Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
X-Xss-Protection
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
CF-Ray
Alt-Svc
Status
X-AspNetMvc-Version
X-Cache-Status
X-DNS-Prefetch-Control
X-Check
X-Iinfo
X-FRAME-OPTIONS
X-Adblock-Key
X-CDN
Timing-Allow-Origin
X-Content-Security-Policy
X-Turbo-Charged-By
X-Permitted-Cross-Domain-Policies
P3p
X-Request-ID
Content-Encoding
X-Template
X-Language
Keep-Alive
X-Type
X-AH-Environment
X-Via
X-Cache-Group
X-Backend
WPE-Backend
X-Pass-Why
X-Age
X-Buckets
X-Server
X-Nginx-Cache-Status
Access-Control-Max-Age
X-Server-Powered-By
X-Pingback
Xkey
X-Varnish-Cache
Grace
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Expose-Headers
X-Hacker
X-UA-Device
X-Amz-Request-Id
X-Page-Speed
Cf-Railgun
X-Amz-Id-2
X-Proxy-Cache
X-Robots-Tag
EagleId
X-Envoy-Upstream-Service-Time
X-LiteSpeed-Cache
Request-Context
X-Node
X-Swift-SaveTime
X-Swift-CacheTime
X-Ac
X-Device
X-Cnection
X-Host
Ali-Swift-Global-Savetime
Content-Location
X-Amz-Version-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Server-Id
Surrogate-Control
X-WebKit-CSP
X-Backend-Server
X-Cache-Lookup
X-OneAgent-JS-Injection
X-Rack-Cache
X-Response-Time
X-Px
X-Instart-Request-ID
Request-Id
X-Readtime
Server-Timing
X-CST
X-Rq
X-Clacks-Overhead
X-HeyJason
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
Pinterest-Generated-By
X-Ua-Compatible
EagleEye-TraceId
X-Cloud-Trace-Context
Edge-Control
X-Url
X-Application-Context
X-MS-InvokeApp
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country
Report-To
X-Server-Name
X-DynaTrace-JS-Agent
Charset
SPRequestGuid
X-Country-Code
Allow
X-SharePointHealthScore
X-DataDome
X-Ruxit-JS-Agent
X-ESI
Rating
X-Varnish-TTL
X-PC
X-TtlSet
X-Vname
X-Cached
X-Powered-CMS
X-Powered-By-Plesk
X-TTL
X-Recruiting
X-CF-Powered-By
X-FTR-Request-ID
NEL
X-Vhost
X-D2id
X-DynaTrace
Public-Key-Pins
X-Pinterest-Rid
X-Upstream-Env
Pinterest-Version
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-F-Cache
X-Cdn-Fetch
X-Kinja-Server
X-Version
X-Exp-Id
X-Kinja-Build
X-Geo-Segment
X-Kinja
X-Exp-Variant
X-Kinja-Revision
X-N
SPIisLatency
SPRequestDuration
X-T
X-VARITI-CCR
X-Dw-Request-Base-Id
X-GoogleNews-Bot
Cartoon
X-Mod-Pagespeed
MS-Author-Via
Content-MD5
X-Abt-Application-Version
RTSS
Nginx-Cache
Feature-Policy
X-GitHub-Request-Id
Verso
AR-CACHE
AR-PoweredBy
AR-ATIME
X-Dispatcher
MicrosoftSharePointTeamServices
X-Navigation-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Client-IP
X-Shield-Request-Id
X-Amz-Rid
X-Hits
Realpath
X-Forwarded-Proto
X-Goog-Hash
X-Cdn
X-Ttl
X-Trace
X-Origin-Cache
Paypal-Debug-Id
X-Server-ID
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Content-Options
X-TEC-API-ORIGIN
X-Content-Digest
X-Zen-Fury
X-Id
Arr-Disable-Session-Affinity
X-Grace
X-Kinsta-Cache
AR-SID
TCN
X-B
DynaTrace
Alternate-Protocol
X-Varnish-Age
X-Cache-Key
X-Sol
X-Upstream
Fastcgi-Cache
Mrf-Cache-Status
MRF-Tech
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-Ser
Access-Control-Request-Method
X-Pad
X-FastCGI-Cache
X-Fastly-Request-ID
Display
X-Middleton-Display
PB-RID
PB-PID
X-Mobile-Rewrite
X-NF-Request-ID
X-Nf-Srv-Version
X-Via-JSL
X-Acc-Meta-Resource-Type
X-DIS-Request-ID
X-Vcap-Request-Id
Response
X-Middleton-Response
X-User-Agent
Pagespeed
Front-End-Https
X-Forwarded-For
Rt-Fastcgi-Cache
X-IPLB-Instance
X-MSEdge-Ref
X-SS-Set-Cookie
X-Cache-Rule
X-Frontend
X-PressLabs-Stats
Eomportal-Instance
X-Logged-In
X-Cache-Hit
Arc-Version
Server-Name
X-Whom
X-VCache
X-Hostname
X-XRDS-LOCATION
Host
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
Tracecode
Surrogate-Key
S
Cache-Status
X-FTR-Cache-Status
X-FTR-DC
X-Country-Code-Real
X-FTR-Realm
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Expires
X-FTR-Balancer
X-Newrelic-App-Data
X-Debug
X-Request-Received
Backend-Timing
X-Analytics
X-Request-Processing-Time
X-HS-Content-Id
X-AOL-HN
X-Instance
TP-L2-Cache
Refresh
TP-Cache
X-Contextid
X-AppVersion
X-Proxied
X-Activity-Id
X-Az
X-Magnolia-Registration
Public-Key-Pins-Report-Only
X-Rid
FilterID
X-Wix-Server-Artifact-Id
X-Srv
ServerID
X-UUID
X-XRDS-Location
Server-Info
HitType
HitInfo
X-WPE-Loopback-Upstream-Addr
X-B3-Traceid
X-URL
X-HW
Liferay-Portal
X-Webkit-Csp
Cleartype
AMP-Access-Control-Allow-Source-Origin
Service-Worker-Allowed
X-APP-VERSION
X-Varnish-Server
X-Mobile
X-Content-Security-Policy-Report-Only
X-NWS-LOG-UUID
X-FTR-Cache-Host
X-Varnish-Backend
Served-By
X-Correlation-Id
X-Cache-Control
X-Revision
X-HS-Cache-Config
X-Origin
Edge-Cache-Tag
X-Cache-Server
X-Geo-Country
Source
X-PC-Hit
X-PC-Key
X-App-Environment
X-Amzn-Trace-Id
X-PHP-Backend
X-PC-AppVer
X-BCube-Filmed-By
Retry-After
Server-Node
X-Hail-Hydra
Host-Header
X-Request-Guid
X-Handled-By
X-TT
X-Device-Type
MS-CV
X-Litespeed-Cache
X-Varnish-Hostname
X-RateLimit-Remaining
X-Cache-Operation
X-Tumblr-Pixel-0
X-Tumblr-Pixel
S-Cnection
X-Tumblr-User
DC
Fastly-Restarts
X-Origin-Upstream-Status
X-Signature
X-Cache-Config
X-B-Cache
X-Framework
X-FB-Debug
X-Cache-2
Powered-By-ChinaCache
X-Page-Id
Accept-Charset
X-Origin-Server
X-Sucuri-ID
X-TT-TIMESTAMP
X-Cache-Action
X-Ocache
X-Debug-Info
X-PC-Host
X-PC-Date
Actual-Object-TTL
Viewport
X-ATG-Version
X-ADI-VCache
X-Shield-Cache-Expires
X-Hyper-Cache
X-WA-Info
NGB
X-B3-Sampled
X-Content-Powered-By
X-Accel-Expires
X-Microcachable
X-Cached-By
X-Drupal-Cache-Tags
Upgrade-Insecure-Requests
X-LB-Cache
X-Akam-SW-Version
SRV
Filters
X-Cache-NE
AsisCache
Cache
X-Generated-By
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-FW-Hash
X-Cacheable-TTL
X-FW-Type
X-App-Server
X-Internal-Host
X-Locale
X-FW-Static
X-RequestSource
ServedBy
X-FW-Server
X-FW-Serve
X-RTag
X-S
X-Tumblr-Pixel-2
X-Distil-CS
Content-Script-Type
X-Wix-Request-Id
X-GeoIP
X-Amz-Server-Side-Encryption
X-Tumblr-Pixel-1
Content-Style-Type
X-WebKit-CSP-Report-Only
X-TX-ID
X-Seen-By
X-Accel-Buffering
X-Jobs
X-Cluster
From-Origin
X-Varnish-Hits
X-ServedBy
X-Node-Name
X-Akamai-Edgescape
X-Geo
X-Adobe-Content
X-Adobe-Loc
X-Sucuri-Cache
X-HS-Combine-CSS
X-Varnish-Cache-Hits
X-UA
X-RateLimit-Limit
X-Varnish-Grace
X-Varnish-IP
X-Dns-Prefetch-Control
X-GZip
X-Platform-Server
X-Cache-Age
X-CDN-Forward
X-Vg-Webcache
X-Edge-Cache-Key
X-Edge-Cache
X-Cache-TTL-Remaining
X-Daa-Tunnel
X-NewRelic-App-Data
Datacenter
X-Cache-Remote
X-Storage
HostName
X-Akamai-Transformed
X-GUploader-UploadID
X-Mode
X-Region
Cache-Tag
X-Esi
X-Amz-Replication-Status
X-Drupal-Cache-Contexts
X-Distributor
X-Kinja-Server-Push
X-Real-IP
X-Source
X-MP-GENERATED-AT
X-Is-Bot
X-Rendered-As
X-RN-RSRV
X-RemovedCookies
Meta-Geo
Machine
Load-Balancing
X-TA-CDN-Provider
X-ProcessESI
X-Path-Route
X-Cache-Var
X-Detected-As
X-Cache-Var-Map
ServerName
X-Agile
X-Agile-Id
X-Agile-Age
X-NCache
Fastly-SSL
X-Guploader-Uploadid
X-OCL
X-NodeID
X-PCL
X-PERF
X-Time-Microsecs
X-CDN-Cache
Country
X-Cache-Category-Id
X-Akamai-Request-ID
GEO-INFO
Mn-Server-Ip
X-Amz-Apigw-Id
X-Amzn-RequestId
X-BB-IP
X-ApacheServer
X-TWH-CORRELATION-ID
X-Grey
X-Webstats-RespID
X-Upgrade-Enabled
X-Viewer-Country
X-Debug-Cache
X-Cluster-Node
L5d-Success-Class
X-Edge-Location
X-EIG-Tracking-Id
X-Human
Ohc-File-Size
S-Rt
X-Amz-Meta-Surrogate-Control
Azure-InstanceId
Azure-Version
Backend
Cache-Key
Azure-SlotName
Azure-SiteName
X-Instance-Name
Azure-RegionName
Cache-Name
X-Cache-HT
X-Port
X-Original-Request
X-OVcl-Cache
X-Proto
X-Pubstack
X-Optimization
X-OVcl
X-Web-Node
X-Via-Fastly
X-Site-Version
TWC-Connection-Speed
Webcakes-Region
X-ServerID
X-Access
Property-Id
X-Routing-Service
X-Section
Webcakes-App-Version
Webcakes-App-Name
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-GeoIP-Country
TWC-Locale-Group
TWC-Privacy
User-Cache-Control
X-SplitTest
X-Request-Time
X-ProxyCache-Status
X-ProxyCache-Key
X-Origin-Hint
X-Www-Served-By
X-CCM-LastModified
X-CCM
X-Format
X-Meta-Tbi-Cache-Vertical
X-Labrador-Cache-Channel
X-LJ-Flow-ID
X-Hosted-By
X-Xfnlog-Site
X-Birta-Served
X-FC-Vary-Parameters
X-Proxy
X-IP
X-BYPASS-REASON
X-App-Name
X-Birta-Cache-Post
X-Zipkin-Id
X-AWS-Id
X-VWS-Id
X-Generation-Time
Healthy
LB
DB-Nickname
Fastcgi-Useragent
Cache-Hits
X-TNCMS
Now
X-Varnish-Cacheable
X-Cache-Bucket
X-Loop
X-JoinUs
X-Surge-Debug
Access-Control-Allow-Method
User-Agent
RATING
X-Generated
X-Backend-Name
X-Tumblr-Pixel-3
X-Ezoic-Cdn
X-Real-Ip
X-Tb
Payment
X-Render-Type
X-Hit
X-Origin-CC
X-Feature
X-Proxy-Build
Selected-FE
X-Timing-Wait
Countrycode
Ec-Rule-Version
X-Dc
X-Cache-Enabled
X-Newrelic-Synthetics
X-Time
X-Nc
X-DataStream-Cache-Status
X-Nginx-Cache
X-B3-Spanid
X-Oneagent-Js-Injection
Origin-Edge-Control
X-Unique-ID
Origin-Cache-Control
X-Oracle-Dms-Rid
WP-Super-Cache
X-Oracle-Dms-Ecid
X-Environment-Context
X-L-Path
X-UA-Device-Type
RequestId
NODE
X-Varnish-Beresp-Status
X-NU-AKA-ACS-Version
X-Varnish-Beresp-Grace
X-CACHE-AGE
Xserver
X-Skip-Cache
X-B3-TraceId
X-Correlation-ID
X-WR-MODIFICATION
X-NGENIX-Cache
X-COUNTRY
X-Be
Access-Control-Request-Headers
X-CLOUD-TRACE-CONTEXT
X-Servedby
X-Vgn-Hpd-Reason
X-ElasticPress-Search
Webserver
X-Content-Type
X-Cache-Backend
X-EdgeConnect-Cache-Status
Time
Ws
Warning
X-Status
X-Logtrace-Id
Sta2Tusw
X-Haproxy-Ip
Apple-News-Services-Host
X-Haproxy-Hostname
X-ND-Cache
X-DPWN-IS-SECURE
Apple-News-Services-Parsed-Url
X-D
Apple-News-Services-Request-Url
X-From
X-Connection-Hash
X-CF-Lambda-Version
X-Wix-Route-ID
Apple-News-Services-Handled
T-Server
X-CF-Lambda-Fn
Xc-Version
VivaBuild
X-A-Dam
X-B-Cookie
X-BB-ID
X-G
X-A-Dcw
X-A-Dgt
X-Amz-Meta-Cache-Control
X-Application
X-A-Wwc
X-ARC
Resin-Trace
X-A-Ccd
Www
X-Cache-Id
X-Accel-Expires-Debug
Viewtype
X-Cache-Host
AKAMAI
X-BBXSRF
X-No-Session
Ajk
X-A
X-Generated-In
X-Via-Edge
GMS-Ver
X-Server-Time
Fly-Request-Id
X-Died
Host-ID
X-SRCache-Key
X-Transaction
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Planisys-CDN-TTL
X-Fastly-Cache
X-Server-By
X-Rewrite-Enabled
Fastcgi-X-Cache-Version
X-Region-Sid
Fastcgi-X-Cache
X-Rojux
X-S-Cookie
X-Public
Fly-Cache
Fastly-Soc-X-Request-Id
X-Trv-Group
X-Planisys-CDN-Rules
X-Cache-Ttl
X-Via-CDN
X-Planisys-CDN-Cache
Memcached
X-Developer
X-We-Are-Hiring
BehaviorPad-Version
X-Date
Meta-Geo-Continent
X-Destination
X-User
X-VG-WebServer
X-PAYTM-SRV-ID
X-Twitter-Response-Tags
X-Upstream-HT
Cache-Prefix
X-Upstream-CT
MD5-Digest
X-Webkit-CSP
X-Croise-Owner
Rendered-Blocks
Uber-Trace-Id
Request-Time
Release
IsBot
Fastly-SIE
IBM-Web2-Location
Fastly-SWR
X-CS
X-Trace-Id
X-Sn-Servicetimems
X-Phone
X-NX-Host
X-Up
X-SIPLIST1
X-FireWall-Port
X-F5-Cache
X-Request-URI
X-ScT
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Var-Ttl
X-Debug-Log
X-Cache-Expires
X-Cache-Time
X-Cache-CFC
X-Fstrz
V-Age
X-Cdn-Origin
X-Core-Value
X-Forwarded-Host
X-Debug-Cookies
X-Frame-Option
X-Wikidot-Backend
X-Wikidot-Static-Cache
UCS
Odigeo-Trace-Id
X-GoCache-CacheStatus
X-Varnish-Beresp-Ttl
Cneonction
Apicache-Version
Apicache-Store
X-Dispatcher-Server
X-Edge-IP
X-Ckpd-Fst-Backend
X-Device-Os
X-Developers
X-Content-Age
X-Eu-Site
X-GeoIP-Country-Code
X-Hnp-Log
X-GeoIP-City
X-Gen-Mode
X-Epic-Correlation-Id
X-Env
X-Cdn-Srv
X-Backend-Host
X-Backend-State
X-Amz-Meta-S3cmd-Attrs
X-Actual-URL
Web-Mar-Node
Who
X-Backend-TTL
X-Backend-Url
X-Cache-Debug
X-Location
X-C
X-Bug-Bounty
X-Block-Status
X-CGP
X-MSEdge-Features
X-UE-Client-Country
X-UnsetCookies
X-TT-LOGID
X-TIME
X-ServiceProvider
X-Stale
X-V
X-StackifyID
X-IN-SSL-APIGATEWAY
X-IN-WAF
X-IN-APIGATEWAY
X-Worker
X-VServer
X-WebServer
X-Servername
X-Server-IP
Fastly-Backend-Name
X-Passed-To-PostProcessResponse
X-Passed-To-BeforeDispatch
X-Passed-To
Server-Int
X-MSEdge-Flight
X-Reboot
X-Returned-From
X-Served-From
X-Server-Group
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-MI-In-Market
X-Passed-To-DLL
NGX
GW-Server
Ohc-Response-Time
MI-Cache-Age
HA-Cloudapp
HA-Geocity
MI-Cache
On-Server
Origin
Pragrma
Pramga
Powered-By
Platform
Decoy-Debug-Key
Decoy-Debug-Status
HA-Geocountry
Cache-Cookie-Set-From
Heartbleed
HA-Urlpath
HA-Servedtime
Httpd-Identifier
HTTPS
Is-Eu
CDCHOST
Cache-Cookie-Set-Lfrom
HA-Ipaddr
Cache-Cookie-Set-Idcheck
HA-Geolat
HA-Geolon
HA-Georegion
HA-Host
Ha-Gx-Prefs
Proxy-Connection
Content-Disposition
Backend-Name
Decoy-Debug-TTL
Esi-Enabled
Server-Host
Adler-Geo
OT-Force-Account-Verify
Mime-Version
REQUESTUUID
X-S-Maxage
X-Secret
Drupal-Pagecache-Memcache
X-Shopify-Stage
X-Sorting-Hat-FeatureSet
X-ShopId
X-ShardId
X-Fetched-On
MI-API
X-Rocket-Nginx-Bypass
Thinkindot-Control
X-Hash
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Via-NSCOPI
X-Release
Kp-EeAlive
X-Sorting-Hat-PodId
X-Response-By
X-Gannett-Site-Version
NnCoection
Server-ID
Request-EU
X-Varnish-Id
X-Thinkindot-L3
X-Alternate-Cache-Key
X-Matched-Rule
X-Sorting-Hat-PodId-Cached
X-Cache-Srv
X-RCS-CacheZone
X-Auto-Login
X-Node-Id
PFcat
X-Sorting-Hat-ShopId-Cached
X-Ver
Request-Country
X-Sorting-Hat-Section
X-Core-Mission
X-Sorting-Hat-ShopId
X-Sorting-Hat-PrivacyLevel
Dnion-Transfer-Encoding
X-Amz-Meta-S3b-Last-Modified
X-Varnish-HitMiss
X-Clientip
X-Bip
X-Svr
X-Thanos
X-Origin-Date
X-Fastcgi-Cache
NtCoent-Length
X-Platform
X-Cache-Control-Set-By
X-Info
X-Hl-Ver
X-Page-Type
X-HCF
X-Cache-URL
X-Origin-Expires
X-Crawler
Version
X-Refresh
Processtime
Country-Code
X-P-T
X-Req
Cache-Provider
X-Origin-TTL
X-HS-Hub-Id
Cteonnt-Length
X-Pf-Uncompressing
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Server-Time
X-CSRF-Token
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
Ar-Sid
Accept-Ch
X-Yottaa-Sig
X-Pjax-Url
X-Amz-Meta-Sha256
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Pagetype
X-From-Cache
FSS-Cache
FSS-Proxy
X-EC-Security-Audit
Memory
WebServer
X-Cache-ASPX
Arc-Country
X-Varnish-Url
X-App-Version
X-LiteSpeed-Cache-Control
X-Irp-Debug
Geoip-City
Brightspot-Id
Geoip-Latitude
GeoIp-Country-Code
X-DC
X-Ruxit-Js-Agent
X-Csrf-Token
SN
PageType
X-NC
X-Dynatrace
X-LB-CacheStatus
X-ROOTCache
X-LB-Node
Cdn
X-Ua
Sid
PICS-Label
COMMERCE-SERVER-SOFTWARE
X-Cache-Handler
X-Request-Start
CF-IPCountry
X-Request-UUID
X-Redis-Cache
X-Wix-Petri-Ex
X-Ratelimit-Remaining
X-Rule
Dont-Set-Cookie
Edgecast
X-Fastly-Backend-Reqs
X-Endurance-Cache-Level
If-Modified-Since
X-Load-Cache
X-SERVER-NAME
X-Varnish-Beresp-TTL
BORDER-IP
MIME-Version
X-Atg-Version
X-GRACE
X-Cdn-Forward
PROCESSING-IP
X-Varnish-Action
X-GDPR
X-Layer
X-ServedByHost
X-Tid
X-Ratelimit-Limit
X-RequestId
X-Sf
X-Requestid
X-TId
RNT-Machine
Frame-Options
X-Servedbyhost
RNT-Time
Dynatrace
X-Rocket-Nginx-Serving-Static
X-Nananana
X-Fastly-Cache-Hits
X-B3-SpanId
X-Resolver-IP
XServer
X-BE
X-DataStream-Origin-MEX-Latency
X-Key
X-Owner
Pics-Label
NodeID
Powered
Cf-Ipcountry
X-DataStream-MidMile-RTT
CACHE
CDN
Cache-Tags
X-HTML-Minification-Powered-By
X-Cache-TTL
X-Tec-Api-Version
X-Tec-Api-Root
Node
X-Tec-Api-Origin
X-Server-W
We-Hiring
Mail-Subject
Web-Mar-Region
PageSpeed
DataCenter
X-ABtesting
X-VG-WebCache
X-Shard
X-Varnish-Ttl
X-Flog
X-Dynatrace-Js-Agent
GeoIP-City
GeoIP-Country-Code
GeoIP-Latitude
Amp-Access-Control-Allow-Source-Origin
X-Use-Magma
X-Sentry-ID
X-Ms-Lease-Status
X-Ms-Request-Id
X-Ms-Blob-Type
Lfy
X-Powered-By-ANYU
WZWS-RAY
X-Ms-Version
X-Gdpr
X-NWS-UUID-VERIFY
X-GZIP
ProcessTime
X-CDN-Pop-IP
Accept-CH
Max-Age
Is-Session-Tracking
X-UPSTREAM-Address
Get-Access-Time
X-CDN-Pop
X-PF-Uncompressing
X-GEO
X-Mem
FastCGI-Cache
X-Varnish-URL
Xet-Cookie
X-Dw-Trace-Id
X-Cache-FS-Status
Hostname
URI
X-Remote-IP
X-Powered-By-Defense
X-Trv-Request-Id
X-PJAX-URL
X-Check-Cacheable
X-Oa-Upstreams
X-Cookie
Magicmarker
X-NGINX-Cache
X-Unique-Id
Requestid
X-Aicache-OS
X-Varnish-ID
X-DW
RequestUuid
X-DSS
X-DI
Cdn-Request-Time
Cdn-Host
X-Alicdn-Da-Ups-Status
X-DB
X-Edge-Server
X-Ms-Lease-State
X-VG-TLSProxy
X-VID
X-Front
X-Proxy-Server
True-Client-Country-4JS
X-ByteArk-Cache
X-RPM
X-RSL
X-PAGE-TYPE
X-RPS
X-Swa-Ws
X-Policy
X-Fe
X-Zalando-Page-Type
CF-Cached-On
X-Zalando-Child-Request-Id
SID
X-Litespeed-Tag
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-RAMCache
X-Hello
X-Akamai-ERRuleID
X-Micro-Cache
WS
X-Akamai-ERPolicy
X-Litespeed-Cache-Control