Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
X-Powered-By
X-Content-Type-Options
Strict-Transport-Security
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Varnish
X-Xss-Protection
X-Amz-Cf-Id
Referrer-Policy
X-Request-Id
X-AspNet-Version
X-Timer
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
CF-Ray
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
Alt-Svc
X-AspNetMvc-Version
Status
X-Cache-Status
X-DNS-Prefetch-Control
X-Check
X-FRAME-OPTIONS
X-Iinfo
X-Adblock-Key
Timing-Allow-Origin
X-CDN
X-Content-Security-Policy
X-Turbo-Charged-By
X-Permitted-Cross-Domain-Policies
Content-Encoding
X-Template
X-Language
Keep-Alive
X-Via
X-Type
X-AH-Environment
X-Backend
X-Cache-Group
X-Nginx-Cache-Status
X-Buckets
WPE-Backend
X-Pass-Why
X-Server
X-Age
X-Server-Powered-By
Access-Control-Max-Age
X-Pingback
X-Request-ID
Xkey
X-Varnish-Cache
Grace
Access-Control-Expose-Headers
Upgrade
P3p
X-Drupal-Dynamic-Cache
X-Hacker
X-UA-Device
X-Amz-Request-Id
X-Page-Speed
Cf-Railgun
X-LiteSpeed-Cache
X-Proxy-Cache
EagleId
X-Amz-Id-2
X-Robots-Tag
X-Swift-CacheTime
X-Swift-SaveTime
X-Envoy-Upstream-Service-Time
Ali-Swift-Global-Savetime
Request-Context
X-Node
X-Device
X-Ac
Content-Location
X-Host
X-Cnection
X-Amz-Version-Id
X-Cache-Lookup
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Surrogate-Control
X-Backend-Server
X-Server-Id
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Rack-Cache
X-Instart-Request-ID
X-CST
X-Px
X-Response-Time
Request-Id
X-Readtime
X-Rq
Server-Timing
X-Ua-Compatible
Permitted-Cross-Domain-Policies
X-HeyJason
X-Do-Not-Hack
X-Clacks-Overhead
X-Cloud-Trace-Context
EagleEye-TraceId
X-Url
Pinterest-Generated-By
Edge-Control
X-Application-Context
X-MS-InvokeApp
X-Country
X-Server-Name
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Allow
X-DynaTrace-JS-Agent
Charset
SPRequestGuid
Report-To
X-SharePointHealthScore
X-Country-Code
X-ESI
X-DataDome
X-Ruxit-JS-Agent
X-Cached
X-Varnish-TTL
X-PC
X-TtlSet
X-Vname
Rating
X-TTL
X-Powered-CMS
X-Powered-By-Plesk
X-Recruiting
Public-Key-Pins
X-Cdn
X-FTR-Request-ID
X-D2id
X-N
SPRequestDuration
X-Version
SPIisLatency
MS-Author-Via
X-Vhost
NEL
X-Kinja
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja-Server
X-Geo-Segment
X-Kinja-Build
X-Exp-Id
X-Exp-Variant
X-Pinterest-Rid
X-Upstream-Env
Pinterest-Version
X-F-Cache
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Dw-Request-Base-Id
X-DynaTrace
X-CF-Powered-By
X-VARITI-CCR
Cartoon
X-T
X-GoogleNews-Bot
X-Mod-Pagespeed
Content-MD5
AR-ATIME
AR-PoweredBy
AR-CACHE
Nginx-Cache
MicrosoftSharePointTeamServices
RTSS
X-Abt-Application-Version
X-GitHub-Request-Id
Feature-Policy
X-Shield-Request-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Verso
X-Trace
AR-SID
X-Amz-Rid
X-Navigation-Version
X-Server-ID
X-Dispatcher
X-Forwarded-Proto
X-Client-IP
X-Hits
Realpath
X-Goog-Hash
X-Origin-Cache
Arr-Disable-Session-Affinity
Paypal-Debug-Id
X-Kinsta-Cache
X-Zen-Fury
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Id
X-Ttl
X-Content-Options
TCN
X-B
X-Content-Digest
X-Grace
X-Ser
X-Varnish-Age
X-Cache-Key
Alternate-Protocol
X-Sol
Fastcgi-Cache
X-Upstream
DynaTrace
X-Via-JSL
Access-Control-Request-Method
X-Mrf-Item-Lastmod
MRF-Tech
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-Fastly-Request-ID
Display
X-Middleton-Display
X-Pad
X-Nf-Srv-Version
X-NF-Request-ID
X-IPLB-Instance
X-Vcap-Request-Id
X-DIS-Request-ID
X-FastCGI-Cache
Response
X-Middleton-Response
PB-PID
PB-RID
X-User-Agent
X-SS-Set-Cookie
X-XRDS-LOCATION
X-Mobile-Rewrite
Front-End-Https
X-Logged-In
Rt-Fastcgi-Cache
X-Frontend
Pagespeed
Eomportal-Instance
X-Cache-Rule
X-PressLabs-Stats
X-MSEdge-Ref
Server-Name
X-Whom
X-Newrelic-App-Data
Host
X-Forwarded-For
X-Hostname
S
X-NWS-LOG-UUID
X-VCache
X-Acc-Meta-Resource-Type
X-Cache-Hit
Tracecode
Cache-Status
Liferay-Portal
X-Debug
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Metageneration
Arc-Version
X-UUID
X-AOL-HN
X-HS-Content-Id
X-Request-Processing-Time
HitInfo
Server-Info
X-Request-Received
HitType
X-Webkit-Csp
X-FTR-DC
FilterID
X-Analytics
X-FTR-Backend
Surrogate-Key
X-Country-Code-Real
X-FTR-Expires
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Cache-Status
Backend-Timing
X-FTR-Realm
Public-Key-Pins-Report-Only
X-Wix-Server-Artifact-Id
X-Instance
X-Magnolia-Registration
TP-Cache
TP-L2-Cache
Refresh
X-Rid
X-Contextid
ServerID
X-Proxied
X-Activity-Id
X-Az
X-AppVersion
X-Correlation-Id
X-HS-Cache-Config
Edge-Cache-Tag
X-Srv
X-Content-Security-Policy-Report-Only
X-Varnish-Server
Service-Worker-Allowed
X-WPE-Loopback-Upstream-Addr
X-B3-Traceid
AMP-Access-Control-Allow-Source-Origin
X-HW
S-Cnection
X-Mobile
X-Origin
Cleartype
X-Revision
X-XRDS-Location
Served-By
Source
X-Sucuri-ID
X-Varnish-Backend
X-APP-VERSION
X-FTR-Cache-Host
X-Amzn-Trace-Id
Fastly-Restarts
Powered-By-ChinaCache
X-TT
X-RateLimit-Remaining
X-App-Environment
X-Geo-Country
X-B-Cache
X-Signature
X-Device-Type
X-Framework
X-PHP-Backend
X-Tumblr-Pixel
X-Cache-Config
X-Cache-Action
X-Tumblr-Pixel-0
X-Tumblr-User
X-FB-Debug
X-Varnish-Hostname
Retry-After
X-Cache-Operation
X-Hyper-Cache
X-Cache-Server
X-Origin-Upstream-Status
X-Cache-Control
X-PC-Hit
Host-Header
X-PC-AppVer
X-TT-TIMESTAMP
X-Request-Guid
X-BCube-Filmed-By
X-PC-Key
X-Handled-By
Server-Node
Accept-Charset
X-Hail-Hydra
X-Cache-2
MS-CV
X-Page-Id
DC
X-ATG-Version
X-Ocache
Actual-Object-TTL
X-WA-Info
X-Debug-Info
X-ADI-VCache
X-Shield-Cache-Expires
X-Origin-Server
Cache
X-URL
X-Daa-Tunnel
X-Content-Powered-By
X-PC-Host
X-PC-Date
X-HS-Combine-CSS
Upgrade-Insecure-Requests
NGB
X-Accel-Expires
Viewport
X-Microcachable
X-LB-Cache
X-Cache-NE
X-Cached-By
X-Sucuri-Cache
AsisCache
X-GeoIP
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Feature
X-Generated-By
X-Amz-Server-Side-Encryption
X-Akamai-Edgescape
ServedBy
SRV
X-Accel-Buffering
Filters
X-RequestSource
X-Jobs
X-App-Server
X-Cacheable-TTL
X-Dns-Prefetch-Control
X-Drupal-Cache-Tags
X-Seen-By
X-S
X-Wix-Request-Id
X-TX-ID
X-WebKit-CSP-Report-Only
X-Adobe-Content
X-Cluster
X-Adobe-Loc
From-Origin
X-Geo
Content-Script-Type
Content-Style-Type
X-Tumblr-Pixel-1
X-Internal-Host
X-FW-Type
X-Varnish-IP
X-Varnish-Hits
X-RTag
X-Tumblr-Pixel-2
X-FW-Static
X-Locale
X-FW-Hash
X-FW-Server
X-FW-Serve
X-Distil-CS
X-Cache-Age
Datacenter
X-B3-Sampled
X-Akam-SW-Version
X-Varnish-Cache-Hits
X-Cache-Remote
HostName
X-Storage
X-Edge-Cache-Key
X-GZip
X-Guploader-Uploadid
X-UA
X-Edge-Cache
X-Varnish-Grace
X-Node-Name
X-Platform-Server
X-CDN-Forward
X-ServedBy
X-Vg-Webcache
X-Cache-TTL-Remaining
X-Akamai-Transformed
X-Kinja-Server-Push
X-Region
X-Cache-Bucket
RATING
X-RateLimit-Limit
X-Mode
Country
Cache-Tag
X-Amz-Replication-Status
X-Distributor
X-Real-Ip
X-NewRelic-App-Data
X-EIG-Tracking-Id
X-TA-CDN-Provider
Load-Balancing
X-Proto
X-Amzn-RequestId
Ohc-File-Size
X-Amz-Apigw-Id
ServerName
X-Source
Mn-Server-Ip
Fastly-SSL
X-Agile
GEO-INFO
X-Agile-Id
X-Agile-Age
X-Akamai-Request-ID
Meta-Geo
Machine
X-ProxyCache-Status
X-ProxyCache-Key
Healthy
L5d-Success-Class
X-ApacheServer
Cache-Key
X-Detected-As
X-Rendered-As
X-RemovedCookies
X-ProcessESI
X-PERF
X-RN-RSRV
X-Time-Microsecs
Cache-Name
X-Web-Node
X-Viewer-Country
X-Path-Route
X-Optimization
X-Cache-Var-Map
X-Cache-Var
X-Cache-HT
X-Cache-Category-Id
X-BYPASS-REASON
X-Debug-Cache
X-MP-GENERATED-AT
X-Is-Bot
X-Grey
X-BB-IP
X-JoinUs
X-Webstats-RespID
Cache-Hits
WP-Super-Cache
X-Hit
X-NCache
X-CCM
X-Drupal-Cache-Contexts
X-ServerID
X-Request-Time
X-TWH-CORRELATION-ID
Backend
X-Generated
Access-Control-Allow-Method
X-CDN-Cache
X-Human
X-Xfnlog-Site
X-Ezoic-Cdn
Now
X-Cluster-Node
X-Port
X-Original-Request
X-PCL
X-OCL
X-Upgrade-Enabled
X-NodeID
X-Labrador-Cache-Channel
S-Rt
TWC-Device-Class
TWC-GeoIP-Country
TWC-Locale-Group
TWC-GeoIP-LatLong
X-Pubstack
X-Render-Type
Azure-SlotName
Azure-SiteName
Azure-Version
X-Proxy
Azure-RegionName
Azure-InstanceId
Property-Id
Webcakes-Region
X-Origin-Hint
X-CCM-LastModified
X-Via-Fastly
X-Edge-Location
X-Hosted-By
X-FC-Vary-Parameters
X-OVcl
X-Cache-Enabled
Webcakes-App-Version
Webcakes-App-Name
X-Instance-Name
X-Amz-Meta-Surrogate-Control
X-Www-Served-By
X-OVcl-Cache
TWC-Privacy
TWC-Connection-Speed
X-Proxy-Build
Selected-FE
X-Timing-Wait
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
X-Birta-Cache-Post
LB
X-Section
X-Routing-Service
User-Cache-Control
X-Zipkin-Id
X-Loop
X-LJ-Flow-ID
X-Meta-Tbi-Cache-Vertical
X-IP
X-Nc
X-Birta-Served
X-Nginx-Cache
X-Site-Version
X-Generation-Time
X-AWS-Id
X-VWS-Id
X-Access
X-App-Name
X-TNCMS
DB-Nickname
X-Format
X-Varnish-Cacheable
X-SplitTest
X-Backend-Name
X-Surge-Debug
X-Dc
X-Newrelic-Synthetics
Countrycode
Fastcgi-Useragent
X-Oneagent-Js-Injection
X-Real-IP
X-Origin-CC
User-Agent
Origin-Edge-Control
X-Tumblr-Pixel-3
Origin-Cache-Control
X-GUploader-UploadID
X-L-Path
X-Environment-Context
RequestId
Payment
Xserver
X-Tb
X-Time
X-UA-Device-Type
Ec-Rule-Version
X-B3-TraceId
X-Unique-ID
X-B3-Spanid
X-DataStream-Cache-Status
X-Skip-Cache
X-Servedby
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-NU-AKA-ACS-Version
X-NGENIX-Cache
Access-Control-Request-Headers
X-Esi
X-WR-MODIFICATION
X-Be
Time
X-Upstream-HT
X-Upstream-CT
NODE
X-Vgn-Hpd-Reason
X-Cache-Ttl
Webserver
X-Webkit-CSP
X-EdgeConnect-Cache-Status
X-CACHE-AGE
X-Croise-Owner
X-Dynatrace
Warning
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Object-Type
X-CSRF-Token
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
Fly-Cache
X-A-Ccd
Fly-Request-Id
X-A
Resin-Trace
X-Cache-Backend
X-Developer
X-Destination
X-D
Request-Time
Cache-Prefix
X-Died
T-Server
X-Logtrace-Id
V-Age
X-CS
X-Cache-Expires
X-A-Dgt
X-Cache-Host
X-B-Cookie
X-A-Wwc
X-Var-Ttl
X-ARC
X-Application
X-Generated-In
X-G
X-A-Dcw
X-SRCache-Key
X-Cache-Id
X-S-Cookie
X-DPWN-IS-SECURE
X-A-Dam
X-ElasticPress-Search
X-From
X-Fastcgi-Cache
Ajk
X-Status
X-Yottaa-Sig
Ws
Mime-Version
X-StackifyID
IBM-Web2-Location
X-Dispatcher-Server
X-Fstrz
X-Cache-Time
X-Device-Os
X-Debug-Log
X-Debug-Cookies
Apple-News-Services-Host
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Public
X-Region-Sid
X-Rojux
X-Rewrite-Enabled
X-Planisys-CDN-Cache
X-PAYTM-SRV-ID
X-Haproxy-Hostname
X-Fastly-Cache
X-Haproxy-Ip
X-ND-Cache
X-No-Session
X-Server-By
X-Server-Time
X-Via-Edge
X-Via-CDN
X-We-Are-Hiring
X-Wix-Route-ID
Xc-Version
X-VG-WebServer
X-User
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
X-Connection-Hash
X-CF-Lambda-Version
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
BehaviorPad-Version
Fastcgi-X-Cache
Fastcgi-X-Cache-Version
Proxy-Connection
Apple-News-Services-Handled
X-Release
X-NX-Host
X-Request-URI
X-WebServer
AKAMAI
Fastly-Soc-X-Request-Id
Host-ID
X-Amz-Meta-Cache-Control
Www
X-BB-ID
X-BBXSRF
X-CF-Lambda-Fn
VivaBuild
Viewtype
Memcached
MD5-Digest
Meta-Geo-Continent
Release
Sta2Tusw
X-Hash
X-UE-Client-Country
Cneonction
X-Varnish-Beresp-Ttl
X-TIME
UCS
X-Via-NSCOPI
X-Rebelmouse-Cache-Control
Server-Int
X-Phone
X-Eu-Site
X-Epic-Correlation-Id
Server-Host
X-F5-Cache
X-Passed-To
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Sorting-Hat-ShopId
X-ShopId
X-Shopify-Stage
X-GeoIP-Country-Code
X-Rebelmouse-Surrogate-Control
X-S-Maxage
X-Sorting-Hat-FeatureSet
X-Sorting-Hat-PodId
Rendered-Blocks
X-Sorting-Hat-Section
X-Sorting-Hat-PrivacyLevel
X-Sorting-Hat-PodId-Cached
X-Sorting-Hat-ShopId-Cached
Powered-By
HA-Georegion
Ha-Gx-Prefs
HA-Geolon
HA-Geolat
HA-Geocountry
HA-Host
HA-Ipaddr
X-GeoIP-City
IsBot
Heartbleed
HA-Urlpath
HA-Servedtime
HA-Geocity
HA-Cloudapp
Drupal-Pagecache-Memcache
Odigeo-Trace-Id
Origin
X-Returned-From
Pramga
NGX
X-Frame-Option
GW-Server
X-Gannett-Site-Version
Fastly-SWR
Fastly-SIE
X-FireWall-Port
X-ShardId
X-Trace-Id
X-Wikidot-Static-Cache
X-Returned-From-BeforeDispatch
X-Actual-URL
X-Content-Type
X-Core-Value
X-Stale
GMS-Ver
X-Wikidot-Backend
X-Alternate-Cache-Key
X-Crawler
Dnion-Transfer-Encoding
X-Amz-Meta-S3cmd-Attrs
X-Up
X-UnsetCookies
X-CGP
X-Auto-Login
Version
X-SIPLIST1
X-IN-WAF
X-IN-SSL-APIGATEWAY
X-IN-APIGATEWAY
X-Cache-Debug
Kp-EeAlive
X-ScT
X-Secret
X-Returned-From-PostProcessResponse
X-Hl-Ver
Request-Country
X-Cache-CFC
X-Server-IP
Request-EU
X-RCS-CacheZone
X-Returned-From-DLL
Server-ID
Uber-Trace-Id
NtCoent-Length
NnCoection
X-C
X-Block-Status
X-Backend-State
MI-API
MI-Cache
X-Cdn-Origin
X-Cdn-Srv
X-Backend-TTL
X-Backend-Url
X-Gen-Mode
Platform
X-Developers
Web-Mar-Node
Who
X-Core-Mission
X-Edge-IP
X-Env
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Thinkindot-Control
X-Content-Age
X-Fetched-On
On-Server
Ohc-Response-Time
MI-Cache-Age
OT-Force-Account-Verify
PFcat
X-Ckpd-Fst-Backend
Pragrma
X-Forwarded-Host
X-Backend-Host
X-MI-In-Market
X-Info
X-Rocket-Nginx-Bypass
X-Served-From
X-Server-Group
X-Servername
X-Origin-Date
X-Origin-Expires
X-RateLimit-Limit-Second
X-GoCache-CacheStatus
X-Reboot
X-Response-By
X-ServiceProvider
X-Sn-Servicetimems
Country-Code
X-Bug-Bounty
X-Accel-Expires-Debug
X-Date
X-Worker
X-VServer
X-Thinkindot-L3
X-TT-LOGID
X-V
X-Ver
Adler-Geo
X-RateLimit-Remaining-Second
X-Location
X-Matched-Rule
X-Node-Id
Esi-Enabled
Fastly-Backend-Name
HTTPS
X-Hnp-Log
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Httpd-Identifier
Decoy-Debug-Status
Decoy-Debug-TTL
X-MSEdge-Features
Cache-Cookie-Set-From
Backend-Name
X-MSEdge-Flight
Is-Eu
Decoy-Debug-Key
Cache-Cookie-Set-Idcheck
Content-Disposition
Cache-Cookie-Set-Lfrom
X-Cache-Srv
CDCHOST
FSS-Proxy
FSS-Cache
X-HCF
X-Cache-URL
X-Thanos
X-Platform
X-Svr
X-Varnish-HitMiss
X-Varnish-Id
Cteonnt-Length
X-Clientip
Arc-Country
REQUESTUUID
X-Refresh
X-Page-Type
Brightspot-Id
X-Cache-Control-Set-By
X-Bip
Cache-Provider
X-Correlation-ID
X-Req
X-Amz-Meta-S3b-Last-Modified
X-Irp-Debug
X-LiteSpeed-Cache-Control
WebServer
Apicache-Store
Apicache-Version
X-CLOUD-TRACE-CONTEXT
X-Pjax-Url
X-LB-CacheStatus
X-LB-Node
X-Varnish-Url
X-App-Version
X-P-T
Processtime
PageType
X-Origin-TTL
X-Pf-Uncompressing
Sid
X-ROOTCache
X-Ratelimit-Limit
X-Ruxit-Js-Agent
X-Ua
X-Request-Start
X-From-Cache
Accept-Ch
X-Request-UUID
COMMERCE-SERVER-SOFTWARE
X-Ratelimit-Remaining
If-Modified-Since
X-EC-Security-Audit
Cdn
Pagetype
Memory
X-Endurance-Cache-Level
Dynatrace
X-DC
GeoIp-Country-Code
X-Amz-Meta-Sha256
Geoip-City
X-Varnish-Action
Geoip-Latitude
X-Load-Cache
X-Fastly-Backend-Reqs
X-Layer
X-Cache-ASPX
X-COUNTRY
X-GRACE
X-Cdn-Forward
PROCESSING-IP
SN
PICS-Label
BORDER-IP
X-GDPR
Edgecast
X-ServedByHost
X-Redis-Cache
CF-IPCountry
X-Tid
Ar-Sid
X-Varnish-Beresp-TTL
X-RequestId
Frame-Options
X-Rocket-Nginx-Serving-Static
X-NC
X-Atg-Version
X-Cache-Handler
X-Fastly-Cache-Hits
NodeID
X-Csrf-Token
X-Nananana
X-Key
X-Resolver-IP
X-Owner
X-B3-SpanId
X-NWS-UUID-VERIFY
MIME-Version
X-Cf-Powered-By
X-TId
X-Requestid
Dont-Set-Cookie
Web-Mar-Region
Cf-Ipcountry
X-Server-W
X-Servedbyhost
Pics-Label
CACHE
X-Flog
X-ABtesting
X-Sf
WZWS-RAY
X-HTML-Minification-Powered-By
X-BE
X-Rule
X-Sentry-ID
ProcessTime
X-Tec-Api-Version
Node
X-Tec-Api-Origin
X-Tec-Api-Root
Get-Access-Time
X-HS-Hub-Id
X-Cache-TTL
GeoIP-City
GeoIP-Country-Code
We-Hiring
Mail-Subject
GeoIP-Latitude
X-DataStream-MidMile-RTT
X-Powered-By-ANYU
X-VG-WebCache
X-FORWARDED-FOR
RNT-Machine
X-DataStream-Origin-MEX-Latency
Lfy
Is-Session-Tracking
RNT-Time
X-Wix-Petri-Ex
PageSpeed
X-CDN-Pop
Max-Age
X-Shard
X-CDN-Pop-IP
X-Varnish-Ttl
X-Dynatrace-Js-Agent
CDN
X-Use-Magma
X-SRV
X-Mem
X-ByteArk-Cache
XServer
X-GZIP
Powered
Accept-CH
URI
Magicmarker
X-Cache-FS-Status
X-GEO
X-Check-Cacheable
X-Ms-Request-Id
DataCenter
X-Ms-Lease-Status
X-Powered-By-Defense
X-UPSTREAM-Address
Cache-Tags
X-PF-Uncompressing
X-Ms-Version
X-Front
X-Ms-Blob-Type
X-Unique-Id
X-Dw-Trace-Id
X-Zalando-Page-Type
Amp-Access-Control-Allow-Source-Origin
X-Fe
X-Oa-Upstreams
X-Cookie
X-Varnish-URL
X-Micro-Cache
X-PAGE-TYPE
X-Trv-Request-Id
X-Remote-IP
X-Zalando-Child-Request-Id
Xet-Cookie
Group
Srv
V-Cache
X-VC
X-VarnPar2
X-Proxy-Server
X-Safe-Firewall
X-VarnCache
X-PJAX-URL
X-VarnPar1
X-SB
N-Cache
X-Aicache-OS
Rt-Proxy-Cache
X-PARISIEN-Cache-Rendered
X-Varnish-ID
X-HGenerator
RequestUuid
Hostname
X-NGINX-Cache
X-Akamai-ERRuleID
X-M-Log
X-RAMCache
WS
X-Akamai-ERPolicy
X-Gdpr
WWW-Authenticate
Requestid
X-Hello
X-M-Reqid
X-Alicdn-Da-Ups-Status
X-ProxyCache-Args
X-Litespeed-Tag
X-Qnm-Cache
X-Acquia-Application-Trace
CF-Cached-On
SID
X-Acquia-Application-UUID