AppVersion
Public-Key-Pins-Report-Only
X-Activity-Id
X-Wix-Server-Artifact-Id
X-XRDS-LOCATION
X-Az
X-HW
X-UUID
Server-Info
HitType
HitInfo
ServerID
X-Newrelic-App-Data
X-Srv
X-WPE-Loopback-Upstream-Addr
Cleartype
X-B3-Traceid
Liferay-Portal
Service-Worker-Allowed
X-FTR-Cache-Host
X-Varnish-Server
AMP-Access-Control-Allow-Source-Origin
X-Mobile
X-Content-Security-Policy-Report-Only
X-APP-VERSION
X-Varnish-Backend
X-Cache-Control
Served-By
X-Revision
X-Cache-Server
X-Amzn-Trace-Id
Source
Host-Header
Server-Node
X-BCube-Filmed-By
X-NWS-LOG-UUID
X-PC-AppVer
X-PC-Hit
X-PC-Key
X-Request-Guid
X-PHP-Backend
X-Hail-Hydra
X-Geo-Country
X-App-Environment
X-Correlation-Id
X-Device-Type
X-TT
Retry-After
X-Handled-By
Accept-Charset
X-Origin-Upstream-Status
X-Tumblr-Pixel-0
X-Framework
X-Tumblr-Pixel
X-Cache-Operation
DC
X-Tumblr-User
X-RateLimit-Remaining
X-Cache-2
MS-CV
X-Signature
X-Varnish-Hostname
X-Cache-Config
X-Page-Id
X-B-Cache
Powered-By-ChinaCache
X-FB-Debug
S-Cnection
Edge-Cache-Tag
X-Origin
X-HS-Cache-Config
X-Origin-Server
X-URL
Fastly-Restarts
X-Cache-Action
X-Debug-Info
X-TT-TIMESTAMP
Viewport
X-ATG-Version
X-Sucuri-ID
X-PC-Host
X-PC-Date
X-Ocache
X-B3-Sampled
Actual-Object-TTL
X-Hyper-Cache
X-Cached-By
X-WA-Info
X-ADI-VCache
NGB
X-Shield-Cache-Expires
X-Webkit-Csp
X-Content-Powered-By
X-Microcachable
X-Accel-Expires
X-Drupal-Cache-Tags
X-LB-Cache
X-Akam-SW-Version
Upgrade-Insecure-Requests
X-NewRelic-App-Data
X-Cache-NE
X-Generated-By
AsisCache
Filters
SRV
X-Yottaa-Optimizations
ServedBy
X-Yottaa-Metrics
X-App-Server
X-FW-Hash
X-Cacheable-TTL
X-Distil-CS
X-FW-Serve
X-FW-Static
X-RequestSource
X-Locale
X-WebKit-CSP-Report-Only
X-FW-Server
X-FW-Type
X-GeoIP
Cache
Content-Style-Type
X-Internal-Host
X-Seen-By
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Wix-Request-Id
Content-Script-Type
X-RTag
X-Cluster
X-S
X-Accel-Buffering
X-Jobs
X-ServedBy
X-TX-ID
X-Amz-Server-Side-Encryption
X-GUploader-UploadID
X-Node-Name
X-Geo
From-Origin
X-Varnish-Hits
X-Varnish-Grace
X-Varnish-Cache-Hits
X-Cache-Age
X-RateLimit-Limit
X-Akamai-Edgescape
X-Platform-Server
Datacenter
X-Adobe-Loc
X-Sucuri-Cache
X-Varnish-IP
X-Adobe-Content
X-Vg-Webcache
X-HS-Combine-CSS
X-UA
X-Dns-Prefetch-Control
X-CLOUD-TRACE-CONTEXT
X-Cache-TTL-Remaining
X-GZip
X-Edge-Cache
X-CDN-Forward
X-Edge-Cache-Key
X-Real-IP
Cache-Tag
X-Storage
X-Cache-Remote
X-Mode
X-Akamai-Transformed
X-Region
X-Drupal-Cache-Contexts
X-Daa-Tunnel
X-Source
X-Amz-Replication-Status
HostName
X-Distributor
Load-Balancing
X-ProcessESI
X-Rendered-As
X-RN-RSRV
X-RemovedCookies
X-Detected-As
X-Cache-Var-Map
X-Cache-Var
X-Is-Bot
X-Path-Route
Machine
X-MP-GENERATED-AT
Meta-Geo
X-Proxy
X-NCache
Fastly-SSL
X-Amzn-RequestId
ServerName
X-Amz-Apigw-Id
X-Time-Microsecs
X-PERF
X-OCL
X-PCL
X-TWH-CORRELATION-ID
X-Grey
X-CDN-Cache
X-Agile-Age
X-Agile-Id
X-Agile
Mn-Server-Ip
Ohc-File-Size
Cache-Key
X-Akamai-Request-ID
X-ApacheServer
X-Web-Node
X-Viewer-Country
X-Webstats-RespID
X-Cache-Category-Id
X-BB-IP
X-Upgrade-Enabled
GEO-INFO
X-Kinja-Server-Push
X-Pubstack
Azure-SiteName
Azure-SlotName
Azure-InstanceId
X-Via-Fastly
X-FC-Vary-Parameters
Country
Azure-Version
Backend
S-Rt
X-Amz-Meta-Surrogate-Control
X-Proto
X-OVcl-Cache
L5d-Success-Class
X-Original-Request
X-OVcl
X-Cluster-Node
Azure-RegionName
X-Edge-Location
X-EIG-Tracking-Id
X-NodeID
X-Debug-Cache
X-Human
DB-Nickname
X-Optimization
X-Cache-HT
X-IP
X-App-Name
TWC-Connection-Speed
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Device-Class
Healthy
X-Instance-Name
X-AWS-Id
Property-Id
X-Port
X-Section
X-Site-Version
X-Meta-Tbi-Cache-Vertical
LB
X-Birta-Served
X-Birta-Cache-Post
X-SplitTest
TWC-Privacy
User-Cache-Control
Webcakes-App-Version
X-Zipkin-Id
X-Xfnlog-Site
X-Www-Served-By
Webcakes-Region
X-Access
X-CCM-LastModified
X-ProxyCache-Key
X-BYPASS-REASON
X-LJ-Flow-ID
X-Routing-Service
User-Agent
X-Varnish-Cacheable
Webcakes-App-Name
X-Generation-Time
X-Hosted-By
X-ProxyCache-Status
X-Origin-Hint
X-ServerID
X-Format
X-VWS-Id
X-CCM
X-Loop
Fastcgi-Useragent
X-JoinUs
Access-Control-Allow-Method
Now
X-Backend-Name
Cache-Name
Cache-Hits
X-TNCMS
X-Labrador-Cache-Channel
Selected-FE
X-Proxy-Build
Countrycode
X-Generated
X-Timing-Wait
X-Tb
Payment
X-Request-Time
X-Guploader-Uploadid
X-Tumblr-Pixel-3
X-Surge-Debug
X-Cache-Bucket
RATING
Ec-Rule-Version
X-Origin-CC
X-Ezoic-Cdn
X-Time
X-Dc
X-Esi
X-Hit
X-DataStream-Cache-Status
X-Unique-ID
WP-Super-Cache
X-Cache-Enabled
X-Render-Type
X-TA-CDN-Provider
X-Newrelic-Synthetics
X-Nc
X-B3-TraceId
X-Oneagent-Js-Injection
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
Origin-Edge-Control
Origin-Cache-Control
X-Feature
X-Real-Ip
X-Nginx-Cache
X-B3-Spanid
X-UA-Device-Type
X-Correlation-ID
X-L-Path
X-Environment-Context
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
RequestId
X-CACHE-AGE
X-NU-AKA-ACS-Version
X-Skip-Cache
NODE
Xserver
X-Content-Type
X-NGENIX-Cache
X-Status
Access-Control-Request-Headers
X-WR-MODIFICATION
X-Be
Webserver
X-ElasticPress-Search
X-EdgeConnect-Cache-Status
X-Servedby
X-Vgn-Hpd-Reason
X-Cache-Backend
Time
Warning
Ws
Apicache-Version
Apicache-Store
X-Upstream-CT
X-Upstream-HT
X-CF-Lambda-Version
X-CF-Lambda-Fn
Apple-News-Services-Handled
X-We-Are-Hiring
X-User
Apple-News-Services-Parsed-Url
X-Twitter-Response-Tags
Apple-News-Services-Request-Url
Apple-News-Services-Host
X-VG-WebServer
X-Generated-In
X-Wix-Route-ID
X-Via-Edge
X-Via-CDN
X-Connection-Hash
Xc-Version
T-Server
X-A-Ccd
X-A-Dam
X-A-Dcw
X-A
Www
IBM-Web2-Location
Viewtype
VivaBuild
X-GoCache-CacheStatus
X-A-Dgt
X-A-Wwc
X-D
X-BB-ID
X-BBXSRF
Ajk
X-B-Cookie
Resin-Trace
X-Accel-Expires-Debug
Sta2Tusw
X-Application
X-ARC
AKAMAI
X-Transaction
Fly-Cache
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Fastly-Cache
X-Public
Fly-Request-Id
X-Date
Host-ID
X-Region-Sid
GMS-Ver
X-Planisys-CDN-Cache
X-From
X-Logtrace-Id
X-Haproxy-Ip
Fastcgi-X-Cache
X-Haproxy-Hostname
X-G
X-ND-Cache
Fastly-Soc-X-Request-Id
X-PAYTM-SRV-ID
Fastcgi-X-Cache-Version
X-No-Session
X-Rojux
X-Rewrite-Enabled
X-HS-Hub-Id
Memcached
MD5-Digest
X-Developer
X-SRCache-Key
X-SVT-ORM-VERSION
X-Destination
X-SVT-ORM-RULES
Meta-Geo-Continent
X-Died
X-Server-Time
Cache-Prefix
X-S-Cookie
BehaviorPad-Version
X-Trv-Group
X-Server-By
Origin
NGX
Uber-Trace-Id
Fastly-SWR
Server-Int
Request-Time
Rendered-Blocks
IsBot
Fastly-SIE
X-Wikidot-Backend
X-ScT
X-DPWN-IS-SECURE
X-SIPLIST1
X-Sn-Servicetimems
X-Debug-Log
X-Trace-Id
X-Request-URI
X-Rebelmouse-Surrogate-Control
X-Phone
X-NX-Host
X-Fstrz
X-Forwarded-Host
X-Rebelmouse-Cache-Control
X-F5-Cache
X-Debug-Cookies
X-CS
X-IN-APIGATEWAY
X-Cache-Expires
X-IN-SSL-APIGATEWAY
X-Amz-Meta-Cache-Control
V-Age
X-IN-WAF
X-Cache-Host
X-Cache-Id
X-Up
X-Core-Value
X-Var-Ttl
X-Wikidot-Static-Cache
X-Cdn-Origin
UCS
Release
OT-Force-Account-Verify
X-C
X-Webkit-CSP
X-Device-Os
X-Developers
X-Content-Age
X-Cache-Time
X-CGP
X-Edge-IP
X-Epic-Correlation-Id
X-Gen-Mode
X-GeoIP-City
X-Frame-Option
X-FireWall-Port
X-Cache-Ttl
X-Eu-Site
X-Env
X-Cache-CFC
Who
X-Actual-URL
Web-Mar-Node
Thinkindot-Control
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Amz-Meta-S3cmd-Attrs
X-Backend-Host
X-Bug-Bounty
X-GeoIP-Country-Code
X-Block-Status
X-Backend-Url
X-Backend-State
X-Cache-Debug
X-Hnp-Log
X-UE-Client-Country
X-V
X-TT-LOGID
X-Thinkindot-L3
X-ServiceProvider
X-Stale
X-VServer
Cneonction
X-Rocket-Nginx-Bypass
X-Via-NSCOPI
X-Hl-Ver
X-Auto-Login
X-WebServer
X-Worker
X-Servername
X-Server-IP
Esi-Enabled
X-Passed-To-DLL
X-Passed-To
X-Node-Id
X-Matched-Rule
X-MI-In-Market
X-Passed-To-PostProcessResponse
X-RCS-CacheZone
X-Returned-From-PostProcessResponse
X-Served-From
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Reboot
X-Returned-From
Server-Host
X-Passed-To-BeforeDispatch
Proxy-Connection
Pramga
Cache-Cookie-Set-Lfrom
HA-Geocountry
CDCHOST
HA-Geolon
Decoy-Debug-Key
Content-Disposition
MI-Cache-Age
HA-Geocity
GW-Server
On-Server
Ohc-Response-Time
HA-Ipaddr
HA-Cloudapp
Powered-By
Backend-Name
Decoy-Debug-Status
HA-Geolat
HA-Urlpath
Decoy-Debug-TTL
HA-Host
Httpd-Identifier
HA-Georegion
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Fastly-Backend-Name
Heartbleed
HTTPS
MI-Cache
HA-Servedtime
Ha-Gx-Prefs
X-Varnish-Beresp-Ttl
X-Cdn-Srv
X-Fetched-On
Odigeo-Trace-Id
X-Location
X-ShardId
X-Server-Group
X-Core-Mission
X-Cache-Srv
X-Dispatcher-Server
X-Response-By
Kp-EeAlive
Server-ID
X-Release
X-Croise-Owner
X-Origin-Expires
X-Ckpd-Fst-Backend
PFcat
X-Crawler
Adler-Geo
X-Clientip
X-Cache-Control-Set-By
X-Ver
X-Bip
X-HCF
X-Info
X-Thanos
X-Varnish-HitMiss
Request-EU
Request-Country
X-Platform
X-Hash
X-ShopId
Is-Eu
X-Sorting-Hat-PodId-Cached
X-Sorting-Hat-PrivacyLevel
Platform
X-Sorting-Hat-PodId
X-Sorting-Hat-FeatureSet
X-Origin-Date
X-Shopify-Stage
Pragrma
X-Backend-TTL
X-UnsetCookies
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId-Cached
X-Sorting-Hat-ShopId
X-Sorting-Hat-Section
X-TIME
NnCoection
X-MSEdge-Flight
X-Page-Type
X-MSEdge-Features
X-Cache-URL
NtCoent-Length
X-S-Maxage
X-Varnish-Id
REQUESTUUID
X-Refresh
Country-Code
X-StackifyID
X-Svr
Drupal-Pagecache-Memcache
Cache-Provider
X-Secret
MI-API
X-Req
Mime-Version
X-P-T
X-Gannett-Site-Version
X-Fastcgi-Cache
Processtime
X-App-Version
X-Pjax-Url
X-Amz-Meta-S3b-Last-Modified
X-Pf-Uncompressing
X-Csrf-Token
X-COUNTRY
X-Origin-TTL
Dnion-Transfer-Encoding
Version
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
Pagetype
X-Amz-Meta-Sha256
Memory
Accept-Ch
X-Cache-ASPX
Ar-Sid
X-EC-Security-Audit
WebServer
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Varnish-Url
X-Kong-Upstream-Latency
SN
X-Kong-Proxy-Latency
X-NC
X-Ua
Cteonnt-Length
X-Yottaa-Sig
X-Wix-Petri-Ex
FSS-Cache
X-LiteSpeed-Cache-Control
X-From-Cache
FSS-Proxy
Geoip-Latitude
GeoIp-Country-Code
Arc-Country
Geoip-City
Dont-Set-Cookie
X-Rule
X-GRACE
X-Ruxit-Js-Agent
Brightspot-Id
PageType
X-DC
X-Cache-Handler
X-Irp-Debug
X-CSRF-Token
COMMERCE-SERVER-SOFTWARE
MIME-Version
CF-IPCountry
PICS-Label
X-LB-Node
X-Redis-Cache
X-LB-CacheStatus
X-Load-Cache
X-Cdn-Forward
X-Varnish-Beresp-TTL
Cdn
X-Request-Start
X-ROOTCache
Sid
X-Endurance-Cache-Level
X-Ratelimit-Remaining
X-Request-UUID
Edgecast
If-Modified-Since
X-SERVER-NAME
X-Sf
BORDER-IP
X-Requestid
PROCESSING-IP
X-Fastly-Backend-Reqs
RNT-Machine
X-Varnish-Action
X-TId
RNT-Time
X-Servedbyhost
XServer
X-Ratelimit-Limit
X-Varnish-Ttl
X-Layer
X-Tid
X-ServedByHost
X-GDPR
X-B3-SpanId
X-Dynatrace
X-Atg-Version
X-RequestId
X-Nananana
X-BE
X-Resolver-IP
Powered
X-Rocket-Nginx-Serving-Static
Frame-Options
X-Cache-TTL
Cache-Tags
Pics-Label
X-Fastly-Cache-Hits
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
CDN
Node
NodeID
Cf-Ipcountry
Amp-Access-Control-Allow-Source-Origin
CACHE
X-Key
X-Owner
X-Tec-Api-Version
Dynatrace
X-Tec-Api-Root
X-Tec-Api-Origin
GeoIP-City
We-Hiring
GeoIP-Latitude
X-Gdpr
GeoIP-Country-Code
Mail-Subject
X-Server-W
X-HTML-Minification-Powered-By
X-GZIP
PageSpeed
X-Shard
Web-Mar-Region
X-UPSTREAM-Address
X-Dynatrace-Js-Agent
X-VG-WebCache
X-Use-Magma
X-Ms-Lease-Status
X-Ms-Blob-Type
X-Ms-Version
X-Ms-Request-Id
X-ABtesting
Hostname
X-Flog
Accept-CH
X-Varnish-URL
Lfy
X-Sentry-ID
WZWS-RAY
ProcessTime
DataCenter
X-Aicache-OS
X-Alicdn-Da-Ups-Status
X-Powered-By-ANYU
True-Client-Country-4JS
URI
Is-Session-Tracking
Max-Age
X-ID
X-CDN-Pop-IP
X-CDN-Pop
Get-Access-Time
X-GEO
X-VG-TLSProxy
X-PF-Uncompressing
X-NWS-UUID-VERIFY
Xet-Cookie
X-NGINX-Cache
X-Dw-Trace-Id
X-PJAX-URL
Cdn-Host
RequestUuid
Cdn-Request-Time
X-Mem
X-Varnish-ID
X-Edge-Server
X-Oa-Upstreams
X-Check-Cacheable
X-Policy
X-Cookie
X-Trv-Request-Id
X-Swa-Ws
Serverid
X-SRV
X-Unique-Id
X-Cache-FS-Status
X-Remote-IP
Requestid
X-Powered-By-Defense
Rt-Proxy-Cache
GEO-REGION-INFO
X-Front
X-PAGE-TYPE
X-Org
X-Ms-Lease-State
V-Cache
Group
X-RPM
X-SB
X-VC
X-DW
X-VID
X-RSL
X-RPS
X-Akamai-ERRuleID
Magicmarker
X-Hello
CF-Cached-On
X-Akamai-ERPolicy
X-Acquia-Application-UUID
X-Proxy-Server
X-Acquia-Application-Trace
X-Litespeed-Tag
SID
X-DB
X-DI
X-Litespeed-Cache-Control
X-Fe
X-RAMCache
WS
X-DSS