Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
X-Powered-By
X-Content-Type-Options
Strict-Transport-Security
ETag
CF-RAY
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Varnish
X-Xss-Protection
X-Amz-Cf-Id
Referrer-Policy
X-Request-Id
X-AspNet-Version
X-Timer
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
CF-Ray
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
Alt-Svc
X-AspNetMvc-Version
Status
X-Cache-Status
X-DNS-Prefetch-Control
X-Check
X-FRAME-OPTIONS
X-Iinfo
X-Adblock-Key
Timing-Allow-Origin
X-CDN
X-Content-Security-Policy
X-Turbo-Charged-By
X-Permitted-Cross-Domain-Policies
Content-Encoding
X-Template
X-Language
Keep-Alive
X-Via
X-Request-ID
X-Type
X-AH-Environment
X-Backend
X-Cache-Group
X-Nginx-Cache-Status
X-Buckets
WPE-Backend
X-Pass-Why
X-Server
X-Age
X-Server-Powered-By
Access-Control-Max-Age
X-Pingback
Xkey
X-Varnish-Cache
Grace
Access-Control-Expose-Headers
Upgrade
P3p
X-Drupal-Dynamic-Cache
X-Hacker
X-UA-Device
X-Amz-Request-Id
X-Page-Speed
Cf-Railgun
X-Proxy-Cache
EagleId
X-Amz-Id-2
X-LiteSpeed-Cache
X-Robots-Tag
X-Swift-SaveTime
X-Swift-CacheTime
X-Envoy-Upstream-Service-Time
Ali-Swift-Global-Savetime
Request-Context
X-Node
X-Device
X-Ac
Content-Location
X-Host
X-Cnection
X-Amz-Version-Id
X-Cache-Lookup
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Surrogate-Control
X-Backend-Server
X-Server-Id
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Rack-Cache
X-Instart-Request-ID
X-CST
X-Px
X-Response-Time
Request-Id
X-Readtime
X-Rq
Server-Timing
X-Ua-Compatible
X-HeyJason
Permitted-Cross-Domain-Policies
X-Do-Not-Hack
X-Clacks-Overhead
EagleEye-TraceId
X-Url
Pinterest-Generated-By
Edge-Control
X-Cloud-Trace-Context
X-Application-Context
X-MS-InvokeApp
X-Country
X-Server-Name
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Allow
X-DynaTrace-JS-Agent
Charset
SPRequestGuid
Report-To
X-SharePointHealthScore
X-Country-Code
X-ESI
X-DataDome
X-Ruxit-JS-Agent
X-Cached
X-Varnish-TTL
X-Vname
X-TtlSet
X-PC
Rating
X-Powered-CMS
X-Powered-By-Plesk
X-Recruiting
X-TTL
Public-Key-Pins
X-Cdn
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-FTR-Request-ID
X-D2id
X-Version
X-N
SPRequestDuration
SPIisLatency
X-Vhost
MS-Author-Via
NEL
X-Cdn-Fetch
X-Geo-Segment
X-Exp-Id
X-Kinja-Server
X-Kinja-Build
X-Kinja-Revision
X-Kinja
X-Exp-Variant
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Env
X-F-Cache
X-Dw-Request-Base-Id
X-DynaTrace
X-CF-Powered-By
X-T
X-VARITI-CCR
Cartoon
X-GoogleNews-Bot
X-Mod-Pagespeed
Content-MD5
AR-CACHE
AR-PoweredBy
AR-ATIME
Nginx-Cache
RTSS
MicrosoftSharePointTeamServices
X-GitHub-Request-Id
X-Abt-Application-Version
Feature-Policy
X-Shield-Request-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Verso
X-Trace
AR-SID
X-Amz-Rid
X-Navigation-Version
X-Dispatcher
X-Server-ID
X-Forwarded-Proto
X-Client-IP
X-Hits
Realpath
X-Ttl
X-Origin-Cache
X-Goog-Hash
Arr-Disable-Session-Affinity
Paypal-Debug-Id
X-Kinsta-Cache
X-Zen-Fury
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Id
X-Content-Options
TCN
X-B
X-Content-Digest
X-Grace
X-Ser
X-Varnish-Age
X-Cache-Key
Alternate-Protocol
X-Sol
Fastcgi-Cache
X-Upstream
DynaTrace
X-Via-JSL
Access-Control-Request-Method
Mrf-Cache-Status
MRF-Tech
X-Mrf-Item-Lastmod
X-Fastly-Request-ID
X-Mrf-Section-Lastmod
Display
X-Pad
X-Middleton-Display
X-Vcap-Request-Id
X-NF-Request-ID
X-Nf-Srv-Version
X-IPLB-Instance
X-DIS-Request-ID
X-FastCGI-Cache
Response
X-Middleton-Response
PB-PID
PB-RID
X-User-Agent
X-SS-Set-Cookie
X-Mobile-Rewrite
Front-End-Https
Rt-Fastcgi-Cache
Pagespeed
X-Logged-In
X-Frontend
Eomportal-Instance
X-Cache-Rule
X-PressLabs-Stats
X-MSEdge-Ref
X-Whom
Server-Name
X-XRDS-LOCATION
X-Forwarded-For
Host
X-VCache
S
X-Hostname
X-NWS-LOG-UUID
X-Cache-Hit
X-Acc-Meta-Resource-Type
Tracecode
X-Newrelic-App-Data
Cache-Status
Liferay-Portal
X-Debug
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
Arc-Version
X-UUID
X-AOL-HN
HitType
Server-Info
HitInfo
X-HS-Content-Id
X-Request-Received
X-Request-Processing-Time
X-FTR-Expires
X-FTR-DC
X-FTR-Realm
Backend-Timing
X-Webkit-Csp
X-FTR-Balancer
X-Analytics
X-FTR-Cache-Status
X-FTR-Backend
X-Country-Code-Real
FilterID
X-FTR-Backend-Server
Surrogate-Key
TP-Cache
TP-L2-Cache
X-Instance
X-Magnolia-Registration
Public-Key-Pins-Report-Only
X-Wix-Server-Artifact-Id
X-Contextid
Refresh
X-Rid
ServerID
X-AppVersion
X-Activity-Id
X-Az
X-Proxied
X-HS-Cache-Config
Edge-Cache-Tag
X-XRDS-Location
X-Srv
X-Correlation-Id
X-Content-Security-Policy-Report-Only
Service-Worker-Allowed
X-Varnish-Server
X-WPE-Loopback-Upstream-Addr
X-HW
X-B3-Traceid
AMP-Access-Control-Allow-Source-Origin
X-Origin
X-Mobile
S-Cnection
Cleartype
X-Revision
Served-By
Source
X-Varnish-Backend
X-APP-VERSION
X-Sucuri-ID
Fastly-Restarts
X-Amzn-Trace-Id
X-FTR-Cache-Host
X-TT
X-Geo-Country
X-App-Environment
X-RateLimit-Remaining
Powered-By-ChinaCache
X-Framework
X-Device-Type
X-B-Cache
X-Signature
X-PHP-Backend
X-Varnish-Hostname
Retry-After
X-Hyper-Cache
X-Cache-Action
X-Cache-Config
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel
X-FB-Debug
X-Cache-Server
X-Cache-Operation
X-Origin-Upstream-Status
X-Cache-Control
X-BCube-Filmed-By
Host-Header
Server-Node
X-Hail-Hydra
X-TT-TIMESTAMP
X-Request-Guid
X-PC-Key
X-PC-AppVer
X-Handled-By
X-PC-Hit
X-Page-Id
MS-CV
Accept-Charset
X-Cache-2
X-ATG-Version
DC
X-Ocache
Actual-Object-TTL
X-WA-Info
X-Debug-Info
X-Shield-Cache-Expires
X-ADI-VCache
Cache
X-Origin-Server
X-URL
X-Daa-Tunnel
X-Content-Powered-By
X-PC-Date
X-PC-Host
X-HS-Combine-CSS
Upgrade-Insecure-Requests
X-Accel-Expires
NGB
Viewport
X-LB-Cache
X-Microcachable
SRV
X-Cache-NE
X-Cached-By
AsisCache
X-GeoIP
X-Generated-By
X-Feature
X-Yottaa-Metrics
X-Sucuri-Cache
X-Yottaa-Optimizations
X-Accel-Buffering
X-Akamai-Edgescape
Filters
X-Jobs
ServedBy
X-RequestSource
X-Amz-Server-Side-Encryption
X-Drupal-Cache-Tags
X-Cacheable-TTL
X-App-Server
X-Dns-Prefetch-Control
X-WebKit-CSP-Report-Only
X-S
X-Wix-Request-Id
X-TX-ID
X-Seen-By
X-Cluster
X-FW-Type
X-FW-Hash
X-RTag
X-Distil-CS
X-FW-Serve
X-FW-Server
X-FW-Static
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
Content-Script-Type
X-Locale
X-Adobe-Content
X-Varnish-Hits
X-Adobe-Loc
X-Geo
From-Origin
X-Varnish-IP
Content-Style-Type
X-Internal-Host
X-B3-Sampled
X-Akam-SW-Version
X-Cache-Age
Datacenter
X-Varnish-Cache-Hits
X-Cache-Remote
X-UA
X-Edge-Cache
X-Edge-Cache-Key
X-GZip
X-Storage
X-Varnish-Grace
HostName
X-Node-Name
X-Platform-Server
X-CDN-Forward
X-ServedBy
X-NewRelic-App-Data
X-Vg-Webcache
X-Akamai-Transformed
X-Region
X-Kinja-Server-Push
X-Cache-TTL-Remaining
X-Cache-Bucket
RATING
X-RateLimit-Limit
X-Guploader-Uploadid
X-Mode
Cache-Tag
Country
X-Amz-Replication-Status
X-Distributor
Load-Balancing
X-TA-CDN-Provider
X-EIG-Tracking-Id
ServerName
X-Proto
Ohc-File-Size
X-Amzn-RequestId
X-Amz-Apigw-Id
Fastly-SSL
X-Agile-Id
X-Agile-Age
X-BB-IP
Mn-Server-Ip
X-Source
GEO-INFO
X-Agile
X-Cache-HT
X-ProcessESI
X-Debug-Cache
X-ProxyCache-Status
X-ProxyCache-Key
X-BYPASS-REASON
X-RemovedCookies
Cache-Key
X-Akamai-Request-ID
X-Detected-As
X-Grey
X-Web-Node
X-Cache-Var-Map
Cache-Name
Meta-Geo
X-Cache-Var
Machine
X-Optimization
X-ApacheServer
X-Cache-Category-Id
X-Time-Microsecs
X-Path-Route
X-PERF
X-MP-GENERATED-AT
X-Rendered-As
X-Viewer-Country
Healthy
X-RN-RSRV
X-Is-Bot
L5d-Success-Class
X-JoinUs
X-Real-IP
X-Drupal-Cache-Contexts
X-Webstats-RespID
WP-Super-Cache
X-Hit
X-NCache
X-CCM
Cache-Hits
X-TWH-CORRELATION-ID
X-GUploader-UploadID
X-ServerID
X-Request-Time
X-Generated
Backend
X-Cluster-Node
X-Ezoic-Cdn
X-Human
X-Xfnlog-Site
Now
Access-Control-Allow-Method
X-CDN-Cache
X-PCL
X-Upgrade-Enabled
X-Labrador-Cache-Channel
X-Port
X-Original-Request
X-OCL
S-Rt
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Device-Class
X-Proxy
Property-Id
X-Render-Type
Azure-RegionName
Azure-InstanceId
Azure-SiteName
Azure-SlotName
X-OVcl-Cache
Azure-Version
X-Pubstack
Webcakes-App-Name
X-NodeID
X-CCM-LastModified
X-Cache-Enabled
X-Edge-Location
X-FC-Vary-Parameters
X-Hosted-By
X-Via-Fastly
X-Origin-Hint
X-Www-Served-By
X-Instance-Name
TWC-Privacy
Webcakes-App-Version
X-OVcl
X-Amz-Meta-Surrogate-Control
Webcakes-Region
TWC-Locale-Group
TWC-Connection-Speed
X-Proxy-Build
X-Real-Ip
Selected-FE
X-Timing-Wait
X-IP
X-TNCMS
X-Loop
LB
User-Cache-Control
X-SplitTest
X-Routing-Service
X-Site-Version
X-Meta-Tbi-Cache-Vertical
X-Varnish-Cacheable
X-Surge-Debug
X-Zipkin-Id
X-Birta-Served
X-Birta-Cache-Post
X-Generation-Time
X-VWS-Id
X-Format
X-Backend-Name
DB-Nickname
X-Access
X-Section
X-App-Name
X-AWS-Id
X-LJ-Flow-ID
X-Dc
Fastcgi-Useragent
Countrycode
X-Oneagent-Js-Injection
X-Newrelic-Synthetics
X-Nginx-Cache
X-Origin-CC
Origin-Edge-Control
Origin-Cache-Control
User-Agent
X-Tumblr-Pixel-3
X-Nc
X-L-Path
X-Environment-Context
RequestId
Payment
X-Time
X-Tb
X-UA-Device-Type
X-B3-TraceId
Ec-Rule-Version
X-B3-Spanid
Xserver
X-Unique-ID
X-DataStream-Cache-Status
X-Skip-Cache
X-Servedby
X-Varnish-Beresp-Grace
X-NU-AKA-ACS-Version
X-CLOUD-TRACE-CONTEXT
X-Varnish-Beresp-Status
Access-Control-Request-Headers
X-Oracle-Dms-Ecid
X-NGENIX-Cache
X-Oracle-Dms-Rid
X-Be
X-Esi
X-WR-MODIFICATION
NODE
Time
X-Upstream-CT
X-Upstream-HT
X-Webkit-CSP
X-Vgn-Hpd-Reason
Webserver
X-EdgeConnect-Cache-Status
X-CACHE-AGE
X-Oss-Storage-Class
X-Croise-Owner
X-Oss-Hash-Crc64ecma
Warning
X-Dynatrace
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Server-Time
Resin-Trace
Request-Time
T-Server
X-NX-Host
Cache-Prefix
V-Age
Fly-Cache
X-Logtrace-Id
Fly-Request-Id
X-A
X-A-Wwc
X-Cache-Id
X-Cache-Ttl
X-From
X-A-Ccd
X-Cache-Expires
X-Cache-Host
X-CS
X-ElasticPress-Search
X-Debug-Log
X-Developer
X-Died
X-Debug-Cookies
X-DPWN-IS-SECURE
X-Cache-Backend
X-Destination
X-G
X-A-Dcw
X-A-Dgt
X-SRCache-Key
X-A-Dam
Ajk
X-S-Cookie
X-Generated-In
X-Fastcgi-Cache
X-Application
X-ARC
X-B-Cookie
X-Var-Ttl
X-D
X-StackifyID
IBM-Web2-Location
X-Yottaa-Sig
X-Status
Ws
X-Fstrz
X-Hash
X-Cache-Time
X-Dispatcher-Server
X-Device-Os
Apple-News-Services-Host
X-Public
X-Planisys-CDN-TTL
X-Region-Sid
X-Rewrite-Enabled
X-Rojux
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Haproxy-Ip
X-Haproxy-Hostname
X-ND-Cache
X-No-Session
X-PAYTM-SRV-ID
X-Server-By
X-Server-Time
X-Via-Edge
X-Via-CDN
X-We-Are-Hiring
X-Wix-Route-ID
Xc-Version
X-VG-WebServer
X-User
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
X-Fastly-Cache
X-Connection-Hash
Fastcgi-X-Cache
BehaviorPad-Version
Fastcgi-X-Cache-Version
Fastly-Soc-X-Request-Id
Host-ID
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-WebServer
X-Request-URI
AKAMAI
Apple-News-Services-Handled
Proxy-Connection
MD5-Digest
Memcached
X-BB-ID
X-Amz-Meta-Cache-Control
X-BBXSRF
X-CF-Lambda-Fn
X-CF-Lambda-Version
Www
VivaBuild
Meta-Geo-Continent
Release
Sta2Tusw
Viewtype
X-Release
X-UE-Client-Country
X-Correlation-ID
X-TIME
Cneonction
X-CSRF-Token
UCS
X-Varnish-Beresp-Ttl
X-Passed-To-PostProcessResponse
X-Passed-To-DLL
X-Phone
X-Via-NSCOPI
X-Passed-To-BeforeDispatch
X-Passed-To
Server-Host
X-Forwarded-Host
Server-Int
X-FireWall-Port
Uber-Trace-Id
Request-Country
X-Rebelmouse-Surrogate-Control
X-ShopId
X-Shopify-Stage
X-ShardId
X-F5-Cache
X-S-Maxage
X-Sorting-Hat-FeatureSet
X-Sorting-Hat-PodId-Cached
X-Sorting-Hat-ShopId-Cached
X-Frame-Option
X-Sorting-Hat-ShopId
X-Sorting-Hat-Section
X-Sorting-Hat-PrivacyLevel
X-Rebelmouse-Cache-Control
X-Cdn-Origin
HA-Ipaddr
HA-Servedtime
HA-Host
Ha-Gx-Prefs
HA-Georegion
HA-Urlpath
Heartbleed
X-GeoIP-Country-Code
Kp-EeAlive
IsBot
X-GeoIP-City
NGX
HA-Geolon
HA-Geolat
Powered-By
Fastly-SIE
Pramga
X-Gannett-Site-Version
Rendered-Blocks
Origin
Fastly-SWR
HA-Geocountry
HA-Geocity
HA-Cloudapp
GW-Server
X-Eu-Site
X-Sorting-Hat-PodId
Mime-Version
X-UnsetCookies
X-Crawler
X-Up
X-Returned-From
X-Amz-Meta-S3cmd-Attrs
X-Actual-URL
X-SIPLIST1
X-Sn-Servicetimems
X-Stale
X-CGP
X-Auto-Login
X-Cache-CFC
GMS-Ver
X-Cache-Debug
Server-ID
X-Content-Type
X-Wikidot-Static-Cache
Dnion-Transfer-Encoding
Request-EU
X-Alternate-Cache-Key
X-Wikidot-Backend
Version
X-Trace-Id
X-IN-APIGATEWAY
X-IN-SSL-APIGATEWAY
X-RCS-CacheZone
X-Returned-From-PostProcessResponse
X-IN-WAF
X-Epic-Correlation-Id
X-ScT
X-Returned-From-DLL
X-Server-IP
X-Core-Value
X-Returned-From-BeforeDispatch
X-Secret
X-Hl-Ver
X-C
NnCoection
NtCoent-Length
Who
X-Env
X-Edge-IP
MI-Cache-Age
MI-API
X-Cdn-Srv
X-Cache-Srv
MI-Cache
X-Backend-Url
X-GoCache-CacheStatus
Web-Mar-Node
X-Block-Status
Ohc-Response-Time
Thinkindot-CacheControl-Type
Pragrma
Thinkindot-Control
X-Ckpd-Fst-Backend
X-Content-Age
X-Fetched-On
X-Core-Mission
Thinkindot-CacheControl
Platform
X-Gen-Mode
Odigeo-Trace-Id
X-Developers
X-Backend-State
On-Server
X-Backend-Host
PFcat
OT-Force-Account-Verify
X-Backend-TTL
Decoy-Debug-Key
X-Origin-Date
X-Rocket-Nginx-Bypass
X-Served-From
X-Info
X-Origin-Expires
X-Page-Type
Adler-Geo
X-RateLimit-Remaining-Second
X-Reboot
X-Response-By
X-Server-Group
X-Servername
X-Worker
Country-Code
X-Bug-Bounty
X-Accel-Expires-Debug
X-VServer
X-Ver
X-ServiceProvider
X-Thinkindot-L3
X-TT-LOGID
X-V
Backend-Name
X-RateLimit-Limit-Second
X-Matched-Rule
X-Location
X-MI-In-Market
X-Node-Id
X-MSEdge-Features
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Hnp-Log
Is-Eu
HTTPS
Httpd-Identifier
X-MSEdge-Flight
Fastly-Backend-Name
Content-Disposition
Esi-Enabled
CDCHOST
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
X-Date
Decoy-Debug-TTL
Drupal-Pagecache-Memcache
Decoy-Debug-Status
Cache-Cookie-Set-From
FSS-Cache
FSS-Proxy
X-HCF
X-Platform
X-Varnish-HitMiss
X-Svr
X-Thanos
Cteonnt-Length
X-Varnish-Id
X-Clientip
Arc-Country
REQUESTUUID
Brightspot-Id
X-Bip
X-Cache-URL
Cache-Provider
X-Cache-Control-Set-By
X-Refresh
X-Req
X-Irp-Debug
WebServer
X-LiteSpeed-Cache-Control
X-Amz-Meta-S3b-Last-Modified
Apicache-Store
Apicache-Version
X-App-Version
X-P-T
Processtime
X-Pjax-Url
X-LB-Node
X-LB-CacheStatus
X-Origin-TTL
Sid
X-Pf-Uncompressing
X-ROOTCache
X-Varnish-Url
Pagetype
X-Ruxit-Js-Agent
X-Ratelimit-Limit
Accept-Ch
X-Ua
X-Request-UUID
PageType
X-From-Cache
X-Request-Start
COMMERCE-SERVER-SOFTWARE
X-EC-Security-Audit
X-Endurance-Cache-Level
Memory
X-Ratelimit-Remaining
X-Load-Cache
Dynatrace
X-DC
X-Amz-Meta-Sha256
Geoip-City
If-Modified-Since
X-Varnish-Action
Cdn
GeoIp-Country-Code
Geoip-Latitude
X-Litespeed-Cache
X-Cache-ASPX
X-Fastly-Backend-Reqs
X-Layer
X-GRACE
PICS-Label
BORDER-IP
PROCESSING-IP
SN
X-Cdn-Forward
X-COUNTRY
X-NC
X-Redis-Cache
Edgecast
X-Varnish-Beresp-TTL
CF-IPCountry
Ar-Sid
X-Csrf-Token
X-ServedByHost
Frame-Options
X-GDPR
X-Tid
X-Rocket-Nginx-Serving-Static
X-Atg-Version
X-Fastly-Cache-Hits
X-RequestId
X-Cache-Handler
MIME-Version
NodeID
X-Nananana
X-Requestid
X-B3-SpanId
X-Resolver-IP
X-Key
X-TId
X-Owner
X-NWS-UUID-VERIFY
X-Cf-Powered-By
X-Servedbyhost
Dont-Set-Cookie
Web-Mar-Region
Pics-Label
Cf-Ipcountry
X-Server-W
X-Cache-TTL
CACHE
X-Rule
X-Flog
X-Sentry-ID
X-HTML-Minification-Powered-By
X-BE
X-ABtesting
X-Sf
WZWS-RAY
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
ProcessTime
Node
X-Wix-Petri-Ex
GeoIP-Country-Code
GeoIP-City
X-HS-Hub-Id
Get-Access-Time
We-Hiring
X-FORWARDED-FOR
Lfy
X-Powered-By-ANYU
Mail-Subject
RNT-Machine
X-VG-WebCache
RNT-Time
X-DataStream-MidMile-RTT
GeoIP-Latitude
X-DataStream-Origin-MEX-Latency
Is-Session-Tracking
PageSpeed
CDN
X-CDN-Pop-IP
X-CDN-Pop
X-Shard
XServer
Max-Age
X-Varnish-Ttl
X-Dynatrace-Js-Agent
X-Use-Magma
X-ByteArk-Cache
X-Mem
X-SRV
X-GZIP
Accept-CH
Powered
Magicmarker
URI
X-Cache-FS-Status
X-Varnish-URL
Cache-Tags
X-Powered-By-Defense
DataCenter
X-UPSTREAM-Address
X-Front
X-PF-Uncompressing
X-GEO
X-Check-Cacheable
X-Dw-Trace-Id
X-Unique-Id
X-Fe
X-Zalando-Child-Request-Id
Amp-Access-Control-Allow-Source-Origin
X-Cookie
X-Trv-Request-Id
X-Micro-Cache
X-Ms-Lease-Status
X-NGINX-Cache
Hostname
X-Oa-Upstreams
X-Zalando-Page-Type
X-Ms-Version
X-Remote-IP
X-Ms-Request-Id
X-Ms-Blob-Type
V-Cache
Group
Xet-Cookie
X-Varnish-ID
RequestUuid
N-Cache
Rt-Proxy-Cache
X-SB
X-Proxy-Server
X-HGenerator
X-VarnCache
X-VarnPar1
X-VC
X-VarnPar2
X-Safe-Firewall
X-Gdpr
X-PAGE-TYPE
X-PARISIEN-Cache-Rendered
X-Aicache-OS
X-PJAX-URL
SID
Requestid
X-RAMCache
WS
X-Qnm-Cache
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-ProxyCache-Args
X-Hello
CF-Cached-On
WWW-Authenticate
X-Litespeed-Tag
X-M-Log
X-M-Reqid
X-Alicdn-Da-Ups-Status