Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
X-Powered-By
Strict-Transport-Security
X-Content-Type-Options
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
X-Xss-Protection
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
CF-Ray
X-Generator
Content-Security-Policy-Report-Only
Alt-Svc
X-AspNetMvc-Version
Status
X-Cache-Status
X-DNS-Prefetch-Control
X-Check
X-Iinfo
X-Adblock-Key
X-FRAME-OPTIONS
Timing-Allow-Origin
X-CDN
X-Content-Security-Policy
X-Turbo-Charged-By
X-Permitted-Cross-Domain-Policies
Content-Encoding
X-Template
X-Language
Keep-Alive
X-Via
X-Type
X-AH-Environment
X-Backend
X-Cache-Group
WPE-Backend
X-Pass-Why
X-Nginx-Cache-Status
X-Buckets
X-Server
X-Age
X-Server-Powered-By
Access-Control-Max-Age
X-Pingback
Xkey
X-Request-ID
X-Varnish-Cache
Grace
Access-Control-Expose-Headers
Upgrade
X-Drupal-Dynamic-Cache
X-Hacker
X-UA-Device
X-Amz-Request-Id
P3p
X-Page-Speed
Cf-Railgun
X-Proxy-Cache
X-Amz-Id-2
EagleId
X-Robots-Tag
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Envoy-Upstream-Service-Time
Request-Context
Ali-Swift-Global-Savetime
X-Node
X-Ac
X-Device
Content-Location
X-Host
X-Cnection
X-Amz-Version-Id
X-Cache-Lookup
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Surrogate-Control
X-WebKit-CSP
X-Server-Id
X-Backend-Server
X-OneAgent-JS-Injection
X-Rack-Cache
X-Instart-Request-ID
X-Px
X-CST
X-Response-Time
Request-Id
X-Readtime
Server-Timing
X-Rq
Permitted-Cross-Domain-Policies
X-HeyJason
X-Do-Not-Hack
X-Clacks-Overhead
X-Url
EagleEye-TraceId
Pinterest-Generated-By
X-Ua-Compatible
X-Cloud-Trace-Context
Edge-Control
X-Application-Context
X-Country
X-MS-InvokeApp
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Allow
X-DynaTrace-JS-Agent
Charset
X-Server-Name
Report-To
SPRequestGuid
X-Country-Code
X-SharePointHealthScore
X-DataDome
X-Ruxit-JS-Agent
X-Varnish-TTL
X-Cached
X-ESI
Rating
X-PC
X-TtlSet
X-Vname
X-TTL
X-Powered-CMS
X-Powered-By-Plesk
X-Recruiting
Public-Key-Pins
X-FTR-Request-ID
X-D2id
X-Vhost
NEL
X-Version
Pinterest-Version
X-Cdn-Fetch
X-Kinja
X-F-Cache
X-Kinja-Build
X-Geo-Segment
X-Kinja-Revision
X-Upstream-Env
X-Exp-Id
X-Kinja-Server
X-Exp-Variant
X-Pinterest-Rid
X-N
X-CF-Powered-By
SPIisLatency
SPRequestDuration
MS-Author-Via
X-DynaTrace
X-Dw-Request-Base-Id
X-Cdn
X-VARITI-CCR
Cartoon
X-T
X-GoogleNews-Bot
X-Mod-Pagespeed
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
Content-MD5
AR-CACHE
AR-PoweredBy
AR-ATIME
Nginx-Cache
RTSS
X-Abt-Application-Version
X-GitHub-Request-Id
Feature-Policy
MicrosoftSharePointTeamServices
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Shield-Request-Id
Verso
X-Amz-Rid
X-Dispatcher
X-Navigation-Version
X-Forwarded-Proto
X-Trace
X-Hits
X-Client-IP
X-Goog-Hash
Realpath
X-Origin-Cache
AR-SID
X-Server-ID
Arr-Disable-Session-Affinity
X-Ttl
Paypal-Debug-Id
X-Kinsta-Cache
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Zen-Fury
X-Grace
X-Id
X-Content-Options
TCN
X-Content-Digest
X-B
X-Varnish-Age
X-Cache-Key
Alternate-Protocol
X-Ser
X-Sol
Fastcgi-Cache
DynaTrace
X-Upstream
Access-Control-Request-Method
X-Via-JSL
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
MRF-Tech
X-Fastly-Request-ID
X-Pad
X-Middleton-Display
Display
X-FastCGI-Cache
X-Vcap-Request-Id
X-NF-Request-ID
X-Nf-Srv-Version
X-DIS-Request-ID
PB-RID
PB-PID
X-IPLB-Instance
Response
X-Middleton-Response
X-User-Agent
X-Mobile-Rewrite
Front-End-Https
X-SS-Set-Cookie
Pagespeed
Rt-Fastcgi-Cache
X-Frontend
X-Cache-Rule
X-Logged-In
Eomportal-Instance
X-MSEdge-Ref
X-PressLabs-Stats
X-Whom
Server-Name
X-Acc-Meta-Resource-Type
X-Forwarded-For
X-Cache-Hit
X-Newrelic-App-Data
X-VCache
X-Hostname
Host
S
Tracecode
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-NWS-LOG-UUID
Cache-Status
X-XRDS-LOCATION
Arc-Version
X-Debug
Liferay-Portal
X-Country-Code-Real
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Expires
X-FTR-Balancer
X-XRDS-Location
X-AOL-HN
X-HS-Content-Id
X-Request-Processing-Time
Surrogate-Key
X-Request-Received
X-UUID
X-Analytics
Backend-Timing
FilterID
Server-Info
HitType
HitInfo
X-Magnolia-Registration
X-Wix-Server-Artifact-Id
Public-Key-Pins-Report-Only
TP-Cache
TP-L2-Cache
X-Instance
Refresh
X-Contextid
X-Rid
ServerID
X-AppVersion
X-Proxied
X-Az
X-Activity-Id
X-Webkit-Csp
X-B3-Traceid
X-WPE-Loopback-Upstream-Addr
X-Srv
Service-Worker-Allowed
X-Content-Security-Policy-Report-Only
X-HW
Edge-Cache-Tag
X-Varnish-Server
X-HS-Cache-Config
Cleartype
AMP-Access-Control-Allow-Source-Origin
X-APP-VERSION
X-Mobile
X-Origin
X-Varnish-Backend
X-Revision
S-Cnection
X-Correlation-Id
X-FTR-Cache-Host
Served-By
Fastly-Restarts
X-Amzn-Trace-Id
Source
X-Geo-Country
X-PHP-Backend
X-TT
X-RateLimit-Remaining
X-Framework
X-Signature
X-Varnish-Hostname
X-FB-Debug
X-B-Cache
Retry-After
Powered-By-ChinaCache
X-Cache-Config
X-App-Environment
X-Cache-Control
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Sucuri-ID
X-Device-Type
X-Cache-Operation
X-Tumblr-User
X-Cache-Server
X-Hail-Hydra
Host-Header
X-BCube-Filmed-By
X-Cache-Action
Server-Node
X-PC-AppVer
X-Request-Guid
X-PC-Hit
X-PC-Key
Accept-Charset
X-Cache-2
MS-CV
X-Page-Id
X-Handled-By
X-TT-TIMESTAMP
X-Origin-Upstream-Status
X-Hyper-Cache
DC
X-Ocache
Actual-Object-TTL
X-Debug-Info
X-Origin-Server
X-WA-Info
X-ADI-VCache
X-Shield-Cache-Expires
Cache
X-ATG-Version
X-PC-Date
X-PC-Host
Viewport
X-Content-Powered-By
NGB
X-Accel-Expires
Upgrade-Insecure-Requests
X-Microcachable
X-LB-Cache
X-Daa-Tunnel
X-Cache-NE
SRV
X-URL
X-Cached-By
X-HS-Combine-CSS
AsisCache
X-Drupal-Cache-Tags
X-Yottaa-Optimizations
X-Amz-Server-Side-Encryption
X-Generated-By
X-Yottaa-Metrics
Filters
X-Accel-Buffering
ServedBy
X-B3-Sampled
X-Akam-SW-Version
X-Cacheable-TTL
X-Jobs
X-App-Server
X-GeoIP
X-S
X-RequestSource
X-Seen-By
X-Wix-Request-Id
X-TX-ID
X-WebKit-CSP-Report-Only
X-Cluster
X-Sucuri-Cache
X-Akamai-Edgescape
X-FW-Hash
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Varnish-Hits
X-Internal-Host
From-Origin
X-FW-Type
X-FW-Serve
X-Geo
X-Distil-CS
X-FW-Server
X-RTag
X-Locale
X-FW-Static
Content-Style-Type
Content-Script-Type
X-Adobe-Loc
X-Adobe-Content
X-Varnish-IP
X-Feature
Datacenter
X-Varnish-Cache-Hits
X-Litespeed-Cache
X-Dns-Prefetch-Control
X-ServedBy
X-Cache-Remote
X-Varnish-Grace
X-GZip
X-Cache-Age
X-Storage
X-Edge-Cache
X-CDN-Forward
X-Edge-Cache-Key
X-Node-Name
X-Platform-Server
HostName
X-Vg-Webcache
X-Cache-TTL-Remaining
X-Esi
X-Akamai-Transformed
X-UA
X-Region
X-GUploader-UploadID
X-RateLimit-Limit
X-Mode
X-NewRelic-App-Data
X-Cache-Bucket
Cache-Tag
Country
X-Amz-Replication-Status
X-Real-IP
X-Kinja-Server-Push
X-Distributor
Load-Balancing
X-Oracle-Dms-Rid
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Guploader-Uploadid
X-Oracle-Dms-Ecid
RATING
X-Proto
X-Agile-Age
Ohc-File-Size
Fastly-SSL
X-Agile
X-Source
X-Agile-Id
ServerName
X-Drupal-Cache-Contexts
X-BB-IP
X-RemovedCookies
X-Cache-Category-Id
X-ProcessESI
X-ApacheServer
X-MP-GENERATED-AT
X-Detected-As
X-Cache-Var-Map
X-Cache-Var
X-Grey
X-Is-Bot
X-Path-Route
X-Akamai-Request-ID
X-PERF
X-Time-Microsecs
X-ProxyCache-Status
Cache-Key
X-ProxyCache-Key
X-EIG-Tracking-Id
X-BYPASS-REASON
GEO-INFO
Machine
X-Viewer-Country
X-RN-RSRV
X-Web-Node
Mn-Server-Ip
Meta-Geo
X-Rendered-As
X-JoinUs
X-CCM
X-Webstats-RespID
Healthy
Cache-Name
Cache-Hits
X-Request-Time
X-NCache
X-Cache-HT
X-Debug-Cache
L5d-Success-Class
X-Optimization
Backend
X-Upgrade-Enabled
X-ServerID
X-Xfnlog-Site
X-TWH-CORRELATION-ID
X-Generated
Now
X-Port
X-PCL
X-NodeID
X-OCL
X-Labrador-Cache-Channel
X-CDN-Cache
S-Rt
Azure-RegionName
Azure-InstanceId
Access-Control-Allow-Method
Azure-SiteName
Azure-SlotName
Azure-Version
X-Amz-Meta-Surrogate-Control
X-Newrelic-Synthetics
X-FC-Vary-Parameters
WP-Super-Cache
X-Instance-Name
X-Human
X-Via-Fastly
X-TA-CDN-Provider
X-OVcl-Cache
X-OVcl
X-Original-Request
X-Cluster-Node
X-Hosted-By
X-Edge-Location
X-Hit
X-Render-Type
X-Pubstack
TWC-Privacy
TWC-Locale-Group
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Property-Id
X-Birta-Cache-Post
X-Format
X-Generation-Time
X-Routing-Service
X-CCM-LastModified
X-Section
X-IP
X-Proxy
X-Origin-Hint
X-Meta-Tbi-Cache-Vertical
X-Loop
X-LJ-Flow-ID
X-Site-Version
X-Birta-Served
X-TNCMS
X-Access
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
X-Surge-Debug
X-SplitTest
LB
X-Backend-Name
X-AWS-Id
X-App-Name
User-Cache-Control
X-Varnish-Cacheable
DB-Nickname
X-Www-Served-By
X-Timing-Wait
X-Zipkin-Id
X-VWS-Id
X-Proxy-Build
Selected-FE
Fastcgi-Useragent
Countrycode
X-Ezoic-Cdn
X-Cache-Enabled
X-Nginx-Cache
X-Tumblr-Pixel-3
User-Agent
X-Time
X-Origin-CC
X-Real-Ip
Origin-Cache-Control
Origin-Edge-Control
Payment
X-Oneagent-Js-Injection
X-Tb
X-Dc
X-Environment-Context
X-L-Path
Ec-Rule-Version
X-B3-Spanid
X-DataStream-Cache-Status
X-Unique-ID
X-Nc
Xserver
RequestId
X-UA-Device-Type
X-Skip-Cache
X-CACHE-AGE
X-NU-AKA-ACS-Version
X-NGENIX-Cache
X-Correlation-ID
Access-Control-Request-Headers
X-B3-TraceId
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Servedby
NODE
Webserver
X-CLOUD-TRACE-CONTEXT
X-Upstream-CT
Time
X-Upstream-HT
X-WR-MODIFICATION
X-Vgn-Hpd-Reason
X-EdgeConnect-Cache-Status
X-Be
Warning
X-Croise-Owner
X-Cache-Id
X-D
X-Logtrace-Id
X-S-Cookie
X-Cache-Host
X-From
X-DPWN-IS-SECURE
X-G
X-Generated-In
X-Developer
X-Died
X-Destination
Resin-Trace
Fly-Cache
Fly-Request-Id
T-Server
Cache-Prefix
Ajk
X-ElasticPress-Search
X-Cache-Backend
V-Age
X-A
X-A-Wwc
X-Application
X-ARC
X-A-Dgt
X-A-Dcw
X-A-Ccd
X-A-Dam
X-B-Cookie
X-SRCache-Key
X-Status
X-Webkit-CSP
IBM-Web2-Location
Ws
X-Cache-Time
X-Cache-Expires
Meta-Geo-Continent
X-Fastly-Cache
X-Debug-Cookies
X-Fstrz
X-Debug-Log
X-Varnish-Beresp-Ttl
Cneonction
X-Haproxy-Ip
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Public
X-Region-Sid
X-PAYTM-SRV-ID
X-Content-Type
X-Connection-Hash
Request-Time
X-ND-Cache
X-No-Session
X-Haproxy-Hostname
X-NX-Host
Fastcgi-X-Cache
Fastcgi-X-Cache-Version
VivaBuild
Www
X-Amz-Meta-Cache-Control
Viewtype
Fastly-Soc-X-Request-Id
Memcached
MD5-Digest
Host-ID
Sta2Tusw
BehaviorPad-Version
X-BB-ID
X-Var-Ttl
X-UE-Client-Country
X-Request-URI
X-CF-Lambda-Fn
X-BBXSRF
AKAMAI
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-CF-Lambda-Version
X-CS
X-Transaction
X-Twitter-Response-Tags
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Server-Time
X-User
X-VG-WebServer
X-Wix-Route-ID
Xc-Version
X-We-Are-Hiring
X-Via-Edge
X-Via-CDN
X-Server-By
X-Trv-Group
X-Cache-Ttl
X-Rewrite-Enabled
X-Rojux
X-Oss-Server-Time
X-StackifyID
X-Oss-Storage-Class
UCS
X-Oss-Request-Id
X-Dynatrace
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Hash
X-Hl-Ver
X-Sorting-Hat-PodId
X-ShopId
X-Shopify-Stage
X-ShardId
X-Sorting-Hat-FeatureSet
X-S-Maxage
X-Cdn-Origin
X-Rebelmouse-Surrogate-Control
X-IN-WAF
X-Sorting-Hat-PodId-Cached
X-RCS-CacheZone
X-IN-APIGATEWAY
X-IN-SSL-APIGATEWAY
X-Phone
X-Rebelmouse-Cache-Control
X-Sorting-Hat-ShopId-Cached
Rendered-Blocks
Server-Int
X-Fastcgi-Cache
Uber-Trace-Id
Release
Origin
IsBot
NGX
Odigeo-Trace-Id
GMS-Ver
Fastly-SWR
Fastly-SIE
X-Up
X-Trace-Id
X-Sorting-Hat-ShopId
X-Sorting-Hat-Section
X-Cache-CFC
X-Via-NSCOPI
X-Wikidot-Static-Cache
Drupal-Pagecache-Memcache
X-Wikidot-Backend
X-WebServer
X-Sorting-Hat-PrivacyLevel
X-Release
Proxy-Connection
X-Alternate-Cache-Key
X-FireWall-Port
X-Auto-Login
X-Sn-Servicetimems
X-SIPLIST1
X-Frame-Option
X-Gannett-Site-Version
Request-EU
Request-Country
X-ScT
Server-ID
X-GeoIP-Country-Code
Version
X-F5-Cache
X-Forwarded-Host
X-Device-Os
X-Epic-Correlation-Id
X-Dispatcher-Server
X-Core-Value
X-Secret
X-C
X-Yottaa-Sig
X-Server-Group
MI-API
Thinkindot-CacheControl-Type
Thinkindot-Control
X-MSEdge-Features
X-MSEdge-Flight
X-Returned-From-DLL
X-Hnp-Log
Web-Mar-Node
Who
X-Location
X-Returned-From-BeforeDispatch
X-MI-In-Market
X-Worker
X-Matched-Rule
X-Date
Server-Host
PFcat
Platform
Powered-By
Ohc-Response-Time
OT-Force-Account-Verify
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
Pragrma
X-Served-From
X-Node-Id
MI-Cache
On-Server
X-Passed-To
Pramga
X-Passed-To-PostProcessResponse
MI-Cache-Age
X-Accel-Expires-Debug
X-Response-By
X-Stale
X-Cdn-Srv
X-Rocket-Nginx-Bypass
X-Cache-Srv
X-UnsetCookies
X-ServiceProvider
X-Cache-Debug
X-Fetched-On
X-TT-LOGID
X-Thinkindot-L3
X-Content-Age
X-Edge-IP
X-Developers
X-Env
X-Eu-Site
X-CGP
X-Ckpd-Fst-Backend
X-Gen-Mode
X-GeoIP-City
X-Backend-TTL
X-VServer
X-Backend-Url
X-Backend-State
X-Backend-Host
X-Returned-From-PostProcessResponse
X-Amz-Meta-S3cmd-Attrs
X-Returned-From
X-Core-Mission
X-Server-IP
X-GoCache-CacheStatus
X-Servername
X-Block-Status
X-Reboot
X-Ver
X-V
X-Actual-URL
Thinkindot-CacheControl
Decoy-Debug-Key
Content-Disposition
X-CSRF-Token
Country-Code
Decoy-Debug-Status
Decoy-Debug-TTL
GW-Server
X-TIME
Fastly-Backend-Name
X-Origin-Date
CDCHOST
Cache-Cookie-Set-Lfrom
X-Crawler
X-Info
X-Page-Type
X-Origin-Expires
Adler-Geo
Kp-EeAlive
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Backend-Name
Dnion-Transfer-Encoding
Esi-Enabled
HA-Cloudapp
HA-Host
Ha-Gx-Prefs
HA-Georegion
HA-Ipaddr
HA-Servedtime
Httpd-Identifier
Heartbleed
HA-Urlpath
HTTPS
HA-Geolon
HA-Geolat
HA-Geocity
HA-Geocountry
Is-Eu
NnCoection
X-HCF
X-Bug-Bounty
X-Varnish-Id
X-Clientip
X-Bip
X-Cache-Control-Set-By
X-Varnish-HitMiss
X-Cache-URL
X-Thanos
X-Svr
X-Platform
REQUESTUUID
Mime-Version
NtCoent-Length
Apicache-Store
Apicache-Version
X-Req
X-RateLimit-Limit-Second
Cteonnt-Length
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Cache-Provider
X-RateLimit-Remaining-Second
X-Amz-Meta-S3b-Last-Modified
X-Refresh
FSS-Proxy
X-Origin-TTL
FSS-Cache
Arc-Country
X-Ua
X-P-T
X-LiteSpeed-Cache-Control
Brightspot-Id
WebServer
X-Varnish-Url
X-Pf-Uncompressing
X-Irp-Debug
Ar-Sid
Pagetype
X-LB-CacheStatus
X-DC
X-App-Version
X-LB-Node
X-Pjax-Url
Accept-Ch
Processtime
COMMERCE-SERVER-SOFTWARE
X-ROOTCache
X-EC-Security-Audit
Memory
X-From-Cache
Sid
X-Ruxit-Js-Agent
X-Ratelimit-Limit
X-Request-UUID
X-Request-Start
PageType
X-Amz-Meta-Sha256
X-NC
If-Modified-Since
X-Ratelimit-Remaining
X-Endurance-Cache-Level
X-Cache-ASPX
Dynatrace
X-Load-Cache
X-Atg-Version
Geoip-Latitude
Cdn
GeoIp-Country-Code
X-Varnish-Action
Geoip-City
PICS-Label
SN
X-Csrf-Token
X-Layer
CF-IPCountry
X-Fastly-Backend-Reqs
X-SERVER-NAME
X-COUNTRY
X-GRACE
X-Cdn-Forward
X-Redis-Cache
BORDER-IP
PROCESSING-IP
Edgecast
MIME-Version
X-Cache-Handler
X-Varnish-Beresp-TTL
X-Rocket-Nginx-Serving-Static
Frame-Options
X-Requestid
X-ServedByHost
X-GDPR
X-HS-Hub-Id
X-TId
X-Tid
X-Nananana
X-Fastly-Cache-Hits
X-RequestId
NodeID
X-Servedbyhost
Dont-Set-Cookie
X-Key
X-Resolver-IP
X-Wix-Petri-Ex
X-B3-SpanId
X-Owner
X-NWS-UUID-VERIFY
X-Sf
X-Rule
X-Cache-TTL
X-Cf-Powered-By
X-BE
Web-Mar-Region
RNT-Machine
Cf-Ipcountry
Pics-Label
X-Server-W
RNT-Time
ProcessTime
CDN
CACHE
GeoIP-Latitude
X-Sentry-ID
X-Flog
GeoIP-City
GeoIP-Country-Code
X-ABtesting
X-HTML-Minification-Powered-By
WZWS-RAY
Node
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
Lfy
Is-Session-Tracking
X-FORWARDED-FOR
X-Powered-By-ANYU
We-Hiring
Mail-Subject
Get-Access-Time
X-VG-WebCache
PageSpeed
Powered
Max-Age
X-Dynatrace-Js-Agent
X-Shard
X-Varnish-Ttl
X-CDN-Pop-IP
XServer
X-CDN-Pop
X-Use-Magma
Amp-Access-Control-Allow-Source-Origin
X-ByteArk-Cache
Cache-Tags
X-Mem
X-SRV
X-GZIP
Accept-CH
X-Cache-FS-Status
URI
Magicmarker
X-Gdpr
X-PJAX-URL
X-Powered-By-Defense
X-UPSTREAM-Address
X-Varnish-URL
X-GEO
DataCenter
X-PF-Uncompressing
X-Check-Cacheable
X-Front
Xet-Cookie
X-Dw-Trace-Id
X-Unique-Id
X-Cookie
X-Micro-Cache
X-Oa-Upstreams
X-Trv-Request-Id
X-Ms-Version
X-Zalando-Page-Type
X-Zalando-Child-Request-Id
Hostname
X-Remote-IP
X-Ms-Request-Id
X-Ms-Blob-Type
X-Ms-Lease-Status
X-NGINX-Cache
Group
V-Cache
Rt-Proxy-Cache
X-VarnPar1
X-VarnPar2
X-HGenerator
X-Fe
N-Cache
X-VarnCache
RequestUuid
Requestid
X-PARISIEN-Cache-Rendered
X-VC
X-Aicache-OS
X-Varnish-ID
X-PAGE-TYPE
X-Safe-Firewall
X-Proxy-Server
X-SB
WS
SID
X-RAMCache
X-Alicdn-Da-Ups-Status
X-Acquia-Application-UUID
X-Akamai-ERPolicy
X-Acquia-Application-Trace
WWW-Authenticate
X-Qnm-Cache
X-Akamai-ERRuleID
X-M-Reqid
X-ProxyCache-Args
X-M-Log
CF-Cached-On
X-Hello
X-Litespeed-Tag