Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Xss-Protection
X-Served-By
X-Varnish
X-Amz-Cf-Id
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
Alt-Svc
Status
X-AspNetMvc-Version
X-Cache-Status
X-DNS-Prefetch-Control
X-Check
X-Iinfo
X-FRAME-OPTIONS
X-Adblock-Key
X-CDN
Timing-Allow-Origin
X-Content-Security-Policy
X-Permitted-Cross-Domain-Policies
X-Turbo-Charged-By
P3p
X-Request-ID
Content-Encoding
X-Template
X-Language
Keep-Alive
X-Type
X-AH-Environment
CF-Ray
X-Via
X-Cache-Group
X-Backend
WPE-Backend
X-Pass-Why
X-Age
X-Buckets
X-Server
X-Nginx-Cache-Status
Access-Control-Max-Age
X-Server-Powered-By
X-Pingback
Xkey
X-Varnish-Cache
Grace
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Expose-Headers
X-Hacker
X-UA-Device
X-Amz-Request-Id
Cf-Railgun
X-Page-Speed
X-Amz-Id-2
X-Proxy-Cache
X-Robots-Tag
X-Envoy-Upstream-Service-Time
EagleId
X-LiteSpeed-Cache
Request-Context
X-Node
X-Ac
X-Device
X-Swift-CacheTime
X-Swift-SaveTime
X-Cnection
X-Host
Ali-Swift-Global-Savetime
Content-Location
X-Amz-Version-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Server-Id
Surrogate-Control
X-Backend-Server
X-OneAgent-JS-Injection
X-Cache-Lookup
X-Rack-Cache
X-Response-Time
X-Px
X-Instart-Request-ID
Request-Id
X-Readtime
Server-Timing
X-Rq
X-CST
X-Clacks-Overhead
Permitted-Cross-Domain-Policies
X-HeyJason
X-Do-Not-Hack
Pinterest-Generated-By
X-Ua-Compatible
X-Url
EagleEye-TraceId
Edge-Control
X-Cloud-Trace-Context
X-Application-Context
X-Country
X-MS-InvokeApp
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Report-To
X-Server-Name
Charset
SPRequestGuid
X-DynaTrace-JS-Agent
X-Country-Code
Allow
X-ESI
X-DataDome
X-SharePointHealthScore
X-Ruxit-JS-Agent
Rating
X-Varnish-TTL
X-TtlSet
X-Vname
X-PC
X-Cached
X-Powered-CMS
X-Powered-By-Plesk
X-Recruiting
X-CF-Powered-By
X-DynaTrace
X-FTR-Request-ID
X-Vhost
NEL
X-D2id
X-TTL
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
Public-Key-Pins
X-Pinterest-Rid
X-Upstream-Env
Pinterest-Version
X-Geo-Segment
X-Kinja-Revision
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Server
X-Kinja
X-Kinja-Build
X-F-Cache
X-Version
X-VARITI-CCR
X-T
X-N
Cartoon
X-GoogleNews-Bot
SPRequestDuration
SPIisLatency
X-Dw-Request-Base-Id
X-Mod-Pagespeed
MS-Author-Via
X-Abt-Application-Version
RTSS
Content-MD5
Nginx-Cache
X-Ttl
Verso
Feature-Policy
X-GitHub-Request-Id
X-Dispatcher
X-Navigation-Version
MicrosoftSharePointTeamServices
X-SRCache-Store-Status
AR-CACHE
AR-PoweredBy
AR-ATIME
X-SRCache-Fetch-Status
X-Goog-Hash
X-Client-IP
X-Amz-Rid
Realpath
X-Hits
X-Forwarded-Proto
X-Shield-Request-Id
X-Cdn
X-Origin-Cache
X-Trace
Paypal-Debug-Id
X-Server-ID
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Content-Options
X-Grace
X-Zen-Fury
X-Id
X-Content-Digest
X-Kinsta-Cache
TCN
DynaTrace
X-B
Arr-Disable-Session-Affinity
AR-SID
Alternate-Protocol
X-Varnish-Age
X-Cache-Key
X-Sol
Fastcgi-Cache
X-Upstream
X-Mrf-Item-Lastmod
MRF-Tech
X-Mrf-Section-Lastmod
Mrf-Cache-Status
Access-Control-Request-Method
X-Ser
Display
X-FastCGI-Cache
X-Middleton-Display
X-Pad
X-Fastly-Request-ID
X-Acc-Meta-Resource-Type
PB-PID
PB-RID
X-Mobile-Rewrite
X-NF-Request-ID
X-Nf-Srv-Version
X-Via-JSL
X-DIS-Request-ID
X-User-Agent
Response
X-Middleton-Response
X-Vcap-Request-Id
Pagespeed
X-Forwarded-For
Front-End-Https
Rt-Fastcgi-Cache
X-MSEdge-Ref
Eomportal-Instance
X-Cache-Rule
X-PressLabs-Stats
X-Frontend
X-IPLB-Instance
X-SS-Set-Cookie
X-Logged-In
X-Cache-Hit
Arc-Version
Server-Name
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-VCache
X-Whom
X-XRDS-LOCATION
X-Hostname
Host
Tracecode
Surrogate-Key
S
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-Expires
X-FTR-Backend
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Balancer
X-Request-Received
Cache-Status
X-Request-Processing-Time
X-Analytics
Backend-Timing
X-Debug
X-HS-Content-Id
X-AOL-HN
X-Instance
TP-L2-Cache
Refresh
TP-Cache
X-Magnolia-Registration
X-Contextid
X-Az
X-AppVersion
X-Rid
X-Activity-Id
X-Proxied
FilterID
ServerID
Public-Key-Pins-Report-Only
X-Srv
X-Wix-Server-Artifact-Id
X-XRDS-Location
Server-Info
HitType
X-UUID
X-HW
HitInfo
X-WPE-Loopback-Upstream-Addr
Cleartype
X-Newrelic-App-Data
X-B3-Traceid
Liferay-Portal
Service-Worker-Allowed
X-Mobile
X-Varnish-Server
X-Content-Security-Policy-Report-Only
X-FTR-Cache-Host
AMP-Access-Control-Allow-Source-Origin
X-Varnish-Backend
X-Correlation-Id
X-APP-VERSION
Served-By
X-Cache-Control
X-Revision
Source
X-Amzn-Trace-Id
X-Cache-Server
X-Geo-Country
X-PC-Hit
X-Litespeed-Cache
X-PC-Key
X-PHP-Backend
X-Request-Guid
X-PC-AppVer
X-Hail-Hydra
X-BCube-Filmed-By
Host-Header
Server-Node
X-App-Environment
Retry-After
X-TT
X-NWS-LOG-UUID
X-Tumblr-Pixel
X-Handled-By
X-Origin-Upstream-Status
X-Device-Type
MS-CV
Accept-Charset
X-Tumblr-User
X-Tumblr-Pixel-0
X-Varnish-Hostname
X-RateLimit-Remaining
X-Cache-Operation
X-Origin
DC
X-Cache-Config
X-Framework
X-URL
X-Cache-2
X-B-Cache
X-Page-Id
X-HS-Cache-Config
X-Signature
Edge-Cache-Tag
S-Cnection
Powered-By-ChinaCache
X-FB-Debug
Fastly-Restarts
X-Origin-Server
X-Cache-Action
X-TT-TIMESTAMP
X-Sucuri-ID
X-ATG-Version
X-Ocache
X-Debug-Info
Viewport
X-PC-Host
X-PC-Date
Actual-Object-TTL
X-Webkit-Csp
X-ADI-VCache
X-Shield-Cache-Expires
X-B3-Sampled
X-Hyper-Cache
X-WA-Info
NGB
X-Cached-By
X-Content-Powered-By
X-Microcachable
X-Accel-Expires
X-Drupal-Cache-Tags
X-NewRelic-App-Data
X-Akam-SW-Version
X-LB-Cache
Upgrade-Insecure-Requests
Filters
SRV
X-Cache-NE
AsisCache
X-Generated-By
X-Yottaa-Optimizations
ServedBy
X-App-Server
X-Yottaa-Metrics
X-Tumblr-Pixel-1
X-Distil-CS
X-FW-Server
X-S
X-WebKit-CSP-Report-Only
X-FW-Static
X-Tumblr-Pixel-2
X-FW-Type
X-FW-Hash
X-Cacheable-TTL
X-Locale
Cache
X-RequestSource
X-RTag
X-Internal-Host
X-FW-Serve
Content-Style-Type
X-Wix-Request-Id
X-Seen-By
Content-Script-Type
X-GeoIP
X-Accel-Buffering
X-Cluster
X-Jobs
X-Amz-Server-Side-Encryption
X-TX-ID
X-Varnish-Hits
X-Geo
From-Origin
X-Node-Name
X-Cache-Age
X-UA
X-Adobe-Loc
X-Adobe-Content
X-Akamai-Edgescape
X-Varnish-Grace
X-Sucuri-Cache
X-Varnish-Cache-Hits
X-Varnish-IP
X-RateLimit-Limit
X-Dns-Prefetch-Control
X-HS-Combine-CSS
X-Platform-Server
X-GZip
Datacenter
X-ServedBy
X-Cache-TTL-Remaining
X-Edge-Cache
X-Edge-Cache-Key
X-Storage
X-GUploader-UploadID
X-CDN-Forward
X-Vg-Webcache
X-Cache-Remote
Cache-Tag
X-Mode
X-Region
X-Akamai-Transformed
X-Drupal-Cache-Contexts
HostName
X-Daa-Tunnel
X-Amz-Replication-Status
X-Source
X-Real-IP
X-Distributor
X-Guploader-Uploadid
X-Kinja-Server-Push
Meta-Geo
X-Cache-Var-Map
Machine
Load-Balancing
X-Cache-Var
X-Detected-As
X-Is-Bot
X-Rendered-As
X-MP-GENERATED-AT
X-ProcessESI
X-RemovedCookies
X-RN-RSRV
X-Path-Route
Fastly-SSL
X-Amz-Apigw-Id
ServerName
X-Agile
X-Amzn-RequestId
X-Agile-Age
X-NCache
X-Agile-Id
X-TWH-CORRELATION-ID
X-Akamai-Request-ID
Cache-Key
X-PCL
X-Time-Microsecs
X-Web-Node
X-Grey
X-Cache-Category-Id
X-Viewer-Country
X-BB-IP
X-Upgrade-Enabled
X-PERF
X-NodeID
X-OCL
X-Webstats-RespID
X-CDN-Cache
X-ApacheServer
Mn-Server-Ip
GEO-INFO
Azure-Version
X-Cluster-Node
X-Human
Azure-SlotName
Azure-SiteName
X-Amz-Meta-Surrogate-Control
X-Via-Fastly
X-Debug-Cache
Azure-InstanceId
Cache-Name
Azure-RegionName
X-Cache-HT
X-FC-Vary-Parameters
S-Rt
X-Optimization
X-Original-Request
X-ServerID
Country
Ohc-File-Size
X-Instance-Name
X-Proto
X-Pubstack
X-ProxyCache-Key
X-ProxyCache-Status
X-OVcl-Cache
Backend
X-BYPASS-REASON
X-EIG-Tracking-Id
X-OVcl
X-Proxy
X-Edge-Location
L5d-Success-Class
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-Connection-Speed
TWC-GeoIP-Country
TWC-Locale-Group
Webcakes-App-Version
User-Cache-Control
TWC-Privacy
X-Access
Webcakes-Region
Webcakes-App-Name
X-CCM-LastModified
X-Routing-Service
X-Origin-Hint
X-Varnish-Cacheable
X-Section
X-Site-Version
X-Hosted-By
X-Port
X-IP
X-Labrador-Cache-Channel
X-LJ-Flow-ID
X-Meta-Tbi-Cache-Vertical
X-SplitTest
Now
X-VWS-Id
X-Birta-Served
X-Birta-Cache-Post
X-AWS-Id
X-CCM
X-Www-Served-By
X-Zipkin-Id
X-Xfnlog-Site
X-Generation-Time
X-Format
X-App-Name
Healthy
X-CLOUD-TRACE-CONTEXT
DB-Nickname
LB
Property-Id
Fastcgi-Useragent
Cache-Hits
User-Agent
X-Backend-Name
X-TNCMS
X-Loop
X-Request-Time
X-JoinUs
Access-Control-Allow-Method
Selected-FE
X-Time
Countrycode
X-Surge-Debug
X-Generated
RATING
X-Proxy-Build
X-Timing-Wait
X-Esi
X-Tb
X-Dc
X-Tumblr-Pixel-3
Payment
X-Real-Ip
X-Cache-Bucket
X-Ezoic-Cdn
Ec-Rule-Version
X-Hit
X-Origin-CC
X-Render-Type
X-TA-CDN-Provider
X-Cache-Enabled
X-Nc
X-DataStream-Cache-Status
X-Oracle-Dms-Rid
X-Oneagent-Js-Injection
WP-Super-Cache
X-B3-TraceId
X-Oracle-Dms-Ecid
X-Feature
X-Newrelic-Synthetics
X-Nginx-Cache
Origin-Edge-Control
Origin-Cache-Control
X-Unique-ID
X-L-Path
X-B3-Spanid
X-Environment-Context
X-UA-Device-Type
X-Servedby
RequestId
X-Varnish-Beresp-Grace
Xserver
X-Varnish-Beresp-Status
X-NU-AKA-ACS-Version
X-Skip-Cache
NODE
X-NGENIX-Cache
X-Correlation-ID
Access-Control-Request-Headers
X-WR-MODIFICATION
X-CACHE-AGE
X-Content-Type
X-Status
X-ElasticPress-Search
X-Be
X-Cache-Backend
X-Vgn-Hpd-Reason
X-EdgeConnect-Cache-Status
Time
Warning
Webserver
Ws
X-Upstream-CT
X-Upstream-HT
Apple-News-Services-Request-Url
X-Died
X-Developer
X-Fastly-Cache
X-DPWN-IS-SECURE
BehaviorPad-Version
Cache-Prefix
Apple-News-Services-Host
X-Haproxy-Hostname
X-Destination
X-Logtrace-Id
Apicache-Version
X-User
Apicache-Store
X-Generated-In
X-G
X-ND-Cache
X-No-Session
Apple-News-Services-Handled
AKAMAI
X-From
Ajk
Apple-News-Services-Parsed-Url
X-Date
X-A-Wwc
X-A-Dgt
X-A-Dcw
X-Accel-Expires-Debug
X-Amz-Meta-Cache-Control
X-Application
Meta-Geo-Continent
X-A-Dam
X-A-Ccd
Resin-Trace
Sta2Tusw
T-Server
Viewtype
VivaBuild
X-A
Www
Memcached
MD5-Digest
X-Connection-Hash
GMS-Ver
X-CF-Lambda-Version
X-D
Fly-Request-Id
Fastcgi-X-Cache-Version
Fly-Cache
X-CF-Lambda-Fn
X-Cache-Id
X-B-Cookie
X-ARC
X-BB-ID
X-BBXSRF
X-Cache-Host
Host-ID
Fastcgi-X-Cache
X-Haproxy-Ip
X-Rewrite-Enabled
X-S-Cookie
X-Server-By
X-Server-Time
X-Region-Sid
X-Wix-Route-ID
X-Planisys-CDN-TTL
X-Public
Xc-Version
X-We-Are-Hiring
X-SRCache-Key
X-VG-WebServer
X-Trv-Group
X-Twitter-Response-Tags
X-Via-CDN
X-Transaction
X-SVT-ORM-RULES
X-Via-Edge
X-SVT-ORM-VERSION
X-Planisys-CDN-Rules
X-Rojux
X-PAYTM-SRV-ID
X-Planisys-CDN-Cache
X-Webkit-CSP
IBM-Web2-Location
X-GoCache-CacheStatus
X-Cache-Ttl
Fastly-SWR
Origin
X-CS
X-Wikidot-Backend
Fastly-Soc-X-Request-Id
IsBot
X-Var-Ttl
X-Wikidot-Static-Cache
X-Debug-Cookies
Fastly-SIE
X-Croise-Owner
X-ScT
X-Cache-Expires
X-Phone
X-Cache-CFC
X-Sn-Servicetimems
X-SIPLIST1
X-Cache-Time
X-Cdn-Origin
X-Trace-Id
X-NX-Host
Odigeo-Trace-Id
X-IN-APIGATEWAY
NGX
X-Core-Value
X-Debug-Log
X-Rebelmouse-Surrogate-Control
X-FireWall-Port
Uber-Trace-Id
Server-Int
UCS
X-Forwarded-Host
X-Frame-Option
X-IN-SSL-APIGATEWAY
X-IN-WAF
X-Fstrz
X-Up
V-Age
X-Rebelmouse-Cache-Control
Rendered-Blocks
Release
Request-Time
X-Request-URI
X-F5-Cache
X-C
X-Passed-To-PostProcessResponse
X-VServer
X-V
X-Amz-Meta-S3cmd-Attrs
X-Stale
X-Backend-Host
Thinkindot-Control
Who
Thinkindot-CacheControl-Type
X-UnsetCookies
X-Passed-To-DLL
X-Thinkindot-L3
X-TT-LOGID
X-Passed-To
Web-Mar-Node
X-Node-Id
X-UE-Client-Country
X-Via-NSCOPI
X-Passed-To-BeforeDispatch
X-Rocket-Nginx-Bypass
X-Server-Group
X-Edge-IP
X-Env
X-Epic-Correlation-Id
X-Returned-From
X-Dispatcher-Server
X-Developers
X-Device-Os
X-Returned-From-BeforeDispatch
X-Eu-Site
X-Location
X-RCS-CacheZone
X-Gen-Mode
X-GeoIP-City
X-Reboot
X-Auto-Login
X-Worker
X-Hnp-Log
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-Block-Status
X-Bug-Bounty
X-Cache-Debug
X-Hl-Ver
X-Servername
X-Backend-TTL
X-Backend-Url
X-ServiceProvider
X-Server-IP
X-Cdn-Srv
X-WebServer
X-MI-In-Market
X-Matched-Rule
X-Ckpd-Fst-Backend
X-Served-From
X-GeoIP-Country-Code
X-CGP
X-Backend-State
X-Actual-URL
HA-Georegion
Ha-Gx-Prefs
HA-Geolon
HA-Geolat
HA-Geocity
HA-Geocountry
HA-Host
HA-Ipaddr
Httpd-Identifier
HTTPS
Heartbleed
HA-Urlpath
HA-Servedtime
HA-Cloudapp
GW-Server
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
OT-Force-Account-Verify
Thinkindot-CacheControl
Cneonction
CDCHOST
Content-Disposition
Esi-Enabled
Fastly-Backend-Name
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
Is-Eu
Adler-Geo
Powered-By
On-Server
Ohc-Response-Time
Pragrma
Pramga
Server-Host
Proxy-Connection
MI-Cache-Age
Platform
MI-Cache
Mime-Version
X-HS-Hub-Id
X-Bip
X-Cache-Control-Set-By
X-Shopify-Stage
X-Response-By
X-Ver
X-Varnish-Beresp-Ttl
X-ShopId
X-Fetched-On
X-HCF
X-S-Maxage
X-Crawler
X-Clientip
X-ShardId
X-Varnish-Id
X-Info
X-MSEdge-Features
X-Sorting-Hat-ShopId
X-Sorting-Hat-ShopId-Cached
X-Sorting-Hat-Section
X-Sorting-Hat-PodId
X-Release
X-Sorting-Hat-PrivacyLevel
X-Sorting-Hat-FeatureSet
X-Page-Type
X-Sorting-Hat-PodId-Cached
Server-ID
X-MSEdge-Flight
X-Origin-Date
Backend-Name
X-Origin-Expires
NtCoent-Length
X-Hash
X-Alternate-Cache-Key
MI-API
Kp-EeAlive
X-Platform
X-Cache-Srv
X-Core-Mission
PFcat
X-Thanos
X-Content-Age
Request-Country
X-Varnish-HitMiss
Request-EU
REQUESTUUID
NnCoection
X-StackifyID
X-Cache-URL
X-Secret
X-Svr
X-Fastcgi-Cache
X-Refresh
Country-Code
X-Gannett-Site-Version
Drupal-Pagecache-Memcache
X-App-Version
X-TIME
Cache-Provider
X-P-T
X-Amz-Meta-S3b-Last-Modified
X-Req
Processtime
X-COUNTRY
Dnion-Transfer-Encoding
X-Pjax-Url
Version
X-Origin-TTL
Ar-Sid
Accept-Ch
X-Cache-ASPX
X-Amz-Meta-Sha256
X-Pf-Uncompressing
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Request-Id
Memory
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
Pagetype
X-Csrf-Token
WebServer
X-EC-Security-Audit
X-From-Cache
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Varnish-Url
X-Yottaa-Sig
Cteonnt-Length
SN
FSS-Cache
FSS-Proxy
X-LiteSpeed-Cache-Control
Arc-Country
X-CSRF-Token
X-Ruxit-Js-Agent
PageType
Brightspot-Id
X-Irp-Debug
Geoip-City
Geoip-Latitude
GeoIp-Country-Code
X-NC
X-Wix-Petri-Ex
X-Cache-Handler
X-Ua
Dont-Set-Cookie
X-Rule
X-LB-Node
Cdn
X-LB-CacheStatus
X-Cdn-Forward
X-DC
X-Request-Start
X-Load-Cache
X-ROOTCache
X-Redis-Cache
X-Varnish-Beresp-TTL
If-Modified-Since
Sid
PICS-Label
COMMERCE-SERVER-SOFTWARE
X-Ratelimit-Remaining
Edgecast
CF-IPCountry
X-Request-UUID
X-Endurance-Cache-Level
X-SERVER-NAME
X-Fastly-Backend-Reqs
MIME-Version
PROCESSING-IP
BORDER-IP
X-GRACE
X-Dynatrace-Js-Agent
X-Varnish-Action
X-TId
X-Sf
X-GDPR
X-ServedByHost
X-Requestid
X-Ratelimit-Limit
X-Tid
RNT-Machine
X-Layer
RNT-Time
X-B3-SpanId
X-Atg-Version
X-Servedbyhost
X-RequestId
X-Dynatrace
X-BE
XServer
X-Resolver-IP
Frame-Options
X-Rocket-Nginx-Serving-Static
X-Nananana
X-Fastly-Cache-Hits
Pics-Label
Powered
Cf-Ipcountry
Cache-Tags
NodeID
Amp-Access-Control-Allow-Source-Origin
X-Cache-TTL
Node
CDN
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
CACHE
X-Key
X-Owner
X-VG-WebCache
X-Tec-Api-Origin
Dynatrace
X-Tec-Api-Root
X-Tec-Api-Version
Mail-Subject
We-Hiring
X-Server-W
X-HTML-Minification-Powered-By
PageSpeed
Web-Mar-Region
GeoIP-Latitude
GeoIP-Country-Code
GeoIP-City
X-Varnish-Ttl
X-Gdpr
X-Shard
X-Use-Magma
Lfy
X-ABtesting
X-UPSTREAM-Address
X-Flog
X-Sentry-ID
ProcessTime
DataCenter
X-GZIP
X-Varnish-URL
Accept-CH
X-Powered-By-ANYU
WZWS-RAY
X-PF-Uncompressing
X-Ms-Blob-Type
X-Ms-Lease-Status
X-Ms-Request-Id
X-Ms-Version
Hostname
X-Aicache-OS
X-CDN-Pop
X-GEO
Is-Session-Tracking
X-Unique-Id
X-CDN-Pop-IP
Get-Access-Time
Max-Age
URI
X-Alicdn-Da-Ups-Status
Xet-Cookie
X-NGINX-Cache
X-NWS-UUID-VERIFY
X-Dw-Trace-Id
X-Edge-Server
X-Oa-Upstreams
X-PJAX-URL
X-Trv-Request-Id
X-Check-Cacheable
X-Mem
Cdn-Host
Cdn-Request-Time
X-Cookie
X-VG-TLSProxy
True-Client-Country-4JS
X-Ms-Lease-State
X-Varnish-ID
Requestid
X-PAGE-TYPE
RequestUuid
X-Powered-By-Defense
X-Front
X-Policy
X-Swa-Ws
X-Cache-FS-Status
X-Remote-IP
X-DSS
X-DW
X-RPS
GEO-REGION-INFO
Rt-Proxy-Cache
X-VID
X-RSL
X-DI
X-RPM
X-RAMCache
X-Acquia-Application-Trace
X-Proxy-Server
CF-Cached-On
X-Acquia-Application-UUID
X-Akamai-ERRuleID
X-Hello
Magicmarker
X-Litespeed-Tag
X-Fe
X-Litespeed-Cache-Control
WS
X-Akamai-ERPolicy
SID
X-DB