Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Xss-Protection
X-Served-By
X-Varnish
X-Amz-Cf-Id
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
X-Generator
Content-Security-Policy-Report-Only
CF-Ray
Alt-Svc
Status
X-AspNetMvc-Version
X-Cache-Status
X-DNS-Prefetch-Control
X-Check
X-Iinfo
X-FRAME-OPTIONS
X-Adblock-Key
X-CDN
Timing-Allow-Origin
X-Content-Security-Policy
X-Turbo-Charged-By
X-Permitted-Cross-Domain-Policies
P3p
Content-Encoding
X-Template
X-Language
Keep-Alive
X-Type
X-AH-Environment
X-Via
X-Request-ID
X-Cache-Group
X-Backend
WPE-Backend
X-Pass-Why
X-Age
X-Buckets
X-Server
X-Nginx-Cache-Status
Access-Control-Max-Age
X-Server-Powered-By
X-Pingback
Xkey
X-Varnish-Cache
Grace
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Expose-Headers
X-Hacker
X-UA-Device
X-Amz-Request-Id
X-Page-Speed
Cf-Railgun
X-Amz-Id-2
X-Proxy-Cache
X-Robots-Tag
X-LiteSpeed-Cache
EagleId
X-Envoy-Upstream-Service-Time
Request-Context
X-Node
X-Swift-CacheTime
X-Swift-SaveTime
X-Ac
X-Device
X-Host
X-Cnection
Ali-Swift-Global-Savetime
Content-Location
X-Amz-Version-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Server-Id
Surrogate-Control
X-WebKit-CSP
X-Backend-Server
X-Cache-Lookup
X-OneAgent-JS-Injection
X-Rack-Cache
X-Response-Time
X-Px
X-Instart-Request-ID
Request-Id
X-Readtime
X-CST
X-Rq
Server-Timing
X-Clacks-Overhead
X-HeyJason
Permitted-Cross-Domain-Policies
X-Do-Not-Hack
Pinterest-Generated-By
X-Ua-Compatible
EagleEye-TraceId
X-Cloud-Trace-Context
Edge-Control
X-Url
X-Application-Context
X-MS-InvokeApp
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country
Report-To
X-Server-Name
X-DynaTrace-JS-Agent
Charset
SPRequestGuid
X-Country-Code
Allow
X-SharePointHealthScore
X-DataDome
X-Ruxit-JS-Agent
X-ESI
Rating
X-Varnish-TTL
X-PC
X-TtlSet
X-Vname
X-Cached
X-Powered-CMS
X-TTL
X-Powered-By-Plesk
X-Recruiting
X-CF-Powered-By
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-FTR-Request-ID
NEL
X-D2id
X-Vhost
X-DynaTrace
Public-Key-Pins
X-Upstream-Env
Pinterest-Version
X-Pinterest-Rid
X-Kinja
X-F-Cache
X-Cdn-Fetch
X-Exp-Id
X-Geo-Segment
X-Kinja-Build
X-Kinja-Revision
X-Version
X-Exp-Variant
X-Kinja-Server
X-N
SPIisLatency
SPRequestDuration
X-T
X-VARITI-CCR
X-Dw-Request-Base-Id
X-GoogleNews-Bot
Cartoon
X-Mod-Pagespeed
MS-Author-Via
Content-MD5
RTSS
X-Abt-Application-Version
Nginx-Cache
Feature-Policy
X-GitHub-Request-Id
Verso
AR-ATIME
AR-PoweredBy
AR-CACHE
X-Dispatcher
MicrosoftSharePointTeamServices
X-Navigation-Version
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Goog-Hash
X-Shield-Request-Id
X-Client-IP
X-Amz-Rid
X-Hits
Realpath
X-Forwarded-Proto
X-Cdn
X-Ttl
X-Trace
X-Origin-Cache
Paypal-Debug-Id
X-Server-ID
X-TEC-API-VERSION
X-Content-Options
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Zen-Fury
X-Content-Digest
X-Id
X-Grace
Arr-Disable-Session-Affinity
X-Kinsta-Cache
TCN
AR-SID
X-B
DynaTrace
Alternate-Protocol
X-Varnish-Age
X-Cache-Key
Fastcgi-Cache
X-Sol
X-Upstream
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Mrf-Cache-Status
MRF-Tech
Access-Control-Request-Method
X-Ser
X-Pad
X-Fastly-Request-ID
X-FastCGI-Cache
Display
X-Middleton-Display
PB-RID
PB-PID
X-NF-Request-ID
X-Mobile-Rewrite
X-Nf-Srv-Version
X-Via-JSL
X-DIS-Request-ID
X-Acc-Meta-Resource-Type
X-Vcap-Request-Id
Response
X-User-Agent
X-Middleton-Response
Front-End-Https
X-Forwarded-For
Pagespeed
X-IPLB-Instance
Rt-Fastcgi-Cache
X-MSEdge-Ref
X-SS-Set-Cookie
X-Cache-Rule
X-Frontend
X-PressLabs-Stats
Eomportal-Instance
X-Logged-In
X-Cache-Hit
Arc-Version
Server-Name
X-Whom
X-VCache
X-Hostname
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Length
X-XRDS-LOCATION
X-Goog-Metageneration
Host
Tracecode
Surrogate-Key
Cache-Status
S
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Expires
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-Backend
X-Country-Code-Real
X-Newrelic-App-Data
X-Analytics
X-Request-Received
Backend-Timing
X-Debug
X-Request-Processing-Time
X-HS-Content-Id
TP-Cache
X-AOL-HN
TP-L2-Cache
Refresh
X-Instance
X-Proxied
X-AppVersion
X-Magnolia-Registration
X-Activity-Id
X-Contextid
X-Az
Public-Key-Pins-Report-Only
X-Rid
FilterID
X-Wix-Server-Artifact-Id
X-Srv
X-XRDS-Location
ServerID
X-UUID
HitInfo
HitType
Server-Info
X-B3-Traceid
X-WPE-Loopback-Upstream-Addr
X-URL
X-HW
Liferay-Portal
X-Webkit-Csp
AMP-Access-Control-Allow-Source-Origin
Cleartype
Service-Worker-Allowed
X-APP-VERSION
X-Mobile
X-Varnish-Server
X-Content-Security-Policy-Report-Only
X-NWS-LOG-UUID
X-Varnish-Backend
X-FTR-Cache-Host
Served-By
X-Correlation-Id
X-Cache-Control
X-Revision
Edge-Cache-Tag
X-Amzn-Trace-Id
Source
X-Origin
X-Cache-Server
X-Geo-Country
X-HS-Cache-Config
Retry-After
X-PC-Key
X-App-Environment
X-Request-Guid
X-PC-Hit
Host-Header
X-BCube-Filmed-By
X-Hail-Hydra
Server-Node
X-PC-AppVer
X-Device-Type
X-Handled-By
X-PHP-Backend
X-Varnish-Hostname
MS-CV
X-RateLimit-Remaining
X-Tumblr-Pixel
X-TT
DC
X-Cache-Operation
X-Tumblr-Pixel-0
X-Tumblr-User
S-Cnection
X-Signature
X-B-Cache
X-Cache-Config
Fastly-Restarts
X-Origin-Upstream-Status
X-Cache-2
X-FB-Debug
Powered-By-ChinaCache
X-Framework
X-Page-Id
Accept-Charset
X-Cache-Action
X-Origin-Server
X-TT-TIMESTAMP
X-Sucuri-ID
X-Ocache
X-Debug-Info
X-PC-Host
Actual-Object-TTL
X-PC-Date
Viewport
X-ADI-VCache
X-Shield-Cache-Expires
X-ATG-Version
X-Hyper-Cache
X-WA-Info
NGB
X-B3-Sampled
X-Content-Powered-By
X-Cached-By
X-Microcachable
X-Accel-Expires
Upgrade-Insecure-Requests
X-Drupal-Cache-Tags
X-LB-Cache
SRV
X-Akam-SW-Version
AsisCache
X-Cache-NE
Filters
Cache
X-Generated-By
ServedBy
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Internal-Host
X-FW-Type
X-RequestSource
X-FW-Static
X-Cacheable-TTL
X-FW-Serve
X-App-Server
X-FW-Server
X-FW-Hash
X-S
X-RTag
X-Locale
X-Distil-CS
X-Seen-By
X-WebKit-CSP-Report-Only
Content-Style-Type
X-Amz-Server-Side-Encryption
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-TX-ID
X-Wix-Request-Id
X-GeoIP
Content-Script-Type
X-Jobs
X-Accel-Buffering
From-Origin
X-Varnish-Hits
X-Cluster
X-ServedBy
X-Akamai-Edgescape
X-Node-Name
X-HS-Combine-CSS
X-Varnish-Cache-Hits
X-Sucuri-Cache
X-Litespeed-Cache
X-UA
X-Varnish-Grace
X-RateLimit-Limit
X-Geo
X-Adobe-Loc
X-Varnish-IP
X-Adobe-Content
X-Dns-Prefetch-Control
X-Platform-Server
X-GZip
X-Cache-Age
X-CDN-Forward
X-Vg-Webcache
X-Cache-TTL-Remaining
X-NewRelic-App-Data
X-Edge-Cache
X-Daa-Tunnel
X-Edge-Cache-Key
Datacenter
X-Storage
X-Cache-Remote
HostName
X-GUploader-UploadID
X-Akamai-Transformed
X-Mode
X-Region
Cache-Tag
X-Esi
X-Drupal-Cache-Contexts
X-Amz-Replication-Status
X-Guploader-Uploadid
X-Distributor
X-Kinja-Server-Push
X-Source
X-Real-IP
X-ProcessESI
X-RN-RSRV
X-Rendered-As
Meta-Geo
Machine
X-TA-CDN-Provider
Load-Balancing
X-RemovedCookies
X-Path-Route
X-Cache-Var-Map
X-Cache-Var
X-Detected-As
X-Is-Bot
X-MP-GENERATED-AT
ServerName
X-Amzn-RequestId
X-Agile-Age
X-Amz-Apigw-Id
X-Agile
X-Agile-Id
X-NCache
Fastly-SSL
Country
X-OCL
X-NodeID
X-PCL
X-Time-Microsecs
X-TWH-CORRELATION-ID
X-CDN-Cache
X-PERF
X-Cache-Category-Id
GEO-INFO
Mn-Server-Ip
Cache-Key
X-Akamai-Request-ID
X-BB-IP
X-ApacheServer
X-Upgrade-Enabled
X-Grey
X-Webstats-RespID
X-Web-Node
X-Viewer-Country
X-Debug-Cache
X-Cluster-Node
Cache-Name
X-Edge-Location
X-EIG-Tracking-Id
X-Instance-Name
X-Human
X-Via-Fastly
X-Amz-Meta-Surrogate-Control
Azure-SlotName
Azure-SiteName
Azure-Version
Backend
Azure-InstanceId
X-Cache-HT
Azure-RegionName
L5d-Success-Class
X-OVcl-Cache
X-OVcl
X-Optimization
X-Proto
X-Pubstack
Ohc-File-Size
S-Rt
X-Port
X-Original-Request
TWC-Device-Class
TWC-GeoIP-LatLong
X-ServerID
TWC-Connection-Speed
TWC-Privacy
TWC-Locale-Group
X-Proxy
X-ProxyCache-Key
User-Cache-Control
TWC-GeoIP-Country
X-Access
Webcakes-App-Version
Webcakes-App-Name
X-ProxyCache-Status
Webcakes-Region
X-CCM
X-Meta-Tbi-Cache-Vertical
X-Www-Served-By
X-LJ-Flow-ID
X-Labrador-Cache-Channel
X-IP
X-Origin-Hint
X-Request-Time
X-VWS-Id
X-SplitTest
X-Section
X-Routing-Service
X-Hosted-By
Property-Id
X-Birta-Cache-Post
X-BYPASS-REASON
X-AWS-Id
X-App-Name
X-Birta-Served
X-Zipkin-Id
X-Generation-Time
X-Format
X-Xfnlog-Site
X-CCM-LastModified
X-FC-Vary-Parameters
X-Site-Version
LB
Healthy
DB-Nickname
Fastcgi-Useragent
X-TNCMS
X-Cache-Bucket
X-Loop
Cache-Hits
Now
X-Varnish-Cacheable
Access-Control-Allow-Method
X-JoinUs
X-Surge-Debug
User-Agent
RATING
X-Generated
X-Backend-Name
X-Tumblr-Pixel-3
Payment
X-Render-Type
X-Tb
X-Real-Ip
X-Ezoic-Cdn
X-Proxy-Build
X-Hit
X-Origin-CC
X-Feature
Selected-FE
X-Timing-Wait
Countrycode
Ec-Rule-Version
X-Cache-Enabled
X-Newrelic-Synthetics
X-Time
X-Dc
X-B3-Spanid
X-Nginx-Cache
X-DataStream-Cache-Status
X-Nc
X-Oneagent-Js-Injection
Origin-Edge-Control
X-Unique-ID
Origin-Cache-Control
WP-Super-Cache
X-L-Path
X-Environment-Context
RequestId
X-UA-Device-Type
NODE
X-Varnish-Beresp-Grace
X-NU-AKA-ACS-Version
X-Varnish-Beresp-Status
X-CACHE-AGE
Xserver
X-Skip-Cache
X-B3-TraceId
X-NGENIX-Cache
X-Correlation-ID
X-WR-MODIFICATION
X-COUNTRY
X-Be
X-CLOUD-TRACE-CONTEXT
Access-Control-Request-Headers
X-Servedby
Webserver
X-Vgn-Hpd-Reason
X-Content-Type
X-ElasticPress-Search
X-Upstream-CT
X-Upstream-HT
X-Cache-Backend
X-EdgeConnect-Cache-Status
Time
X-Status
Ws
Warning
X-Server-Time
X-ARC
X-A-Dgt
X-Server-By
X-Haproxy-Ip
X-S-Cookie
X-Generated-In
Meta-Geo-Continent
X-Amz-Meta-Cache-Control
X-ND-Cache
Memcached
X-Accel-Expires-Debug
X-Haproxy-Hostname
X-No-Session
MD5-Digest
X-Logtrace-Id
X-Application
AKAMAI
Fly-Cache
Fly-Request-Id
Fastly-Soc-X-Request-Id
Fastcgi-X-Cache-Version
X-D
Fastcgi-X-Cache
X-BB-ID
X-Connection-Hash
X-Cache-Id
X-Cache-Host
GMS-Ver
X-CF-Lambda-Fn
X-BBXSRF
X-CF-Lambda-Version
X-Date
X-Destination
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
Ajk
X-From
X-Fastly-Cache
Apple-News-Services-Request-Url
X-B-Cookie
Host-ID
X-Developer
X-Died
Cache-Prefix
BehaviorPad-Version
X-DPWN-IS-SECURE
X-G
X-A-Wwc
X-We-Are-Hiring
X-Twitter-Response-Tags
X-SVT-ORM-RULES
X-Rewrite-Enabled
X-Wix-Route-ID
X-SVT-ORM-VERSION
X-Transaction
X-Trv-Group
X-Via-Edge
VivaBuild
X-Via-CDN
X-VG-WebServer
X-User
Resin-Trace
X-SRCache-Key
Viewtype
X-Cache-Ttl
X-Public
Sta2Tusw
Xc-Version
X-Planisys-CDN-Cache
X-Region-Sid
X-Planisys-CDN-TTL
X-A-Ccd
X-PAYTM-SRV-ID
X-A
Www
X-Planisys-CDN-Rules
X-A-Dcw
T-Server
X-A-Dam
X-Rojux
X-Webkit-CSP
X-Croise-Owner
X-Cache-Expires
X-Request-URI
IBM-Web2-Location
X-Up
Uber-Trace-Id
V-Age
X-Cdn-Origin
Fastly-SWR
X-Sn-Servicetimems
X-Core-Value
X-Trace-Id
Fastly-SIE
X-CS
X-Cache-Time
X-Debug-Cookies
Server-Int
X-Debug-Log
X-F5-Cache
X-Wikidot-Static-Cache
X-Rebelmouse-Surrogate-Control
X-Wikidot-Backend
Request-Time
IsBot
Rendered-Blocks
X-ScT
X-Rebelmouse-Cache-Control
Odigeo-Trace-Id
X-Cache-CFC
NGX
X-Phone
X-NX-Host
X-GoCache-CacheStatus
Release
X-Forwarded-Host
X-Frame-Option
X-Fstrz
X-FireWall-Port
Origin
X-Var-Ttl
X-SIPLIST1
Apicache-Version
X-Oracle-Dms-Ecid
Cneonction
Apicache-Store
X-Varnish-Beresp-Ttl
X-Oracle-Dms-Rid
X-Backend-Host
X-Bug-Bounty
X-Actual-URL
X-C
X-Backend-State
Who
Web-Mar-Node
UCS
Thinkindot-Control
X-Backend-Url
X-Block-Status
X-Backend-TTL
X-Amz-Meta-S3cmd-Attrs
X-Hnp-Log
X-ServiceProvider
X-Worker
X-WebServer
X-VServer
X-Servername
X-IN-APIGATEWAY
X-IN-SSL-APIGATEWAY
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Returned-From
X-TT-LOGID
X-Thinkindot-L3
X-Reboot
X-Stale
Thinkindot-CacheControl-Type
X-V
X-UnsetCookies
X-UE-Client-Country
X-IN-WAF
X-Server-IP
X-Dispatcher-Server
X-Edge-IP
X-Env
X-Epic-Correlation-Id
X-Device-Os
X-Developers
X-Cdn-Srv
X-CGP
X-Ckpd-Fst-Backend
X-Content-Age
X-Eu-Site
X-Gen-Mode
X-MSEdge-Flight
X-Passed-To
X-Served-From
X-Server-Group
X-MSEdge-Features
X-MI-In-Market
X-GeoIP-City
X-GeoIP-Country-Code
X-Location
X-Matched-Rule
X-Cache-Debug
On-Server
HA-Georegion
Ha-Gx-Prefs
HA-Geolon
HA-Geolat
HA-Geocity
HA-Geocountry
HA-Host
HA-Ipaddr
Httpd-Identifier
HTTPS
Heartbleed
Cache-Cookie-Set-Lfrom
HA-Servedtime
HA-Cloudapp
Thinkindot-CacheControl
Content-Disposition
Decoy-Debug-Key
Cache-Cookie-Set-From
CDCHOST
Cache-Cookie-Set-Idcheck
Decoy-Debug-Status
Decoy-Debug-TTL
Adler-Geo
GW-Server
Fastly-Backend-Name
Esi-Enabled
Backend-Name
Is-Eu
HA-Urlpath
Pramga
MI-Cache-Age
Ohc-Response-Time
Pragrma
X-StackifyID
MI-Cache
Proxy-Connection
Powered-By
Platform
X-TIME
Server-Host
Mime-Version
OT-Force-Account-Verify
X-Hash
X-Gannett-Site-Version
X-Node-Id
X-Rocket-Nginx-Bypass
X-Via-NSCOPI
X-Hl-Ver
X-Auto-Login
X-RCS-CacheZone
X-Fetched-On
X-Response-By
X-Sorting-Hat-PrivacyLevel
X-Sorting-Hat-Section
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId-Cached
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Sorting-Hat-FeatureSet
X-Sorting-Hat-ShopId-Cached
X-ShardId
X-ShopId
X-Release
X-Secret
X-Ver
X-Varnish-Id
NnCoection
X-Page-Type
X-S-Maxage
Kp-EeAlive
X-Core-Mission
X-Alternate-Cache-Key
Request-Country
REQUESTUUID
PFcat
Server-ID
Request-EU
Drupal-Pagecache-Memcache
X-Cache-Srv
MI-API
Dnion-Transfer-Encoding
X-Info
X-Clientip
X-Cache-Control-Set-By
X-Svr
X-HCF
X-Crawler
X-Amz-Meta-S3b-Last-Modified
X-Platform
X-Bip
X-Thanos
X-Origin-Date
X-Fastcgi-Cache
X-Varnish-HitMiss
X-Cache-URL
NtCoent-Length
X-Origin-Expires
Version
X-Req
X-Refresh
X-P-T
Processtime
Country-Code
Cache-Provider
X-Origin-TTL
Cteonnt-Length
X-HS-Hub-Id
X-Pf-Uncompressing
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Server-Time
X-CSRF-Token
X-Pjax-Url
Ar-Sid
X-Amz-Meta-Sha256
X-RateLimit-Limit-Second
X-Yottaa-Sig
X-RateLimit-Remaining-Second
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Accept-Ch
Pagetype
FSS-Cache
X-Cache-ASPX
X-App-Version
Arc-Country
X-Varnish-Url
X-EC-Security-Audit
X-From-Cache
FSS-Proxy
Memory
WebServer
Geoip-City
Brightspot-Id
X-LiteSpeed-Cache-Control
X-Irp-Debug
Geoip-Latitude
GeoIp-Country-Code
X-DC
X-Csrf-Token
X-Ruxit-Js-Agent
SN
PageType
X-Dynatrace
X-NC
X-LB-Node
X-ROOTCache
Sid
Cdn
PICS-Label
X-Ua
X-LB-CacheStatus
COMMERCE-SERVER-SOFTWARE
CF-IPCountry
X-Redis-Cache
X-Cache-Handler
X-Request-Start
X-Request-UUID
X-Wix-Petri-Ex
X-Rule
X-Ratelimit-Remaining
Dont-Set-Cookie
Edgecast
X-Endurance-Cache-Level
If-Modified-Since
X-Fastly-Backend-Reqs
X-Load-Cache
X-SERVER-NAME
X-Varnish-Beresp-TTL
X-Cdn-Forward
BORDER-IP
MIME-Version
X-GRACE
X-Varnish-Action
PROCESSING-IP
X-Atg-Version
X-ServedByHost
X-Tid
X-GDPR
X-Layer
X-Ratelimit-Limit
X-Requestid
X-TId
X-RequestId
X-Sf
X-Servedbyhost
X-Rocket-Nginx-Serving-Static
Frame-Options
Dynatrace
RNT-Machine
RNT-Time
X-Nananana
X-Fastly-Cache-Hits
X-Resolver-IP
X-B3-SpanId
XServer
X-BE
X-DataStream-MidMile-RTT
Pics-Label
Powered
X-DataStream-Origin-MEX-Latency
Cf-Ipcountry
X-Key
NodeID
X-Owner
CDN
CACHE
X-HTML-Minification-Powered-By
X-Cache-TTL
Cache-Tags
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
Node
We-Hiring
Mail-Subject
X-Server-W
Web-Mar-Region
DataCenter
PageSpeed
X-Dynatrace-Js-Agent
GeoIP-Country-Code
GeoIP-Latitude
X-ABtesting
X-Varnish-Ttl
X-Shard
X-Flog
GeoIP-City
X-VG-WebCache
Amp-Access-Control-Allow-Source-Origin
X-Use-Magma
Lfy
X-Ms-Blob-Type
X-Ms-Lease-Status
X-Ms-Request-Id
X-Powered-By-ANYU
X-Sentry-ID
WZWS-RAY
X-GEO
X-Ms-Version
X-Gdpr
X-GZIP
ProcessTime
X-NWS-UUID-VERIFY
X-UPSTREAM-Address
Get-Access-Time
Accept-CH
Max-Age
Is-Session-Tracking
X-CDN-Pop
X-CDN-Pop-IP
X-Mem
X-PF-Uncompressing
X-Varnish-URL
Xet-Cookie
X-Dw-Trace-Id
X-Powered-By-Defense
X-Trv-Request-Id
X-Remote-IP
X-Cache-FS-Status
X-Check-Cacheable
Hostname
X-Oa-Upstreams
URI
X-PJAX-URL
X-Cookie
Magicmarker
X-Unique-Id
X-NGINX-Cache
RequestUuid
X-DSS
Cdn-Request-Time
X-DI
X-Varnish-ID
X-DW
X-Alicdn-Da-Ups-Status
X-DB
X-Aicache-OS
Requestid
Cdn-Host
X-Ms-Lease-State
X-RSL
X-PAGE-TYPE
X-VG-TLSProxy
X-VID
X-Edge-Server
X-RPS
X-ByteArk-Cache
X-RPM
True-Client-Country-4JS
X-Proxy-Server
X-Front
X-Swa-Ws
X-Policy
X-Zalando-Page-Type
X-Acquia-Application-UUID
X-Acquia-Application-Trace
CF-Cached-On
X-Micro-Cache
X-Akamai-ERRuleID
X-Hello
X-Litespeed-Tag
SID
WS
X-Fe
X-Akamai-ERPolicy
X-RAMCache
X-Zalando-Child-Request-Id
X-Litespeed-Cache-Control