Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
X-Xss-Protection
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
Alt-Svc
Status
X-AspNetMvc-Version
X-Cache-Status
X-DNS-Prefetch-Control
X-Check
X-Iinfo
X-FRAME-OPTIONS
X-Adblock-Key
X-CDN
Timing-Allow-Origin
X-Content-Security-Policy
X-Permitted-Cross-Domain-Policies
X-Turbo-Charged-By
P3p
Content-Encoding
X-Template
X-Language
Keep-Alive
X-Type
X-AH-Environment
CF-Ray
X-Via
X-Request-ID
X-Cache-Group
X-Backend
WPE-Backend
X-Pass-Why
X-Age
X-Buckets
X-Server
X-Nginx-Cache-Status
Access-Control-Max-Age
X-Server-Powered-By
X-Pingback
Xkey
X-Varnish-Cache
Grace
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Expose-Headers
X-Hacker
X-UA-Device
X-Amz-Request-Id
X-Page-Speed
Cf-Railgun
X-Amz-Id-2
X-Proxy-Cache
X-Robots-Tag
X-Envoy-Upstream-Service-Time
EagleId
X-LiteSpeed-Cache
Request-Context
X-Node
X-Ac
X-Device
X-Swift-CacheTime
X-Swift-SaveTime
X-Cnection
X-Host
Ali-Swift-Global-Savetime
Content-Location
X-Amz-Version-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
Surrogate-Control
X-Backend-Server
X-Server-Id
X-Cache-Lookup
X-OneAgent-JS-Injection
X-Rack-Cache
X-Response-Time
X-Px
X-Instart-Request-ID
Request-Id
Server-Timing
X-Readtime
X-Rq
X-CST
X-Clacks-Overhead
X-HeyJason
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
Pinterest-Generated-By
X-Ua-Compatible
X-Url
EagleEye-TraceId
Edge-Control
X-Cloud-Trace-Context
X-Application-Context
X-Country
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-MS-InvokeApp
Report-To
X-Server-Name
Charset
SPRequestGuid
X-Country-Code
X-DynaTrace-JS-Agent
Allow
X-ESI
X-SharePointHealthScore
X-DataDome
Rating
X-Varnish-TTL
X-Ruxit-JS-Agent
X-Vname
X-PC
X-TtlSet
X-Cached
X-Powered-CMS
X-Powered-By-Plesk
X-TTL
X-Recruiting
X-CF-Powered-By
X-FTR-Request-ID
X-DynaTrace
X-Vhost
X-D2id
NEL
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
Public-Key-Pins
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Env
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja-Build
X-Exp-Variant
X-Kinja-Server
X-Kinja
X-Geo-Segment
X-F-Cache
X-Version
X-VARITI-CCR
X-T
X-N
X-GoogleNews-Bot
Cartoon
SPIisLatency
SPRequestDuration
X-Dw-Request-Base-Id
X-Mod-Pagespeed
MS-Author-Via
RTSS
Content-MD5
X-Abt-Application-Version
Nginx-Cache
Verso
Feature-Policy
X-GitHub-Request-Id
X-Dispatcher
X-Server-ID
X-Navigation-Version
X-Goog-Hash
MicrosoftSharePointTeamServices
AR-CACHE
AR-PoweredBy
AR-ATIME
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Client-IP
X-Amz-Rid
X-Hits
Realpath
X-Shield-Request-Id
X-Forwarded-Proto
X-Cdn
X-Ttl
X-Origin-Cache
X-Trace
Paypal-Debug-Id
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Content-Options
X-Content-Digest
X-Grace
X-Zen-Fury
X-Id
X-Kinsta-Cache
TCN
DynaTrace
X-B
Arr-Disable-Session-Affinity
AR-SID
Alternate-Protocol
X-Varnish-Age
X-Cache-Key
Fastcgi-Cache
X-Sol
X-Upstream
Mrf-Cache-Status
MRF-Tech
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Access-Control-Request-Method
X-Ser
Display
X-Middleton-Display
X-Pad
X-FastCGI-Cache
X-Fastly-Request-ID
X-Acc-Meta-Resource-Type
PB-RID
PB-PID
X-Mobile-Rewrite
X-Nf-Srv-Version
X-NF-Request-ID
X-Via-JSL
X-DIS-Request-ID
X-User-Agent
Response
X-Middleton-Response
X-Vcap-Request-Id
Pagespeed
X-Forwarded-For
X-MSEdge-Ref
Front-End-Https
Rt-Fastcgi-Cache
Eomportal-Instance
X-IPLB-Instance
X-PressLabs-Stats
X-Frontend
X-Cache-Rule
X-SS-Set-Cookie
X-Logged-In
Arc-Version
X-Cache-Hit
Server-Name
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Metageneration
X-VCache
X-Whom
X-Hostname
Host
Tracecode
Surrogate-Key
S
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Expires
X-FTR-Backend
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Realm
X-XRDS-Location
X-Request-Processing-Time
X-Request-Received
Cache-Status
Backend-Timing
X-Analytics
X-XRDS-LOCATION
X-Debug
Refresh
X-Instance
X-HS-Content-Id
X-Contextid
X-Magnolia-Registration
X-AOL-HN
X-AppVersion
TP-Cache
X-Activity-Id
TP-L2-Cache
X-Az
X-Proxied
ServerID
FilterID
X-Rid
X-Wix-Server-Artifact-Id
Public-Key-Pins-Report-Only
X-Srv
HitType
Server-Info
HitInfo
X-UUID
X-HW
X-WPE-Loopback-Upstream-Addr
Cleartype
X-Newrelic-App-Data
X-B3-Traceid
Liferay-Portal
Service-Worker-Allowed
X-FTR-Cache-Host
X-Mobile
X-Content-Security-Policy-Report-Only
X-Varnish-Server
X-Varnish-Backend
X-APP-VERSION
X-Correlation-Id
Served-By
X-Cache-Control
AMP-Access-Control-Allow-Source-Origin
X-Revision
X-Amzn-Trace-Id
X-Cache-Server
X-Geo-Country
Host-Header
X-PC-AppVer
X-PC-Key
X-Request-Guid
X-PHP-Backend
X-PC-Hit
X-Litespeed-Cache
Retry-After
X-App-Environment
Source
X-TT
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
X-Hail-Hydra
MS-CV
X-Device-Type
X-Varnish-Hostname
Accept-Charset
Server-Node
X-Origin-Upstream-Status
X-NWS-LOG-UUID
X-BCube-Filmed-By
X-Handled-By
X-Cache-Config
DC
X-Framework
X-Page-Id
X-RateLimit-Remaining
X-B-Cache
X-Cache-2
X-URL
X-Signature
X-Origin
X-Cache-Operation
X-FB-Debug
Edge-Cache-Tag
X-HS-Cache-Config
S-Cnection
Powered-By-ChinaCache
Fastly-Restarts
X-Origin-Server
X-Cache-Action
X-Sucuri-ID
X-TT-TIMESTAMP
X-Ocache
X-ATG-Version
Viewport
X-Debug-Info
X-PC-Host
X-PC-Date
Actual-Object-TTL
X-Webkit-Csp
X-ADI-VCache
X-Shield-Cache-Expires
X-B3-Sampled
X-WA-Info
X-Hyper-Cache
NGB
X-Cached-By
X-Content-Powered-By
X-Microcachable
X-NewRelic-App-Data
X-LB-Cache
X-Drupal-Cache-Tags
X-Akam-SW-Version
X-Accel-Expires
Upgrade-Insecure-Requests
Filters
AsisCache
SRV
X-Cache-NE
X-Generated-By
X-Yottaa-Optimizations
ServedBy
X-Yottaa-Metrics
X-App-Server
X-Tumblr-Pixel-2
X-RTag
X-Distil-CS
X-RequestSource
X-WebKit-CSP-Report-Only
X-S
X-Tumblr-Pixel-1
X-Locale
X-FW-Server
X-Internal-Host
X-FW-Type
X-FW-Static
X-Cacheable-TTL
X-FW-Hash
X-FW-Serve
Content-Script-Type
X-Wix-Request-Id
X-Seen-By
Content-Style-Type
Cache
X-GeoIP
X-TX-ID
X-Cluster
X-Jobs
X-Accel-Buffering
X-Amz-Server-Side-Encryption
X-Varnish-Hits
X-Geo
From-Origin
X-Node-Name
X-Cache-Age
X-Akamai-Edgescape
X-Adobe-Content
X-Adobe-Loc
X-Varnish-Grace
X-Varnish-IP
X-Sucuri-Cache
X-UA
X-Varnish-Cache-Hits
X-Dns-Prefetch-Control
Datacenter
X-RateLimit-Limit
X-HS-Combine-CSS
X-GZip
X-ServedBy
X-Platform-Server
X-Oneagent-Js-Injection
X-Cache-TTL-Remaining
X-Edge-Cache-Key
X-Edge-Cache
X-GUploader-UploadID
X-Storage
X-CDN-Forward
X-Vg-Webcache
X-Cache-Remote
Cache-Tag
X-Akamai-Transformed
X-Mode
X-Region
HostName
X-Drupal-Cache-Contexts
X-Amz-Replication-Status
X-Daa-Tunnel
X-Distributor
X-Source
X-Real-IP
X-Guploader-Uploadid
X-Kinja-Server-Push
Meta-Geo
Load-Balancing
X-Path-Route
X-Cache-Var-Map
Machine
X-Cache-Var
X-ProcessESI
X-Rendered-As
X-Detected-As
X-RemovedCookies
X-MP-GENERATED-AT
X-RN-RSRV
X-Is-Bot
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Agile-Id
X-Agile
X-NCache
X-Agile-Age
Fastly-SSL
ServerName
X-PCL
X-BB-IP
X-Time-Microsecs
X-CDN-Cache
X-Akamai-Request-ID
X-Webstats-RespID
X-Web-Node
GEO-INFO
X-PERF
X-ApacheServer
X-Viewer-Country
X-OCL
X-TWH-CORRELATION-ID
Mn-Server-Ip
Azure-InstanceId
Azure-RegionName
Azure-SiteName
X-EIG-Tracking-Id
X-Edge-Location
X-ProxyCache-Key
Azure-SlotName
X-ServerID
Backend
L5d-Success-Class
Ohc-File-Size
Country
X-Pubstack
X-FC-Vary-Parameters
X-NodeID
X-Cache-Category-Id
Cache-Key
Cache-Name
Azure-Version
X-ProxyCache-Status
X-Original-Request
X-Via-Fastly
X-Cluster-Node
X-Proto
X-Instance-Name
X-OVcl
X-OVcl-Cache
X-Cache-HT
X-Grey
X-Proxy
X-Optimization
X-BYPASS-REASON
X-Upgrade-Enabled
X-Generation-Time
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Property-Id
X-Human
X-Hosted-By
X-Www-Served-By
X-Origin-Hint
X-Meta-Tbi-Cache-Vertical
TWC-Connection-Speed
S-Rt
X-Routing-Service
TWC-Device-Class
TWC-Locale-Group
X-Amz-Meta-Surrogate-Control
Now
X-Site-Version
X-Varnish-Cacheable
X-Debug-Cache
X-Birta-Cache-Post
X-App-Name
X-CCM
X-CCM-LastModified
X-Xfnlog-Site
User-Cache-Control
TWC-Privacy
Webcakes-App-Name
Webcakes-App-Version
X-Zipkin-Id
Webcakes-Region
X-Birta-Served
Healthy
LB
X-CLOUD-TRACE-CONTEXT
DB-Nickname
X-Access
X-IP
X-TNCMS
X-Request-Time
X-SplitTest
X-Labrador-Cache-Channel
X-AWS-Id
X-LJ-Flow-ID
X-Loop
Cache-Hits
User-Agent
X-VWS-Id
X-Section
X-Format
X-Backend-Name
X-Port
Fastcgi-Useragent
X-JoinUs
Access-Control-Allow-Method
X-Proxy-Build
X-Generated
X-Time
X-Surge-Debug
Selected-FE
RATING
X-Timing-Wait
Countrycode
X-Tumblr-Pixel-3
X-Dc
X-Tb
X-Esi
X-Real-Ip
Payment
X-Cache-Bucket
Ec-Rule-Version
X-Ezoic-Cdn
X-Hit
X-Origin-CC
X-Render-Type
X-TA-CDN-Provider
X-Cache-Enabled
X-Oracle-Dms-Rid
X-DataStream-Cache-Status
WP-Super-Cache
X-Oracle-Dms-Ecid
X-Unique-ID
X-B3-TraceId
X-Nc
X-Feature
X-Newrelic-Synthetics
X-Nginx-Cache
Origin-Cache-Control
Origin-Edge-Control
X-L-Path
X-B3-Spanid
X-Environment-Context
X-UA-Device-Type
RequestId
X-Servedby
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
Xserver
X-NU-AKA-ACS-Version
X-Skip-Cache
NODE
X-NGENIX-Cache
X-Correlation-ID
X-CACHE-AGE
Access-Control-Request-Headers
X-Content-Type
X-WR-MODIFICATION
X-Status
X-ElasticPress-Search
X-EdgeConnect-Cache-Status
X-Vgn-Hpd-Reason
X-Be
X-Cache-Backend
Ws
Warning
X-Upstream-CT
Time
X-Upstream-HT
X-A-Ccd
X-A-Wwc
X-A-Dcw
X-A-Dam
Meta-Geo-Continent
Fastcgi-X-Cache-Version
Fastly-Soc-X-Request-Id
Fly-Cache
Fly-Request-Id
Fastcgi-X-Cache
Cache-Prefix
Apicache-Version
Ajk
AKAMAI
BehaviorPad-Version
GMS-Ver
Host-ID
T-Server
Viewtype
VivaBuild
Www
Sta2Tusw
Resin-Trace
MD5-Digest
Memcached
X-Accel-Expires-Debug
X-A
X-Destination
X-Rojux
X-Rewrite-Enabled
X-S-Cookie
X-Server-By
X-Server-Time
X-Region-Sid
X-Public
X-PAYTM-SRV-ID
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-SRCache-Key
X-SVT-ORM-RULES
X-Via-Edge
X-Via-CDN
X-We-Are-Hiring
X-Wix-Route-ID
Xc-Version
X-VG-WebServer
X-User
X-SVT-ORM-VERSION
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
X-No-Session
X-ND-Cache
X-CF-Lambda-Fn
X-Cache-Id
X-CF-Lambda-Version
X-Connection-Hash
X-D
X-Cache-Host
X-BBXSRF
X-Application
X-ARC
X-B-Cookie
X-BB-ID
X-Date
Apicache-Store
X-Generated-In
X-Haproxy-Hostname
X-Haproxy-Ip
X-Logtrace-Id
X-G
X-From
X-Developer
X-Died
X-DPWN-IS-SECURE
X-Fastly-Cache
X-Amz-Meta-Cache-Control
X-A-Dgt
Webserver
X-GoCache-CacheStatus
IBM-Web2-Location
X-Webkit-CSP
X-Cache-Ttl
X-Core-Value
X-Sn-Servicetimems
X-Cdn-Origin
X-Cache-Time
X-SIPLIST1
X-Wikidot-Static-Cache
X-CS
Fastly-SIE
X-F5-Cache
Fastly-SWR
X-Debug-Log
X-Cache-Expires
Request-Time
X-Croise-Owner
X-Wikidot-Backend
UCS
Origin
Uber-Trace-Id
Server-Int
Rendered-Blocks
Release
V-Age
Odigeo-Trace-Id
IsBot
X-ScT
X-Trace-Id
X-Var-Ttl
NGX
X-Cache-CFC
X-Debug-Cookies
X-Request-URI
X-IN-APIGATEWAY
X-Rebelmouse-Surrogate-Control
X-IN-WAF
Apple-News-Services-Request-Url
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Rebelmouse-Cache-Control
X-IN-SSL-APIGATEWAY
X-NX-Host
X-Forwarded-Host
X-Fstrz
X-Frame-Option
X-Phone
X-C
X-UnsetCookies
Server-Host
X-Passed-To
X-Ruxit-Js-Agent
X-Returned-From-BeforeDispatch
X-Stale
X-Thinkindot-L3
X-Returned-From
Who
Web-Mar-Node
X-MI-In-Market
X-Reboot
X-UE-Client-Country
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Matched-Rule
X-Node-Id
X-Passed-To-BeforeDispatch
X-Location
X-Passed-To-DLL
X-Actual-URL
X-TT-LOGID
X-Bug-Bounty
X-Served-From
Cneonction
X-Server-Group
X-Gen-Mode
X-Returned-From-PostProcessResponse
X-Developers
X-Device-Os
X-Env
X-Eu-Site
X-Edge-IP
X-Dispatcher-Server
X-RCS-CacheZone
X-GeoIP-City
X-GeoIP-Country-Code
X-Hnp-Log
X-FireWall-Port
X-Block-Status
X-Backend-TTL
X-Backend-State
X-Returned-From-DLL
X-Cache-Debug
X-ServiceProvider
X-Content-Age
X-Ckpd-Fst-Backend
X-CGP
X-Cdn-Srv
X-Amz-Meta-S3cmd-Attrs
Thinkindot-Control
HA-Geolon
HA-Georegion
Ha-Gx-Prefs
HA-Geolat
HA-Geocity
GW-Server
HA-Cloudapp
HA-Host
HA-Ipaddr
HTTPS
X-WebServer
Httpd-Identifier
Heartbleed
HA-Servedtime
HA-Urlpath
X-Passed-To-PostProcessResponse
X-Auto-Login
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Backend-Name
Adler-Geo
X-Via-NSCOPI
X-Rocket-Nginx-Bypass
X-Hl-Ver
CDCHOST
Esi-Enabled
Fastly-Backend-Name
Decoy-Debug-TTL
Decoy-Debug-Status
Content-Disposition
Decoy-Debug-Key
Is-Eu
HA-Geocountry
X-Up
On-Server
MI-Cache-Age
MI-Cache
Platform
Powered-By
Proxy-Connection
Pramga
Pragrma
X-V
Ohc-Response-Time
X-VServer
OT-Force-Account-Verify
Mime-Version
X-Backend-Url
X-Sorting-Hat-ShopId
X-HS-Hub-Id
X-Fetched-On
X-Epic-Correlation-Id
X-Clientip
X-Cache-Control-Set-By
X-Origin-Expires
X-Release
X-Crawler
PFcat
X-S-Maxage
X-Sorting-Hat-PodId-Cached
Request-Country
X-Sorting-Hat-PrivacyLevel
X-Info
Server-ID
X-Response-By
X-Backend-Host
X-Origin-Date
X-Alternate-Cache-Key
X-HCF
NtCoent-Length
X-Sorting-Hat-Section
X-Bip
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Page-Type
X-ShopId
X-MSEdge-Features
X-Hash
X-MSEdge-Flight
X-Cache-Srv
Kp-EeAlive
X-Sorting-Hat-ShopId-Cached
X-Ver
X-Varnish-Beresp-Ttl
X-Varnish-Id
Request-EU
X-ShardId
REQUESTUUID
X-Server-IP
X-Sorting-Hat-FeatureSet
X-Thanos
X-Worker
X-Servername
MI-API
X-Core-Mission
X-Varnish-HitMiss
NnCoection
X-StackifyID
X-Svr
X-Platform
Country-Code
X-Refresh
Drupal-Pagecache-Memcache
X-Amz-Meta-S3b-Last-Modified
X-Cache-URL
X-Gannett-Site-Version
X-Secret
X-Fastcgi-Cache
X-TIME
X-App-Version
X-P-T
Cache-Provider
X-Req
Dnion-Transfer-Encoding
Processtime
X-COUNTRY
X-Pjax-Url
X-Amz-Meta-Sha256
Version
X-Origin-TTL
X-Pf-Uncompressing
X-Cache-ASPX
Ar-Sid
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-EC-Security-Audit
X-Varnish-Url
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
WebServer
X-Csrf-Token
Pagetype
X-Kong-Proxy-Latency
Accept-Ch
X-Kong-Upstream-Latency
Memory
X-Yottaa-Sig
Cteonnt-Length
X-LiteSpeed-Cache-Control
FSS-Cache
Arc-Country
SN
X-From-Cache
FSS-Proxy
X-Irp-Debug
Brightspot-Id
PageType
Geoip-Latitude
Geoip-City
GeoIp-Country-Code
X-Wix-Petri-Ex
X-CSRF-Token
X-NC
X-LB-CacheStatus
Cdn
X-Rule
X-Ua
Dont-Set-Cookie
X-LB-Node
X-Cache-Handler
X-Cdn-Forward
X-Redis-Cache
X-Request-Start
Sid
X-Varnish-Beresp-TTL
If-Modified-Since
X-ROOTCache
PICS-Label
X-Load-Cache
X-DC
X-Ratelimit-Remaining
COMMERCE-SERVER-SOFTWARE
X-Request-UUID
CF-IPCountry
Edgecast
X-Endurance-Cache-Level
X-SERVER-NAME
MIME-Version
X-GRACE
BORDER-IP
PROCESSING-IP
X-Fastly-Backend-Reqs
X-TId
X-ServedByHost
X-Dynatrace-Js-Agent
X-Sf
X-GDPR
X-Requestid
X-Varnish-Action
X-Ratelimit-Limit
RNT-Time
RNT-Machine
X-Layer
X-Tid
X-B3-SpanId
X-Atg-Version
Amp-Access-Control-Allow-Source-Origin
X-Dynatrace
X-RequestId
X-Servedbyhost
X-Rocket-Nginx-Serving-Static
X-Resolver-IP
X-BE
XServer
Frame-Options
X-Nananana
X-Fastly-Cache-Hits
Pics-Label
Cf-Ipcountry
Powered
Node
NodeID
Cache-Tags
X-Cache-TTL
X-DataStream-MidMile-RTT
CACHE
X-DataStream-Origin-MEX-Latency
CDN
X-Key
X-Owner
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
Dynatrace
X-HTML-Minification-Powered-By
Mail-Subject
GeoIP-City
GeoIP-Country-Code
X-VG-WebCache
We-Hiring
GeoIP-Latitude
X-Server-W
PageSpeed
X-Gdpr
X-Shard
X-Varnish-Ttl
Web-Mar-Region
X-Use-Magma
Accept-CH
X-Flog
X-ABtesting
X-UPSTREAM-Address
Lfy
X-Sentry-ID
DataCenter
X-GZIP
ProcessTime
WZWS-RAY
X-Varnish-URL
X-PF-Uncompressing
X-Powered-By-ANYU
Hostname
X-Ms-Blob-Type
X-Ms-Lease-Status
X-Ms-Request-Id
X-Ms-Version
X-Aicache-OS
Max-Age
X-CDN-Pop
Is-Session-Tracking
X-CDN-Pop-IP
X-GEO
Get-Access-Time
Xet-Cookie
X-Dw-Trace-Id
X-NWS-UUID-VERIFY
X-NGINX-Cache
X-Alicdn-Da-Ups-Status
True-Client-Country-4JS
X-Mem
X-Trv-Request-Id
X-Check-Cacheable
URI
X-PJAX-URL
Cdn-Host
X-Cookie
X-Oa-Upstreams
Cdn-Request-Time
X-Edge-Server
X-Unique-Id
Requestid
X-Varnish-ID
X-Ms-Lease-State
RequestUuid
X-Front
X-Policy
X-Swa-Ws
X-Cache-FS-Status
X-VG-TLSProxy
X-PAGE-TYPE
X-Remote-IP
X-Powered-By-Defense
X-DSS
X-RPS
Rt-Proxy-Cache
X-DI
X-VID
X-RPM
X-DW
X-RSL
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Hello
X-Acquia-Application-UUID
X-Acquia-Application-Trace
Magicmarker
X-Proxy-Server
CF-Cached-On
X-Litespeed-Tag
X-Fe
X-Litespeed-Cache-Control
WS
X-RAMCache
SID
X-DB