Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
X-Powered-By
Strict-Transport-Security
X-Content-Type-Options
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
X-Xss-Protection
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
CF-Ray
X-Generator
Content-Security-Policy-Report-Only
Alt-Svc
X-AspNetMvc-Version
Status
X-Cache-Status
X-DNS-Prefetch-Control
X-Check
X-Iinfo
X-Adblock-Key
X-FRAME-OPTIONS
Timing-Allow-Origin
X-CDN
X-Content-Security-Policy
X-Turbo-Charged-By
X-Permitted-Cross-Domain-Policies
Content-Encoding
X-Template
X-Language
Keep-Alive
X-Via
X-Type
X-AH-Environment
X-Backend
X-Cache-Group
WPE-Backend
X-Pass-Why
X-Buckets
X-Nginx-Cache-Status
X-Server
X-Age
X-Server-Powered-By
Access-Control-Max-Age
X-Pingback
Xkey
X-Request-ID
X-Varnish-Cache
Grace
Access-Control-Expose-Headers
Upgrade
X-Drupal-Dynamic-Cache
X-Hacker
X-UA-Device
X-Amz-Request-Id
P3p
X-Page-Speed
Cf-Railgun
X-Proxy-Cache
X-Amz-Id-2
EagleId
X-Robots-Tag
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Envoy-Upstream-Service-Time
Request-Context
Ali-Swift-Global-Savetime
X-Node
X-Ac
X-Device
Content-Location
X-Host
X-Cnection
X-Amz-Version-Id
X-Cache-Lookup
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Surrogate-Control
X-Server-Id
X-Backend-Server
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Rack-Cache
X-Instart-Request-ID
X-Px
X-CST
X-Response-Time
Request-Id
X-Readtime
Server-Timing
X-Rq
Permitted-Cross-Domain-Policies
X-Do-Not-Hack
X-HeyJason
X-Clacks-Overhead
X-Cloud-Trace-Context
Pinterest-Generated-By
EagleEye-TraceId
X-Ua-Compatible
Edge-Control
X-Url
X-Application-Context
X-Country
X-MS-InvokeApp
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-DynaTrace-JS-Agent
Allow
Charset
Report-To
X-Server-Name
SPRequestGuid
X-Country-Code
X-SharePointHealthScore
X-DataDome
X-Ruxit-JS-Agent
X-TTL
X-Cached
X-Varnish-TTL
X-ESI
Rating
X-Vname
X-TtlSet
X-PC
X-Powered-CMS
X-Powered-By-Plesk
X-Recruiting
Public-Key-Pins
X-FTR-Request-ID
X-D2id
NEL
X-Vhost
X-Version
Pinterest-Version
X-Upstream-Env
X-Pinterest-Rid
X-Geo-Segment
X-Kinja-Server
X-Kinja-Build
X-Exp-Id
X-Exp-Variant
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja
SPIisLatency
SPRequestDuration
X-N
X-F-Cache
X-CF-Powered-By
X-DynaTrace
MS-Author-Via
X-Dw-Request-Base-Id
X-Cdn
X-VARITI-CCR
X-T
Cartoon
X-Mod-Pagespeed
X-GoogleNews-Bot
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
Content-MD5
AR-PoweredBy
AR-CACHE
AR-ATIME
Nginx-Cache
RTSS
X-Abt-Application-Version
MicrosoftSharePointTeamServices
Feature-Policy
X-GitHub-Request-Id
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Shield-Request-Id
Verso
X-Navigation-Version
X-Amz-Rid
X-Dispatcher
X-Trace
X-Forwarded-Proto
X-Client-IP
X-Hits
Realpath
X-Goog-Hash
X-Origin-Cache
AR-SID
X-Server-ID
Arr-Disable-Session-Affinity
Paypal-Debug-Id
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Zen-Fury
X-Kinsta-Cache
X-Id
X-Content-Options
X-Grace
TCN
X-Content-Digest
X-B
X-Varnish-Age
X-Cache-Key
Alternate-Protocol
X-Ser
X-Ttl
X-Sol
Fastcgi-Cache
DynaTrace
X-Upstream
Access-Control-Request-Method
MRF-Tech
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-Via-JSL
X-Mrf-Section-Lastmod
X-Fastly-Request-ID
X-Pad
X-Middleton-Display
Display
X-FastCGI-Cache
X-Nf-Srv-Version
X-NF-Request-ID
X-Vcap-Request-Id
X-DIS-Request-ID
PB-PID
PB-RID
X-IPLB-Instance
Response
X-Middleton-Response
X-User-Agent
X-Mobile-Rewrite
Front-End-Https
X-SS-Set-Cookie
Pagespeed
Rt-Fastcgi-Cache
X-Frontend
X-Logged-In
X-MSEdge-Ref
X-Cache-Rule
Eomportal-Instance
X-PressLabs-Stats
Server-Name
X-Whom
X-Cache-Hit
X-Newrelic-App-Data
X-Acc-Meta-Resource-Type
X-Forwarded-For
X-Hostname
Host
X-VCache
Tracecode
S
X-NWS-LOG-UUID
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-XRDS-LOCATION
Cache-Status
Arc-Version
X-Debug
Liferay-Portal
X-FTR-Expires
X-Request-Processing-Time
X-Request-Received
X-FTR-DC
X-Country-Code-Real
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Backend-Server
Surrogate-Key
X-FTR-Balancer
X-HS-Content-Id
X-AOL-HN
Backend-Timing
X-Analytics
X-XRDS-Location
X-UUID
TP-Cache
TP-L2-Cache
X-Instance
X-Magnolia-Registration
Refresh
Server-Info
HitType
HitInfo
X-Contextid
FilterID
X-Rid
Public-Key-Pins-Report-Only
X-Wix-Server-Artifact-Id
X-AppVersion
X-Proxied
X-Az
X-Activity-Id
ServerID
X-Webkit-Csp
X-B3-Traceid
X-WPE-Loopback-Upstream-Addr
AMP-Access-Control-Allow-Source-Origin
X-Srv
X-Content-Security-Policy-Report-Only
X-HW
Service-Worker-Allowed
Edge-Cache-Tag
X-HS-Cache-Config
X-Varnish-Server
Cleartype
X-Mobile
X-APP-VERSION
X-Origin
X-Revision
X-Correlation-Id
S-Cnection
X-Varnish-Backend
Served-By
Fastly-Restarts
X-FTR-Cache-Host
X-Amzn-Trace-Id
Source
X-Geo-Country
X-TT
X-PHP-Backend
X-RateLimit-Remaining
X-Framework
X-App-Environment
Retry-After
Powered-By-ChinaCache
X-URL
X-Sucuri-ID
X-Tumblr-Pixel-0
X-Cache-Config
X-Cache-Control
X-Cache-Server
X-Device-Type
X-Tumblr-User
X-Tumblr-Pixel
X-Varnish-Hostname
Server-Node
X-Hail-Hydra
X-PC-AppVer
X-Cache-Operation
X-Cache-Action
Host-Header
X-Request-Guid
X-Signature
X-PC-Hit
X-B-Cache
X-PC-Key
X-BCube-Filmed-By
X-FB-Debug
X-Cache-2
X-Handled-By
MS-CV
X-Page-Id
Accept-Charset
X-Origin-Upstream-Status
DC
X-TT-TIMESTAMP
X-Hyper-Cache
X-Ocache
X-Debug-Info
Actual-Object-TTL
X-Origin-Server
X-ADI-VCache
X-Shield-Cache-Expires
X-WA-Info
Cache
X-PC-Date
X-PC-Host
X-Content-Powered-By
Viewport
X-ATG-Version
X-Accel-Expires
NGB
Upgrade-Insecure-Requests
X-Daa-Tunnel
X-Microcachable
X-Cache-NE
SRV
X-LB-Cache
X-Cached-By
X-HS-Combine-CSS
AsisCache
X-Generated-By
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Drupal-Cache-Tags
Filters
X-Amz-Server-Side-Encryption
X-B3-Sampled
ServedBy
X-Cacheable-TTL
X-S
X-TX-ID
X-WebKit-CSP-Report-Only
X-Accel-Buffering
X-GeoIP
X-RequestSource
X-Wix-Request-Id
X-Akam-SW-Version
X-Jobs
X-Seen-By
X-App-Server
X-Sucuri-Cache
X-Akamai-Edgescape
From-Origin
X-Tumblr-Pixel-1
X-Internal-Host
X-Locale
X-FW-Static
X-FW-Type
X-FW-Hash
X-Geo
X-FW-Server
X-RTag
X-Cluster
X-FW-Serve
X-Tumblr-Pixel-2
X-Distil-CS
Content-Script-Type
Content-Style-Type
X-Adobe-Content
X-Varnish-Hits
X-Adobe-Loc
X-Varnish-IP
X-Feature
X-Varnish-Cache-Hits
X-Dns-Prefetch-Control
X-Cache-Remote
X-ServedBy
Datacenter
X-GZip
X-Varnish-Grace
HostName
X-Edge-Cache-Key
X-Node-Name
X-Storage
X-Platform-Server
X-CDN-Forward
X-Edge-Cache
X-Vg-Webcache
X-Cache-TTL-Remaining
X-Esi
X-Akamai-Transformed
X-Cache-Age
X-UA
X-Region
X-Mode
X-RateLimit-Limit
Cache-Tag
X-GUploader-UploadID
X-Cache-Bucket
X-NewRelic-App-Data
Country
X-Amz-Replication-Status
X-Real-IP
X-Distributor
X-Kinja-Server-Push
X-Webkit-CSP
Load-Balancing
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Guploader-Uploadid
RATING
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Drupal-Cache-Contexts
ServerName
Fastly-SSL
X-Source
X-Agile-Id
X-Agile-Age
X-Agile
Ohc-File-Size
X-ProxyCache-Status
X-RN-RSRV
X-Time-Microsecs
X-Viewer-Country
X-Grey
X-Rendered-As
X-ProcessESI
X-RemovedCookies
X-Web-Node
X-Akamai-Request-ID
X-BB-IP
X-ApacheServer
X-Cache-Category-Id
X-Cache-Var
X-Detected-As
X-Cache-Var-Map
X-BYPASS-REASON
X-PERF
Machine
X-Proto
Mn-Server-Ip
GEO-INFO
X-ProxyCache-Key
Cache-Key
X-EIG-Tracking-Id
X-Is-Bot
X-MP-GENERATED-AT
X-Path-Route
Meta-Geo
X-CCM
X-Cache-HT
L5d-Success-Class
X-Request-Time
X-NCache
X-Optimization
Cache-Name
X-Debug-Cache
X-JoinUs
X-Upgrade-Enabled
X-Labrador-Cache-Channel
Healthy
X-TWH-CORRELATION-ID
X-OCL
Cache-Hits
X-ServerID
X-PCL
Now
X-NodeID
X-Port
X-Webstats-RespID
X-Xfnlog-Site
X-CDN-Cache
X-Newrelic-Synthetics
X-Pubstack
X-Original-Request
X-OVcl
X-OVcl-Cache
X-Cluster-Node
X-TA-CDN-Provider
X-Amz-Meta-Surrogate-Control
Azure-RegionName
S-Rt
X-Instance-Name
X-Human
X-Render-Type
Backend
X-Edge-Location
Azure-SiteName
Azure-SlotName
Azure-InstanceId
Azure-Version
X-Via-Fastly
X-Generation-Time
X-Hosted-By
X-Format
X-CCM-LastModified
Property-Id
LB
X-Routing-Service
X-Meta-Tbi-Cache-Vertical
X-LJ-Flow-ID
X-Access
X-IP
X-Www-Served-By
X-FC-Vary-Parameters
X-Zipkin-Id
User-Cache-Control
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
TWC-Privacy
TWC-Locale-Group
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-LatLong
DB-Nickname
X-VWS-Id
Access-Control-Allow-Method
X-App-Name
X-Varnish-Cacheable
X-AWS-Id
X-Backend-Name
X-SplitTest
X-Surge-Debug
X-Origin-Hint
X-Proxy
X-Site-Version
X-Section
X-Birta-Cache-Post
X-Birta-Served
WP-Super-Cache
Fastcgi-Useragent
X-TNCMS
X-Loop
X-Generated
X-Hit
X-Ezoic-Cdn
X-Timing-Wait
X-Nginx-Cache
X-Cache-Enabled
Selected-FE
X-Proxy-Build
Countrycode
User-Agent
X-Tumblr-Pixel-3
X-Real-Ip
X-Origin-CC
X-Time
Origin-Cache-Control
Origin-Edge-Control
X-Oneagent-Js-Injection
X-Tb
Payment
X-L-Path
X-CACHE-AGE
X-Environment-Context
Ec-Rule-Version
X-B3-Spanid
X-Nc
X-Dc
X-DataStream-Cache-Status
X-Unique-ID
Xserver
X-UA-Device-Type
RequestId
X-Skip-Cache
X-NU-AKA-ACS-Version
X-Litespeed-Cache
X-NGENIX-Cache
X-Correlation-ID
X-B3-TraceId
Access-Control-Request-Headers
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Servedby
NODE
X-Upstream-HT
Time
Webserver
X-Upstream-CT
X-WR-MODIFICATION
X-Vgn-Hpd-Reason
X-Be
X-Croise-Owner
Warning
X-ElasticPress-Search
X-Logtrace-Id
X-Generated-In
X-G
Fly-Request-Id
X-S-Cookie
X-Varnish-Beresp-Ttl
X-EdgeConnect-Cache-Status
X-Cache-Backend
X-SRCache-Key
Ajk
Cache-Prefix
Resin-Trace
Fly-Cache
X-From
X-Cache-Host
X-ARC
X-Application
X-Cache-Id
X-Died
X-Developer
X-Destination
X-D
X-DPWN-IS-SECURE
X-B-Cookie
X-A-Wwc
X-A
T-Server
X-A-Dam
X-A-Ccd
X-A-Dgt
X-A-Dcw
Ws
IBM-Web2-Location
Memcached
Xc-Version
Fastcgi-X-Cache-Version
Host-ID
X-Cache-Ttl
Meta-Geo-Continent
MD5-Digest
Fastly-Soc-X-Request-Id
X-NX-Host
V-Age
Request-Time
X-Fstrz
X-Cache-Expires
X-Cache-Time
X-Debug-Log
X-Debug-Cookies
X-CS
X-Request-URI
X-Content-Type
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
BehaviorPad-Version
Apple-News-Services-Host
Apple-News-Services-Handled
X-Var-Ttl
AKAMAI
Fastcgi-X-Cache
X-Wix-Route-ID
Www
X-Region-Sid
X-Amz-Meta-Cache-Control
X-Public
X-Planisys-CDN-TTL
X-Rewrite-Enabled
X-Rojux
X-SVT-ORM-RULES
Sta2Tusw
Viewtype
X-Server-Time
VivaBuild
X-BB-ID
X-Planisys-CDN-Rules
X-Haproxy-Hostname
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Connection-Hash
X-Fastly-Cache
X-Haproxy-Ip
X-ND-Cache
X-Planisys-CDN-Cache
X-PAYTM-SRV-ID
X-No-Session
X-BBXSRF
X-SVT-ORM-VERSION
X-Server-By
X-Via-Edge
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
X-We-Are-Hiring
X-Via-CDN
X-VG-WebServer
X-User
UCS
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Dynatrace
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Storage-Class
X-Status
X-StackifyID
X-Cache-CFC
Origin
NGX
Odigeo-Trace-Id
X-Device-Os
GMS-Ver
X-FireWall-Port
X-Core-Value
X-F5-Cache
X-Wikidot-Static-Cache
X-Forwarded-Host
X-Frame-Option
X-Cdn-Origin
X-Phone
X-Gannett-Site-Version
X-Dispatcher-Server
X-Rebelmouse-Cache-Control
X-SIPLIST1
X-Wikidot-Backend
X-Secret
X-Trace-Id
X-UE-Client-Country
X-Sn-Servicetimems
Server-Int
Rendered-Blocks
Uber-Trace-Id
X-ScT
Fastly-SIE
X-Rebelmouse-Surrogate-Control
Drupal-Pagecache-Memcache
X-Up
IsBot
Fastly-SWR
X-Hl-Ver
X-IN-WAF
X-IN-SSL-APIGATEWAY
X-IN-APIGATEWAY
Release
X-WebServer
Proxy-Connection
Cneonction
X-Fastcgi-Cache
X-Yottaa-Sig
X-C
X-Returned-From-PostProcessResponse
Platform
X-Rocket-Nginx-Bypass
Ohc-Response-Time
On-Server
Version
MI-Cache-Age
Pramga
X-Returned-From
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Server-Host
X-Returned-From-BeforeDispatch
Pragrma
MI-Cache
X-Returned-From-DLL
Powered-By
X-CSRF-Token
Ha-Gx-Prefs
HA-Host
HA-Ipaddr
HA-Georegion
HA-Geolon
HA-Geocity
HA-Geocountry
HA-Geolat
HA-Servedtime
HA-Urlpath
Is-Eu
X-Server-Group
Thinkindot-Control
HTTPS
Httpd-Identifier
Heartbleed
X-Server-IP
MI-API
Web-Mar-Node
X-Matched-Rule
X-Developers
X-Edge-IP
X-MI-In-Market
X-MSEdge-Features
X-MSEdge-Flight
X-Ckpd-Fst-Backend
X-Content-Age
X-Env
X-Epic-Correlation-Id
X-GeoIP-Country-Code
X-GoCache-CacheStatus
X-Hnp-Log
X-GeoIP-City
X-Gen-Mode
X-Eu-Site
X-Location
X-CGP
X-Cdn-Srv
X-Amz-Meta-S3cmd-Attrs
X-Backend-Host
X-Backend-State
X-Actual-URL
Who
Dnion-Transfer-Encoding
HA-Cloudapp
X-Backend-TTL
X-Backend-Url
X-Passed-To-DLL
X-Passed-To-BeforeDispatch
X-Passed-To
X-Cache-Debug
X-Passed-To-PostProcessResponse
X-TIME
X-Block-Status
X-Reboot
X-Served-From
GW-Server
X-Sorting-Hat-PrivacyLevel
X-Sorting-Hat-PodId
X-Sorting-Hat-FeatureSet
X-ShopId
X-Shopify-Stage
X-Sorting-Hat-Section
X-Sorting-Hat-ShopId
Adler-Geo
X-V
X-Via-NSCOPI
X-VServer
X-Sorting-Hat-ShopId-Cached
X-ShardId
X-S-Maxage
Request-EU
Request-Country
Server-ID
X-Date
X-Auto-Login
X-Alternate-Cache-Key
X-Hash
X-Accel-Expires-Debug
X-RCS-CacheZone
X-Release
X-Page-Type
X-Worker
Kp-EeAlive
X-UnsetCookies
X-Sorting-Hat-PodId-Cached
X-Stale
Esi-Enabled
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-Thinkindot-L3
Fastly-Backend-Name
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
Content-Disposition
X-TT-LOGID
CDCHOST
X-Servername
X-ServiceProvider
Backend-Name
NnCoection
X-Svr
X-Bug-Bounty
Mime-Version
X-HCF
X-Cache-Control-Set-By
PFcat
X-Origin-Date
Country-Code
X-Core-Mission
X-Origin-Expires
X-Info
X-Cache-Srv
OT-Force-Account-Verify
X-Node-Id
X-Varnish-Id
X-Varnish-HitMiss
X-Response-By
REQUESTUUID
X-Crawler
X-Ver
X-Platform
X-Fetched-On
NtCoent-Length
Apicache-Version
Apicache-Store
X-Clientip
X-Kong-Upstream-Latency
Cteonnt-Length
X-Thanos
X-Req
X-Refresh
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Kong-Proxy-Latency
X-Cache-URL
X-Bip
X-Amz-Meta-S3b-Last-Modified
Cache-Provider
FSS-Proxy
FSS-Cache
X-Origin-TTL
X-Ua
Brightspot-Id
X-P-T
Arc-Country
X-LiteSpeed-Cache-Control
X-DC
Ar-Sid
WebServer
X-Irp-Debug
X-Pf-Uncompressing
Pagetype
X-Varnish-Url
X-CLOUD-TRACE-CONTEXT
X-App-Version
Accept-Ch
Processtime
X-LB-Node
X-LB-CacheStatus
COMMERCE-SERVER-SOFTWARE
X-EC-Security-Audit
X-Pjax-Url
Memory
X-ROOTCache
X-From-Cache
Sid
X-Ratelimit-Limit
X-Atg-Version
X-Ruxit-Js-Agent
X-Amz-Meta-Sha256
X-Request-Start
PageType
X-Request-UUID
X-NC
X-Cache-ASPX
If-Modified-Since
X-Endurance-Cache-Level
X-Ratelimit-Remaining
Dynatrace
X-Load-Cache
Geoip-City
X-Varnish-Action
Cdn
GeoIp-Country-Code
PICS-Label
Geoip-Latitude
X-Csrf-Token
X-Layer
X-Fastly-Backend-Reqs
CF-IPCountry
SN
X-SERVER-NAME
X-Redis-Cache
PROCESSING-IP
BORDER-IP
Edgecast
X-GRACE
X-Cdn-Forward
MIME-Version
X-COUNTRY
X-Rocket-Nginx-Serving-Static
X-Cache-Handler
Frame-Options
X-Tid
X-GDPR
X-ServedByHost
X-Requestid
X-TId
X-Nananana
X-Varnish-Beresp-TTL
X-HS-Hub-Id
X-Fastly-Cache-Hits
X-Servedbyhost
NodeID
X-RequestId
Dont-Set-Cookie
X-B3-SpanId
X-Resolver-IP
X-Owner
X-Key
X-Wix-Petri-Ex
X-NWS-UUID-VERIFY
X-Sf
X-Cf-Powered-By
X-Rule
X-BE
X-Cache-TTL
RNT-Time
Web-Mar-Region
RNT-Machine
X-Server-W
Pics-Label
Cf-Ipcountry
ProcessTime
CACHE
CDN
WZWS-RAY
X-HTML-Minification-Powered-By
X-Flog
X-Sentry-ID
GeoIP-Latitude
GeoIP-City
GeoIP-Country-Code
X-ABtesting
X-Tec-Api-Version
Node
X-Tec-Api-Origin
X-Tec-Api-Root
Get-Access-Time
X-DataStream-Origin-MEX-Latency
We-Hiring
Mail-Subject
Is-Session-Tracking
X-DataStream-MidMile-RTT
X-FORWARDED-FOR
X-VG-WebCache
X-Powered-By-ANYU
Lfy
PageSpeed
XServer
Max-Age
Powered
X-Varnish-Ttl
X-Dynatrace-Js-Agent
X-CDN-Pop-IP
X-Shard
X-CDN-Pop
X-Use-Magma
X-ByteArk-Cache
Cache-Tags
X-Mem
X-SRV
X-GZIP
DataCenter
Accept-CH
Magicmarker
X-Cache-FS-Status
URI
X-PF-Uncompressing
X-Powered-By-Defense
X-UPSTREAM-Address
X-Varnish-URL
X-GEO
X-PJAX-URL
X-Check-Cacheable
X-Gdpr
X-Front
X-Unique-Id
Xet-Cookie
X-Dw-Trace-Id
X-Zalando-Page-Type
X-Zalando-Child-Request-Id
X-Oa-Upstreams
Amp-Access-Control-Allow-Source-Origin
X-NGINX-Cache
X-Cookie
X-Micro-Cache
X-Ms-Blob-Type
X-Remote-IP
X-Trv-Request-Id
X-Ms-Lease-Status
X-Ms-Version
X-Ms-Request-Id
V-Cache
Group
X-Proxy-Server
Rt-Proxy-Cache
X-PARISIEN-Cache-Rendered
RequestUuid
N-Cache
X-Safe-Firewall
X-SB
X-VarnCache
X-Varnish-ID
X-VarnPar2
X-VC
X-HGenerator
X-Aicache-OS
X-PAGE-TYPE
X-Fe
X-VarnPar1
Requestid
Hostname
X-RAMCache
X-M-Log
WS
CountryCode
X-M-Reqid
X-Hello
X-Akamai-ERPolicy
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-ProxyCache-Args
X-Akamai-ERRuleID
CF-Cached-On
X-Alicdn-Da-Ups-Status
X-Qnm-Cache
WWW-Authenticate
X-Litespeed-Tag
SID