Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
X-Xss-Protection
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
CF-Ray
Alt-Svc
Status
X-AspNetMvc-Version
X-Cache-Status
X-DNS-Prefetch-Control
X-Check
X-Iinfo
X-Adblock-Key
X-FRAME-OPTIONS
Timing-Allow-Origin
X-CDN
X-Content-Security-Policy
X-Turbo-Charged-By
X-Permitted-Cross-Domain-Policies
Content-Encoding
P3p
X-Request-ID
X-Template
X-Language
Keep-Alive
X-Type
X-AH-Environment
X-Via
X-Cache-Group
X-Backend
WPE-Backend
X-Pass-Why
X-Buckets
X-Age
X-Server
X-Nginx-Cache-Status
Access-Control-Max-Age
X-Server-Powered-By
X-Pingback
Xkey
X-Varnish-Cache
Grace
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
Upgrade
X-Hacker
X-UA-Device
X-Amz-Request-Id
X-Page-Speed
Cf-Railgun
X-Amz-Id-2
X-Proxy-Cache
X-Robots-Tag
EagleId
X-Ua-Compatible
X-Envoy-Upstream-Service-Time
X-LiteSpeed-Cache
Request-Context
X-Node
X-Swift-CacheTime
X-Swift-SaveTime
X-Ac
X-Device
X-Cnection
Ali-Swift-Global-Savetime
X-Host
Content-Location
X-Amz-Version-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Surrogate-Control
X-Backend-Server
X-Cache-Lookup
X-Server-Id
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Rack-Cache
X-Response-Time
X-Px
X-Instart-Request-ID
Request-Id
X-Readtime
X-CST
Server-Timing
X-Rq
X-Clacks-Overhead
X-HeyJason
Permitted-Cross-Domain-Policies
X-Do-Not-Hack
Pinterest-Generated-By
EagleEye-TraceId
X-Url
Edge-Control
X-Cloud-Trace-Context
X-Application-Context
X-MS-InvokeApp
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country
Report-To
X-DynaTrace-JS-Agent
X-Server-Name
Charset
SPRequestGuid
Allow
X-Country-Code
X-SharePointHealthScore
X-DataDome
X-Ruxit-JS-Agent
X-ESI
Rating
X-Varnish-TTL
X-TtlSet
X-Vname
X-PC
X-Cached
X-Powered-CMS
X-Powered-By-Plesk
X-Recruiting
X-CF-Powered-By
X-TTL
X-FTR-Request-ID
NEL
X-Vhost
X-D2id
X-DynaTrace
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Pinterest-Rid
X-Upstream-Env
Pinterest-Version
Public-Key-Pins
X-Kinja-Revision
X-Kinja-Server
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-Kinja
X-Kinja-Build
X-Geo-Segment
X-Version
X-F-Cache
X-VARITI-CCR
X-N
SPIisLatency
SPRequestDuration
X-GoogleNews-Bot
Cartoon
X-Dw-Request-Base-Id
X-T
X-Mod-Pagespeed
MS-Author-Via
X-Abt-Application-Version
Content-MD5
RTSS
Nginx-Cache
Feature-Policy
X-GitHub-Request-Id
Verso
X-Dispatcher
AR-PoweredBy
AR-ATIME
AR-CACHE
X-Navigation-Version
MicrosoftSharePointTeamServices
X-Ttl
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Server-ID
X-Goog-Hash
X-Client-IP
X-Amz-Rid
Realpath
X-Shield-Request-Id
X-Forwarded-Proto
X-Hits
X-Trace
X-Cdn
X-Origin-Cache
Paypal-Debug-Id
X-Content-Options
X-Zen-Fury
X-Content-Digest
X-Id
X-Kinsta-Cache
TCN
Arr-Disable-Session-Affinity
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-B
AR-SID
X-Grace
DynaTrace
X-Varnish-Age
X-Cache-Key
Alternate-Protocol
Fastcgi-Cache
X-Sol
X-Upstream
Access-Control-Request-Method
X-Ser
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Mrf-Section-Lastmod
MRF-Tech
X-FastCGI-Cache
X-Pad
X-Fastly-Request-ID
Display
X-Middleton-Display
PB-RID
PB-PID
X-Nf-Srv-Version
X-Via-JSL
X-NF-Request-ID
X-Mobile-Rewrite
X-Acc-Meta-Resource-Type
X-DIS-Request-ID
X-Vcap-Request-Id
X-User-Agent
Response
X-Middleton-Response
Front-End-Https
X-Forwarded-For
Rt-Fastcgi-Cache
X-MSEdge-Ref
X-IPLB-Instance
X-Frontend
X-Cache-Rule
Eomportal-Instance
X-PressLabs-Stats
X-SS-Set-Cookie
Pagespeed
X-Logged-In
X-Cache-Hit
X-Whom
Arc-Version
Server-Name
X-VCache
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Hostname
X-Goog-Generation
X-Goog-Stored-Content-Length
X-XRDS-Location
Host
S
Tracecode
Surrogate-Key
X-FTR-Backend-Server
X-Country-Code-Real
Cache-Status
X-FTR-Backend
X-FTR-Balancer
X-FTR-Expires
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-DC
X-Debug
Backend-Timing
X-Analytics
X-HS-Content-Id
Refresh
TP-Cache
TP-L2-Cache
X-AOL-HN
X-Instance
X-Magnolia-Registration
X-Request-Received
X-Request-Processing-Time
X-Contextid
Public-Key-Pins-Report-Only
X-XRDS-LOCATION
X-AppVersion
FilterID
X-Wix-Server-Artifact-Id
X-Proxied
X-Az
X-Activity-Id
X-Rid
X-UUID
X-Srv
HitType
Server-Info
ServerID
HitInfo
X-HW
X-Newrelic-App-Data
X-WPE-Loopback-Upstream-Addr
Cleartype
X-URL
X-B3-Traceid
Liferay-Portal
Service-Worker-Allowed
X-Webkit-Csp
X-Varnish-Server
X-Mobile
X-NWS-LOG-UUID
AMP-Access-Control-Allow-Source-Origin
X-Content-Security-Policy-Report-Only
X-FTR-Cache-Host
X-Varnish-Backend
X-APP-VERSION
Served-By
X-Cache-Control
X-Revision
X-Geo-Country
X-Cache-Server
Source
X-Amzn-Trace-Id
X-Hail-Hydra
X-Request-Guid
X-RateLimit-Remaining
Retry-After
Server-Node
X-PHP-Backend
X-Origin
X-HS-Cache-Config
X-PC-Hit
X-Correlation-Id
X-PC-AppVer
Edge-Cache-Tag
X-App-Environment
X-Device-Type
Host-Header
X-BCube-Filmed-By
X-PC-Key
X-Handled-By
X-Varnish-Hostname
X-TT
X-Cache-Operation
S-Cnection
MS-CV
X-Cache-2
X-Framework
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-B-Cache
X-Tumblr-User
X-FB-Debug
X-Signature
X-Cache-Config
X-Page-Id
X-Litespeed-Cache
X-Origin-Upstream-Status
Accept-Charset
Fastly-Restarts
Powered-By-ChinaCache
DC
X-Origin-Server
X-Cache-Action
X-TT-TIMESTAMP
X-Sucuri-ID
X-Debug-Info
Viewport
X-PC-Host
X-Ocache
X-PC-Date
Actual-Object-TTL
X-ATG-Version
X-ADI-VCache
X-Shield-Cache-Expires
X-Hyper-Cache
X-WA-Info
X-B3-Sampled
NGB
X-Content-Powered-By
X-Cached-By
X-Microcachable
X-Accel-Expires
X-Drupal-Cache-Tags
X-LB-Cache
Upgrade-Insecure-Requests
X-Akam-SW-Version
X-Cache-NE
SRV
AsisCache
Filters
X-Generated-By
Cache
X-App-Server
X-Yottaa-Metrics
X-Yottaa-Optimizations
ServedBy
X-Locale
X-RequestSource
X-Cacheable-TTL
X-S
X-NewRelic-App-Data
Content-Script-Type
X-GeoIP
X-FW-Serve
Content-Style-Type
X-Distil-CS
X-Wix-Request-Id
X-FW-Static
X-FW-Type
X-FW-Server
X-FW-Hash
X-Seen-By
X-Internal-Host
X-TX-ID
X-WebKit-CSP-Report-Only
X-Jobs
X-Accel-Buffering
X-Amz-Server-Side-Encryption
X-RTag
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-ServedBy
X-Geo
X-Cluster
X-Varnish-Hits
From-Origin
X-Node-Name
X-Akamai-Edgescape
X-GUploader-UploadID
X-Varnish-Grace
X-Varnish-Cache-Hits
X-RateLimit-Limit
X-Adobe-Loc
X-Adobe-Content
X-HS-Combine-CSS
X-Varnish-IP
X-Sucuri-Cache
X-Platform-Server
X-Vg-Webcache
X-UA
X-Dns-Prefetch-Control
X-Cache-TTL-Remaining
X-Edge-Cache
X-Edge-Cache-Key
X-GZip
X-Daa-Tunnel
Datacenter
X-CDN-Forward
X-Cache-Age
X-Cache-Remote
X-Storage
X-Real-IP
X-Akamai-Transformed
Cache-Tag
X-Mode
X-Region
HostName
X-Drupal-Cache-Contexts
X-Amz-Replication-Status
X-Esi
X-Source
X-Distributor
X-Rendered-As
X-RemovedCookies
X-MP-GENERATED-AT
X-ProcessESI
Load-Balancing
X-Cache-Var
X-RN-RSRV
X-Is-Bot
Meta-Geo
Machine
X-Path-Route
X-Detected-As
X-Cache-Var-Map
ServerName
X-NCache
X-Agile-Id
X-Amzn-RequestId
X-Agile
X-Amz-Apigw-Id
X-Agile-Age
Fastly-SSL
Country
Cache-Key
X-Upgrade-Enabled
X-Web-Node
GEO-INFO
X-Cache-Category-Id
X-TWH-CORRELATION-ID
X-Time-Microsecs
X-PCL
X-OCL
X-NodeID
X-BB-IP
X-Kinja-Server-Push
X-Grey
X-Webstats-RespID
X-CDN-Cache
Mn-Server-Ip
X-Akamai-Request-ID
X-ApacheServer
X-Viewer-Country
Ohc-File-Size
X-EIG-Tracking-Id
X-PERF
X-Pubstack
X-Proto
X-Debug-Cache
X-Edge-Location
X-Optimization
X-Cluster-Node
X-Cache-HT
X-TA-CDN-Provider
X-Port
S-Rt
X-Human
X-OVcl-Cache
X-Original-Request
X-OVcl
L5d-Success-Class
X-LJ-Flow-ID
X-Meta-Tbi-Cache-Vertical
Property-Id
Azure-Version
Cache-Name
TWC-Connection-Speed
X-IP
LB
X-Instance-Name
Backend
TWC-Device-Class
Azure-InstanceId
TWC-GeoIP-Country
Azure-RegionName
Azure-SiteName
Azure-SlotName
X-Labrador-Cache-Channel
TWC-Locale-Group
X-Access
X-BYPASS-REASON
X-FC-Vary-Parameters
Webcakes-Region
Webcakes-App-Version
X-Origin-Hint
X-Xfnlog-Site
X-ProxyCache-Key
X-ProxyCache-Status
X-App-Name
X-AWS-Id
X-Birta-Cache-Post
X-Amz-Meta-Surrogate-Control
X-ServerID
X-Birta-Served
X-Www-Served-By
Webcakes-App-Name
X-Site-Version
User-Cache-Control
X-Section
TWC-Privacy
TWC-GeoIP-LatLong
X-CCM-LastModified
X-CCM
X-SplitTest
X-Via-Fastly
X-VWS-Id
X-Varnish-Cacheable
X-Request-Time
X-Loop
Cache-Hits
X-Routing-Service
Fastcgi-Useragent
Healthy
DB-Nickname
X-Hosted-By
X-Proxy
X-Zipkin-Id
X-Format
X-TNCMS
User-Agent
Access-Control-Allow-Method
X-JoinUs
Now
X-Cache-Bucket
X-Generated
X-Surge-Debug
X-Webkit-CSP
X-Generation-Time
X-CLOUD-TRACE-CONTEXT
X-Backend-Name
Payment
X-Tb
X-Guploader-Uploadid
X-Ezoic-Cdn
RATING
Selected-FE
Countrycode
X-Time
X-Timing-Wait
X-Proxy-Build
Ec-Rule-Version
X-Tumblr-Pixel-3
X-Hit
X-Origin-CC
X-Render-Type
X-Cache-Enabled
X-Feature
WP-Super-Cache
X-DataStream-Cache-Status
X-Newrelic-Synthetics
X-Dc
X-Unique-ID
Origin-Edge-Control
Origin-Cache-Control
X-Nginx-Cache
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-B3-TraceId
X-B3-Spanid
X-Nc
X-Oneagent-Js-Injection
X-L-Path
X-CACHE-AGE
X-Real-Ip
X-Environment-Context
X-UA-Device-Type
X-Correlation-ID
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-NU-AKA-ACS-Version
RequestId
Xserver
NODE
X-Skip-Cache
X-NGENIX-Cache
X-WR-MODIFICATION
Access-Control-Request-Headers
X-Content-Type
X-Vgn-Hpd-Reason
X-Status
X-COUNTRY
X-Be
X-ElasticPress-Search
Webserver
X-Cache-Backend
X-Upstream-CT
X-Upstream-HT
X-Servedby
Time
Warning
Apple-News-Services-Request-Url
Xc-Version
X-BBXSRF
X-Wix-Route-ID
X-BB-ID
X-B-Cookie
X-Amz-Meta-Cache-Control
X-Application
X-ARC
X-Cache-Host
Apple-News-Services-Parsed-Url
X-Cache-Id
X-Via-Edge
X-Fastly-Cache
X-Via-CDN
X-VG-WebServer
X-We-Are-Hiring
X-CF-Lambda-Fn
MD5-Digest
BehaviorPad-Version
Fastcgi-X-Cache-Version
Memcached
Apple-News-Services-Host
Apple-News-Services-Handled
Viewtype
VivaBuild
Www
X-A
T-Server
Sta2Tusw
Ajk
Resin-Trace
Cache-Prefix
Host-ID
X-CF-Lambda-Version
X-A-Ccd
Fly-Cache
X-A-Wwc
Fastly-Soc-X-Request-Id
X-Accel-Expires-Debug
Meta-Geo-Continent
X-A-Dgt
X-A-Dam
GMS-Ver
X-A-Dcw
Fly-Request-Id
AKAMAI
X-Connection-Hash
X-G
X-Trv-Group
X-Transaction
X-DPWN-IS-SECURE
X-Developer
X-Region-Sid
X-Destination
X-Rewrite-Enabled
X-SVT-ORM-VERSION
X-Server-Time
X-S-Cookie
X-Server-By
X-From
X-Rojux
X-SVT-ORM-RULES
X-SRCache-Key
X-Generated-In
X-Public
X-Date
X-User
X-Logtrace-Id
X-D
Fastcgi-X-Cache
X-Haproxy-Hostname
X-Haproxy-Ip
X-ND-Cache
X-No-Session
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-EdgeConnect-Cache-Status
X-Twitter-Response-Tags
X-PAYTM-SRV-ID
X-Died
X-GoCache-CacheStatus
IBM-Web2-Location
X-Croise-Owner
Ws
X-Cdn-Origin
X-Phone
X-Up
X-NX-Host
Origin
Rendered-Blocks
Release
X-Forwarded-Host
IsBot
X-Wikidot-Static-Cache
X-Core-Value
Fastly-SIE
X-Var-Ttl
Fastly-SWR
X-CS
X-Wikidot-Backend
X-Frame-Option
X-Cache-Time
X-Debug-Cookies
V-Age
Uber-Trace-Id
X-FireWall-Port
X-Trace-Id
X-Sn-Servicetimems
X-Fstrz
X-SIPLIST1
X-F5-Cache
X-Request-URI
X-Rebelmouse-Cache-Control
X-Cache-Expires
X-Debug-Log
X-Rebelmouse-Surrogate-Control
Request-Time
Server-Int
X-Cache-CFC
X-ScT
NGX
Apicache-Store
X-Varnish-Beresp-Ttl
Apicache-Version
Cneonction
X-C
X-Developers
X-Content-Age
X-CGP
X-Cache-Ttl
X-Device-Os
X-Dispatcher-Server
X-Eu-Site
X-Gen-Mode
X-Epic-Correlation-Id
X-Env
X-Edge-IP
X-Cache-Debug
X-Bug-Bounty
Thinkindot-CacheControl
OT-Force-Account-Verify
Web-Mar-Node
UCS
Thinkindot-Control
X-Actual-URL
X-Amz-Meta-S3cmd-Attrs
X-GeoIP-City
X-Block-Status
X-Backend-Url
X-Backend-State
X-Backend-Host
Thinkindot-CacheControl-Type
X-Hnp-Log
X-UE-Client-Country
X-V
X-TT-LOGID
X-Thinkindot-L3
X-ServiceProvider
X-Stale
X-StackifyID
X-VServer
X-IN-SSL-APIGATEWAY
X-IN-WAF
X-IN-APIGATEWAY
X-Worker
X-WebServer
X-Servername
X-Server-IP
X-Passed-To
X-Passed-To-BeforeDispatch
X-MI-In-Market
X-Matched-Rule
Server-Host
X-Passed-To-PostProcessResponse
X-Reboot
X-Returned-From-PostProcessResponse
X-Served-From
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Returned-From
X-GeoIP-Country-Code
X-Passed-To-DLL
HA-Geolat
Decoy-Debug-TTL
Httpd-Identifier
HA-Georegion
Cache-Cookie-Set-From
MI-Cache
MI-Cache-Age
Ohc-Response-Time
On-Server
Fastly-Backend-Name
Odigeo-Trace-Id
HA-Geocountry
Ha-Gx-Prefs
HA-Host
Is-Eu
Heartbleed
CDCHOST
HTTPS
Decoy-Debug-Status
Decoy-Debug-Key
Content-Disposition
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
HA-Ipaddr
HA-Servedtime
HA-Urlpath
HA-Geocity
HA-Geolon
HA-Cloudapp
Proxy-Connection
Platform
Powered-By
Backend-Name
GW-Server
Pramga
Pragrma
Adler-Geo
X-TIME
X-Auto-Login
Kp-EeAlive
Esi-Enabled
X-Sorting-Hat-FeatureSet
X-Hash
X-UnsetCookies
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-Release
X-Sorting-Hat-ShopId-Cached
X-Ver
X-Sorting-Hat-PodId
X-Node-Id
X-Sorting-Hat-PodId-Cached
Request-EU
Server-ID
NnCoection
X-MSEdge-Features
X-MSEdge-Flight
X-Location
X-Sorting-Hat-PrivacyLevel
X-RCS-CacheZone
X-Fetched-On
X-Sorting-Hat-Section
Request-Country
X-Page-Type
X-Core-Mission
X-ShopId
Who
X-ShardId
X-Backend-TTL
X-Rocket-Nginx-Bypass
X-Server-Group
X-Alternate-Cache-Key
X-S-Maxage
X-Hl-Ver
X-Via-NSCOPI
MI-API
X-Cdn-Srv
X-Ckpd-Fst-Backend
X-Response-By
X-HS-Hub-Id
X-Info
X-Clientip
X-Cache-Control-Set-By
X-Gannett-Site-Version
X-Platform
X-Amz-Meta-S3b-Last-Modified
X-Origin-Date
PFcat
X-Secret
X-Origin-Expires
X-Cache-Srv
X-Cache-URL
X-Crawler
X-HCF
Mime-Version
X-Bip
Drupal-Pagecache-Memcache
REQUESTUUID
X-Thanos
X-Varnish-HitMiss
X-Varnish-Id
Ar-Sid
X-Req
NtCoent-Length
X-P-T
X-Fastcgi-Cache
Cache-Provider
X-Refresh
Processtime
Country-Code
X-Svr
Dnion-Transfer-Encoding
Version
X-App-Version
X-Origin-TTL
Cteonnt-Length
X-Pjax-Url
X-Amz-Meta-Sha256
X-Pf-Uncompressing
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Csrf-Token
X-Oss-Server-Time
Pagetype
X-Oss-Request-Id
X-Oss-Storage-Class
X-Kong-Proxy-Latency
X-Yottaa-Sig
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Kong-Upstream-Latency
Memory
Accept-Ch
X-From-Cache
X-EC-Security-Audit
X-DC
FSS-Proxy
WebServer
FSS-Cache
Arc-Country
X-CSRF-Token
X-Cache-ASPX
X-Varnish-Url
X-Ua
X-NC
Brightspot-Id
Geoip-Latitude
GeoIp-Country-Code
X-GRACE
X-LiteSpeed-Cache-Control
X-Irp-Debug
SN
Geoip-City
X-Ruxit-Js-Agent
PageType
X-Dynatrace
X-Wix-Petri-Ex
X-LB-CacheStatus
X-ROOTCache
PICS-Label
X-Cache-Handler
X-Rule
Sid
X-LB-Node
If-Modified-Since
Dont-Set-Cookie
COMMERCE-SERVER-SOFTWARE
X-Cdn-Forward
CF-IPCountry
X-Redis-Cache
X-Request-UUID
X-Endurance-Cache-Level
X-Request-Start
Cdn
X-Ratelimit-Remaining
MIME-Version
X-Fastly-Backend-Reqs
Edgecast
X-Varnish-Beresp-TTL
X-Load-Cache
X-SERVER-NAME
X-Varnish-Action
X-TId
PROCESSING-IP
X-Requestid
BORDER-IP
X-Atg-Version
X-Layer
X-Sf
X-Servedbyhost
X-Ratelimit-Limit
X-GDPR
X-ServedByHost
X-Tid
RNT-Machine
RNT-Time
X-B3-SpanId
XServer
X-RequestId
X-Rocket-Nginx-Serving-Static
Dynatrace
Frame-Options
X-Tec-Api-Origin
X-Tec-Api-Root
X-Nananana
X-Tec-Api-Version
X-BE
X-Resolver-IP
X-Fastly-Cache-Hits
Pics-Label
X-Cache-TTL
CDN
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
PageSpeed
Cf-Ipcountry
Amp-Access-Control-Allow-Source-Origin
Node
X-Owner
Powered
NodeID
Cache-Tags
X-Key
CACHE
X-HTML-Minification-Powered-By
Mail-Subject
GeoIP-Country-Code
We-Hiring
GeoIP-City
GeoIP-Latitude
Web-Mar-Region
X-Server-W
X-GZIP
DataCenter
X-Flog
X-VG-WebCache
X-ABtesting
X-Varnish-Ttl
X-Gdpr
X-Shard
X-Dynatrace-Js-Agent
X-Use-Magma
X-Sentry-ID
WZWS-RAY
X-UPSTREAM-Address
Lfy
Accept-CH
X-Powered-By-ANYU
ProcessTime
X-NWS-UUID-VERIFY
Max-Age
Get-Access-Time
Is-Session-Tracking
X-CDN-Pop
X-Varnish-URL
X-CDN-Pop-IP
X-Ms-Request-Id
X-Ms-Lease-Status
X-Ms-Version
X-Ms-Blob-Type
Hostname
X-GEO
X-Aicache-OS
X-PF-Uncompressing
URI
X-Mem
X-Dw-Trace-Id
Xet-Cookie
X-Alicdn-Da-Ups-Status
X-NGINX-Cache
X-Oa-Upstreams
Cdn-Request-Time
X-Front
X-Trv-Request-Id
X-Check-Cacheable
X-Cache-FS-Status
X-Powered-By-Defense
RequestUuid
X-Cookie
X-Remote-IP
True-Client-Country-4JS
Cdn-Host
X-PJAX-URL
X-VG-TLSProxy
X-Edge-Server
X-Varnish-ID
X-Unique-Id
Magicmarker
Requestid
X-ByteArk-Cache
X-Ms-Lease-State
X-PAGE-TYPE
X-Proxy-Server
X-Swa-Ws
X-Policy
X-VID
X-DB
X-RSL
X-RPM
X-DW
X-DSS
X-RPS
X-DI
X-RAMCache
X-Acquia-Application-UUID
X-Acquia-Application-Trace
CF-Cached-On
X-Hello
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Litespeed-Tag
SID
X-Zalando-Child-Request-Id
X-Fe
WS
X-Zalando-Page-Type
X-Micro-Cache
X-Litespeed-Cache-Control