Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
X-Xss-Protection
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
CF-Ray
Alt-Svc
Status
X-AspNetMvc-Version
X-Cache-Status
X-DNS-Prefetch-Control
X-Check
X-Iinfo
X-Adblock-Key
X-FRAME-OPTIONS
X-CDN
Timing-Allow-Origin
X-Content-Security-Policy
X-Turbo-Charged-By
X-Permitted-Cross-Domain-Policies
Content-Encoding
P3p
X-Template
X-Language
Keep-Alive
X-Type
X-AH-Environment
X-Via
X-Cache-Group
X-Backend
WPE-Backend
X-Request-ID
X-Pass-Why
X-Buckets
X-Age
X-Server
X-Nginx-Cache-Status
Access-Control-Max-Age
X-Server-Powered-By
X-Pingback
Xkey
X-Varnish-Cache
Grace
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Expose-Headers
X-Hacker
X-UA-Device
X-Amz-Request-Id
X-Page-Speed
Cf-Railgun
X-Amz-Id-2
X-Proxy-Cache
X-Robots-Tag
EagleId
X-Envoy-Upstream-Service-Time
X-LiteSpeed-Cache
Request-Context
X-Node
X-Swift-SaveTime
X-Swift-CacheTime
X-Ac
X-Device
Ali-Swift-Global-Savetime
X-Cnection
X-Host
Content-Location
X-Amz-Version-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Surrogate-Control
X-Backend-Server
X-Cache-Lookup
X-Server-Id
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Rack-Cache
X-Response-Time
X-Px
X-Instart-Request-ID
Request-Id
X-CST
X-Readtime
Server-Timing
X-Rq
X-Clacks-Overhead
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
X-HeyJason
Pinterest-Generated-By
EagleEye-TraceId
X-Ua-Compatible
Edge-Control
X-Cloud-Trace-Context
X-Application-Context
X-Url
X-MS-InvokeApp
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country
Report-To
X-DynaTrace-JS-Agent
X-Server-Name
Charset
SPRequestGuid
X-Country-Code
Allow
X-SharePointHealthScore
X-DataDome
X-Ruxit-JS-Agent
X-ESI
Rating
X-Varnish-TTL
X-PC
X-TtlSet
X-Vname
X-Cached
X-Powered-CMS
X-Powered-By-Plesk
X-Recruiting
X-CF-Powered-By
X-TTL
X-FTR-Request-ID
NEL
X-D2id
X-Vhost
X-DynaTrace
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Env
Public-Key-Pins
X-Kinja
X-Kinja-Build
X-Kinja-Server
X-Geo-Segment
X-Kinja-Revision
X-Exp-Variant
X-Cdn-Fetch
X-F-Cache
X-Exp-Id
X-Version
X-VARITI-CCR
X-T
SPRequestDuration
SPIisLatency
X-N
X-GoogleNews-Bot
Cartoon
X-Dw-Request-Base-Id
X-Mod-Pagespeed
MS-Author-Via
X-Abt-Application-Version
Content-MD5
RTSS
Nginx-Cache
Feature-Policy
Verso
X-GitHub-Request-Id
AR-ATIME
AR-CACHE
AR-PoweredBy
X-Dispatcher
X-Ttl
MicrosoftSharePointTeamServices
X-Navigation-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Goog-Hash
X-Amz-Rid
X-Server-ID
X-Client-IP
Realpath
X-Shield-Request-Id
X-Hits
X-Forwarded-Proto
X-Origin-Cache
X-Trace
X-Cdn
Paypal-Debug-Id
X-Content-Options
X-Zen-Fury
X-Id
X-Content-Digest
X-Kinsta-Cache
TCN
Arr-Disable-Session-Affinity
X-B
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
AR-SID
X-Grace
DynaTrace
Alternate-Protocol
X-Varnish-Age
X-Cache-Key
Fastcgi-Cache
X-Sol
X-Upstream
MRF-Tech
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-Ser
Access-Control-Request-Method
X-FastCGI-Cache
X-Pad
X-Middleton-Display
X-Fastly-Request-ID
Display
PB-PID
PB-RID
X-Mobile-Rewrite
X-NF-Request-ID
X-Nf-Srv-Version
X-Via-JSL
X-Acc-Meta-Resource-Type
X-DIS-Request-ID
X-Vcap-Request-Id
X-User-Agent
Response
X-Middleton-Response
X-Forwarded-For
Front-End-Https
Pagespeed
X-MSEdge-Ref
X-IPLB-Instance
Rt-Fastcgi-Cache
X-Frontend
X-Cache-Rule
X-PressLabs-Stats
Eomportal-Instance
X-SS-Set-Cookie
X-Logged-In
X-Cache-Hit
Arc-Version
X-Whom
Server-Name
X-Goog-Stored-Content-Length
X-VCache
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Hostname
Host
X-Webkit-Csp
X-XRDS-Location
Tracecode
S
Surrogate-Key
X-FTR-Expires
X-Country-Code-Real
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-DC
X-FTR-Backend
X-FTR-Cache-Status
X-URL
Cache-Status
X-Request-Processing-Time
X-Request-Received
X-Debug
Backend-Timing
X-Analytics
X-HS-Content-Id
X-AOL-HN
X-Instance
TP-L2-Cache
TP-Cache
Refresh
X-Contextid
X-Proxied
X-Magnolia-Registration
X-Az
X-Activity-Id
X-AppVersion
Public-Key-Pins-Report-Only
X-Rid
X-XRDS-LOCATION
X-Srv
FilterID
X-Wix-Server-Artifact-Id
ServerID
X-UUID
Server-Info
HitType
HitInfo
X-HW
X-Newrelic-App-Data
X-WPE-Loopback-Upstream-Addr
X-B3-Traceid
Cleartype
Liferay-Portal
Service-Worker-Allowed
X-Varnish-Server
X-Mobile
X-NWS-LOG-UUID
X-Content-Security-Policy-Report-Only
AMP-Access-Control-Allow-Source-Origin
X-FTR-Cache-Host
X-Varnish-Backend
X-APP-VERSION
Served-By
X-Cache-Control
X-Revision
X-Amzn-Trace-Id
X-Geo-Country
Source
X-Request-Guid
X-App-Environment
Host-Header
Retry-After
Server-Node
X-PHP-Backend
X-Hail-Hydra
X-PC-AppVer
X-PC-Hit
X-RateLimit-Remaining
X-Correlation-Id
X-PC-Key
X-BCube-Filmed-By
X-Cache-Server
X-Varnish-Hostname
X-TT
Edge-Cache-Tag
X-HS-Cache-Config
X-Origin
X-Device-Type
X-Handled-By
MS-CV
X-Cache-Operation
DC
S-Cnection
X-B-Cache
X-Tumblr-Pixel
X-Framework
X-Tumblr-Pixel-0
X-Signature
Powered-By-ChinaCache
X-Origin-Upstream-Status
X-Tumblr-User
X-FB-Debug
X-Cache-2
X-Cache-Config
X-Page-Id
Fastly-Restarts
X-Litespeed-Cache
Accept-Charset
X-Origin-Server
X-Cache-Action
X-TT-TIMESTAMP
X-Sucuri-ID
X-Ocache
X-Debug-Info
X-PC-Date
X-PC-Host
Viewport
Actual-Object-TTL
X-ATG-Version
X-Shield-Cache-Expires
X-ADI-VCache
X-Hyper-Cache
X-B3-Sampled
NGB
X-Content-Powered-By
X-WA-Info
X-Cached-By
X-Microcachable
X-Accel-Expires
X-Drupal-Cache-Tags
X-Akam-SW-Version
Upgrade-Insecure-Requests
X-LB-Cache
SRV
Filters
X-Cache-NE
Cache
X-NewRelic-App-Data
X-Generated-By
AsisCache
ServedBy
X-App-Server
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-FW-Hash
X-Internal-Host
X-Cacheable-TTL
X-FW-Type
X-FW-Serve
X-FW-Static
X-S
X-FW-Server
X-RequestSource
X-Locale
X-RTag
X-WebKit-CSP-Report-Only
Content-Script-Type
X-GeoIP
X-Distil-CS
Content-Style-Type
X-Wix-Request-Id
X-Seen-By
X-Tumblr-Pixel-2
X-Jobs
X-Accel-Buffering
X-TX-ID
X-Tumblr-Pixel-1
X-Amz-Server-Side-Encryption
X-Varnish-Hits
X-Cluster
X-ServedBy
From-Origin
X-Geo
X-Node-Name
X-GUploader-UploadID
X-Akamai-Edgescape
X-Sucuri-Cache
X-Varnish-Grace
X-Adobe-Content
X-RateLimit-Limit
X-Varnish-Cache-Hits
X-Adobe-Loc
X-HS-Combine-CSS
X-Varnish-IP
X-GZip
X-Platform-Server
X-UA
X-Vg-Webcache
X-Cache-TTL-Remaining
X-Dns-Prefetch-Control
X-Edge-Cache
X-Edge-Cache-Key
X-Daa-Tunnel
Datacenter
X-CDN-Forward
X-Cache-Age
X-Cache-Remote
X-Real-IP
X-Storage
X-Akamai-Transformed
Cache-Tag
X-Region
X-Mode
HostName
X-Drupal-Cache-Contexts
X-Amz-Replication-Status
X-Esi
X-Distributor
X-Source
X-Rendered-As
Meta-Geo
X-ProcessESI
X-RemovedCookies
X-RN-RSRV
X-Cache-Var
X-Cache-Var-Map
X-Detected-As
Machine
X-Path-Route
Load-Balancing
X-MP-GENERATED-AT
X-Is-Bot
X-Agile
ServerName
X-Amzn-RequestId
X-Agile-Age
X-Agile-Id
Fastly-SSL
X-Amz-Apigw-Id
Country
X-CDN-Cache
X-Time-Microsecs
X-PERF
X-PCL
X-TWH-CORRELATION-ID
X-Upgrade-Enabled
X-Web-Node
X-Viewer-Country
X-OCL
X-NodeID
X-Akamai-Request-ID
Mn-Server-Ip
X-ApacheServer
X-BB-IP
X-Grey
X-Cache-Category-Id
Cache-Key
GEO-INFO
X-Kinja-Server-Push
Azure-RegionName
Azure-SiteName
Azure-SlotName
Azure-InstanceId
X-Instance-Name
X-Proto
X-Original-Request
X-Optimization
X-TA-CDN-Provider
Azure-Version
Backend
X-Cache-HT
Ohc-File-Size
X-Amz-Meta-Surrogate-Control
S-Rt
X-Cluster-Node
X-Debug-Cache
Cache-Name
X-EIG-Tracking-Id
X-Edge-Location
L5d-Success-Class
X-Pubstack
X-Human
X-Webstats-RespID
X-Via-Fastly
X-Port
X-ProxyCache-Status
X-ServerID
X-CCM
X-Birta-Served
X-CCM-LastModified
LB
DB-Nickname
X-Routing-Service
X-FC-Vary-Parameters
Healthy
X-ProxyCache-Key
X-Birta-Cache-Post
X-AWS-Id
TWC-GeoIP-Country
TWC-Device-Class
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Privacy
TWC-Connection-Speed
Webcakes-App-Name
X-Access
X-App-Name
Webcakes-Region
Property-Id
Webcakes-App-Version
X-Format
X-BYPASS-REASON
X-NCache
X-Meta-Tbi-Cache-Vertical
X-LJ-Flow-ID
X-IP
X-Origin-Hint
X-SplitTest
X-Section
X-Site-Version
X-OVcl-Cache
X-OVcl
User-Cache-Control
X-Labrador-Cache-Channel
X-Www-Served-By
X-Xfnlog-Site
X-Zipkin-Id
X-Generation-Time
X-VWS-Id
X-Hosted-By
Cache-Hits
X-Proxy
Fastcgi-Useragent
Now
X-TNCMS
X-Loop
X-Varnish-Cacheable
User-Agent
Access-Control-Allow-Method
X-JoinUs
X-Request-Time
X-Surge-Debug
X-Generated
X-CLOUD-TRACE-CONTEXT
X-Backend-Name
X-Cache-Bucket
X-Guploader-Uploadid
X-Tumblr-Pixel-3
Payment
Countrycode
Selected-FE
X-Proxy-Build
RATING
X-Ezoic-Cdn
X-Tb
X-Timing-Wait
X-Origin-CC
X-Time
X-Hit
Ec-Rule-Version
X-Render-Type
X-Dc
X-Cache-Enabled
X-Feature
WP-Super-Cache
X-DataStream-Cache-Status
X-Unique-ID
X-Newrelic-Synthetics
Origin-Edge-Control
X-Nginx-Cache
X-Nc
Origin-Cache-Control
X-B3-Spanid
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-B3-TraceId
X-Oneagent-Js-Injection
X-Environment-Context
X-L-Path
X-Real-Ip
X-CACHE-AGE
X-UA-Device-Type
RequestId
X-Correlation-ID
X-NU-AKA-ACS-Version
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Skip-Cache
Xserver
NODE
X-NGENIX-Cache
X-WR-MODIFICATION
Access-Control-Request-Headers
Webserver
X-Content-Type
X-ElasticPress-Search
X-Status
X-Be
X-COUNTRY
X-Vgn-Hpd-Reason
X-Cache-Backend
X-EdgeConnect-Cache-Status
Time
X-Servedby
Warning
X-No-Session
Apple-News-Services-Request-Url
Apple-News-Services-Handled
X-Haproxy-Hostname
X-From
X-Generated-In
X-G
Ajk
AKAMAI
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Haproxy-Ip
X-Logtrace-Id
Fastcgi-X-Cache
X-A-Wwc
MD5-Digest
Memcached
X-A-Dgt
X-Accel-Expires-Debug
X-Application
X-B-Cookie
Host-ID
X-ARC
Meta-Geo-Continent
X-A-Dcw
Viewtype
Resin-Trace
T-Server
VivaBuild
Www
X-A-Dam
X-A-Ccd
X-A
X-BB-ID
X-BBXSRF
X-Date
X-D
X-Connection-Hash
X-Destination
Cache-Prefix
BehaviorPad-Version
X-Died
X-Developer
Xc-Version
Fastcgi-X-Cache-Version
X-Cache-Id
GMS-Ver
X-Cache-Host
X-CF-Lambda-Fn
X-CF-Lambda-Version
Fastly-Soc-X-Request-Id
Fly-Cache
Fly-Request-Id
X-DPWN-IS-SECURE
X-ND-Cache
X-User
X-We-Are-Hiring
X-Twitter-Response-Tags
X-Public
X-Server-Time
X-Server-By
X-Planisys-CDN-TTL
X-Transaction
X-Trv-Group
X-Via-Edge
X-Upstream-HT
X-Rewrite-Enabled
X-SVT-ORM-RULES
X-Upstream-CT
Sta2Tusw
X-VG-WebServer
X-Via-CDN
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-S-Cookie
X-SRCache-Key
X-SVT-ORM-VERSION
X-Region-Sid
X-PAYTM-SRV-ID
X-Wix-Route-ID
X-Rojux
Ws
X-Croise-Owner
IBM-Web2-Location
X-GoCache-CacheStatus
Odigeo-Trace-Id
X-Request-URI
Fastly-SIE
X-Var-Ttl
NGX
X-Sn-Servicetimems
X-Debug-Cookies
X-Debug-Log
X-Rebelmouse-Cache-Control
X-CS
X-Core-Value
X-Varnish-Beresp-Ttl
X-Rebelmouse-Surrogate-Control
X-ScT
X-Up
X-Forwarded-Host
X-Cache-Expires
Rendered-Blocks
X-Phone
Release
X-Wikidot-Backend
X-Wikidot-Static-Cache
Uber-Trace-Id
X-Cache-CFC
X-Trace-Id
Server-Int
X-NX-Host
X-SIPLIST1
Request-Time
UCS
V-Age
X-F5-Cache
X-Fastly-Cache
X-Cache-Time
Origin
X-Cdn-Origin
X-FireWall-Port
Fastly-SWR
Apicache-Store
X-Amz-Meta-Cache-Control
Apicache-Version
X-Fstrz
X-Frame-Option
IsBot
Cneonction
X-C
X-Cache-Ttl
X-Webkit-CSP
X-Amz-Meta-S3cmd-Attrs
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Returned-From-PostProcessResponse
X-Thinkindot-L3
X-Backend-Host
X-ServiceProvider
Thinkindot-CacheControl
X-Server-IP
X-Server-Group
X-Backend-State
X-Served-From
X-Actual-URL
Who
X-Stale
Web-Mar-Node
X-IN-WAF
X-Content-Age
X-GeoIP-City
X-GeoIP-Country-Code
X-Hnp-Log
X-WebServer
X-Gen-Mode
X-VServer
X-Env
X-Epic-Correlation-Id
X-Eu-Site
X-Location
X-Matched-Rule
X-IN-APIGATEWAY
X-Passed-To-BeforeDispatch
X-Passed-To
X-Passed-To-DLL
X-IN-SSL-APIGATEWAY
X-MI-In-Market
X-Servername
X-Passed-To-PostProcessResponse
X-Edge-IP
X-Dispatcher-Server
X-Returned-From-BeforeDispatch
X-Cdn-Srv
X-TT-LOGID
X-Cache-Debug
X-Bug-Bounty
X-Backend-Url
X-Returned-From-DLL
X-Block-Status
X-Returned-From
X-CGP
X-Developers
X-Device-Os
X-V
X-Reboot
X-Worker
X-UE-Client-Country
X-UnsetCookies
X-Ckpd-Fst-Backend
X-Backend-TTL
Pragrma
HA-Host
HA-Ipaddr
Ha-Gx-Prefs
HA-Georegion
HA-Geolon
HA-Servedtime
HA-Urlpath
CDCHOST
HTTPS
Httpd-Identifier
Heartbleed
HA-Geolat
HA-Geocountry
Decoy-Debug-TTL
X-StackifyID
Esi-Enabled
Fastly-Backend-Name
Decoy-Debug-Status
Decoy-Debug-Key
HA-Geocity
HA-Cloudapp
GW-Server
Content-Disposition
Is-Eu
Cache-Cookie-Set-Lfrom
OT-Force-Account-Verify
Cache-Cookie-Set-Idcheck
On-Server
Platform
Powered-By
Proxy-Connection
Pramga
MI-Cache-Age
Ohc-Response-Time
MI-Cache
Backend-Name
Server-Host
Adler-Geo
Cache-Cookie-Set-From
X-TIME
X-Hl-Ver
X-Via-NSCOPI
X-Hash
X-Fetched-On
X-Release
X-Core-Mission
X-MSEdge-Features
X-Page-Type
X-Response-By
X-RCS-CacheZone
X-MSEdge-Flight
X-Auto-Login
X-Node-Id
X-Sorting-Hat-FeatureSet
X-Sorting-Hat-ShopId-Cached
MI-API
X-S-Maxage
Kp-EeAlive
X-Sorting-Hat-Section
PFcat
X-Ver
Server-ID
REQUESTUUID
Request-EU
Request-Country
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-Sorting-Hat-PrivacyLevel
X-ShopId
X-ShardId
NnCoection
X-Cache-Srv
X-Sorting-Hat-PodId
X-Sorting-Hat-PodId-Cached
Mime-Version
X-HS-Hub-Id
X-Gannett-Site-Version
X-Info
X-Crawler
X-Secret
X-Clientip
Ar-Sid
X-Varnish-Id
X-Origin-Date
X-Origin-Expires
X-Platform
X-Bip
X-Cache-Control-Set-By
X-HCF
X-Thanos
X-Varnish-HitMiss
X-Rocket-Nginx-Bypass
X-Cache-URL
Drupal-Pagecache-Memcache
X-P-T
X-Req
Cache-Provider
Country-Code
X-Refresh
Processtime
X-Fastcgi-Cache
X-Svr
NtCoent-Length
X-Amz-Meta-S3b-Last-Modified
X-App-Version
Dnion-Transfer-Encoding
Version
X-Origin-TTL
X-Pf-Uncompressing
X-Pjax-Url
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Csrf-Token
X-Oss-Request-Id
Pagetype
X-Oss-Server-Time
X-Oss-Object-Type
Cteonnt-Length
X-RateLimit-Limit-Second
X-Yottaa-Sig
X-RateLimit-Remaining-Second
Accept-Ch
X-Kong-Proxy-Latency
Memory
X-From-Cache
X-Kong-Upstream-Latency
X-Amz-Meta-Sha256
X-Cache-ASPX
X-EC-Security-Audit
X-CSRF-Token
WebServer
FSS-Proxy
FSS-Cache
Arc-Country
X-Varnish-Url
X-GRACE
X-Ua
X-NC
Geoip-Latitude
GeoIp-Country-Code
Geoip-City
Brightspot-Id
SN
X-Irp-Debug
X-LiteSpeed-Cache-Control
X-Ruxit-Js-Agent
X-DC
PageType
X-Dynatrace
X-Wix-Petri-Ex
PICS-Label
Sid
If-Modified-Since
X-Cache-Handler
Dont-Set-Cookie
Cdn
X-ROOTCache
X-Redis-Cache
X-LB-CacheStatus
X-LB-Node
COMMERCE-SERVER-SOFTWARE
X-Cdn-Forward
X-Rule
X-Endurance-Cache-Level
CF-IPCountry
X-Request-UUID
X-Request-Start
X-Ratelimit-Remaining
MIME-Version
Edgecast
X-Fastly-Backend-Reqs
X-Varnish-Beresp-TTL
X-Load-Cache
X-SERVER-NAME
X-TId
BORDER-IP
PROCESSING-IP
X-Varnish-Action
X-Requestid
X-Atg-Version
X-Sf
X-Servedbyhost
X-Layer
X-GDPR
X-Ratelimit-Limit
RNT-Time
X-ServedByHost
X-Tid
RNT-Machine
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
XServer
X-B3-SpanId
X-RequestId
Dynatrace
X-Rocket-Nginx-Serving-Static
Frame-Options
X-Nananana
X-BE
X-Resolver-IP
X-Fastly-Cache-Hits
Pics-Label
Powered
Cf-Ipcountry
X-Cache-TTL
CDN
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
NodeID
Cache-Tags
X-Key
X-Owner
Amp-Access-Control-Allow-Source-Origin
Node
CACHE
X-HTML-Minification-Powered-By
GeoIP-City
GeoIP-Latitude
We-Hiring
X-Server-W
GeoIP-Country-Code
Mail-Subject
Web-Mar-Region
PageSpeed
DataCenter
X-Gdpr
X-VG-WebCache
X-ABtesting
X-Dynatrace-Js-Agent
X-Flog
X-Varnish-Ttl
X-Shard
X-Use-Magma
X-Sentry-ID
Lfy
X-Powered-By-ANYU
Accept-CH
WZWS-RAY
X-UPSTREAM-Address
X-NWS-UUID-VERIFY
X-GZIP
ProcessTime
X-CDN-Pop-IP
Max-Age
X-PF-Uncompressing
Is-Session-Tracking
Get-Access-Time
X-CDN-Pop
X-Varnish-URL
X-Ms-Request-Id
X-Ms-Version
X-Ms-Blob-Type
Hostname
X-Ms-Lease-Status
URI
X-Aicache-OS
X-Mem
X-GEO
X-Dw-Trace-Id
X-NGINX-Cache
X-Alicdn-Da-Ups-Status
Xet-Cookie
X-Check-Cacheable
X-Trv-Request-Id
X-Powered-By-Defense
True-Client-Country-4JS
Cdn-Request-Time
Cdn-Host
X-PJAX-URL
X-Remote-IP
X-Edge-Server
X-Cache-FS-Status
X-Front
X-Oa-Upstreams
X-VG-TLSProxy
X-Cookie
Magicmarker
X-Unique-Id
RequestUuid
WS
Requestid
X-Varnish-ID
X-Proxy-Server
X-Policy
X-PAGE-TYPE
X-Swa-Ws
X-Ms-Lease-State
X-ByteArk-Cache
X-RSL
X-DI
X-DW
X-RPM
X-DB
Rt-Proxy-Cache
X-RPS
X-VID
X-DSS
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Akamai-ERPolicy
X-Micro-Cache
X-Zalando-Page-Type
X-Zalando-Child-Request-Id
X-Akamai-ERRuleID
X-Hello
X-RAMCache
X-Fe
SID
X-Litespeed-Tag
CF-Cached-On
X-Litespeed-Cache-Control