Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
X-Xss-Protection
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
Alt-Svc
Status
X-AspNetMvc-Version
X-Cache-Status
X-Check
X-DNS-Prefetch-Control
X-Iinfo
X-FRAME-OPTIONS
X-Adblock-Key
X-CDN
Timing-Allow-Origin
X-Content-Security-Policy
X-Permitted-Cross-Domain-Policies
X-Turbo-Charged-By
P3p
Content-Encoding
X-Template
X-Language
Keep-Alive
X-Type
CF-Ray
X-AH-Environment
X-Via
X-Request-ID
X-Cache-Group
X-Backend
WPE-Backend
X-Pass-Why
X-Age
X-Buckets
X-Server
X-Nginx-Cache-Status
Access-Control-Max-Age
X-Server-Powered-By
X-Pingback
Xkey
X-Varnish-Cache
Grace
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Expose-Headers
X-Hacker
X-UA-Device
X-Amz-Request-Id
X-Page-Speed
Cf-Railgun
X-Amz-Id-2
X-Proxy-Cache
X-Robots-Tag
X-Envoy-Upstream-Service-Time
EagleId
X-LiteSpeed-Cache
Request-Context
X-Node
X-Ac
X-Device
X-Swift-CacheTime
X-Swift-SaveTime
X-Cnection
X-Host
Ali-Swift-Global-Savetime
Content-Location
X-Amz-Version-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Server-Id
Surrogate-Control
X-Backend-Server
X-OneAgent-JS-Injection
X-Cache-Lookup
X-Rack-Cache
X-Response-Time
X-Px
X-Instart-Request-ID
Request-Id
Server-Timing
X-Readtime
X-Rq
X-CST
X-Clacks-Overhead
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
X-HeyJason
Pinterest-Generated-By
X-Ua-Compatible
X-Url
EagleEye-TraceId
Edge-Control
X-Cloud-Trace-Context
X-Application-Context
X-Country
X-MS-InvokeApp
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Report-To
X-Server-Name
Charset
SPRequestGuid
X-Country-Code
X-DynaTrace-JS-Agent
Allow
X-ESI
X-SharePointHealthScore
X-DataDome
X-Ruxit-JS-Agent
Rating
X-Varnish-TTL
X-TtlSet
X-Vname
X-PC
X-Cached
X-Powered-CMS
X-Powered-By-Plesk
X-Recruiting
X-CF-Powered-By
X-FTR-Request-ID
X-DynaTrace
X-Vhost
NEL
X-D2id
X-TTL
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
Public-Key-Pins
X-Upstream-Env
Pinterest-Version
X-Pinterest-Rid
X-Cdn-Fetch
X-Exp-Id
X-Geo-Segment
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-Kinja-Server
X-F-Cache
X-Version
X-VARITI-CCR
X-T
X-N
X-GoogleNews-Bot
Cartoon
SPIisLatency
SPRequestDuration
X-Dw-Request-Base-Id
X-Mod-Pagespeed
MS-Author-Via
X-Abt-Application-Version
Content-MD5
RTSS
Nginx-Cache
Feature-Policy
X-Ttl
Verso
X-GitHub-Request-Id
X-Dispatcher
X-Navigation-Version
MicrosoftSharePointTeamServices
AR-ATIME
AR-CACHE
X-SRCache-Fetch-Status
X-SRCache-Store-Status
AR-PoweredBy
X-Goog-Hash
X-Client-IP
X-Amz-Rid
Realpath
X-Hits
X-Forwarded-Proto
X-Shield-Request-Id
X-Cdn
X-Origin-Cache
X-Trace
Paypal-Debug-Id
X-Server-ID
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Content-Options
X-Id
X-Zen-Fury
X-Content-Digest
X-Grace
X-Kinsta-Cache
TCN
DynaTrace
X-B
Arr-Disable-Session-Affinity
AR-SID
Alternate-Protocol
X-Varnish-Age
X-Cache-Key
Fastcgi-Cache
X-Sol
X-Upstream
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Mrf-Cache-Status
MRF-Tech
Access-Control-Request-Method
X-Ser
X-Pad
Display
X-Middleton-Display
X-FastCGI-Cache
X-Fastly-Request-ID
X-Acc-Meta-Resource-Type
PB-RID
PB-PID
X-Mobile-Rewrite
X-Nf-Srv-Version
X-NF-Request-ID
X-Via-JSL
X-DIS-Request-ID
Response
X-User-Agent
X-Middleton-Response
X-Dns-Prefetch-Control
X-Vcap-Request-Id
Pagespeed
X-Forwarded-For
Rt-Fastcgi-Cache
X-MSEdge-Ref
Front-End-Https
X-Cache-Rule
Eomportal-Instance
X-PressLabs-Stats
X-Frontend
X-IPLB-Instance
X-SS-Set-Cookie
X-Logged-In
X-Cache-Hit
Arc-Version
Server-Name
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-VCache
X-Goog-Stored-Content-Encoding
X-Whom
X-XRDS-LOCATION
X-Hostname
Host
Tracecode
Surrogate-Key
S
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-Expires
X-FTR-DC
Cache-Status
X-Request-Processing-Time
X-Request-Received
X-Analytics
Backend-Timing
X-Debug
X-HS-Content-Id
X-AOL-HN
TP-L2-Cache
Refresh
X-Instance
TP-Cache
X-Contextid
X-Magnolia-Registration
X-AppVersion
X-Az
X-Rid
X-Activity-Id
X-Proxied
FilterID
Public-Key-Pins-Report-Only
ServerID
X-Wix-Server-Artifact-Id
X-Srv
X-XRDS-Location
X-UUID
HitType
HitInfo
X-HW
Server-Info
X-WPE-Loopback-Upstream-Addr
Cleartype
X-Newrelic-App-Data
X-B3-Traceid
Liferay-Portal
Service-Worker-Allowed
X-Content-Security-Policy-Report-Only
X-Varnish-Server
X-Mobile
X-FTR-Cache-Host
AMP-Access-Control-Allow-Source-Origin
X-Varnish-Backend
Served-By
X-APP-VERSION
X-Correlation-Id
X-Cache-Control
X-Revision
X-Cache-Server
X-Amzn-Trace-Id
Source
X-Geo-Country
X-PC-AppVer
Server-Node
X-TT
X-Hail-Hydra
X-App-Environment
X-PC-Key
X-Litespeed-Cache
X-PHP-Backend
X-BCube-Filmed-By
Retry-After
X-Request-Guid
X-PC-Hit
Host-Header
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Device-Type
X-Origin-Upstream-Status
X-Varnish-Hostname
Accept-Charset
MS-CV
X-NWS-LOG-UUID
X-Handled-By
DC
X-RateLimit-Remaining
X-Cache-Config
X-Origin
X-Framework
X-Cache-Operation
X-HS-Cache-Config
Edge-Cache-Tag
X-Cache-2
X-Page-Id
X-URL
X-B-Cache
X-Signature
Powered-By-ChinaCache
S-Cnection
X-FB-Debug
Fastly-Restarts
X-Origin-Server
X-Cache-Action
X-TT-TIMESTAMP
X-Sucuri-ID
X-Ocache
X-Debug-Info
X-ATG-Version
Viewport
X-PC-Date
X-PC-Host
Actual-Object-TTL
X-Webkit-Csp
X-ADI-VCache
X-B3-Sampled
X-Shield-Cache-Expires
X-Hyper-Cache
X-WA-Info
X-Cached-By
NGB
X-Content-Powered-By
X-Microcachable
X-Accel-Expires
X-Akam-SW-Version
X-Drupal-Cache-Tags
X-LB-Cache
X-NewRelic-App-Data
Upgrade-Insecure-Requests
X-Cache-NE
Filters
AsisCache
SRV
X-Generated-By
ServedBy
X-Yottaa-Metrics
X-App-Server
X-Yottaa-Optimizations
X-Cacheable-TTL
X-FW-Serve
X-WebKit-CSP-Report-Only
X-Tumblr-Pixel-1
X-FW-Server
X-Distil-CS
X-Tumblr-Pixel-2
X-FW-Hash
Cache
X-RequestSource
X-Internal-Host
X-FW-Static
X-Locale
X-RTag
X-S
X-FW-Type
X-Seen-By
Content-Script-Type
X-Wix-Request-Id
Content-Style-Type
X-GeoIP
X-Jobs
X-TX-ID
X-Amz-Server-Side-Encryption
X-Accel-Buffering
X-Cluster
X-Varnish-Hits
X-Node-Name
X-Geo
From-Origin
X-Cache-Age
X-Varnish-Cache-Hits
X-Varnish-Grace
X-Adobe-Content
X-Varnish-IP
X-Adobe-Loc
X-UA
X-Sucuri-Cache
X-Akamai-Edgescape
X-RateLimit-Limit
Datacenter
X-Platform-Server
X-HS-Combine-CSS
X-GZip
X-ServedBy
X-Cache-TTL-Remaining
X-Edge-Cache-Key
X-Edge-Cache
X-CDN-Forward
X-GUploader-UploadID
X-Vg-Webcache
X-Storage
Cache-Tag
X-Cache-Remote
X-Akamai-Transformed
X-Mode
X-Region
HostName
X-Drupal-Cache-Contexts
X-Daa-Tunnel
X-Amz-Replication-Status
X-Guploader-Uploadid
X-Real-IP
X-Source
X-Distributor
X-Kinja-Server-Push
X-RemovedCookies
X-Path-Route
Load-Balancing
X-Is-Bot
X-RN-RSRV
X-ProcessESI
X-MP-GENERATED-AT
Machine
X-Rendered-As
X-Detected-As
X-Cache-Var-Map
X-Cache-Var
Meta-Geo
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Agile
X-Agile-Age
ServerName
Fastly-SSL
X-NCache
X-Agile-Id
X-Akamai-Request-ID
X-CDN-Cache
X-Time-Microsecs
X-TWH-CORRELATION-ID
X-BB-IP
X-Cache-Category-Id
X-PCL
X-ApacheServer
X-OCL
X-PERF
X-Grey
X-Viewer-Country
GEO-INFO
X-Web-Node
X-Webstats-RespID
Mn-Server-Ip
X-Upgrade-Enabled
Cache-Key
X-NodeID
Azure-RegionName
Azure-InstanceId
Ohc-File-Size
S-Rt
X-Cluster-Node
X-Cache-HT
L5d-Success-Class
Backend
Azure-SlotName
X-Pubstack
Cache-Name
Azure-SiteName
X-Amz-Meta-Surrogate-Control
Azure-Version
X-Debug-Cache
X-ProxyCache-Key
X-Proxy
X-Edge-Location
X-Via-Fastly
X-Human
X-ProxyCache-Status
X-Optimization
Country
X-ServerID
X-FC-Vary-Parameters
X-BYPASS-REASON
X-Proto
X-EIG-Tracking-Id
X-Instance-Name
X-Original-Request
X-OVcl-Cache
X-OVcl
User-Cache-Control
Webcakes-App-Version
Webcakes-App-Name
TWC-Privacy
X-Hosted-By
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
X-Www-Served-By
TWC-Locale-Group
X-Xfnlog-Site
Webcakes-Region
X-VWS-Id
X-Routing-Service
X-Varnish-Cacheable
X-LJ-Flow-ID
X-SplitTest
X-Birta-Cache-Post
X-Section
X-AWS-Id
X-Birta-Served
X-Site-Version
X-CCM-LastModified
X-CCM
X-Format
X-App-Name
X-Generation-Time
Now
X-Zipkin-Id
X-IP
X-Labrador-Cache-Channel
X-Port
Property-Id
X-Meta-Tbi-Cache-Vertical
X-Origin-Hint
X-Access
Healthy
X-CLOUD-TRACE-CONTEXT
DB-Nickname
LB
X-TNCMS
Cache-Hits
User-Agent
X-Backend-Name
X-Loop
Fastcgi-Useragent
X-Request-Time
Access-Control-Allow-Method
X-JoinUs
Countrycode
X-Surge-Debug
Selected-FE
X-Generated
X-Time
RATING
X-Proxy-Build
X-Timing-Wait
X-Dc
X-Tb
Payment
X-Tumblr-Pixel-3
X-Esi
X-Cache-Bucket
X-Real-Ip
Ec-Rule-Version
X-Ezoic-Cdn
X-Hit
X-Origin-CC
X-Render-Type
X-TA-CDN-Provider
X-Nc
X-Cache-Enabled
X-B3-TraceId
WP-Super-Cache
X-Oneagent-Js-Injection
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-DataStream-Cache-Status
X-Feature
X-Newrelic-Synthetics
X-Nginx-Cache
Origin-Edge-Control
Origin-Cache-Control
X-Unique-ID
X-Environment-Context
X-L-Path
X-B3-Spanid
X-UA-Device-Type
RequestId
X-Servedby
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
Xserver
X-NU-AKA-ACS-Version
X-Ah-Environment
X-Skip-Cache
NODE
X-Correlation-ID
X-NGENIX-Cache
Access-Control-Request-Headers
X-CACHE-AGE
X-WR-MODIFICATION
X-Content-Type
X-Status
X-Cache-Backend
X-ElasticPress-Search
X-Be
X-Vgn-Hpd-Reason
X-EdgeConnect-Cache-Status
Warning
Webserver
X-Upstream-HT
Time
X-Upstream-CT
Ws
X-Died
X-Developer
X-Fastly-Cache
X-DPWN-IS-SECURE
Apple-News-Services-Request-Url
BehaviorPad-Version
Cache-Prefix
Apple-News-Services-Host
X-Destination
X-Generated-In
X-Haproxy-Hostname
X-Logtrace-Id
Apicache-Store
Apicache-Version
X-G
X-From
X-ND-Cache
X-No-Session
Apple-News-Services-Handled
AKAMAI
Ajk
Apple-News-Services-Parsed-Url
Fly-Request-Id
X-A-Wwc
X-A-Dgt
X-A-Dcw
X-Accel-Expires-Debug
X-Amz-Meta-Cache-Control
Meta-Geo-Continent
X-Application
X-A-Dam
X-A-Ccd
Viewtype
Sta2Tusw
T-Server
Resin-Trace
VivaBuild
X-A
Www
X-ARC
Memcached
X-D
X-Connection-Hash
GMS-Ver
X-Date
Fly-Cache
Fastcgi-X-Cache-Version
Fastly-Soc-X-Request-Id
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-BB-ID
X-B-Cookie
MD5-Digest
X-BBXSRF
Host-ID
X-Cache-Id
X-Cache-Host
Fastcgi-X-Cache
X-Haproxy-Ip
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-SRCache-Key
X-Public
X-Planisys-CDN-TTL
X-Transaction
X-Planisys-CDN-Rules
X-We-Are-Hiring
X-Server-Time
X-S-Cookie
X-Rojux
X-Rewrite-Enabled
X-Region-Sid
X-Server-By
Xc-Version
X-Wix-Route-ID
X-Via-CDN
X-Via-Edge
X-Trv-Group
X-Planisys-CDN-Cache
X-PAYTM-SRV-ID
X-VG-WebServer
X-User
X-Twitter-Response-Tags
IBM-Web2-Location
X-Webkit-CSP
X-Cache-Ttl
X-GoCache-CacheStatus
X-Wikidot-Static-Cache
X-Croise-Owner
X-Core-Value
Server-Int
UCS
X-CS
X-Up
V-Age
Fastly-SWR
Uber-Trace-Id
Fastly-SIE
X-Debug-Cookies
X-ScT
Release
NGX
X-Debug-Log
Odigeo-Trace-Id
X-Var-Ttl
Origin
X-Trace-Id
X-Sn-Servicetimems
IsBot
X-Cache-Time
Request-Time
Rendered-Blocks
X-Cache-Expires
X-SIPLIST1
X-Cache-CFC
X-Cdn-Origin
X-Wikidot-Backend
X-Frame-Option
X-Request-URI
X-Forwarded-Host
X-FireWall-Port
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Fstrz
X-Phone
X-NX-Host
X-IN-WAF
X-IN-SSL-APIGATEWAY
X-IN-APIGATEWAY
X-F5-Cache
X-C
X-Hnp-Log
X-Device-Os
X-Location
X-Matched-Rule
X-TT-LOGID
X-MI-In-Market
X-Returned-From-BeforeDispatch
X-Dispatcher-Server
X-Gen-Mode
X-Amz-Meta-S3cmd-Attrs
X-GeoIP-City
X-GeoIP-Country-Code
X-Thinkindot-L3
X-Developers
Thinkindot-Control
X-Passed-To-BeforeDispatch
X-Via-NSCOPI
X-Node-Id
X-Rocket-Nginx-Bypass
X-Passed-To
X-Returned-From-DLL
X-V
X-UnsetCookies
Who
X-Passed-To-PostProcessResponse
Web-Mar-Node
X-Passed-To-DLL
X-UE-Client-Country
X-RCS-CacheZone
X-VServer
X-Hl-Ver
X-Auto-Login
X-Reboot
X-Eu-Site
X-Epic-Correlation-Id
X-Cache-Debug
X-Worker
X-Cdn-Srv
X-Ckpd-Fst-Backend
X-Content-Age
X-CGP
X-Server-Group
X-Server-IP
X-Bug-Bounty
X-Servername
X-Edge-IP
X-Backend-Host
X-WebServer
X-Stale
X-Returned-From
X-Backend-State
X-Returned-From-PostProcessResponse
X-ServiceProvider
X-Block-Status
X-Env
X-Backend-Url
X-Backend-TTL
X-Served-From
X-Actual-URL
HA-Geolon
HA-Georegion
HA-Geolat
HA-Geocountry
HA-Cloudapp
HA-Geocity
Ha-Gx-Prefs
HA-Host
Httpd-Identifier
HTTPS
Heartbleed
HA-Urlpath
HA-Ipaddr
HA-Servedtime
GW-Server
Fastly-Backend-Name
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Backend-Name
OT-Force-Account-Verify
Thinkindot-CacheControl-Type
Cneonction
Cache-Cookie-Set-Lfrom
CDCHOST
Decoy-Debug-TTL
Esi-Enabled
Decoy-Debug-Status
Decoy-Debug-Key
Content-Disposition
Is-Eu
Adler-Geo
Powered-By
On-Server
Ohc-Response-Time
Pragrma
Pramga
Server-Host
Proxy-Connection
MI-Cache-Age
Platform
MI-Cache
Thinkindot-CacheControl
X-HS-Hub-Id
Mime-Version
X-ShardId
X-Bip
X-Hash
X-Ver
X-Shopify-Stage
X-ShopId
X-Cache-Control-Set-By
X-S-Maxage
X-Info
Server-ID
X-HCF
X-Clientip
X-Crawler
X-Varnish-Id
X-MSEdge-Flight
X-Sorting-Hat-Section
X-Sorting-Hat-ShopId
X-Release
X-Sorting-Hat-PrivacyLevel
X-Sorting-Hat-FeatureSet
X-Sorting-Hat-PodId-Cached
X-Response-By
X-Sorting-Hat-ShopId-Cached
X-Sorting-Hat-PodId
X-MSEdge-Features
X-Origin-Date
X-Origin-Expires
X-Fetched-On
X-Page-Type
NtCoent-Length
X-Varnish-Beresp-Ttl
PFcat
Kp-EeAlive
Request-Country
X-Thanos
X-Alternate-Cache-Key
MI-API
X-Varnish-HitMiss
X-Cache-Srv
X-Platform
X-Core-Mission
REQUESTUUID
Request-EU
X-StackifyID
NnCoection
X-Secret
X-Cache-URL
X-Svr
Country-Code
X-Refresh
X-Fastcgi-Cache
Drupal-Pagecache-Memcache
X-Gannett-Site-Version
X-TIME
X-App-Version
Cache-Provider
X-Req
X-P-T
X-Amz-Meta-S3b-Last-Modified
X-COUNTRY
Dnion-Transfer-Encoding
Processtime
Version
X-Pjax-Url
X-Origin-TTL
X-Pf-Uncompressing
Ar-Sid
Accept-Ch
X-Amz-Meta-Sha256
X-Cache-ASPX
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Request-Id
X-Csrf-Token
Memory
X-From-Cache
WebServer
Pagetype
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Kong-Upstream-Latency
X-EC-Security-Audit
X-Varnish-Url
X-Kong-Proxy-Latency
X-Yottaa-Sig
Cteonnt-Length
X-CSRF-Token
Arc-Country
FSS-Cache
SN
FSS-Proxy
X-LiteSpeed-Cache-Control
X-Ruxit-Js-Agent
PageType
X-Irp-Debug
GeoIp-Country-Code
Geoip-Latitude
Brightspot-Id
Geoip-City
X-Wix-Petri-Ex
X-NC
X-Rule
Cdn
Dont-Set-Cookie
X-Cache-Handler
X-Ua
X-LB-Node
X-LB-CacheStatus
X-Cdn-Forward
X-Load-Cache
X-Request-Start
X-DC
X-ROOTCache
X-Redis-Cache
X-Varnish-Beresp-TTL
If-Modified-Since
Sid
PICS-Label
COMMERCE-SERVER-SOFTWARE
X-Ratelimit-Remaining
Edgecast
CF-IPCountry
X-Request-UUID
X-Endurance-Cache-Level
X-SERVER-NAME
X-Fastly-Backend-Reqs
MIME-Version
PROCESSING-IP
BORDER-IP
X-GRACE
X-Dynatrace-Js-Agent
X-Sf
X-Varnish-Action
X-TId
X-GDPR
X-Requestid
X-ServedByHost
X-Ratelimit-Limit
X-Layer
RNT-Time
X-Tid
RNT-Machine
X-B3-SpanId
X-RequestId
X-Servedbyhost
X-Atg-Version
X-Dynatrace
X-BE
XServer
Frame-Options
X-Resolver-IP
X-Rocket-Nginx-Serving-Static
X-Nananana
Powered
X-Fastly-Cache-Hits
Pics-Label
Cf-Ipcountry
Amp-Access-Control-Allow-Source-Origin
Cache-Tags
NodeID
Node
X-Cache-TTL
X-DataStream-Origin-MEX-Latency
CDN
X-DataStream-MidMile-RTT
CACHE
X-Owner
X-Key
X-VG-WebCache
Dynatrace
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
GeoIP-Country-Code
Mail-Subject
X-Server-W
We-Hiring
GeoIP-Latitude
X-HTML-Minification-Powered-By
GeoIP-City
PageSpeed
X-Gdpr
Web-Mar-Region
X-Shard
X-Varnish-Ttl
X-Use-Magma
X-UPSTREAM-Address
X-Flog
Lfy
X-ABtesting
X-Sentry-ID
ProcessTime
X-GZIP
DataCenter
X-Powered-By-ANYU
X-PF-Uncompressing
X-Varnish-URL
WZWS-RAY
Accept-CH
X-Ms-Blob-Type
X-Ms-Version
X-Ms-Request-Id
X-Ms-Lease-Status
Hostname
X-Aicache-OS
X-CDN-Pop
X-GEO
Is-Session-Tracking
X-Unique-Id
X-CDN-Pop-IP
Get-Access-Time
Max-Age
URI
X-Alicdn-Da-Ups-Status
Xet-Cookie
X-NGINX-Cache
X-NWS-UUID-VERIFY
X-Dw-Trace-Id
X-Edge-Server
X-Oa-Upstreams
X-PJAX-URL
X-Trv-Request-Id
X-Check-Cacheable
X-Mem
Cdn-Host
Cdn-Request-Time
X-Cookie
X-VG-TLSProxy
True-Client-Country-4JS
X-Ms-Lease-State
X-Varnish-ID
Requestid
X-PAGE-TYPE
RequestUuid
X-Powered-By-Defense
X-Front
X-Policy
X-Swa-Ws
X-Cache-FS-Status
X-Remote-IP
X-DSS
X-DW
X-RPS
GEO-REGION-INFO
Rt-Proxy-Cache
X-VID
X-RSL
X-DI
X-RPM
X-RAMCache
X-Acquia-Application-Trace
X-Proxy-Server
CF-Cached-On
X-Acquia-Application-UUID
X-Akamai-ERRuleID
X-Hello
Magicmarker
X-Litespeed-Tag
X-Fe
X-Litespeed-Cache-Control
WS
X-Akamai-ERPolicy
SID
X-DB