Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Xss-Protection
X-Served-By
X-Varnish
X-Amz-Cf-Id
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
Alt-Svc
Status
X-AspNetMvc-Version
X-Cache-Status
X-DNS-Prefetch-Control
X-Check
X-Iinfo
X-FRAME-OPTIONS
X-Adblock-Key
X-CDN
Timing-Allow-Origin
X-Content-Security-Policy
X-Permitted-Cross-Domain-Policies
X-Turbo-Charged-By
P3p
Content-Encoding
X-Template
X-Language
Keep-Alive
X-Type
X-AH-Environment
CF-Ray
X-Via
X-Request-ID
X-Cache-Group
X-Backend
WPE-Backend
X-Pass-Why
X-Age
X-Buckets
X-Server
X-Nginx-Cache-Status
Access-Control-Max-Age
X-Server-Powered-By
X-Pingback
Xkey
X-Varnish-Cache
Grace
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Expose-Headers
X-Hacker
X-UA-Device
X-Amz-Request-Id
Cf-Railgun
X-Page-Speed
X-Amz-Id-2
X-Proxy-Cache
X-Robots-Tag
X-Envoy-Upstream-Service-Time
EagleId
X-LiteSpeed-Cache
Request-Context
X-Node
X-Ac
X-Device
X-Swift-SaveTime
X-Swift-CacheTime
X-Cnection
X-Host
Ali-Swift-Global-Savetime
Content-Location
X-Amz-Version-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Server-Id
Surrogate-Control
X-Backend-Server
X-OneAgent-JS-Injection
X-Cache-Lookup
X-Rack-Cache
X-Response-Time
X-Px
X-Instart-Request-ID
Request-Id
X-Readtime
Server-Timing
X-Rq
X-CST
X-Clacks-Overhead
X-HeyJason
Permitted-Cross-Domain-Policies
X-Do-Not-Hack
Pinterest-Generated-By
X-Ua-Compatible
X-Url
EagleEye-TraceId
Edge-Control
X-Cloud-Trace-Context
X-Application-Context
X-Country
X-MS-InvokeApp
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Report-To
X-Server-Name
Charset
X-DynaTrace-JS-Agent
SPRequestGuid
X-Country-Code
Allow
X-ESI
X-SharePointHealthScore
X-DataDome
X-Ruxit-JS-Agent
Rating
X-Varnish-TTL
X-PC
X-Vname
X-TtlSet
X-Cached
X-Powered-CMS
X-Powered-By-Plesk
X-Recruiting
X-CF-Powered-By
X-DynaTrace
X-FTR-Request-ID
NEL
X-Vhost
X-D2id
X-TTL
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
Public-Key-Pins
X-Upstream-Env
X-Pinterest-Rid
Pinterest-Version
X-Kinja
X-Exp-Id
X-Exp-Variant
X-Geo-Segment
X-Kinja-Revision
X-Kinja-Build
X-Kinja-Server
X-Cdn-Fetch
X-F-Cache
X-Version
X-VARITI-CCR
X-N
X-T
X-GoogleNews-Bot
Cartoon
SPIisLatency
SPRequestDuration
X-Dw-Request-Base-Id
X-Mod-Pagespeed
MS-Author-Via
X-Abt-Application-Version
RTSS
Content-MD5
Nginx-Cache
Feature-Policy
Verso
X-Ttl
X-GitHub-Request-Id
X-Dispatcher
X-Navigation-Version
MicrosoftSharePointTeamServices
AR-CACHE
AR-ATIME
X-SRCache-Fetch-Status
X-Goog-Hash
AR-PoweredBy
X-SRCache-Store-Status
X-Client-IP
X-Amz-Rid
Realpath
X-Hits
X-Forwarded-Proto
X-Shield-Request-Id
X-Cdn
X-Origin-Cache
X-Trace
Paypal-Debug-Id
X-Server-ID
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Content-Options
X-Zen-Fury
X-Content-Digest
X-Grace
X-Id
X-Kinsta-Cache
TCN
DynaTrace
X-B
Arr-Disable-Session-Affinity
AR-SID
Alternate-Protocol
X-Varnish-Age
X-Cache-Key
X-Sol
Fastcgi-Cache
X-Upstream
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
MRF-Tech
Access-Control-Request-Method
X-Ser
X-Middleton-Display
X-Pad
Display
X-Fastly-Request-ID
X-Acc-Meta-Resource-Type
PB-RID
PB-PID
X-Mobile-Rewrite
X-NF-Request-ID
X-Nf-Srv-Version
X-FastCGI-Cache
X-Via-JSL
X-DIS-Request-ID
X-Middleton-Response
X-User-Agent
Response
X-Vcap-Request-Id
Pagespeed
X-Forwarded-For
Rt-Fastcgi-Cache
X-MSEdge-Ref
Front-End-Https
X-Cache-Rule
Eomportal-Instance
X-PressLabs-Stats
X-Frontend
X-SS-Set-Cookie
X-IPLB-Instance
Arc-Version
X-Logged-In
X-Cache-Hit
Server-Name
X-Whom
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-VCache
X-Goog-Generation
X-XRDS-LOCATION
X-Hostname
Host
Tracecode
Surrogate-Key
S
X-Country-Code-Real
X-FTR-Backend
X-FTR-Balancer
X-FTR-Expires
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Realm
X-FTR-Cache-Status
X-Request-Received
X-Request-Processing-Time
Cache-Status
X-Analytics
Backend-Timing
X-Debug
X-HS-Content-Id
X-AOL-HN
TP-L2-Cache
TP-Cache
Refresh
X-Instance
X-Magnolia-Registration
X-Contextid
X-Rid
X-Activity-Id
X-AppVersion
X-Proxied
X-Az
Public-Key-Pins-Report-Only
ServerID
X-Newrelic-App-Data
FilterID
X-Wix-Server-Artifact-Id
X-Srv
X-XRDS-Location
X-B3-Traceid
HitInfo
X-UUID
X-HW
Server-Info
HitType
X-WPE-Loopback-Upstream-Addr
Cleartype
Liferay-Portal
X-APP-VERSION
Service-Worker-Allowed
X-FTR-Cache-Host
X-Mobile
X-Varnish-Server
X-Content-Security-Policy-Report-Only
AMP-Access-Control-Allow-Source-Origin
X-Varnish-Backend
X-Correlation-Id
Served-By
X-Cache-Control
X-Revision
X-Cache-Server
X-Amzn-Trace-Id
X-Geo-Country
Source
X-Request-Guid
X-TT
X-PC-AppVer
X-PHP-Backend
X-PC-Key
X-PC-Hit
X-BCube-Filmed-By
X-Litespeed-Cache
Retry-After
Host-Header
X-App-Environment
Server-Node
X-Hail-Hydra
X-Tumblr-User
X-Tumblr-Pixel
X-Origin-Upstream-Status
MS-CV
X-Tumblr-Pixel-0
Accept-Charset
X-Device-Type
X-Handled-By
X-NWS-LOG-UUID
X-Varnish-Hostname
DC
X-Cache-Config
X-Framework
X-Cache-Operation
X-RateLimit-Remaining
X-Origin
X-URL
X-HS-Cache-Config
X-Signature
X-Page-Id
Edge-Cache-Tag
X-B-Cache
X-Cache-2
S-Cnection
Powered-By-ChinaCache
X-FB-Debug
Fastly-Restarts
X-Origin-Server
X-Cache-Action
X-TT-TIMESTAMP
X-Sucuri-ID
X-Ocache
X-ATG-Version
X-Debug-Info
Viewport
X-PC-Date
X-PC-Host
Actual-Object-TTL
X-Webkit-Csp
X-B3-Sampled
X-Hyper-Cache
X-ADI-VCache
X-WA-Info
X-Shield-Cache-Expires
X-Cached-By
NGB
X-Content-Powered-By
X-Microcachable
X-Accel-Expires
X-LB-Cache
X-Akam-SW-Version
X-Drupal-Cache-Tags
Upgrade-Insecure-Requests
SRV
Filters
X-Cache-NE
AsisCache
X-Generated-By
X-Yottaa-Metrics
ServedBy
X-Yottaa-Optimizations
X-App-Server
X-FW-Server
X-FW-Type
X-FW-Serve
X-FW-Hash
X-Internal-Host
X-Cacheable-TTL
X-RequestSource
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-WebKit-CSP-Report-Only
X-Distil-CS
X-S
Cache
X-RTag
X-Locale
X-FW-Static
X-GeoIP
X-Seen-By
Content-Style-Type
X-Wix-Request-Id
Content-Script-Type
X-Jobs
X-Amz-Server-Side-Encryption
X-Cluster
X-Accel-Buffering
X-TX-ID
X-Varnish-Hits
X-NewRelic-App-Data
X-Node-Name
From-Origin
X-Cache-Age
X-ServedBy
X-Adobe-Content
X-Adobe-Loc
X-Geo
X-UA
X-Varnish-Grace
X-Varnish-IP
X-Sucuri-Cache
X-Varnish-Cache-Hits
X-Akamai-Edgescape
X-RateLimit-Limit
X-Dns-Prefetch-Control
X-GZip
Datacenter
X-Platform-Server
X-HS-Combine-CSS
X-CDN-Forward
X-Vg-Webcache
X-Cache-TTL-Remaining
X-Edge-Cache
X-Edge-Cache-Key
X-Storage
X-GUploader-UploadID
X-Cache-Remote
Cache-Tag
X-Akamai-Transformed
X-Mode
X-Region
X-Drupal-Cache-Contexts
HostName
X-Daa-Tunnel
X-Amz-Replication-Status
X-Source
X-Real-IP
X-Distributor
X-Guploader-Uploadid
X-Kinja-Server-Push
Load-Balancing
Machine
Meta-Geo
X-RemovedCookies
X-Cache-Var
X-Cache-Var-Map
X-Detected-As
X-Path-Route
X-Rendered-As
X-RN-RSRV
X-Is-Bot
X-ProcessESI
X-MP-GENERATED-AT
X-Agile
ServerName
X-NCache
X-Amz-Apigw-Id
Fastly-SSL
X-Amzn-RequestId
X-Agile-Age
X-Agile-Id
Cache-Key
X-Upgrade-Enabled
X-PERF
GEO-INFO
X-BB-IP
X-CDN-Cache
X-Web-Node
X-Grey
X-Cache-Category-Id
X-Webstats-RespID
X-PCL
X-OCL
X-Viewer-Country
X-ApacheServer
Mn-Server-Ip
X-Time-Microsecs
X-Akamai-Request-ID
X-TWH-CORRELATION-ID
X-NodeID
X-Debug-Cache
Azure-SlotName
X-Cluster-Node
Azure-SiteName
Azure-Version
Azure-InstanceId
X-Amz-Meta-Surrogate-Control
X-Edge-Location
Cache-Name
X-Instance-Name
Azure-RegionName
X-Cache-HT
X-ProxyCache-Key
X-Pubstack
X-Optimization
X-ServerID
S-Rt
X-Proto
L5d-Success-Class
X-OVcl-Cache
X-Via-Fastly
X-Original-Request
Country
X-OVcl
Ohc-File-Size
Backend
X-Proxy
X-ProxyCache-Status
X-EIG-Tracking-Id
X-FC-Vary-Parameters
X-Human
X-BYPASS-REASON
Webcakes-App-Name
TWC-Locale-Group
TWC-GeoIP-Country
TWC-Privacy
Webcakes-App-Version
X-Access
TWC-Device-Class
TWC-GeoIP-LatLong
User-Cache-Control
TWC-Connection-Speed
Webcakes-Region
X-Generation-Time
X-Zipkin-Id
X-Origin-Hint
X-VWS-Id
Now
X-SplitTest
X-Xfnlog-Site
X-Meta-Tbi-Cache-Vertical
X-Www-Served-By
X-Port
X-Labrador-Cache-Channel
X-LJ-Flow-ID
X-Hosted-By
X-Varnish-Cacheable
X-CCM
X-Birta-Served
X-Birta-Cache-Post
X-AWS-Id
X-CCM-LastModified
X-Format
X-Site-Version
X-Section
X-Routing-Service
X-IP
X-App-Name
Healthy
X-CLOUD-TRACE-CONTEXT
DB-Nickname
LB
Property-Id
Fastcgi-Useragent
Cache-Hits
X-Backend-Name
User-Agent
X-TNCMS
X-Loop
X-JoinUs
X-Request-Time
Access-Control-Allow-Method
Selected-FE
X-Time
X-Generated
X-Surge-Debug
Countrycode
RATING
X-Proxy-Build
X-Timing-Wait
X-Esi
X-Tb
X-Dc
X-Tumblr-Pixel-3
Payment
X-Cache-Bucket
X-Real-Ip
X-Ezoic-Cdn
Ec-Rule-Version
X-Hit
X-Origin-CC
X-TA-CDN-Provider
X-Render-Type
X-Cache-Enabled
X-Nc
X-Oracle-Dms-Rid
X-DataStream-Cache-Status
X-Oracle-Dms-Ecid
X-Oneagent-Js-Injection
WP-Super-Cache
X-Unique-ID
X-B3-Spanid
X-Newrelic-Synthetics
X-Feature
X-Nginx-Cache
Origin-Edge-Control
Origin-Cache-Control
X-Environment-Context
X-L-Path
X-UA-Device-Type
RequestId
Xserver
X-Varnish-Beresp-Grace
NODE
X-Varnish-Beresp-Status
X-NU-AKA-ACS-Version
X-B3-TraceId
X-Skip-Cache
X-NGENIX-Cache
X-Be
X-Correlation-ID
X-Servedby
X-WR-MODIFICATION
Access-Control-Request-Headers
X-Content-Type
X-CACHE-AGE
X-Status
X-Vgn-Hpd-Reason
X-ElasticPress-Search
X-EdgeConnect-Cache-Status
X-Fastcgi-Cache
X-Cache-Backend
Time
Webserver
Warning
Ws
X-Upstream-HT
X-Upstream-CT
X-Fastly-Cache
BehaviorPad-Version
X-Died
Cache-Prefix
X-DPWN-IS-SECURE
X-Developer
X-G
Apicache-Version
X-Haproxy-Ip
X-Haproxy-Hostname
X-User
X-Logtrace-Id
X-No-Session
X-ND-Cache
X-Generated-In
X-Destination
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
AKAMAI
X-From
Ajk
Apple-News-Services-Request-Url
Fly-Request-Id
X-A-Wwc
X-A-Dgt
X-A-Dcw
X-Accel-Expires-Debug
X-Amz-Meta-Cache-Control
X-ARC
X-Application
X-A-Dam
X-A-Ccd
Viewtype
Sta2Tusw
T-Server
VivaBuild
Resin-Trace
X-A
Www
Meta-Geo-Continent
X-B-Cookie
X-D
GMS-Ver
X-Connection-Hash
X-Date
Fly-Cache
Fastcgi-X-Cache-Version
Fastly-Soc-X-Request-Id
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-BB-ID
MD5-Digest
Memcached
X-BBXSRF
Host-ID
X-Cache-Id
X-Cache-Host
Fastcgi-X-Cache
Apicache-Store
X-Via-CDN
X-Planisys-CDN-Rules
X-VG-WebServer
X-Planisys-CDN-Cache
X-SVT-ORM-RULES
X-Region-Sid
X-Transaction
X-Planisys-CDN-TTL
X-SVT-ORM-VERSION
X-Server-By
X-Rewrite-Enabled
X-Trv-Group
X-Wix-Route-ID
X-SRCache-Key
Xc-Version
X-We-Are-Hiring
X-Server-Time
X-Public
X-Rojux
X-PAYTM-SRV-ID
X-Via-Edge
X-Twitter-Response-Tags
X-S-Cookie
IBM-Web2-Location
X-Webkit-CSP
X-GoCache-CacheStatus
X-Cache-Ttl
X-Wikidot-Static-Cache
X-Cache-Time
Fastly-SIE
X-Debug-Log
X-Cdn-Origin
Fastly-SWR
X-CS
X-Wikidot-Backend
X-ScT
X-Core-Value
NGX
Server-Int
Request-Time
Rendered-Blocks
V-Age
X-Up
Uber-Trace-Id
UCS
Release
X-Var-Ttl
X-SIPLIST1
IsBot
X-Cache-CFC
X-Sn-Servicetimems
Odigeo-Trace-Id
X-Trace-Id
Origin
X-Cache-Expires
X-Debug-Cookies
X-IN-SSL-APIGATEWAY
X-FireWall-Port
X-IN-WAF
X-Forwarded-Host
X-IN-APIGATEWAY
X-Rebelmouse-Surrogate-Control
X-Frame-Option
X-Fstrz
X-Rebelmouse-Cache-Control
X-Phone
X-F5-Cache
X-NX-Host
X-Request-URI
X-C
X-GeoIP-City
X-V
X-GeoIP-Country-Code
X-Gen-Mode
X-Via-NSCOPI
X-Amz-Meta-S3cmd-Attrs
X-Rocket-Nginx-Bypass
X-Stale
X-VServer
X-Passed-To-BeforeDispatch
X-Hl-Ver
X-Passed-To-DLL
Thinkindot-Control
X-Node-Id
X-TT-LOGID
Who
X-Passed-To-PostProcessResponse
X-MI-In-Market
X-Matched-Rule
X-UnsetCookies
Web-Mar-Node
X-Hnp-Log
X-Location
X-UE-Client-Country
X-Thinkindot-L3
X-Backend-TTL
X-Croise-Owner
X-Env
X-WebServer
X-Epic-Correlation-Id
X-Content-Age
X-Served-From
X-Eu-Site
X-Edge-IP
X-Passed-To
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-Developers
X-Device-Os
X-Dispatcher-Server
X-Returned-From
X-Ckpd-Fst-Backend
X-CGP
X-ServiceProvider
X-Servername
X-Block-Status
X-Backend-Url
X-RCS-CacheZone
X-Backend-State
X-Returned-From-PostProcessResponse
X-Bug-Bounty
X-Cache-Debug
X-Cdn-Srv
X-Server-Group
X-Worker
X-Server-IP
X-Reboot
X-Auto-Login
X-Backend-Host
X-Actual-URL
Esi-Enabled
Is-Eu
HA-Geolon
HTTPS
HA-Geolat
Adler-Geo
MI-Cache
OT-Force-Account-Verify
HA-Geocity
HA-Geocountry
Httpd-Identifier
Heartbleed
Backend-Name
Ha-Gx-Prefs
Cache-Cookie-Set-From
HA-Georegion
HA-Host
HA-Ipaddr
HA-Urlpath
HA-Servedtime
Cache-Cookie-Set-Lfrom
MI-Cache-Age
HA-Cloudapp
Decoy-Debug-Status
Decoy-Debug-Key
Content-Disposition
Proxy-Connection
Server-Host
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Fastly-Backend-Name
Decoy-Debug-TTL
Cache-Cookie-Set-Idcheck
Pramga
CDCHOST
Cneonction
On-Server
GW-Server
Pragrma
Platform
Ohc-Response-Time
Powered-By
X-HS-Hub-Id
Mime-Version
X-Info
X-Clientip
X-Cache-Control-Set-By
X-Page-Type
X-Varnish-HitMiss
X-Origin-Expires
X-Origin-Date
X-MSEdge-Flight
X-MSEdge-Features
X-Bip
X-Hash
NtCoent-Length
X-Fetched-On
X-Platform
X-Release
X-Thanos
X-Sorting-Hat-Section
X-Response-By
X-Core-Mission
Request-Country
X-Varnish-Beresp-Ttl
X-Shopify-Stage
Kp-EeAlive
X-ShopId
X-Sorting-Hat-ShopId
MI-API
PFcat
X-Crawler
X-Sorting-Hat-FeatureSet
X-Sorting-Hat-PodId
X-ShardId
X-Sorting-Hat-ShopId-Cached
Server-ID
X-Sorting-Hat-PrivacyLevel
X-S-Maxage
X-Varnish-Id
X-Alternate-Cache-Key
REQUESTUUID
Request-EU
X-Ver
X-Sorting-Hat-PodId-Cached
X-HCF
X-Cache-Srv
X-StackifyID
NnCoection
X-Gannett-Site-Version
Country-Code
X-Secret
X-Refresh
X-Cache-URL
Drupal-Pagecache-Memcache
X-Svr
X-TIME
Cache-Provider
X-Amz-Meta-S3b-Last-Modified
X-P-T
X-Req
Processtime
Dnion-Transfer-Encoding
X-COUNTRY
X-Pjax-Url
X-Pf-Uncompressing
Version
X-Origin-TTL
Ar-Sid
X-Cache-ASPX
X-Amz-Meta-Sha256
Accept-Ch
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
Memory
Pagetype
X-RateLimit-Limit-Second
X-EC-Security-Audit
X-From-Cache
X-Varnish-Url
X-RateLimit-Remaining-Second
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
WebServer
X-App-Version
X-Csrf-Token
X-Yottaa-Sig
Cteonnt-Length
Geoip-City
FSS-Proxy
X-LiteSpeed-Cache-Control
Arc-Country
GeoIp-Country-Code
Geoip-Latitude
SN
X-CSRF-Token
FSS-Cache
X-Ruxit-Js-Agent
PageType
X-Irp-Debug
Brightspot-Id
X-Wix-Petri-Ex
X-NC
X-Rule
Dont-Set-Cookie
PICS-Label
X-LB-Node
Cdn
X-Cache-Handler
X-Ua
X-LB-CacheStatus
X-Request-Start
X-Load-Cache
Sid
X-Varnish-Beresp-TTL
X-DC
X-Redis-Cache
If-Modified-Since
CF-IPCountry
X-ROOTCache
X-Ratelimit-Remaining
COMMERCE-SERVER-SOFTWARE
Edgecast
X-Request-UUID
X-SERVER-NAME
X-Endurance-Cache-Level
X-Cdn-Forward
X-Fastly-Backend-Reqs
X-GRACE
PROCESSING-IP
MIME-Version
BORDER-IP
X-Varnish-Action
X-Tid
X-Sf
X-GDPR
X-ServedByHost
X-Ratelimit-Limit
RNT-Machine
X-RequestId
X-TId
X-Requestid
RNT-Time
X-Layer
X-Servedbyhost
X-Atg-Version
X-Dynatrace
X-B3-SpanId
X-Rocket-Nginx-Serving-Static
XServer
Frame-Options
X-Resolver-IP
X-Nananana
X-Fastly-Cache-Hits
Powered
X-BE
Cache-Tags
Amp-Access-Control-Allow-Source-Origin
X-Cache-TTL
Cf-Ipcountry
NodeID
Pics-Label
X-DataStream-Origin-MEX-Latency
CDN
CACHE
X-DataStream-MidMile-RTT
X-Owner
X-Key
X-Tec-Api-Origin
X-Tec-Api-Root
Node
Dynatrace
X-Tec-Api-Version
X-HTML-Minification-Powered-By
We-Hiring
Mail-Subject
X-Server-W
PageSpeed
X-Shard
GeoIP-Latitude
GeoIP-City
GeoIP-Country-Code
X-Dynatrace-Js-Agent
X-Varnish-Ttl
Web-Mar-Region
X-Gdpr
X-VG-WebCache
X-Use-Magma
X-ABtesting
X-Flog
X-UPSTREAM-Address
X-Sentry-ID
Lfy
X-GEO
X-GZIP
ProcessTime
DataCenter
X-Varnish-URL
WZWS-RAY
X-Powered-By-ANYU
Accept-CH
X-Ms-Blob-Type
X-Ms-Request-Id
X-Ms-Lease-Status
Hostname
X-Ms-Version
X-Aicache-OS
Get-Access-Time
X-PF-Uncompressing
Max-Age
Is-Session-Tracking
X-CDN-Pop
X-CDN-Pop-IP
URI
X-Alicdn-Da-Ups-Status
X-NWS-UUID-VERIFY
X-Dw-Trace-Id
Xet-Cookie
X-NGINX-Cache
Cdn-Host
X-Mem
X-Trv-Request-Id
X-Check-Cacheable
X-PJAX-URL
Cdn-Request-Time
X-Oa-Upstreams
X-VG-TLSProxy
X-Cookie
X-Edge-Server
True-Client-Country-4JS
X-Unique-Id
Requestid
RequestUuid
X-Swa-Ws
X-Ms-Lease-State
X-Policy
X-Front
X-Varnish-ID
X-Powered-By-Defense
X-PAGE-TYPE
X-Remote-IP
X-Cache-FS-Status
X-RSL
X-RPS
X-RPM
X-Acquia-Application-UUID
X-Akamai-ERPolicy
GEO-REGION-INFO
Rt-Proxy-Cache
X-Hello
X-Akamai-ERRuleID
X-DW
X-VID
X-DI
SID
X-Proxy-Server
X-Fe
CF-Cached-On
WS
X-Litespeed-Cache-Control
Magicmarker
X-RAMCache
X-DB
X-Acquia-Application-Trace
X-Litespeed-Tag
X-DSS