Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Xss-Protection
X-Served-By
X-Varnish
X-Amz-Cf-Id
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
CF-Ray
Alt-Svc
Status
X-AspNetMvc-Version
X-Cache-Status
X-DNS-Prefetch-Control
X-Check
X-Iinfo
X-Adblock-Key
X-FRAME-OPTIONS
X-CDN
Timing-Allow-Origin
X-Content-Security-Policy
X-Permitted-Cross-Domain-Policies
X-Turbo-Charged-By
Content-Encoding
P3p
X-Template
X-Language
Keep-Alive
X-Type
X-AH-Environment
X-Via
X-Cache-Group
X-Backend
WPE-Backend
X-Request-ID
X-Pass-Why
X-Buckets
X-Age
X-Server
X-Nginx-Cache-Status
Access-Control-Max-Age
X-Server-Powered-By
X-Pingback
Xkey
X-Varnish-Cache
Grace
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Expose-Headers
X-Hacker
X-UA-Device
X-Amz-Request-Id
X-Page-Speed
Cf-Railgun
X-Amz-Id-2
X-Proxy-Cache
X-Robots-Tag
EagleId
X-Envoy-Upstream-Service-Time
Request-Context
X-LiteSpeed-Cache
X-Node
X-Swift-SaveTime
X-Swift-CacheTime
X-Ac
X-Device
X-Cnection
Ali-Swift-Global-Savetime
X-Host
Content-Location
X-Amz-Version-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Server-Id
Surrogate-Control
X-WebKit-CSP
X-Backend-Server
X-Cache-Lookup
X-OneAgent-JS-Injection
X-Rack-Cache
X-Response-Time
X-Px
X-Instart-Request-ID
Request-Id
X-Readtime
X-CST
Server-Timing
X-Rq
X-Clacks-Overhead
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
X-HeyJason
Pinterest-Generated-By
EagleEye-TraceId
X-Ua-Compatible
X-Url
Edge-Control
X-Cloud-Trace-Context
X-Application-Context
X-MS-InvokeApp
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country
Report-To
X-Server-Name
X-DynaTrace-JS-Agent
Charset
SPRequestGuid
X-Country-Code
Allow
X-DataDome
X-SharePointHealthScore
X-Ruxit-JS-Agent
Rating
X-Varnish-TTL
X-PC
X-Vname
X-TtlSet
X-ESI
X-Cached
X-TTL
X-Powered-CMS
X-Powered-By-Plesk
X-Recruiting
X-CF-Powered-By
X-FTR-Request-ID
NEL
X-D2id
X-Vhost
X-DynaTrace
Pinterest-Version
X-Upstream-Env
X-Pinterest-Rid
Public-Key-Pins
X-F-Cache
X-Version
X-Kinja-Build
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-Kinja-Server
X-Kinja
X-Kinja-Revision
X-Geo-Segment
X-N
X-T
X-VARITI-CCR
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
Cartoon
SPRequestDuration
SPIisLatency
X-GoogleNews-Bot
X-Dw-Request-Base-Id
X-Mod-Pagespeed
MS-Author-Via
RTSS
Content-MD5
X-Abt-Application-Version
Nginx-Cache
Feature-Policy
Verso
X-GitHub-Request-Id
AR-ATIME
AR-CACHE
AR-PoweredBy
X-Dispatcher
X-Navigation-Version
MicrosoftSharePointTeamServices
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Goog-Hash
X-Client-IP
X-Amz-Rid
X-Hits
Realpath
X-Shield-Request-Id
X-Forwarded-Proto
X-Origin-Cache
X-Cdn
X-Ttl
X-Trace
Paypal-Debug-Id
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Content-Options
X-Zen-Fury
X-Content-Digest
X-Server-ID
X-Id
X-Grace
X-Kinsta-Cache
Arr-Disable-Session-Affinity
X-B
TCN
AR-SID
DynaTrace
Alternate-Protocol
X-Varnish-Age
X-Cache-Key
Fastcgi-Cache
X-Sol
X-Upstream
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
MRF-Tech
Mrf-Cache-Status
Access-Control-Request-Method
X-Ser
X-FastCGI-Cache
X-Pad
X-Fastly-Request-ID
Display
X-Middleton-Display
PB-RID
PB-PID
X-Nf-Srv-Version
X-Mobile-Rewrite
X-NF-Request-ID
X-Acc-Meta-Resource-Type
X-DIS-Request-ID
X-Via-JSL
X-Vcap-Request-Id
X-User-Agent
X-Middleton-Response
Response
Pagespeed
X-MSEdge-Ref
Front-End-Https
Rt-Fastcgi-Cache
X-Forwarded-For
X-IPLB-Instance
X-Cache-Rule
X-Frontend
X-SS-Set-Cookie
Eomportal-Instance
X-PressLabs-Stats
X-Logged-In
X-Cache-Hit
Arc-Version
Server-Name
X-Whom
X-VCache
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Generation
X-Hostname
Host
X-XRDS-Location
Tracecode
Surrogate-Key
X-FTR-DC
X-Country-Code-Real
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Expires
X-FTR-Balancer
X-FTR-Cache-Status
Cache-Status
S
X-Request-Received
X-Request-Processing-Time
X-Analytics
Backend-Timing
X-Debug
X-HS-Content-Id
TP-L2-Cache
X-Instance
TP-Cache
Refresh
X-Contextid
X-Litespeed-Cache
X-AOL-HN
X-Newrelic-App-Data
X-Az
X-Activity-Id
X-Magnolia-Registration
X-AppVersion
X-Proxied
Public-Key-Pins-Report-Only
X-Wix-Server-Artifact-Id
X-Rid
X-XRDS-LOCATION
FilterID
ServerID
X-Srv
X-UUID
X-B3-Traceid
Server-Info
HitInfo
HitType
X-WPE-Loopback-Upstream-Addr
X-HW
Cleartype
X-URL
Liferay-Portal
X-APP-VERSION
Service-Worker-Allowed
X-Webkit-Csp
X-Content-Security-Policy-Report-Only
X-Mobile
X-Varnish-Server
X-FTR-Cache-Host
AMP-Access-Control-Allow-Source-Origin
X-NWS-LOG-UUID
X-Varnish-Backend
X-Cache-Control
Served-By
X-Geo-Country
X-Revision
X-Amzn-Trace-Id
X-Cache-Server
X-Request-Guid
Retry-After
Server-Node
X-PC-Key
X-PC-AppVer
X-PC-Hit
Host-Header
X-PHP-Backend
X-Hail-Hydra
X-BCube-Filmed-By
Source
X-Varnish-Hostname
MS-CV
X-Origin
X-RateLimit-Remaining
X-Cache-Operation
X-TT
X-Handled-By
X-App-Environment
DC
Powered-By-ChinaCache
X-Device-Type
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Cache-2
X-Cache-Config
X-FB-Debug
X-HS-Cache-Config
X-B-Cache
X-Signature
X-Framework
Edge-Cache-Tag
S-Cnection
Fastly-Restarts
X-Origin-Upstream-Status
X-Page-Id
Accept-Charset
X-Correlation-Id
X-Origin-Server
X-Cache-Action
X-TT-TIMESTAMP
X-Sucuri-ID
X-Ocache
X-Debug-Info
X-PC-Host
X-PC-Date
Viewport
Actual-Object-TTL
X-Shield-Cache-Expires
X-ADI-VCache
X-B3-Sampled
X-Hyper-Cache
NGB
X-Cached-By
X-Content-Powered-By
X-ATG-Version
X-WA-Info
X-Microcachable
X-Accel-Expires
X-Drupal-Cache-Tags
Upgrade-Insecure-Requests
X-Akam-SW-Version
X-LB-Cache
SRV
Filters
AsisCache
X-Cache-NE
Cache
X-Generated-By
X-App-Server
X-S
X-RTag
X-FW-Hash
X-FW-Static
X-Locale
X-FW-Server
ServedBy
X-FW-Type
X-Cacheable-TTL
X-Internal-Host
X-FW-Serve
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Tumblr-Pixel-2
X-Wix-Request-Id
X-Tumblr-Pixel-1
X-Distil-CS
X-Seen-By
X-WebKit-CSP-Report-Only
X-Amz-Server-Side-Encryption
Content-Style-Type
Content-Script-Type
X-TX-ID
X-RequestSource
X-Accel-Buffering
X-ServedBy
X-Cluster
X-Jobs
X-Varnish-Hits
From-Origin
X-Geo
X-GeoIP
X-Node-Name
X-Esi
X-GUploader-UploadID
X-NewRelic-App-Data
X-Varnish-Grace
X-Adobe-Loc
X-Akamai-Edgescape
X-Adobe-Content
X-Varnish-Cache-Hits
X-Sucuri-Cache
X-Varnish-IP
X-HS-Combine-CSS
X-RateLimit-Limit
X-Platform-Server
X-CDN-Forward
X-GZip
X-Vg-Webcache
X-UA
X-Cache-TTL-Remaining
X-Dns-Prefetch-Control
X-Edge-Cache
X-Edge-Cache-Key
X-Cache-Age
X-Daa-Tunnel
Datacenter
X-Cache-Remote
X-Storage
X-Real-IP
X-Akamai-Transformed
Cache-Tag
X-Region
X-Mode
HostName
X-Drupal-Cache-Contexts
X-Amz-Replication-Status
X-Distributor
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-RN-RSRV
Meta-Geo
X-Rendered-As
Machine
Load-Balancing
X-Cache-Var
X-Source
X-RemovedCookies
X-Cache-Var-Map
X-MP-GENERATED-AT
X-Is-Bot
X-Path-Route
X-ProcessESI
X-Detected-As
X-Amzn-RequestId
X-Agile-Id
X-Amz-Apigw-Id
X-Agile-Age
X-NCache
X-Agile
Fastly-SSL
Country
X-CDN-Cache
X-Upgrade-Enabled
X-Viewer-Country
X-Grey
X-PERF
X-Time-Microsecs
X-Kinja-Server-Push
X-PCL
ServerName
X-OCL
X-NodeID
X-Webstats-RespID
X-Web-Node
X-Cache-Category-Id
X-ApacheServer
X-Akamai-Request-ID
Cache-Key
S-Rt
X-Instance-Name
X-OVcl-Cache
X-TA-CDN-Provider
X-BB-IP
X-Amz-Meta-Surrogate-Control
X-OVcl
X-Edge-Location
Backend
Azure-Version
Azure-SlotName
Azure-RegionName
Azure-InstanceId
Azure-SiteName
GEO-INFO
Mn-Server-Ip
X-Human
X-Port
X-Via-Fastly
X-TWH-CORRELATION-ID
X-Pubstack
DB-Nickname
Cache-Name
X-Zipkin-Id
X-VWS-Id
X-Cluster-Node
X-ProxyCache-Status
X-Access
X-Xfnlog-Site
X-App-Name
X-Birta-Served
X-Birta-Cache-Post
Ohc-File-Size
X-ProxyCache-Key
X-FC-Vary-Parameters
X-Cache-HT
X-AWS-Id
L5d-Success-Class
LB
X-CCM
X-BYPASS-REASON
X-Debug-Cache
X-SplitTest
X-Meta-Tbi-Cache-Vertical
User-Cache-Control
X-LJ-Flow-ID
X-Site-Version
X-Section
X-Proto
X-Routing-Service
X-Original-Request
X-Optimization
X-IP
X-Labrador-Cache-Channel
X-Format
X-Generation-Time
X-Hosted-By
X-ServerID
TWC-GeoIP-Country
Webcakes-App-Name
TWC-Device-Class
Webcakes-Region
X-Varnish-Cacheable
TWC-Privacy
TWC-Locale-Group
TWC-Connection-Speed
TWC-GeoIP-LatLong
Property-Id
Cache-Hits
User-Agent
X-TNCMS
Webcakes-App-Version
X-Loop
X-Request-Time
X-Origin-Hint
X-Proxy
X-Www-Served-By
Fastcgi-Useragent
X-CCM-LastModified
Healthy
Now
X-Cache-Bucket
X-EIG-Tracking-Id
X-JoinUs
Access-Control-Allow-Method
X-CLOUD-TRACE-CONTEXT
X-Surge-Debug
X-Generated
X-Backend-Name
X-Tumblr-Pixel-3
X-Tb
Payment
X-Guploader-Uploadid
X-Origin-CC
RATING
X-Ezoic-Cdn
Countrycode
Ec-Rule-Version
X-Proxy-Build
X-Time
X-Timing-Wait
X-Hit
Selected-FE
X-Render-Type
X-Correlation-ID
X-Feature
X-DataStream-Cache-Status
X-B3-Spanid
X-Cache-Enabled
X-Unique-ID
WP-Super-Cache
X-Newrelic-Synthetics
X-Dc
Origin-Cache-Control
Origin-Edge-Control
X-Nginx-Cache
X-Oneagent-Js-Injection
X-CACHE-AGE
X-Environment-Context
X-L-Path
X-Real-Ip
X-Nc
NODE
X-UA-Device-Type
RequestId
X-NU-AKA-ACS-Version
X-Skip-Cache
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-NGENIX-Cache
Xserver
X-B3-TraceId
X-Be
Access-Control-Request-Headers
Webserver
X-Content-Type
X-WR-MODIFICATION
X-Vgn-Hpd-Reason
X-ElasticPress-Search
X-Status
X-COUNTRY
X-Upstream-HT
Time
X-EdgeConnect-Cache-Status
X-Servedby
X-Upstream-CT
X-Cache-Backend
Ws
Warning
Host-ID
Apple-News-Services-Request-Url
GMS-Ver
X-Via-Edge
X-Cache-Host
BehaviorPad-Version
Fastcgi-X-Cache-Version
Apple-News-Services-Parsed-Url
Cache-Prefix
Fly-Request-Id
Fly-Cache
X-Wix-Route-ID
Fastly-Soc-X-Request-Id
X-We-Are-Hiring
X-BBXSRF
Xc-Version
X-BB-ID
X-Amz-Meta-Cache-Control
T-Server
X-Cache-Id
X-A-Dcw
X-A-Dgt
Sta2Tusw
Viewtype
X-A-Dam
X-A
Www
X-A-Ccd
VivaBuild
Resin-Trace
Meta-Geo-Continent
AKAMAI
X-ARC
X-B-Cookie
Apple-News-Services-Handled
X-Application
X-Accel-Expires-Debug
Memcached
MD5-Digest
Ajk
X-A-Wwc
Apple-News-Services-Host
X-Trv-Group
X-Logtrace-Id
X-Destination
X-Region-Sid
X-Fastly-Cache
X-Rewrite-Enabled
X-Rojux
X-Server-Time
X-Server-By
X-S-Cookie
X-Developer
X-Public
X-Planisys-CDN-Cache
X-PAYTM-SRV-ID
X-Died
X-DPWN-IS-SECURE
Fastcgi-X-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-ND-Cache
X-No-Session
X-Haproxy-Ip
X-Date
X-Haproxy-Hostname
X-D
X-User
X-CF-Lambda-Fn
X-From
X-Connection-Hash
X-Via-CDN
X-CF-Lambda-Version
X-Twitter-Response-Tags
X-VG-WebServer
X-SVT-ORM-RULES
X-SRCache-Key
X-G
X-SVT-ORM-VERSION
X-Generated-In
X-Transaction
X-Croise-Owner
IBM-Web2-Location
X-GoCache-CacheStatus
X-Forwarded-Host
X-Phone
X-F5-Cache
IsBot
X-Fstrz
Fastly-SWR
X-FireWall-Port
Fastly-SIE
X-Rebelmouse-Cache-Control
X-Up
X-Frame-Option
X-Trace-Id
X-Sn-Servicetimems
X-Core-Value
X-Wikidot-Static-Cache
X-Cache-Time
X-Cache-CFC
X-Wikidot-Backend
X-SIPLIST1
X-ScT
Uber-Trace-Id
Server-Int
Rendered-Blocks
Origin
UCS
V-Age
X-Request-URI
X-Rebelmouse-Surrogate-Control
X-Cdn-Origin
NGX
Odigeo-Trace-Id
Apicache-Store
Apicache-Version
Cneonction
X-Webkit-CSP
X-Varnish-Beresp-Ttl
X-Ckpd-Fst-Backend
X-Content-Age
Request-Time
X-Server-Group
X-Cdn-Srv
X-Served-From
Release
Pramga
X-Backend-State
X-Debug-Log
OT-Force-Account-Verify
MI-Cache-Age
On-Server
X-Debug-Cookies
Pragrma
X-CS
Platform
X-Worker
Thinkindot-CacheControl
X-C
X-Cache-Expires
X-Thinkindot-L3
X-TT-LOGID
X-Bug-Bounty
X-Block-Status
X-Backend-Host
X-Backend-TTL
X-Backend-Url
X-UE-Client-Country
X-ServiceProvider
X-Servername
Thinkindot-Control
Thinkindot-CacheControl-Type
MI-Cache
X-Var-Ttl
Web-Mar-Node
X-Location
Who
X-V
X-VServer
Ohc-Response-Time
X-GeoIP-Country-Code
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-Gen-Mode
X-NX-Host
GW-Server
X-IN-SSL-APIGATEWAY
X-IN-WAF
Cache-Cookie-Set-Lfrom
X-MI-In-Market
X-Hnp-Log
Decoy-Debug-TTL
Decoy-Debug-Status
Esi-Enabled
Content-Disposition
CDCHOST
Fastly-Backend-Name
X-Matched-Rule
X-Reboot
Decoy-Debug-Key
HTTPS
Backend-Name
X-Env
X-IN-APIGATEWAY
Is-Eu
X-Developers
Adler-Geo
X-Edge-IP
X-Epic-Correlation-Id
Httpd-Identifier
X-TIME
X-Shopify-Stage
X-Dispatcher-Server
X-Cache-Debug
X-Response-By
X-ShardId
X-ShopId
X-Returned-From
X-Fetched-On
X-CGP
X-Returned-From-DLL
X-Device-Os
X-Sorting-Hat-PodId
X-Sorting-Hat-FeatureSet
X-Passed-To-PostProcessResponse
X-Returned-From-BeforeDispatch
X-Cache-Srv
X-Server-IP
X-MSEdge-Flight
X-S-Maxage
X-Page-Type
X-MSEdge-Features
X-GeoIP-City
X-Returned-From-PostProcessResponse
X-Passed-To-DLL
X-Passed-To-BeforeDispatch
X-Passed-To
X-Eu-Site
X-Core-Mission
X-StackifyID
X-Rocket-Nginx-Bypass
Proxy-Connection
Powered-By
X-RCS-CacheZone
Request-Country
Ha-Gx-Prefs
HA-Geolon
REQUESTUUID
Request-EU
PFcat
HA-Servedtime
HA-Cloudapp
HA-Geocity
HA-Geocountry
X-Hl-Ver
Heartbleed
X-Auto-Login
X-Sorting-Hat-PodId-Cached
HA-Urlpath
HA-Ipaddr
Server-Host
X-Alternate-Cache-Key
X-Actual-URL
X-Sorting-Hat-ShopId
X-Cache-Ttl
HA-Georegion
X-Sorting-Hat-PrivacyLevel
X-Sorting-Hat-Section
X-Amz-Meta-S3cmd-Attrs
X-Sorting-Hat-ShopId-Cached
X-Stale
X-WebServer
X-Node-Id
Server-ID
X-Via-NSCOPI
X-Ver
HA-Host
X-UnsetCookies
X-Varnish-Id
HA-Geolat
X-Svr
X-Varnish-HitMiss
X-Hash
Drupal-Pagecache-Memcache
X-Thanos
X-Gannett-Site-Version
X-Platform
NnCoection
X-Info
MI-API
X-Origin-Expires
Ar-Sid
X-Secret
X-Origin-Date
X-Amz-Meta-S3b-Last-Modified
X-Cache-URL
X-Cache-Control-Set-By
X-Bip
X-HCF
X-Release
X-Clientip
Kp-EeAlive
X-HS-Hub-Id
X-Refresh
Country-Code
X-Req
X-Crawler
NtCoent-Length
X-P-T
Mime-Version
X-Fastcgi-Cache
X-Origin-TTL
Dnion-Transfer-Encoding
Version
Cache-Provider
X-Pf-Uncompressing
Processtime
X-Amz-Meta-Sha256
Accept-Ch
X-NC
X-Oss-Server-Time
X-Csrf-Token
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Storage-Class
Cteonnt-Length
Pagetype
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Cache-ASPX
X-Kong-Upstream-Latency
X-Yottaa-Sig
X-EC-Security-Audit
X-Pjax-Url
X-From-Cache
Memory
X-Kong-Proxy-Latency
X-DC
X-Varnish-Url
FSS-Proxy
WebServer
X-CSRF-Token
FSS-Cache
X-App-Version
Arc-Country
Brightspot-Id
GeoIp-Country-Code
SN
X-Irp-Debug
Geoip-City
Geoip-Latitude
X-LiteSpeed-Cache-Control
X-Ruxit-Js-Agent
X-Ua
PICS-Label
X-Wix-Petri-Ex
X-Dynatrace
X-LB-CacheStatus
X-Rule
Sid
X-Redis-Cache
PageType
Dont-Set-Cookie
X-LB-Node
X-Cache-Handler
CF-IPCountry
X-ROOTCache
MIME-Version
COMMERCE-SERVER-SOFTWARE
X-Atg-Version
X-Request-UUID
If-Modified-Since
X-Request-Start
Cdn
X-Endurance-Cache-Level
X-Ratelimit-Remaining
X-Fastly-Backend-Reqs
Edgecast
X-Varnish-Beresp-TTL
X-SERVER-NAME
X-Load-Cache
X-Cdn-Forward
X-Varnish-Action
X-TId
X-GRACE
BORDER-IP
PROCESSING-IP
X-Requestid
X-Servedbyhost
X-Layer
X-Sf
X-Ratelimit-Limit
RNT-Time
X-Tid
RNT-Machine
X-GDPR
X-ServedByHost
XServer
X-Cache-TTL
X-RequestId
X-Rocket-Nginx-Serving-Static
Dynatrace
Frame-Options
X-Nananana
X-B3-SpanId
X-Resolver-IP
X-Fastly-Cache-Hits
CDN
Powered
X-BE
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Owner
X-Key
Cache-Tags
Amp-Access-Control-Allow-Source-Origin
Pics-Label
NodeID
Cf-Ipcountry
CACHE
X-HTML-Minification-Powered-By
X-Tec-Api-Origin
X-Tec-Api-Root
Node
X-Tec-Api-Version
Web-Mar-Region
X-Gdpr
We-Hiring
Mail-Subject
X-Server-W
DataCenter
PageSpeed
X-Varnish-Ttl
X-VG-WebCache
X-Dynatrace-Js-Agent
X-Shard
X-Flog
X-ABtesting
GeoIP-Latitude
GeoIP-City
GeoIP-Country-Code
X-Use-Magma
X-Sentry-ID
X-UPSTREAM-Address
X-Powered-By-ANYU
WZWS-RAY
Lfy
X-NWS-UUID-VERIFY
X-GZIP
ProcessTime
Is-Session-Tracking
X-CDN-Pop-IP
Accept-CH
X-CDN-Pop
Max-Age
X-Varnish-URL
Get-Access-Time
X-Ms-Request-Id
X-Ms-Lease-Status
Hostname
X-Ms-Version
X-Ms-Blob-Type
X-Aicache-OS
X-PF-Uncompressing
X-PJAX-URL
X-GEO
X-Mem
X-Dw-Trace-Id
Xet-Cookie
X-Alicdn-Da-Ups-Status
X-NGINX-Cache
X-Trv-Request-Id
X-Remote-IP
X-Cache-FS-Status
X-Edge-Server
X-Oa-Upstreams
X-Check-Cacheable
X-VG-TLSProxy
Cdn-Host
True-Client-Country-4JS
Cdn-Request-Time
URI
X-Cookie
X-Front
X-Powered-By-Defense
Magicmarker
X-Unique-Id
Requestid
X-Varnish-ID
X-ByteArk-Cache
X-Swa-Ws
X-Policy
X-PAGE-TYPE
RequestUuid
X-Proxy-Server
X-Ms-Lease-State
X-VID
X-RPM
X-DB
X-RPS
X-DI
X-DSS
X-RSL
X-DW
X-Acquia-Application-Trace
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Acquia-Application-UUID
X-Micro-Cache
X-Zalando-Child-Request-Id
X-Zalando-Page-Type
X-Hello
CF-Cached-On
WS
X-Fe
X-RAMCache
SID
X-Litespeed-Tag
X-Litespeed-Cache-Control