Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
X-Powered-By
X-Content-Type-Options
Strict-Transport-Security
CF-RAY
ETag
Link
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Xss-Protection
X-Served-By
X-Varnish
X-Amz-Cf-Id
Referrer-Policy
X-Request-Id
X-AspNet-Version
X-Timer
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
CF-Ray
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
Alt-Svc
X-AspNetMvc-Version
Status
X-Cache-Status
X-DNS-Prefetch-Control
X-Check
X-FRAME-OPTIONS
X-Iinfo
X-Adblock-Key
Timing-Allow-Origin
X-CDN
X-Content-Security-Policy
X-Turbo-Charged-By
X-Permitted-Cross-Domain-Policies
Content-Encoding
X-Template
X-Language
Keep-Alive
X-Via
X-Type
X-AH-Environment
X-Backend
X-Cache-Group
X-Nginx-Cache-Status
X-Buckets
WPE-Backend
X-Pass-Why
X-Server
X-Age
X-Server-Powered-By
Access-Control-Max-Age
X-Pingback
X-Request-ID
Xkey
X-Varnish-Cache
Grace
Access-Control-Expose-Headers
Upgrade
P3p
X-Drupal-Dynamic-Cache
X-Hacker
X-UA-Device
X-Amz-Request-Id
X-Page-Speed
Cf-Railgun
X-LiteSpeed-Cache
X-Proxy-Cache
EagleId
X-Amz-Id-2
X-Robots-Tag
X-Swift-SaveTime
X-Swift-CacheTime
X-Envoy-Upstream-Service-Time
Ali-Swift-Global-Savetime
Request-Context
X-Node
X-Device
X-Ac
Content-Location
X-Host
X-Cnection
X-Amz-Version-Id
X-Cache-Lookup
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Surrogate-Control
X-Backend-Server
X-Server-Id
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Rack-Cache
X-Instart-Request-ID
X-CST
X-Px
X-Response-Time
Request-Id
X-Readtime
X-Rq
Server-Timing
X-Ua-Compatible
Permitted-Cross-Domain-Policies
X-HeyJason
X-Do-Not-Hack
X-Clacks-Overhead
X-Cloud-Trace-Context
EagleEye-TraceId
X-Url
Pinterest-Generated-By
Edge-Control
X-Application-Context
X-MS-InvokeApp
X-Country
X-Server-Name
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Allow
X-DynaTrace-JS-Agent
Charset
SPRequestGuid
Report-To
X-SharePointHealthScore
X-Country-Code
X-ESI
X-DataDome
X-Ruxit-JS-Agent
X-Cached
X-Varnish-TTL
X-Vname
X-PC
X-TtlSet
Rating
X-Powered-CMS
X-Powered-By-Plesk
X-Recruiting
X-TTL
Public-Key-Pins
X-Cdn
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-FTR-Request-ID
X-D2id
X-N
X-Version
SPIisLatency
SPRequestDuration
NEL
X-Vhost
MS-Author-Via
X-Kinja
X-Kinja-Server
X-Geo-Segment
X-Exp-Variant
X-Kinja-Build
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Revision
Pinterest-Version
X-Upstream-Env
X-Pinterest-Rid
X-F-Cache
X-Dw-Request-Base-Id
X-DynaTrace
X-CF-Powered-By
X-VARITI-CCR
X-T
Cartoon
X-GoogleNews-Bot
X-Mod-Pagespeed
Content-MD5
AR-ATIME
AR-PoweredBy
AR-CACHE
Nginx-Cache
RTSS
MicrosoftSharePointTeamServices
X-GitHub-Request-Id
X-Abt-Application-Version
X-Shield-Request-Id
Feature-Policy
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Verso
X-Trace
AR-SID
X-Amz-Rid
X-Navigation-Version
X-Dispatcher
X-Server-ID
X-Forwarded-Proto
X-Client-IP
X-Hits
Realpath
X-Ttl
X-Goog-Hash
X-Origin-Cache
Arr-Disable-Session-Affinity
Paypal-Debug-Id
X-Kinsta-Cache
X-Zen-Fury
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Id
X-Content-Options
X-B
TCN
X-Content-Digest
X-Grace
X-Ser
X-Varnish-Age
X-Cache-Key
Alternate-Protocol
X-Sol
Fastcgi-Cache
DynaTrace
X-Upstream
X-Via-JSL
Access-Control-Request-Method
Mrf-Cache-Status
MRF-Tech
X-Fastly-Request-ID
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-Pad
Display
X-Middleton-Display
X-Vcap-Request-Id
X-Nf-Srv-Version
X-NF-Request-ID
X-IPLB-Instance
X-DIS-Request-ID
X-FastCGI-Cache
Response
X-Middleton-Response
PB-PID
PB-RID
X-User-Agent
X-SS-Set-Cookie
X-XRDS-LOCATION
X-Mobile-Rewrite
Front-End-Https
X-Frontend
Rt-Fastcgi-Cache
X-Logged-In
Pagespeed
Eomportal-Instance
X-Cache-Rule
X-PressLabs-Stats
X-MSEdge-Ref
X-Whom
Server-Name
X-Newrelic-App-Data
Host
X-Forwarded-For
X-NWS-LOG-UUID
S
X-Hostname
X-VCache
X-Acc-Meta-Resource-Type
X-Cache-Hit
Tracecode
Liferay-Portal
Cache-Status
X-Debug
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
Arc-Version
X-UUID
X-AOL-HN
Server-Info
HitType
HitInfo
X-HS-Content-Id
X-Request-Processing-Time
X-Request-Received
X-FTR-Balancer
X-FTR-Cache-Status
Surrogate-Key
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-FTR-DC
Backend-Timing
X-Analytics
X-FTR-Expires
X-Webkit-Csp
FilterID
X-FTR-Realm
X-Wix-Server-Artifact-Id
X-Instance
X-Magnolia-Registration
TP-L2-Cache
Public-Key-Pins-Report-Only
TP-Cache
Refresh
X-Contextid
X-Rid
ServerID
X-Activity-Id
X-Az
X-Proxied
X-AppVersion
X-Correlation-Id
Edge-Cache-Tag
X-HS-Cache-Config
X-Srv
X-Content-Security-Policy-Report-Only
X-Varnish-Server
Service-Worker-Allowed
X-WPE-Loopback-Upstream-Addr
X-B3-Traceid
AMP-Access-Control-Allow-Source-Origin
X-HW
S-Cnection
X-Origin
X-Mobile
Cleartype
X-Revision
X-XRDS-Location
Served-By
Source
X-APP-VERSION
X-Varnish-Backend
X-Sucuri-ID
Fastly-Restarts
X-Amzn-Trace-Id
X-FTR-Cache-Host
X-Geo-Country
Powered-By-ChinaCache
X-App-Environment
X-TT
X-RateLimit-Remaining
X-Signature
X-Framework
X-B-Cache
X-Device-Type
X-PHP-Backend
X-Tumblr-Pixel
X-Hyper-Cache
X-Tumblr-User
X-Tumblr-Pixel-0
X-FB-Debug
X-Cache-Action
X-Cache-Config
X-Varnish-Hostname
Retry-After
X-Cache-Server
X-Cache-Operation
X-Origin-Upstream-Status
Server-Node
X-Cache-Control
Host-Header
X-BCube-Filmed-By
X-Hail-Hydra
X-Request-Guid
X-TT-TIMESTAMP
X-PC-Hit
X-PC-Key
X-Handled-By
X-PC-AppVer
X-Page-Id
Accept-Charset
X-Cache-2
MS-CV
X-ATG-Version
X-Ocache
DC
Actual-Object-TTL
X-WA-Info
X-ADI-VCache
X-Shield-Cache-Expires
X-Debug-Info
Cache
X-Origin-Server
X-URL
X-Daa-Tunnel
X-Content-Powered-By
X-PC-Date
X-PC-Host
X-HS-Combine-CSS
X-Accel-Expires
Upgrade-Insecure-Requests
NGB
SRV
Viewport
X-Cache-NE
X-LB-Cache
X-Microcachable
AsisCache
X-GeoIP
X-Cached-By
X-Sucuri-Cache
X-Generated-By
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Feature
Filters
X-Akamai-Edgescape
X-Jobs
X-Amz-Server-Side-Encryption
X-Accel-Buffering
ServedBy
X-RequestSource
X-Cacheable-TTL
X-Drupal-Cache-Tags
X-App-Server
X-Dns-Prefetch-Control
X-TX-ID
X-Seen-By
X-Wix-Request-Id
X-S
X-WebKit-CSP-Report-Only
X-Adobe-Content
X-Adobe-Loc
X-Cluster
X-Tumblr-Pixel-2
X-Locale
X-FW-Serve
X-FW-Type
X-FW-Server
Content-Style-Type
X-FW-Static
Content-Script-Type
X-Distil-CS
From-Origin
X-RTag
X-Tumblr-Pixel-1
X-Varnish-Hits
X-Varnish-IP
X-FW-Hash
X-Internal-Host
X-B3-Sampled
X-Cache-Age
Datacenter
X-Varnish-Cache-Hits
X-Akam-SW-Version
X-Geo
X-Cache-Remote
HostName
X-UA
X-GZip
X-Guploader-Uploadid
X-Storage
X-Edge-Cache
X-Edge-Cache-Key
X-Varnish-Grace
X-Node-Name
X-Platform-Server
X-ServedBy
X-CDN-Forward
X-Vg-Webcache
X-Akamai-Transformed
X-Cache-TTL-Remaining
X-Region
X-Kinja-Server-Push
X-Cache-Bucket
X-Mode
X-RateLimit-Limit
RATING
Country
Cache-Tag
X-Amz-Replication-Status
X-Distributor
X-EIG-Tracking-Id
X-Real-Ip
X-TA-CDN-Provider
X-NewRelic-App-Data
Load-Balancing
ServerName
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Proto
Ohc-File-Size
X-Agile
X-Agile-Age
X-Agile-Id
X-BB-IP
X-Source
Fastly-SSL
GEO-INFO
Mn-Server-Ip
X-Optimization
X-JoinUs
X-Is-Bot
X-MP-GENERATED-AT
X-Grey
X-BYPASS-REASON
X-Cache-Var-Map
X-Cache-Var
X-Cache-HT
X-Cache-Category-Id
X-ApacheServer
Cache-Name
Cache-Key
X-Detected-As
X-Debug-Cache
X-Akamai-Request-ID
Healthy
X-Rendered-As
Meta-Geo
X-Web-Node
X-Viewer-Country
X-Time-Microsecs
X-RN-RSRV
X-RemovedCookies
X-ProxyCache-Status
X-PERF
Machine
X-Path-Route
L5d-Success-Class
X-ProxyCache-Key
X-ProcessESI
X-Drupal-Cache-Contexts
X-Webstats-RespID
WP-Super-Cache
X-TWH-CORRELATION-ID
X-CCM
Cache-Hits
X-NCache
X-ServerID
X-Hit
X-Request-Time
Now
X-Ezoic-Cdn
Backend
X-Port
X-NodeID
X-Original-Request
X-PCL
X-Xfnlog-Site
X-Upgrade-Enabled
X-Labrador-Cache-Channel
X-OCL
Access-Control-Allow-Method
X-CDN-Cache
X-Cluster-Node
X-Generated
X-Human
Azure-RegionName
Azure-InstanceId
Azure-SiteName
Azure-SlotName
Property-Id
Azure-Version
X-CCM-LastModified
X-OVcl
X-Origin-Hint
X-Instance-Name
X-Hosted-By
X-OVcl-Cache
X-Proxy
X-Www-Served-By
X-Via-Fastly
X-Render-Type
X-Pubstack
X-FC-Vary-Parameters
X-Cache-Enabled
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
TWC-Locale-Group
TWC-Privacy
X-Amz-Meta-Surrogate-Control
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
S-Rt
X-Edge-Location
X-Timing-Wait
X-Proxy-Build
Selected-FE
X-Birta-Served
X-Format
X-IP
X-Birta-Cache-Post
X-Generation-Time
X-AWS-Id
X-Access
X-Nc
X-App-Name
X-LJ-Flow-ID
X-Backend-Name
X-Meta-Tbi-Cache-Vertical
X-TNCMS
X-Varnish-Cacheable
X-VWS-Id
X-Zipkin-Id
X-SplitTest
X-Site-Version
User-Cache-Control
X-Nginx-Cache
X-Routing-Service
X-Section
X-Loop
X-Surge-Debug
LB
DB-Nickname
X-Dc
Countrycode
X-Oneagent-Js-Injection
X-Newrelic-Synthetics
Fastcgi-Useragent
X-Real-IP
X-Origin-CC
Origin-Edge-Control
User-Agent
Origin-Cache-Control
X-Tumblr-Pixel-3
X-GUploader-UploadID
Payment
X-Environment-Context
RequestId
X-L-Path
X-Time
Xserver
X-Tb
X-UA-Device-Type
X-B3-Spanid
Ec-Rule-Version
X-B3-TraceId
X-Unique-ID
X-Skip-Cache
X-Servedby
X-DataStream-Cache-Status
X-Varnish-Beresp-Grace
X-NU-AKA-ACS-Version
X-Varnish-Beresp-Status
X-NGENIX-Cache
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
Access-Control-Request-Headers
X-Esi
X-WR-MODIFICATION
X-Be
NODE
X-Upstream-CT
X-Upstream-HT
X-Cache-Ttl
Webserver
X-Vgn-Hpd-Reason
X-Webkit-CSP
X-CACHE-AGE
X-EdgeConnect-Cache-Status
Time
Warning
X-CSRF-Token
X-Croise-Owner
X-Dynatrace
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Server-Time
X-CS
X-Var-Ttl
X-Cache-Host
Fly-Cache
X-D
Ajk
X-Cache-Id
X-Debug-Cookies
X-DPWN-IS-SECURE
X-Died
X-ElasticPress-Search
X-From
X-SRCache-Key
X-G
X-Generated-In
X-Cache-Backend
X-Debug-Log
X-Destination
X-Developer
X-B-Cookie
Fly-Request-Id
Cache-Prefix
X-A-Ccd
X-A-Dam
X-A
V-Age
T-Server
X-A-Dcw
X-A-Dgt
X-S-Cookie
X-ARC
X-Application
X-Fastcgi-Cache
X-A-Wwc
Resin-Trace
Request-Time
X-NX-Host
X-Logtrace-Id
X-Cache-Expires
Ws
X-Status
Mime-Version
IBM-Web2-Location
X-StackifyID
X-Yottaa-Sig
X-WebServer
Proxy-Connection
X-Dispatcher-Server
BehaviorPad-Version
X-Region-Sid
Fastcgi-X-Cache
X-PAYTM-SRV-ID
Fastcgi-X-Cache-Version
Apple-News-Services-Parsed-Url
Fastly-Soc-X-Request-Id
Apple-News-Services-Request-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-Planisys-CDN-Cache
AKAMAI
X-Public
X-Planisys-CDN-TTL
X-Cache-Time
X-Device-Os
X-Twitter-Response-Tags
X-Planisys-CDN-Rules
X-Hash
X-ND-Cache
X-UE-Client-Country
X-CF-Lambda-Fn
X-Server-Time
X-CF-Lambda-Version
X-Wix-Route-ID
X-SVT-ORM-VERSION
X-User
X-No-Session
X-We-Are-Hiring
X-Fastly-Cache
X-BBXSRF
X-Release
X-Transaction
X-VG-WebServer
X-Haproxy-Ip
X-Via-Edge
X-Via-CDN
Release
X-Haproxy-Hostname
X-BB-ID
X-Connection-Hash
Sta2Tusw
Meta-Geo-Continent
X-Amz-Meta-Cache-Control
Memcached
Host-ID
X-Fstrz
MD5-Digest
X-Request-URI
Viewtype
Xc-Version
Www
X-Server-By
X-Rewrite-Enabled
X-Trv-Group
X-SVT-ORM-RULES
VivaBuild
X-Rojux
Cneonction
X-TIME
UCS
X-Varnish-Beresp-Ttl
X-Sorting-Hat-PrivacyLevel
X-Sorting-Hat-Section
X-Sorting-Hat-ShopId-Cached
X-Sorting-Hat-PodId-Cached
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-S-Maxage
X-ShardId
X-ShopId
X-Shopify-Stage
X-Sorting-Hat-FeatureSet
X-Epic-Correlation-Id
Uber-Trace-Id
X-CGP
X-GeoIP-Country-Code
Server-Int
X-Gannett-Site-Version
Rendered-Blocks
Server-Host
X-Core-Value
NGX
X-F5-Cache
X-Cdn-Origin
X-Frame-Option
X-Cache-Debug
X-Cache-CFC
X-Amz-Meta-S3cmd-Attrs
X-Forwarded-Host
X-FireWall-Port
Pramga
Powered-By
X-Actual-URL
X-GeoIP-City
X-Eu-Site
HA-Geocity
HA-Geocountry
HA-Geolat
HA-Geolon
HA-Cloudapp
GW-Server
Drupal-Pagecache-Memcache
Fastly-SIE
Fastly-SWR
Origin
Odigeo-Trace-Id
HA-Urlpath
Heartbleed
IsBot
HA-Servedtime
HA-Ipaddr
HA-Georegion
Ha-Gx-Prefs
HA-Host
X-Via-NSCOPI
X-Returned-From-BeforeDispatch
Dnion-Transfer-Encoding
Version
X-Server-IP
X-Up
X-Passed-To-DLL
X-Wikidot-Backend
X-Passed-To-BeforeDispatch
Kp-EeAlive
X-Sn-Servicetimems
X-Returned-From-DLL
X-Passed-To-PostProcessResponse
X-Trace-Id
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Stale
X-Phone
X-Content-Type
X-Returned-From
X-SIPLIST1
X-UnsetCookies
Request-Country
X-Wikidot-Static-Cache
Request-EU
X-ScT
X-RCS-CacheZone
X-Hl-Ver
X-IN-APIGATEWAY
X-IN-WAF
X-IN-SSL-APIGATEWAY
X-Crawler
X-Passed-To
GMS-Ver
X-Returned-From-PostProcessResponse
Server-ID
X-Alternate-Cache-Key
X-Auto-Login
X-Secret
X-C
NnCoection
NtCoent-Length
X-Served-From
Thinkindot-CacheControl-Type
Thinkindot-Control
PFcat
X-GoCache-CacheStatus
Platform
Pragrma
X-Servername
X-Server-Group
Thinkindot-CacheControl
X-ServiceProvider
OT-Force-Account-Verify
X-Backend-TTL
X-Ckpd-Fst-Backend
X-Bug-Bounty
X-Worker
X-Cdn-Srv
X-VServer
X-Content-Age
X-Core-Mission
X-Env
X-Developers
X-Date
X-Accel-Expires-Debug
X-Fetched-On
X-Ver
X-TT-LOGID
X-Backend-Host
X-Thinkindot-L3
Who
X-Gen-Mode
X-Backend-State
On-Server
X-Cache-Srv
X-V
X-Block-Status
X-Backend-Url
Web-Mar-Node
MI-API
X-MSEdge-Features
X-Kong-Upstream-Latency
Cache-Cookie-Set-Lfrom
X-Location
X-Kong-Proxy-Latency
Cache-Cookie-Set-Idcheck
X-Info
Cache-Cookie-Set-From
X-Node-Id
CDCHOST
Ohc-Response-Time
X-Matched-Rule
Decoy-Debug-Key
Content-Disposition
Decoy-Debug-Status
Decoy-Debug-TTL
Fastly-Backend-Name
Country-Code
Esi-Enabled
Backend-Name
X-Origin-Date
Adler-Geo
X-Hnp-Log
X-MSEdge-Flight
X-Rocket-Nginx-Bypass
X-MI-In-Market
MI-Cache-Age
MI-Cache
HTTPS
Is-Eu
X-Origin-Expires
X-Response-By
X-Reboot
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Page-Type
X-Edge-IP
Httpd-Identifier
FSS-Cache
FSS-Proxy
Arc-Country
X-Varnish-HitMiss
X-Varnish-Id
X-Cache-URL
X-Thanos
X-Svr
X-Platform
REQUESTUUID
X-HCF
X-Refresh
X-Clientip
Cteonnt-Length
X-Bip
X-Cache-Control-Set-By
Cache-Provider
Brightspot-Id
X-Correlation-ID
X-Amz-Meta-S3b-Last-Modified
X-Req
X-Irp-Debug
WebServer
X-LiteSpeed-Cache-Control
X-CLOUD-TRACE-CONTEXT
Apicache-Version
Apicache-Store
X-P-T
X-Pjax-Url
X-LB-CacheStatus
Processtime
X-Varnish-Url
X-LB-Node
X-App-Version
X-Origin-TTL
PageType
Sid
X-ROOTCache
X-Pf-Uncompressing
X-Ruxit-Js-Agent
X-Ratelimit-Limit
X-From-Cache
X-Request-UUID
X-Request-Start
Accept-Ch
X-Ua
COMMERCE-SERVER-SOFTWARE
X-Endurance-Cache-Level
If-Modified-Since
Cdn
Pagetype
X-Ratelimit-Remaining
X-EC-Security-Audit
Dynatrace
X-DC
Memory
Geoip-City
X-Amz-Meta-Sha256
GeoIp-Country-Code
Geoip-Latitude
X-Varnish-Action
X-Load-Cache
X-Cache-ASPX
X-Fastly-Backend-Reqs
X-Layer
X-Cdn-Forward
SN
PICS-Label
BORDER-IP
PROCESSING-IP
X-GRACE
X-COUNTRY
X-Tid
Edgecast
X-Redis-Cache
Ar-Sid
X-ServedByHost
X-Varnish-Beresp-TTL
CF-IPCountry
X-GDPR
Frame-Options
X-RequestId
X-Rocket-Nginx-Serving-Static
X-NC
X-Atg-Version
X-Fastly-Cache-Hits
NodeID
X-Csrf-Token
X-Cache-Handler
X-Nananana
X-Resolver-IP
X-B3-SpanId
X-Key
X-Owner
X-NWS-UUID-VERIFY
MIME-Version
X-Cf-Powered-By
X-TId
X-Requestid
Pics-Label
X-Servedbyhost
Web-Mar-Region
X-Server-W
Cf-Ipcountry
Dont-Set-Cookie
CACHE
X-Flog
X-HTML-Minification-Powered-By
X-Sf
X-Rule
X-ABtesting
WZWS-RAY
X-BE
X-Sentry-ID
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
ProcessTime
Node
X-HS-Hub-Id
Get-Access-Time
X-Powered-By-ANYU
X-DataStream-Origin-MEX-Latency
X-FORWARDED-FOR
Lfy
X-DataStream-MidMile-RTT
GeoIP-Country-Code
We-Hiring
X-VG-WebCache
RNT-Machine
X-Wix-Petri-Ex
X-Cache-TTL
GeoIP-City
GeoIP-Latitude
RNT-Time
Mail-Subject
Is-Session-Tracking
PageSpeed
Max-Age
X-Dynatrace-Js-Agent
X-Varnish-Ttl
X-CDN-Pop
X-Shard
X-CDN-Pop-IP
CDN
X-Use-Magma
X-Mem
X-GEO
X-SRV
X-ByteArk-Cache
X-GZIP
XServer
Accept-CH
X-Cache-FS-Status
URI
Magicmarker
Powered
Cache-Tags
X-Ms-Blob-Type
X-Ms-Lease-Status
X-UPSTREAM-Address
X-Ms-Version
X-Ms-Request-Id
X-PF-Uncompressing
X-Powered-By-Defense
DataCenter
X-Check-Cacheable
X-Front
X-Unique-Id
X-Dw-Trace-Id
Amp-Access-Control-Allow-Source-Origin
X-Micro-Cache
X-Oa-Upstreams
X-Cookie
X-Fe
X-Varnish-URL
X-Remote-IP
X-Zalando-Page-Type
X-Trv-Request-Id
X-Zalando-Child-Request-Id
Group
Xet-Cookie
V-Cache
N-Cache
X-HGenerator
Rt-Proxy-Cache
X-Safe-Firewall
X-Varnish-ID
X-PARISIEN-Cache-Rendered
X-SB
X-PAGE-TYPE
X-VC
X-Proxy-Server
X-Aicache-OS
X-VarnPar2
RequestUuid
X-VarnCache
X-PJAX-URL
X-VarnPar1
X-NGINX-Cache
Hostname
Requestid
X-Gdpr
X-RAMCache
WS
SID
X-ProxyCache-Args
X-M-Reqid
X-Qnm-Cache
X-M-Log
X-Alicdn-Da-Ups-Status
WWW-Authenticate
X-Acquia-Application-Trace
X-Acquia-Application-UUID
CF-Cached-On
X-Hello
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Litespeed-Tag