Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
X-Xss-Protection
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
Alt-Svc
Status
X-AspNetMvc-Version
X-Cache-Status
X-DNS-Prefetch-Control
X-Check
P3p
X-Iinfo
X-Adblock-Key
X-FRAME-OPTIONS
Timing-Allow-Origin
X-CDN
X-Content-Security-Policy
X-Permitted-Cross-Domain-Policies
X-Turbo-Charged-By
Content-Encoding
X-Template
X-Language
Keep-Alive
X-Type
X-AH-Environment
X-Via
CF-Ray
X-Backend
X-Cache-Group
X-Request-ID
WPE-Backend
X-Pass-Why
X-Buckets
X-Age
X-Server
X-Nginx-Cache-Status
Access-Control-Max-Age
X-Server-Powered-By
X-Pingback
Xkey
X-Varnish-Cache
Grace
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
Upgrade
X-Hacker
X-UA-Device
X-Amz-Request-Id
Cf-Railgun
X-Page-Speed
X-Amz-Id-2
X-Proxy-Cache
X-Robots-Tag
EagleId
X-Envoy-Upstream-Service-Time
Request-Context
X-Node
X-LiteSpeed-Cache
X-Ac
X-Swift-SaveTime
X-Swift-CacheTime
X-Device
X-Cnection
X-Host
Ali-Swift-Global-Savetime
Content-Location
X-Amz-Version-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
Surrogate-Control
X-Backend-Server
X-Server-Id
X-OneAgent-JS-Injection
X-Cache-Lookup
X-Rack-Cache
X-Response-Time
X-Px
X-Instart-Request-ID
Request-Id
Server-Timing
X-Readtime
X-CST
X-Rq
X-Clacks-Overhead
Pinterest-Generated-By
X-HeyJason
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
X-Url
EagleEye-TraceId
X-Ua-Compatible
Edge-Control
X-Application-Context
X-Cloud-Trace-Context
X-Country
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-MS-InvokeApp
Report-To
X-Server-Name
Charset
X-DynaTrace-JS-Agent
SPRequestGuid
X-Country-Code
Allow
X-ESI
X-SharePointHealthScore
X-DataDome
X-Ruxit-JS-Agent
Rating
X-Varnish-TTL
X-TtlSet
X-PC
X-Vname
X-Cached
X-Powered-CMS
X-Powered-By-Plesk
X-Recruiting
X-CF-Powered-By
X-FTR-Request-ID
X-DynaTrace
X-Vhost
NEL
X-D2id
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
Pinterest-Version
X-Exp-Variant
X-Pinterest-Rid
X-Geo-Segment
Public-Key-Pins
X-Upstream-Env
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Revision
X-Kinja-Server
X-Kinja
X-Kinja-Build
X-TTL
X-F-Cache
X-Version
X-GoogleNews-Bot
X-N
X-VARITI-CCR
Cartoon
SPRequestDuration
SPIisLatency
X-Dw-Request-Base-Id
X-T
X-Mod-Pagespeed
X-Ttl
Content-MD5
X-Abt-Application-Version
MS-Author-Via
RTSS
Nginx-Cache
Feature-Policy
Verso
X-GitHub-Request-Id
X-Dispatcher
X-Navigation-Version
X-Goog-Hash
X-SRCache-Store-Status
MicrosoftSharePointTeamServices
X-SRCache-Fetch-Status
X-Server-ID
X-Client-IP
X-Amz-Rid
AR-PoweredBy
AR-CACHE
AR-ATIME
Realpath
X-Forwarded-Proto
X-Hits
X-Shield-Request-Id
X-Origin-Cache
X-Cdn
X-Trace
Paypal-Debug-Id
X-Content-Options
X-Zen-Fury
X-Id
X-Content-Digest
X-Kinsta-Cache
DynaTrace
X-TEC-API-ORIGIN
X-TEC-API-ROOT
TCN
X-TEC-API-VERSION
X-Grace
X-B
Arr-Disable-Session-Affinity
AR-SID
X-Varnish-Age
X-Cache-Key
Alternate-Protocol
Fastcgi-Cache
X-Sol
X-Upstream
Access-Control-Request-Method
MRF-Tech
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-Ser
X-FastCGI-Cache
X-Middleton-Display
Display
X-Pad
X-Fastly-Request-ID
X-Acc-Meta-Resource-Type
PB-RID
PB-PID
X-Mobile-Rewrite
X-Nf-Srv-Version
X-Via-JSL
X-NF-Request-ID
X-Vcap-Request-Id
X-User-Agent
X-DIS-Request-ID
X-Middleton-Response
Response
X-Forwarded-For
Pagespeed
Front-End-Https
Rt-Fastcgi-Cache
X-MSEdge-Ref
Eomportal-Instance
X-Cache-Rule
X-PressLabs-Stats
X-Frontend
X-SS-Set-Cookie
X-Cache-Hit
X-Logged-In
X-IPLB-Instance
Arc-Version
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Generation
X-VCache
X-Whom
Server-Name
X-Hostname
Host
X-XRDS-Location
Surrogate-Key
S
X-FTR-Backend
X-FTR-Realm
X-Country-Code-Real
X-FTR-Expires
X-FTR-Balancer
X-FTR-DC
Tracecode
X-FTR-Cache-Status
X-FTR-Backend-Server
X-Analytics
Backend-Timing
Cache-Status
X-Debug
X-HS-Content-Id
X-Request-Received
X-Request-Processing-Time
Refresh
X-AOL-HN
TP-Cache
TP-L2-Cache
X-Contextid
X-Magnolia-Registration
X-Litespeed-Cache
X-Instance
FilterID
X-AppVersion
X-XRDS-LOCATION
X-Wix-Server-Artifact-Id
X-Activity-Id
X-Az
Public-Key-Pins-Report-Only
X-Proxied
X-Rid
ServerID
X-HW
X-Srv
HitInfo
X-UUID
Server-Info
HitType
X-WPE-Loopback-Upstream-Addr
Cleartype
X-B3-Traceid
X-Newrelic-App-Data
Liferay-Portal
Service-Worker-Allowed
X-Mobile
AMP-Access-Control-Allow-Source-Origin
X-FTR-Cache-Host
X-Content-Security-Policy-Report-Only
X-Varnish-Server
X-APP-VERSION
X-Varnish-Backend
Served-By
X-Cache-Control
Source
X-Revision
X-Cache-Server
X-Amzn-Trace-Id
Server-Node
X-NWS-LOG-UUID
X-Geo-Country
X-Hail-Hydra
X-Request-Guid
Accept-Charset
X-TT
X-PHP-Backend
X-PC-Key
X-BCube-Filmed-By
X-PC-AppVer
X-PC-Hit
Retry-After
X-Device-Type
X-Origin-Upstream-Status
X-App-Environment
Host-Header
X-Cache-2
X-Correlation-Id
X-Handled-By
X-RateLimit-Remaining
X-Framework
X-Tumblr-User
X-Tumblr-Pixel-0
MS-CV
X-Cache-Config
X-Tumblr-Pixel
X-Cache-Operation
X-Page-Id
X-Signature
X-B-Cache
X-Varnish-Hostname
X-FB-Debug
X-Origin
X-HS-Cache-Config
S-Cnection
Edge-Cache-Tag
DC
Powered-By-ChinaCache
X-Origin-Server
X-URL
Fastly-Restarts
X-Debug-Info
X-TT-TIMESTAMP
X-Cache-Action
Viewport
X-ATG-Version
X-Sucuri-ID
X-PC-Date
X-PC-Host
X-Ocache
Actual-Object-TTL
X-B3-Sampled
X-Hyper-Cache
X-WA-Info
X-Cached-By
X-ADI-VCache
NGB
X-NewRelic-App-Data
X-Shield-Cache-Expires
X-Content-Powered-By
X-Webkit-Csp
X-Microcachable
X-Drupal-Cache-Tags
X-Akam-SW-Version
X-Accel-Expires
X-LB-Cache
Upgrade-Insecure-Requests
Filters
X-Generated-By
X-Cache-NE
SRV
AsisCache
X-Yottaa-Metrics
X-App-Server
X-Yottaa-Optimizations
ServedBy
X-RequestSource
X-Cacheable-TTL
X-Locale
X-Distil-CS
X-Seen-By
X-Internal-Host
Content-Style-Type
Cache
X-FW-Static
X-FW-Server
X-FW-Serve
X-FW-Hash
X-FW-Type
X-WebKit-CSP-Report-Only
X-Wix-Request-Id
X-GeoIP
Content-Script-Type
X-Tumblr-Pixel-2
X-Accel-Buffering
X-Tumblr-Pixel-1
X-Jobs
X-S
X-RTag
X-Cluster
X-TX-ID
X-Node-Name
X-ServedBy
X-Amz-Server-Side-Encryption
X-Geo
From-Origin
X-GUploader-UploadID
X-Varnish-Hits
X-Varnish-Grace
X-Varnish-Cache-Hits
X-RateLimit-Limit
X-Akamai-Edgescape
X-Cache-Age
X-Adobe-Loc
X-Adobe-Content
X-Platform-Server
Datacenter
X-Varnish-IP
X-Sucuri-Cache
X-Vg-Webcache
X-UA
X-HS-Combine-CSS
X-Dns-Prefetch-Control
X-CLOUD-TRACE-CONTEXT
X-Cache-TTL-Remaining
X-CDN-Forward
X-Edge-Cache-Key
X-Edge-Cache
X-GZip
X-Real-IP
Cache-Tag
X-Storage
X-Cache-Remote
X-Akamai-Transformed
X-Mode
X-Drupal-Cache-Contexts
X-Region
X-Daa-Tunnel
X-Source
X-Amz-Replication-Status
X-Distributor
HostName
Meta-Geo
Machine
Load-Balancing
X-RemovedCookies
X-Rendered-As
X-RN-RSRV
X-Path-Route
X-Detected-As
X-Cache-Var
X-MP-GENERATED-AT
X-ProcessESI
X-Cache-Var-Map
X-Is-Bot
X-Amz-Apigw-Id
Fastly-SSL
X-NCache
ServerName
X-Amzn-RequestId
X-TWH-CORRELATION-ID
X-OCL
Cache-Key
X-CDN-Cache
X-Agile-Age
X-Kinja-Server-Push
X-Webstats-RespID
X-Web-Node
X-Proxy
X-Upgrade-Enabled
Ohc-File-Size
X-PCL
X-Cache-Category-Id
X-Time-Microsecs
X-BB-IP
X-Agile
Mn-Server-Ip
X-Akamai-Request-ID
X-Agile-Id
GEO-INFO
X-Grey
X-Human
X-Cluster-Node
X-Viewer-Country
X-Debug-Cache
S-Rt
X-OVcl-Cache
X-ApacheServer
X-Original-Request
X-PERF
X-FC-Vary-Parameters
X-NodeID
X-Proto
X-Pubstack
X-Edge-Location
X-OVcl
X-EIG-Tracking-Id
L5d-Success-Class
Country
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Device-Class
TWC-Locale-Group
TWC-Connection-Speed
User-Cache-Control
TWC-Privacy
Webcakes-App-Name
X-Site-Version
LB
X-VWS-Id
X-Www-Served-By
X-Via-Fastly
X-IP
X-SplitTest
Property-Id
Webcakes-App-Version
Webcakes-Region
X-CCM
X-LJ-Flow-ID
X-Cache-HT
X-CCM-LastModified
X-Origin-Hint
X-Meta-Tbi-Cache-Vertical
X-Optimization
X-Birta-Served
X-Birta-Cache-Post
X-Section
X-Access
X-Amz-Meta-Surrogate-Control
X-App-Name
X-Port
X-AWS-Id
X-Xfnlog-Site
X-Instance-Name
Azure-RegionName
Azure-SiteName
Azure-SlotName
Azure-Version
Azure-InstanceId
X-ProxyCache-Key
X-Varnish-Cacheable
X-ServerID
X-ProxyCache-Status
Backend
X-BYPASS-REASON
Healthy
Cache-Name
X-Format
Now
X-JoinUs
X-Backend-Name
X-Routing-Service
X-Hosted-By
User-Agent
X-Loop
X-TNCMS
Access-Control-Allow-Method
Fastcgi-Useragent
DB-Nickname
Cache-Hits
X-Labrador-Cache-Channel
X-Zipkin-Id
X-Generation-Time
X-Timing-Wait
Countrycode
X-Proxy-Build
Selected-FE
X-Webkit-CSP
X-Generated
X-Tb
Payment
X-Request-Time
X-Guploader-Uploadid
Ec-Rule-Version
X-Surge-Debug
X-Cache-Bucket
RATING
X-Time
X-Origin-CC
X-Tumblr-Pixel-3
X-Esi
X-Dc
X-Hit
X-Ezoic-Cdn
X-DataStream-Cache-Status
X-Cache-Enabled
WP-Super-Cache
X-Unique-ID
X-Render-Type
X-TA-CDN-Provider
X-Newrelic-Synthetics
Origin-Edge-Control
X-Oneagent-Js-Injection
X-Nc
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
Origin-Cache-Control
X-Nginx-Cache
X-Real-Ip
X-B3-Spanid
X-Feature
X-B3-TraceId
X-UA-Device-Type
X-L-Path
X-Environment-Context
X-Correlation-ID
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
RequestId
X-NU-AKA-ACS-Version
X-CACHE-AGE
Xserver
NODE
X-Content-Type
X-Skip-Cache
X-NGENIX-Cache
X-Status
X-WR-MODIFICATION
Access-Control-Request-Headers
X-Be
X-Servedby
X-Vgn-Hpd-Reason
X-Cache-Backend
X-ElasticPress-Search
Apicache-Version
Apicache-Store
Warning
X-Upstream-CT
X-Upstream-HT
Webserver
X-CF-Lambda-Version
X-CF-Lambda-Fn
Apple-News-Services-Host
Ajk
AKAMAI
Apple-News-Services-Handled
Fastcgi-X-Cache
Apple-News-Services-Parsed-Url
Xc-Version
X-EdgeConnect-Cache-Status
X-We-Are-Hiring
X-Via-Edge
X-D
X-Planisys-CDN-TTL
Fastly-Soc-X-Request-Id
Apple-News-Services-Request-Url
IBM-Web2-Location
X-Wix-Route-ID
X-Region-Sid
X-Connection-Hash
Sta2Tusw
X-A-Dam
X-Public
X-A-Dcw
X-A-Ccd
Viewtype
X-A
X-GoCache-CacheStatus
VivaBuild
X-A-Dgt
X-A-Wwc
X-Date
X-BB-ID
Www
X-B-Cookie
X-ARC
X-Accel-Expires-Debug
Resin-Trace
X-Application
X-BBXSRF
BehaviorPad-Version
X-No-Session
X-Planisys-CDN-Cache
Host-ID
X-SRCache-Key
X-Haproxy-Hostname
X-G
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Server-Time
X-Fastly-Cache
X-From
X-S-Cookie
Fly-Cache
Fly-Request-Id
GMS-Ver
X-PAYTM-SRV-ID
X-Generated-In
X-Server-By
X-Planisys-CDN-Rules
Cache-Prefix
X-VG-WebServer
X-ND-Cache
Meta-Geo-Continent
T-Server
X-Rewrite-Enabled
X-Via-CDN
X-Rojux
X-Destination
X-Developer
MD5-Digest
X-Logtrace-Id
X-Twitter-Response-Tags
X-Trv-Group
X-Transaction
X-User
X-Died
Fastcgi-X-Cache-Version
X-Haproxy-Ip
Time
X-HS-Hub-Id
Ws
Request-Time
Release
Origin
NGX
Memcached
Fastly-SIE
IsBot
Rendered-Blocks
Fastly-SWR
X-Wikidot-Backend
X-Sn-Servicetimems
X-SIPLIST1
X-Trace-Id
X-DPWN-IS-SECURE
X-Var-Ttl
X-Up
X-ScT
X-Forwarded-Host
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Request-URI
X-NX-Host
X-Fstrz
X-Debug-Log
X-Debug-Cookies
X-IN-SSL-APIGATEWAY
X-IN-APIGATEWAY
X-IN-WAF
X-Amz-Meta-Cache-Control
V-Age
X-Cache-Expires
X-Cache-Host
X-CS
X-Wikidot-Static-Cache
X-Core-Value
X-Cdn-Origin
X-Cache-Id
Uber-Trace-Id
Server-Int
OT-Force-Account-Verify
X-C
X-Device-Os
X-Env
X-Edge-IP
X-Developers
X-CGP
X-Content-Age
X-Epic-Correlation-Id
X-F5-Cache
X-Gen-Mode
X-GeoIP-City
X-Frame-Option
X-FireWall-Port
X-Cache-Time
X-Eu-Site
X-Cache-Debug
Web-Mar-Node
X-Actual-URL
UCS
Thinkindot-Control
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Amz-Meta-S3cmd-Attrs
X-Backend-Host
X-Cache-CFC
X-GeoIP-Country-Code
X-Bug-Bounty
X-Block-Status
X-Backend-State
X-Backend-Url
X-Cache-Ttl
X-Matched-Rule
X-UE-Client-Country
X-V
X-TT-LOGID
X-Thinkindot-L3
X-ServiceProvider
X-Stale
Cneonction
X-VServer
X-Rocket-Nginx-Bypass
X-Via-NSCOPI
X-Hl-Ver
X-Auto-Login
X-WebServer
X-Worker
X-Servername
X-Server-IP
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
Fastly-Backend-Name
X-Passed-To
X-MI-In-Market
X-Node-Id
X-Phone
X-RCS-CacheZone
X-Returned-From-PostProcessResponse
X-Served-From
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Reboot
X-Returned-From
X-Hnp-Log
X-Passed-To-BeforeDispatch
Cache-Cookie-Set-Idcheck
MI-Cache
Cache-Cookie-Set-Lfrom
CDCHOST
HA-Cloudapp
GW-Server
MI-Cache-Age
Ohc-Response-Time
Powered-By
Pramga
Content-Disposition
Backend-Name
On-Server
Decoy-Debug-Status
HTTPS
HA-Host
HA-Ipaddr
Ha-Gx-Prefs
HA-Georegion
HA-Geolat
HA-Geolon
HA-Geocountry
Decoy-Debug-TTL
Httpd-Identifier
HA-Geocity
Heartbleed
HA-Urlpath
HA-Servedtime
Proxy-Connection
Cache-Cookie-Set-From
Decoy-Debug-Key
Server-Host
X-Varnish-Beresp-Ttl
X-Origin-Expires
Request-Country
X-Origin-Date
Who
X-Sorting-Hat-PodId
X-Dispatcher-Server
X-Info
X-Ver
X-Crawler
X-Croise-Owner
X-HCF
Request-EU
X-Fetched-On
X-Server-Group
Esi-Enabled
X-UnsetCookies
Kp-EeAlive
X-Platform
X-Shopify-Stage
X-Hash
X-ShopId
X-ShardId
Is-Eu
X-Core-Mission
X-Location
X-Varnish-HitMiss
X-Thanos
X-Sorting-Hat-FeatureSet
X-Sorting-Hat-PodId-Cached
X-Sorting-Hat-ShopId
X-Cdn-Srv
X-Cache-Control-Set-By
X-Sorting-Hat-ShopId-Cached
X-Alternate-Cache-Key
X-Bip
X-Clientip
Platform
Adler-Geo
Pragrma
X-Ckpd-Fst-Backend
X-Sorting-Hat-PrivacyLevel
Server-ID
X-Release
X-Response-By
X-Sorting-Hat-Section
X-Backend-TTL
Odigeo-Trace-Id
X-TIME
NnCoection
NtCoent-Length
X-S-Maxage
PFcat
X-MSEdge-Flight
Country-Code
X-Page-Type
X-Varnish-Id
REQUESTUUID
X-Cache-URL
Mime-Version
X-MSEdge-Features
X-Refresh
X-Cache-Srv
X-StackifyID
Drupal-Pagecache-Memcache
X-P-T
X-Secret
X-Req
X-Svr
Cache-Provider
X-Gannett-Site-Version
X-Fastcgi-Cache
MI-API
Processtime
X-Pjax-Url
X-Amz-Meta-S3b-Last-Modified
X-App-Version
X-Csrf-Token
Dnion-Transfer-Encoding
X-COUNTRY
X-Origin-TTL
X-Pf-Uncompressing
Version
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Object-Type
X-Cache-ASPX
X-Amz-Meta-Sha256
X-EC-Security-Audit
Accept-Ch
Ar-Sid
Pagetype
X-Kong-Upstream-Latency
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
Memory
WebServer
X-Kong-Proxy-Latency
X-Varnish-Url
SN
X-Yottaa-Sig
X-Wix-Petri-Ex
Cteonnt-Length
X-NC
X-Ua
FSS-Cache
Arc-Country
X-LiteSpeed-Cache-Control
X-From-Cache
FSS-Proxy
Geoip-Latitude
GeoIp-Country-Code
Geoip-City
X-GRACE
X-Ruxit-Js-Agent
X-Rule
X-Cache-Handler
X-DC
X-Irp-Debug
Dont-Set-Cookie
PageType
Brightspot-Id
X-CSRF-Token
COMMERCE-SERVER-SOFTWARE
X-LB-CacheStatus
X-LB-Node
PICS-Label
X-Load-Cache
X-Cdn-Forward
CF-IPCountry
X-Request-Start
Cdn
X-Varnish-Beresp-TTL
X-ROOTCache
Sid
X-Redis-Cache
MIME-Version
X-Endurance-Cache-Level
X-Ratelimit-Remaining
Edgecast
X-Request-UUID
If-Modified-Since
X-SERVER-NAME
X-Requestid
PROCESSING-IP
X-Sf
BORDER-IP
X-Fastly-Backend-Reqs
X-TId
RNT-Time
X-Servedbyhost
RNT-Machine
X-Varnish-Action
XServer
X-Ratelimit-Limit
X-ServedByHost
X-GDPR
X-Layer
X-Tid
X-RequestId
X-Dynatrace
X-Atg-Version
X-B3-SpanId
X-Nananana
X-Rocket-Nginx-Serving-Static
X-Tec-Api-Version
Frame-Options
X-Tec-Api-Root
X-BE
X-Resolver-IP
X-Tec-Api-Origin
X-Cache-TTL
Powered
Pics-Label
X-Fastly-Cache-Hits
Cache-Tags
CDN
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
NodeID
Cf-Ipcountry
Amp-Access-Control-Allow-Source-Origin
Node
CACHE
X-Owner
X-Key
Dynatrace
We-Hiring
Mail-Subject
X-Gdpr
X-HTML-Minification-Powered-By
GeoIP-Country-Code
GeoIP-Latitude
GeoIP-City
X-Server-W
PageSpeed
X-GZIP
X-Varnish-Ttl
Web-Mar-Region
X-Shard
X-UPSTREAM-Address
X-Dynatrace-Js-Agent
X-VG-WebCache
X-Ms-Lease-Status
X-Use-Magma
X-Ms-Request-Id
X-Ms-Blob-Type
X-Ms-Version
WZWS-RAY
X-ABtesting
X-Sentry-ID
X-Varnish-URL
Lfy
Hostname
Accept-CH
X-Flog
DataCenter
ProcessTime
X-Aicache-OS
X-Alicdn-Da-Ups-Status
X-Powered-By-ANYU
Is-Session-Tracking
X-GEO
Max-Age
X-VG-TLSProxy
True-Client-Country-4JS
Get-Access-Time
X-PF-Uncompressing
URI
X-CDN-Pop-IP
X-CDN-Pop
X-NGINX-Cache
Xet-Cookie
X-NWS-UUID-VERIFY
X-Dw-Trace-Id
X-Trv-Request-Id
X-Cookie
X-PJAX-URL
Cdn-Host
X-Swa-Ws
X-Policy
X-Edge-Server
Cdn-Request-Time
X-Varnish-ID
X-Oa-Upstreams
X-Mem
X-Check-Cacheable
X-Unique-Id
X-Powered-By-Defense
X-Remote-IP
X-Ms-Lease-State
X-Front
X-Org
Rt-Proxy-Cache
GEO-REGION-INFO
Requestid
X-PAGE-TYPE
RequestUuid
X-Cache-FS-Status
V-Cache
Group
X-Fe
CF-Cached-On
X-VID
X-Acquia-Application-UUID
X-RSL
X-Hello
X-Acquia-Application-Trace
X-VC
X-SB
WS
X-Proxy-Server
X-RPS
X-RPM
Magicmarker
X-Akamai-ERPolicy
SID
X-Litespeed-Cache-Control
X-DB
X-DI
X-RAMCache
X-Litespeed-Tag
X-DW
X-DSS
X-Akamai-ERRuleID