Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
X-Powered-By
X-Content-Type-Options
Strict-Transport-Security
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Varnish
X-Xss-Protection
X-Amz-Cf-Id
Referrer-Policy
X-Request-Id
X-AspNet-Version
X-Timer
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
X-FRAME-OPTIONS
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
CF-Ray
X-Cacheable
X-Generator
Content-Security-Policy-Report-Only
Alt-Svc
X-AspNetMvc-Version
Status
X-Cache-Status
X-DNS-Prefetch-Control
X-Check
X-Iinfo
X-Adblock-Key
Timing-Allow-Origin
X-CDN
X-Content-Security-Policy
X-Turbo-Charged-By
X-Permitted-Cross-Domain-Policies
Content-Encoding
X-Template
X-Language
Keep-Alive
X-Via
X-Type
X-AH-Environment
X-Backend
X-Cache-Group
X-Nginx-Cache-Status
X-Buckets
WPE-Backend
X-Pass-Why
X-Server
X-Age
X-Server-Powered-By
Access-Control-Max-Age
X-Pingback
X-Request-ID
Xkey
X-Varnish-Cache
Grace
Access-Control-Expose-Headers
Upgrade
P3p
X-Drupal-Dynamic-Cache
X-Hacker
X-UA-Device
X-Amz-Request-Id
X-Page-Speed
Cf-Railgun
X-LiteSpeed-Cache
EagleId
X-Proxy-Cache
X-Amz-Id-2
X-Robots-Tag
X-Swift-SaveTime
X-Swift-CacheTime
X-Envoy-Upstream-Service-Time
Ali-Swift-Global-Savetime
Request-Context
X-Node
X-Device
X-Ac
Content-Location
X-Host
X-Cnection
X-Amz-Version-Id
X-Cache-Lookup
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Surrogate-Control
X-Backend-Server
X-Server-Id
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Rack-Cache
X-Instart-Request-ID
X-CST
X-Px
X-Response-Time
Request-Id
X-Readtime
X-Rq
Server-Timing
X-Ua-Compatible
Permitted-Cross-Domain-Policies
X-HeyJason
X-Do-Not-Hack
X-Clacks-Overhead
X-Cloud-Trace-Context
EagleEye-TraceId
X-Url
Pinterest-Generated-By
Edge-Control
X-Application-Context
X-MS-InvokeApp
X-Country
X-Server-Name
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Allow
X-DynaTrace-JS-Agent
Charset
SPRequestGuid
Report-To
X-Country-Code
X-SharePointHealthScore
X-ESI
X-DataDome
X-Ruxit-JS-Agent
X-Cached
X-Varnish-TTL
X-TtlSet
X-PC
X-Vname
Rating
X-Powered-CMS
X-Powered-By-Plesk
X-Recruiting
X-TTL
Public-Key-Pins
X-Cdn
X-D2id
X-FTR-Request-ID
X-N
X-Version
SPIisLatency
SPRequestDuration
NEL
X-Vhost
X-Kinja
X-Kinja-Build
X-Exp-Variant
MS-Author-Via
X-Cdn-Fetch
X-Kinja-Revision
X-Exp-Id
X-Geo-Segment
X-Kinja-Server
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Env
X-F-Cache
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Dw-Request-Base-Id
X-CF-Powered-By
X-DynaTrace
X-VARITI-CCR
X-GoogleNews-Bot
X-T
Cartoon
X-Mod-Pagespeed
Content-MD5
AR-PoweredBy
AR-ATIME
AR-CACHE
Nginx-Cache
MicrosoftSharePointTeamServices
X-GitHub-Request-Id
X-Abt-Application-Version
RTSS
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Feature-Policy
X-Shield-Request-Id
Verso
X-Trace
AR-SID
X-Amz-Rid
X-Navigation-Version
X-Dispatcher
X-Server-ID
X-Forwarded-Proto
X-Client-IP
X-Hits
Realpath
X-Ttl
X-Origin-Cache
X-Goog-Hash
Arr-Disable-Session-Affinity
Paypal-Debug-Id
X-Kinsta-Cache
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Zen-Fury
X-Id
X-Content-Options
TCN
X-B
X-Content-Digest
X-Grace
X-Ser
X-Varnish-Age
X-Cache-Key
Alternate-Protocol
X-Sol
Fastcgi-Cache
DynaTrace
X-Upstream
X-Via-JSL
Access-Control-Request-Method
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Mrf-Cache-Status
MRF-Tech
X-Fastly-Request-ID
X-Middleton-Display
Display
X-Pad
X-Vcap-Request-Id
X-IPLB-Instance
X-DIS-Request-ID
X-Nf-Srv-Version
X-FastCGI-Cache
X-NF-Request-ID
Response
X-Middleton-Response
PB-RID
PB-PID
X-User-Agent
X-SS-Set-Cookie
X-XRDS-LOCATION
Front-End-Https
X-Mobile-Rewrite
X-Frontend
Rt-Fastcgi-Cache
X-Logged-In
Pagespeed
Eomportal-Instance
X-Cache-Rule
X-PressLabs-Stats
X-MSEdge-Ref
Server-Name
X-Whom
X-Newrelic-App-Data
X-Forwarded-For
Host
X-NWS-LOG-UUID
S
X-Hostname
X-VCache
X-Acc-Meta-Resource-Type
X-Cache-Hit
Tracecode
Cache-Status
Liferay-Portal
X-Debug
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Length
Arc-Version
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-UUID
X-AOL-HN
HitType
Server-Info
HitInfo
X-HS-Content-Id
X-Request-Received
X-Request-Processing-Time
FilterID
X-Country-Code-Real
X-FTR-Expires
X-FTR-DC
X-FTR-Realm
Backend-Timing
X-Analytics
X-Webkit-Csp
X-FTR-Cache-Status
X-FTR-Backend
Surrogate-Key
X-FTR-Backend-Server
X-FTR-Balancer
X-Instance
X-Wix-Server-Artifact-Id
X-Magnolia-Registration
TP-L2-Cache
TP-Cache
Public-Key-Pins-Report-Only
X-Rid
Refresh
X-Contextid
ServerID
X-Az
X-Activity-Id
X-Proxied
X-AppVersion
X-Correlation-Id
X-HS-Cache-Config
Edge-Cache-Tag
X-Srv
X-Varnish-Server
Service-Worker-Allowed
X-Content-Security-Policy-Report-Only
X-B3-Traceid
X-WPE-Loopback-Upstream-Addr
AMP-Access-Control-Allow-Source-Origin
X-HW
S-Cnection
X-Mobile
X-Origin
Cleartype
X-XRDS-Location
X-Revision
Served-By
X-Varnish-Backend
X-APP-VERSION
X-FTR-Cache-Host
Fastly-Restarts
X-Sucuri-ID
Source
Powered-By-ChinaCache
X-Amzn-Trace-Id
X-RateLimit-Remaining
X-App-Environment
X-TT
X-Geo-Country
X-Device-Type
X-B-Cache
X-PHP-Backend
X-Signature
X-Framework
X-Varnish-Hostname
X-Tumblr-User
X-Tumblr-Pixel
X-FB-Debug
X-Tumblr-Pixel-0
X-Cache-Config
X-Hyper-Cache
Retry-After
X-Origin-Upstream-Status
X-Cache-Server
X-Cache-Operation
Host-Header
X-Hail-Hydra
X-Cache-Control
Server-Node
X-BCube-Filmed-By
X-Handled-By
X-TT-TIMESTAMP
X-Request-Guid
MS-CV
Accept-Charset
X-PC-AppVer
X-Cache-2
X-PC-Hit
X-Page-Id
X-PC-Key
X-Cache-Action
DC
X-ATG-Version
X-Ocache
Actual-Object-TTL
X-Shield-Cache-Expires
X-ADI-VCache
X-Debug-Info
X-WA-Info
Cache
X-Origin-Server
X-URL
X-Daa-Tunnel
X-Content-Powered-By
X-HS-Combine-CSS
NGB
X-PC-Host
X-Accel-Expires
Upgrade-Insecure-Requests
X-PC-Date
Viewport
X-LB-Cache
X-Microcachable
X-Cache-NE
X-GeoIP
AsisCache
X-Cached-By
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Feature
X-Sucuri-Cache
X-Amz-Server-Side-Encryption
X-Akamai-Edgescape
SRV
X-Generated-By
Filters
X-RequestSource
X-Jobs
X-Accel-Buffering
X-Drupal-Cache-Tags
X-Cacheable-TTL
ServedBy
X-App-Server
X-Dns-Prefetch-Control
X-S
X-Seen-By
X-TX-ID
X-Wix-Request-Id
X-WebKit-CSP-Report-Only
X-Adobe-Content
X-Cluster
X-Adobe-Loc
X-Varnish-IP
X-Distil-CS
X-FW-Static
X-Internal-Host
From-Origin
X-Locale
X-Varnish-Hits
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-FW-Hash
X-RTag
X-FW-Server
X-FW-Serve
Content-Script-Type
Content-Style-Type
X-FW-Type
X-B3-Sampled
Datacenter
X-Geo
X-Akam-SW-Version
X-Cache-Age
X-Varnish-Cache-Hits
X-Cache-Remote
HostName
X-Edge-Cache
X-GZip
X-Edge-Cache-Key
X-Storage
X-Varnish-Grace
X-UA
X-Node-Name
X-Platform-Server
X-Guploader-Uploadid
X-CDN-Forward
X-Cache-TTL-Remaining
X-Akamai-Transformed
X-ServedBy
X-Vg-Webcache
X-Kinja-Server-Push
X-Cache-Bucket
X-Region
X-RateLimit-Limit
RATING
X-Mode
Cache-Tag
Country
X-Amz-Replication-Status
X-Distributor
Load-Balancing
X-Real-Ip
X-TA-CDN-Provider
X-NewRelic-App-Data
X-EIG-Tracking-Id
ServerName
Ohc-File-Size
Fastly-SSL
X-Amzn-RequestId
Mn-Server-Ip
X-Amz-Apigw-Id
X-BB-IP
X-Agile-Age
X-Agile
X-Proto
X-Source
X-Agile-Id
X-BYPASS-REASON
X-Viewer-Country
X-Cache-Category-Id
L5d-Success-Class
X-Detected-As
Healthy
X-ProxyCache-Key
X-Grey
X-Cache-HT
X-ApacheServer
Meta-Geo
X-Akamai-Request-ID
X-PERF
X-Path-Route
X-Optimization
X-ProcessESI
X-RemovedCookies
X-RN-RSRV
X-Cache-Var
X-MP-GENERATED-AT
X-Is-Bot
Machine
Cache-Name
X-Time-Microsecs
X-Debug-Cache
X-Cache-Var-Map
X-Rendered-As
GEO-INFO
X-ProxyCache-Status
X-JoinUs
X-Drupal-Cache-Contexts
X-Hit
X-NCache
WP-Super-Cache
Cache-Hits
X-TWH-CORRELATION-ID
X-Webstats-RespID
X-Web-Node
Cache-Key
X-ServerID
X-CCM
X-Request-Time
X-Generated
X-Cluster-Node
X-PCL
X-Ezoic-Cdn
X-Human
X-CDN-Cache
X-Original-Request
X-Xfnlog-Site
Now
Backend
Access-Control-Allow-Method
X-Labrador-Cache-Channel
X-Upgrade-Enabled
X-Port
X-NodeID
X-OCL
X-Amz-Meta-Surrogate-Control
X-Via-Fastly
Webcakes-Region
Azure-Version
Azure-SiteName
X-Timing-Wait
X-Proxy-Build
X-OVcl-Cache
Azure-InstanceId
Webcakes-App-Version
Azure-SlotName
Webcakes-App-Name
TWC-Locale-Group
S-Rt
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-Country
TWC-Privacy
Property-Id
X-Render-Type
X-OVcl
X-Origin-Hint
X-Www-Served-By
X-Cache-Enabled
Azure-RegionName
X-Instance-Name
Selected-FE
X-FC-Vary-Parameters
X-Proxy
X-Pubstack
X-CCM-LastModified
X-Hosted-By
TWC-GeoIP-LatLong
X-Edge-Location
X-Nginx-Cache
X-Access
X-VWS-Id
LB
X-Generation-Time
X-Nc
User-Cache-Control
X-Zipkin-Id
X-Surge-Debug
X-SplitTest
X-Format
DB-Nickname
X-Meta-Tbi-Cache-Vertical
X-Loop
X-LJ-Flow-ID
X-Backend-Name
X-Birta-Served
X-Birta-Cache-Post
X-IP
X-TNCMS
X-Routing-Service
X-App-Name
X-Section
X-AWS-Id
X-Site-Version
X-Varnish-Cacheable
X-Newrelic-Synthetics
X-Dc
Fastcgi-Useragent
Countrycode
X-Oneagent-Js-Injection
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
X-Real-IP
X-Origin-CC
X-Tumblr-Pixel-3
User-Agent
Origin-Cache-Control
Origin-Edge-Control
X-GUploader-UploadID
Payment
RequestId
X-Time
Xserver
X-Tb
X-Environment-Context
X-L-Path
X-UA-Device-Type
X-B3-Spanid
X-B3-TraceId
Ec-Rule-Version
X-Unique-ID
X-Skip-Cache
X-DataStream-Cache-Status
X-Servedby
X-Varnish-Beresp-Grace
X-NU-AKA-ACS-Version
X-Varnish-Beresp-Status
X-NGENIX-Cache
Access-Control-Request-Headers
X-Esi
X-WR-MODIFICATION
X-Be
NODE
Webserver
X-Webkit-CSP
X-Vgn-Hpd-Reason
X-Cache-Ttl
X-Upstream-CT
X-CACHE-AGE
X-EdgeConnect-Cache-Status
Time
X-Upstream-HT
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
Warning
X-CSRF-Token
X-Oss-Request-Id
X-Oss-Object-Type
X-Dynatrace
X-Croise-Owner
X-Developer
X-Destination
X-S-Cookie
X-Died
X-Generated-In
X-From
X-DPWN-IS-SECURE
X-Logtrace-Id
X-G
X-NX-Host
X-A-Dgt
Resin-Trace
T-Server
V-Age
X-A
Request-Time
Fly-Request-Id
X-ElasticPress-Search
Ajk
Cache-Prefix
Fly-Cache
X-A-Ccd
X-A-Dam
X-Cache-Id
X-CS
X-D
X-Debug-Cookies
X-B-Cookie
X-ARC
X-A-Dcw
X-A-Wwc
X-Application
X-Debug-Log
X-SRCache-Key
X-Fastcgi-Cache
Mime-Version
Ws
X-StackifyID
X-Yottaa-Sig
X-Status
BehaviorPad-Version
Fastcgi-X-Cache
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
Apple-News-Services-Host
Fastcgi-X-Cache-Version
X-We-Are-Hiring
Release
X-Via-Edge
Meta-Geo-Continent
MD5-Digest
Fastly-Soc-X-Request-Id
Host-ID
AKAMAI
X-WebServer
X-Wix-Route-ID
X-Device-Os
X-Cache-Time
X-Cache-Host
Xc-Version
X-Cache-Expires
X-Dispatcher-Server
X-Fstrz
X-UE-Client-Country
X-Var-Ttl
X-Request-URI
X-Release
Cneonction
X-Hash
Sta2Tusw
VivaBuild
X-Rojux
X-Server-By
X-Rewrite-Enabled
X-Region-Sid
X-Planisys-CDN-TTL
X-Public
X-Server-Time
X-SVT-ORM-RULES
X-Via-CDN
X-User
X-Twitter-Response-Tags
X-Trv-Group
X-SVT-ORM-VERSION
X-Transaction
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-BBXSRF
X-CF-Lambda-Fn
X-BB-ID
Proxy-Connection
Www
X-Amz-Meta-Cache-Control
X-CF-Lambda-Version
X-Connection-Hash
X-No-Session
X-PAYTM-SRV-ID
X-ND-Cache
X-Haproxy-Ip
X-Fastly-Cache
X-Haproxy-Hostname
X-VG-WebServer
Viewtype
X-Cache-Backend
UCS
X-TIME
X-Varnish-Beresp-Ttl
IBM-Web2-Location
X-F5-Cache
Version
X-FireWall-Port
X-Forwarded-Host
X-Eu-Site
X-Epic-Correlation-Id
Kp-EeAlive
X-Frame-Option
Drupal-Pagecache-Memcache
X-Core-Value
X-CGP
X-GeoIP-Country-Code
X-Shopify-Stage
X-Sorting-Hat-FeatureSet
X-ShopId
X-ShardId
X-S-Maxage
X-Sorting-Hat-PodId
X-Sorting-Hat-PodId-Cached
X-Cdn-Origin
X-GeoIP-City
X-Sorting-Hat-ShopId-Cached
X-Sorting-Hat-ShopId
X-Sorting-Hat-Section
X-Gannett-Site-Version
X-Cache-CFC
IsBot
Uber-Trace-Id
X-Actual-URL
X-Amz-Meta-S3cmd-Attrs
Heartbleed
Memcached
Server-Host
Odigeo-Trace-Id
Powered-By
Pramga
Rendered-Blocks
HA-Urlpath
HA-Servedtime
HA-Geocity
HA-Geocountry
HA-Cloudapp
GW-Server
X-RCS-CacheZone
HA-Geolat
HA-Geolon
HA-Ipaddr
HA-Host
Ha-Gx-Prefs
HA-Georegion
X-Cache-Debug
X-Sorting-Hat-PrivacyLevel
X-UnsetCookies
X-Wikidot-Static-Cache
X-Passed-To
Server-ID
X-Auto-Login
GMS-Ver
X-Alternate-Cache-Key
X-Secret
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-Up
X-Returned-From-BeforeDispatch
X-Wikidot-Backend
X-Returned-From
X-IN-APIGATEWAY
X-IN-SSL-APIGATEWAY
X-Passed-To-BeforeDispatch
X-Stale
X-Passed-To-DLL
X-SIPLIST1
X-Sn-Servicetimems
X-Crawler
Dnion-Transfer-Encoding
X-Passed-To-PostProcessResponse
X-Phone
X-Server-IP
X-IN-WAF
Request-EU
Request-Country
X-ScT
X-C
NtCoent-Length
X-Content-Type
NnCoection
Pragrma
X-Trace-Id
X-Bug-Bounty
X-Accel-Expires-Debug
Platform
OT-Force-Account-Verify
PFcat
X-Date
Server-Int
X-Backend-Host
X-Backend-State
X-VServer
X-V
Who
Web-Mar-Node
X-TT-LOGID
X-Worker
X-Ver
X-Server-Group
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Origin
X-Hnp-Log
X-GoCache-CacheStatus
X-Reboot
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-RateLimit-Remaining-Second
X-MSEdge-Flight
X-Node-Id
X-MSEdge-Features
X-MI-In-Market
X-RateLimit-Limit-Second
X-Location
X-Gen-Mode
X-Response-By
X-Servername
X-Cdn-Srv
X-Cache-Srv
X-ServiceProvider
X-Backend-Url
X-Block-Status
X-Served-From
X-Content-Age
X-Rocket-Nginx-Bypass
X-Fetched-On
X-Env
X-Edge-IP
X-Core-Mission
X-Developers
X-Backend-TTL
X-Ckpd-Fst-Backend
Country-Code
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Httpd-Identifier
Backend-Name
Decoy-Debug-TTL
Adler-Geo
HTTPS
Cache-Cookie-Set-Lfrom
CDCHOST
Decoy-Debug-Key
Esi-Enabled
Decoy-Debug-Status
Content-Disposition
Fastly-Backend-Name
Fastly-SWR
Fastly-SIE
X-Hl-Ver
Is-Eu
X-Via-NSCOPI
MI-Cache
On-Server
MI-API
MI-Cache-Age
NGX
Ohc-Response-Time
X-Info
X-Origin-Date
X-Origin-Expires
FSS-Cache
FSS-Proxy
X-Cache-URL
Brightspot-Id
X-Matched-Rule
X-Platform
X-Svr
X-Clientip
X-Varnish-HitMiss
X-HCF
X-Thinkindot-L3
X-Cache-Control-Set-By
X-Thanos
Thinkindot-Control
X-Page-Type
X-Refresh
Thinkindot-CacheControl
Arc-Country
Cteonnt-Length
Thinkindot-CacheControl-Type
X-Varnish-Id
X-Bip
REQUESTUUID
Cache-Provider
X-Correlation-ID
WebServer
X-Amz-Meta-S3b-Last-Modified
X-LiteSpeed-Cache-Control
X-Req
X-Irp-Debug
X-CLOUD-TRACE-CONTEXT
Apicache-Version
Apicache-Store
X-P-T
X-Pjax-Url
X-App-Version
X-Varnish-Url
X-LB-Node
X-LB-CacheStatus
Processtime
X-Origin-TTL
PageType
X-ROOTCache
Sid
X-Pf-Uncompressing
X-Ratelimit-Limit
X-Ruxit-Js-Agent
X-Request-UUID
Accept-Ch
X-Request-Start
X-Ua
X-From-Cache
X-Ratelimit-Remaining
Pagetype
X-Endurance-Cache-Level
Cdn
If-Modified-Since
Dynatrace
COMMERCE-SERVER-SOFTWARE
X-DC
GeoIp-Country-Code
Memory
X-Varnish-Action
X-EC-Security-Audit
X-Amz-Meta-Sha256
Geoip-Latitude
Geoip-City
X-Load-Cache
X-Cache-ASPX
X-Fastly-Backend-Reqs
X-Layer
X-COUNTRY
X-Cdn-Forward
PROCESSING-IP
BORDER-IP
PICS-Label
SN
X-GRACE
X-Redis-Cache
X-Varnish-Beresp-TTL
X-ServedByHost
X-GDPR
X-Tid
Ar-Sid
CF-IPCountry
Edgecast
Frame-Options
X-RequestId
X-Atg-Version
X-NC
NodeID
X-Fastly-Cache-Hits
X-Cache-Handler
X-Rocket-Nginx-Serving-Static
X-Csrf-Token
X-Nananana
X-Key
X-Owner
X-Resolver-IP
X-B3-SpanId
MIME-Version
X-NWS-UUID-VERIFY
X-Cf-Powered-By
X-TId
X-Requestid
Dont-Set-Cookie
Cf-Ipcountry
Pics-Label
Web-Mar-Region
X-Server-W
X-Servedbyhost
CACHE
WZWS-RAY
X-Rule
X-Sentry-ID
X-HTML-Minification-Powered-By
X-Flog
X-BE
X-ABtesting
X-Sf
X-Tec-Api-Version
X-Tec-Api-Root
Node
ProcessTime
X-Tec-Api-Origin
RNT-Time
RNT-Machine
Get-Access-Time
Lfy
X-VG-WebCache
X-DataStream-MidMile-RTT
X-Wix-Petri-Ex
X-FORWARDED-FOR
Is-Session-Tracking
X-Cache-TTL
X-Powered-By-ANYU
X-HS-Hub-Id
Mail-Subject
GeoIP-Country-Code
GeoIP-City
We-Hiring
X-DataStream-Origin-MEX-Latency
GeoIP-Latitude
PageSpeed
Max-Age
X-Varnish-Ttl
X-Dynatrace-Js-Agent
X-Shard
X-CDN-Pop-IP
X-CDN-Pop
X-Use-Magma
CDN
X-ByteArk-Cache
X-SRV
X-Mem
XServer
X-GZIP
Magicmarker
X-Cache-FS-Status
URI
Accept-CH
Powered
X-Powered-By-Defense
X-Ms-Version
X-PF-Uncompressing
Cache-Tags
X-Check-Cacheable
X-UPSTREAM-Address
DataCenter
X-Ms-Lease-Status
X-Ms-Blob-Type
X-Front
X-GEO
X-Ms-Request-Id
X-Dw-Trace-Id
X-Unique-Id
X-Cookie
X-Trv-Request-Id
X-Varnish-URL
X-Oa-Upstreams
X-Zalando-Child-Request-Id
X-Zalando-Page-Type
X-Remote-IP
X-Micro-Cache
Amp-Access-Control-Allow-Source-Origin
X-Fe
Xet-Cookie
Group
V-Cache
X-Safe-Firewall
Rt-Proxy-Cache
Srv
RequestUuid
X-Varnish-ID
X-Aicache-OS
X-VarnPar1
X-VarnPar2
N-Cache
X-VC
X-SB
X-HGenerator
X-PJAX-URL
X-PAGE-TYPE
X-VarnCache
X-PARISIEN-Cache-Rendered
X-Proxy-Server
X-NGINX-Cache
Hostname
X-ProxyCache-Args
X-RAMCache
X-M-Log
X-Gdpr
Requestid
WS
X-M-Reqid
X-Acquia-Application-Trace
X-Qnm-Cache
WWW-Authenticate
X-Alicdn-Da-Ups-Status
X-Hello
X-Akamai-ERRuleID
X-Litespeed-Tag
CF-Cached-On
X-Acquia-Application-UUID
X-Akamai-ERPolicy
SID