Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
Referrer-Policy
X-Xss-Protection
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
CF-Ray
Alt-Svc
Status
X-AspNetMvc-Version
X-Cache-Status
X-DNS-Prefetch-Control
X-Check
X-Iinfo
X-Adblock-Key
X-FRAME-OPTIONS
X-CDN
Timing-Allow-Origin
X-Content-Security-Policy
X-Permitted-Cross-Domain-Policies
X-Turbo-Charged-By
Content-Encoding
P3p
X-Template
X-Language
Keep-Alive
X-Type
X-AH-Environment
X-Via
X-Cache-Group
X-Backend
WPE-Backend
X-Request-ID
X-Pass-Why
X-Buckets
X-Age
X-Server
X-Nginx-Cache-Status
Access-Control-Max-Age
X-Server-Powered-By
X-Pingback
Xkey
X-Varnish-Cache
Grace
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Expose-Headers
X-Hacker
X-UA-Device
X-Amz-Request-Id
X-Page-Speed
Cf-Railgun
X-Amz-Id-2
X-Proxy-Cache
X-Robots-Tag
EagleId
X-Envoy-Upstream-Service-Time
Request-Context
X-LiteSpeed-Cache
X-Node
X-Swift-SaveTime
X-Swift-CacheTime
X-Ac
X-Device
X-Cnection
Ali-Swift-Global-Savetime
X-Host
Content-Location
X-Amz-Version-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Server-Id
Surrogate-Control
X-WebKit-CSP
X-Backend-Server
X-Cache-Lookup
X-OneAgent-JS-Injection
X-Rack-Cache
X-Response-Time
X-Px
X-Instart-Request-ID
Request-Id
X-Readtime
X-CST
Server-Timing
X-Rq
X-Clacks-Overhead
X-Do-Not-Hack
X-HeyJason
Permitted-Cross-Domain-Policies
Pinterest-Generated-By
EagleEye-TraceId
X-Ua-Compatible
X-Url
Edge-Control
X-Cloud-Trace-Context
X-Application-Context
X-MS-InvokeApp
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country
Report-To
X-DynaTrace-JS-Agent
Charset
SPRequestGuid
X-Server-Name
X-Country-Code
Allow
X-SharePointHealthScore
X-DataDome
X-Ruxit-JS-Agent
Rating
X-Varnish-TTL
X-Vname
X-PC
X-TtlSet
X-Cached
X-ESI
X-TTL
X-Powered-CMS
X-Powered-By-Plesk
X-Recruiting
X-CF-Powered-By
X-FTR-Request-ID
NEL
X-Vhost
X-D2id
X-DynaTrace
Pinterest-Version
Public-Key-Pins
X-Pinterest-Rid
X-Upstream-Env
X-Kinja-Server
X-Kinja-Revision
X-Kinja
X-Exp-Id
X-Cdn-Fetch
X-Geo-Segment
X-Kinja-Build
X-Exp-Variant
X-F-Cache
X-Version
X-N
SPRequestDuration
X-VARITI-CCR
SPIisLatency
X-T
Cartoon
X-GoogleNews-Bot
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Dw-Request-Base-Id
X-Mod-Pagespeed
MS-Author-Via
X-Abt-Application-Version
Content-MD5
RTSS
Nginx-Cache
Feature-Policy
X-GitHub-Request-Id
Verso
AR-CACHE
AR-ATIME
AR-PoweredBy
X-Dispatcher
MicrosoftSharePointTeamServices
X-Navigation-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Goog-Hash
X-Client-IP
X-Amz-Rid
X-Hits
Realpath
X-Shield-Request-Id
X-Forwarded-Proto
X-Origin-Cache
X-Trace
X-Cdn
X-Ttl
Paypal-Debug-Id
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Content-Options
X-Content-Digest
X-Zen-Fury
X-Id
X-Grace
X-Server-ID
X-Kinsta-Cache
Arr-Disable-Session-Affinity
TCN
X-B
AR-SID
DynaTrace
Alternate-Protocol
X-Varnish-Age
X-Cache-Key
Fastcgi-Cache
X-Sol
X-Upstream
MRF-Tech
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Mrf-Cache-Status
Access-Control-Request-Method
X-Ser
X-FastCGI-Cache
X-Pad
X-Fastly-Request-ID
PB-RID
Display
PB-PID
X-Middleton-Display
X-Mobile-Rewrite
X-Nf-Srv-Version
X-NF-Request-ID
X-Via-JSL
X-Acc-Meta-Resource-Type
X-DIS-Request-ID
X-Vcap-Request-Id
X-User-Agent
X-Middleton-Response
Response
Front-End-Https
X-Forwarded-For
Pagespeed
X-MSEdge-Ref
Rt-Fastcgi-Cache
X-IPLB-Instance
X-Cache-Rule
X-PressLabs-Stats
X-Frontend
X-SS-Set-Cookie
Eomportal-Instance
X-Logged-In
X-Cache-Hit
Arc-Version
X-Whom
Server-Name
X-VCache
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Hostname
Host
X-XRDS-Location
Tracecode
Surrogate-Key
S
X-Country-Code-Real
X-FTR-Realm
Cache-Status
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Expires
X-FTR-Cache-Status
X-FTR-Balancer
X-Request-Received
X-Request-Processing-Time
X-Analytics
X-Debug
Backend-Timing
X-Litespeed-Cache
X-HS-Content-Id
TP-L2-Cache
TP-Cache
Refresh
X-AOL-HN
X-Instance
X-Newrelic-App-Data
X-Contextid
X-AppVersion
X-Az
X-Proxied
X-Magnolia-Registration
X-Activity-Id
Public-Key-Pins-Report-Only
X-Rid
X-Wix-Server-Artifact-Id
FilterID
X-XRDS-LOCATION
X-Srv
ServerID
X-UUID
X-HW
Server-Info
HitInfo
HitType
X-B3-Traceid
X-WPE-Loopback-Upstream-Addr
Cleartype
X-URL
Liferay-Portal
Service-Worker-Allowed
X-APP-VERSION
X-Webkit-Csp
X-Mobile
X-Varnish-Server
X-Content-Security-Policy-Report-Only
X-FTR-Cache-Host
AMP-Access-Control-Allow-Source-Origin
X-NWS-LOG-UUID
X-Varnish-Backend
Served-By
X-Cache-Control
X-Revision
X-Amzn-Trace-Id
Source
X-Geo-Country
X-Cache-Server
Server-Node
X-PC-Hit
X-PC-Key
X-Hail-Hydra
X-PHP-Backend
X-BCube-Filmed-By
X-App-Environment
Host-Header
Retry-After
X-PC-AppVer
X-RateLimit-Remaining
X-Request-Guid
X-Origin
X-Varnish-Hostname
X-HS-Cache-Config
X-Device-Type
MS-CV
Edge-Cache-Tag
X-TT
X-Handled-By
X-Tumblr-Pixel
X-Cache-Operation
X-Tumblr-Pixel-0
X-Tumblr-User
DC
X-Cache-2
Powered-By-ChinaCache
X-B-Cache
X-Signature
S-Cnection
X-Framework
X-Cache-Config
X-FB-Debug
Fastly-Restarts
X-Page-Id
X-Origin-Upstream-Status
Accept-Charset
X-Correlation-Id
X-Origin-Server
X-Cache-Action
X-Sucuri-ID
X-TT-TIMESTAMP
X-Ocache
X-Debug-Info
Viewport
X-PC-Host
X-PC-Date
Actual-Object-TTL
X-ADI-VCache
X-Shield-Cache-Expires
X-Hyper-Cache
X-B3-Sampled
X-WA-Info
X-Cached-By
X-Content-Powered-By
NGB
X-ATG-Version
X-Microcachable
X-Accel-Expires
X-Drupal-Cache-Tags
X-Akam-SW-Version
Upgrade-Insecure-Requests
X-LB-Cache
SRV
Filters
AsisCache
X-Cache-NE
Cache
X-Generated-By
X-Yottaa-Metrics
X-App-Server
ServedBy
X-Yottaa-Optimizations
X-RTag
X-S
X-RequestSource
X-Locale
X-FW-Serve
X-Cacheable-TTL
X-FW-Type
X-Internal-Host
X-FW-Server
X-FW-Hash
X-FW-Static
Content-Style-Type
Content-Script-Type
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-WebKit-CSP-Report-Only
X-GeoIP
X-Wix-Request-Id
X-Distil-CS
X-Seen-By
X-Jobs
X-Accel-Buffering
X-Amz-Server-Side-Encryption
X-TX-ID
X-ServedBy
X-Cluster
X-Varnish-Hits
From-Origin
X-Geo
X-Node-Name
X-GUploader-UploadID
X-Esi
X-NewRelic-App-Data
X-Akamai-Edgescape
X-Adobe-Content
X-Varnish-Grace
X-Adobe-Loc
X-Sucuri-Cache
X-RateLimit-Limit
X-Varnish-Cache-Hits
X-Varnish-IP
X-HS-Combine-CSS
X-Platform-Server
X-GZip
X-CDN-Forward
X-Vg-Webcache
X-UA
X-Dns-Prefetch-Control
X-Cache-TTL-Remaining
Datacenter
X-Edge-Cache-Key
X-Edge-Cache
X-Daa-Tunnel
X-Cache-Age
X-Cache-Remote
X-Real-IP
X-Storage
Cache-Tag
X-Akamai-Transformed
X-Mode
X-Region
HostName
X-Drupal-Cache-Contexts
X-Amz-Replication-Status
X-Source
X-Distributor
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
X-RN-RSRV
Meta-Geo
Machine
Load-Balancing
X-Cache-Var
X-Cache-Var-Map
X-Rendered-As
X-Detected-As
X-ProcessESI
X-Path-Route
X-RemovedCookies
X-Is-Bot
X-MP-GENERATED-AT
X-NCache
X-Amzn-RequestId
X-Agile-Age
X-Agile-Id
X-Agile
X-Amz-Apigw-Id
ServerName
Fastly-SSL
Country
X-TWH-CORRELATION-ID
X-Upgrade-Enabled
X-Grey
X-Viewer-Country
X-ApacheServer
X-Time-Microsecs
X-Kinja-Server-Push
GEO-INFO
X-PERF
X-PCL
X-CDN-Cache
X-Web-Node
X-NodeID
Mn-Server-Ip
X-BB-IP
Cache-Key
X-OCL
X-Cache-Category-Id
X-Webstats-RespID
X-Akamai-Request-ID
Backend
X-Human
X-Instance-Name
Azure-Version
Cache-Name
X-Cache-HT
Azure-RegionName
Azure-InstanceId
X-Amz-Meta-Surrogate-Control
Azure-SiteName
Azure-SlotName
X-Edge-Location
X-Debug-Cache
X-TA-CDN-Provider
X-Cluster-Node
X-EIG-Tracking-Id
X-OVcl-Cache
L5d-Success-Class
X-Port
S-Rt
Ohc-File-Size
X-Pubstack
X-Via-Fastly
X-OVcl
X-Original-Request
X-Optimization
X-Proto
TWC-GeoIP-Country
TWC-Connection-Speed
Webcakes-Region
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-Privacy
Webcakes-App-Version
Webcakes-App-Name
X-Access
User-Cache-Control
TWC-Locale-Group
X-Generation-Time
X-Www-Served-By
X-Xfnlog-Site
X-VWS-Id
X-SplitTest
X-Site-Version
X-Zipkin-Id
X-BYPASS-REASON
X-ProxyCache-Status
X-ServerID
X-ProxyCache-Key
X-Proxy
X-FC-Vary-Parameters
X-Section
X-Routing-Service
X-CCM
X-CCM-LastModified
X-Birta-Served
X-Birta-Cache-Post
X-AWS-Id
X-Format
Property-Id
X-Meta-Tbi-Cache-Vertical
X-Origin-Hint
X-LJ-Flow-ID
X-Labrador-Cache-Channel
X-IP
X-App-Name
X-Hosted-By
DB-Nickname
LB
Healthy
X-TNCMS
Fastcgi-Useragent
Now
User-Agent
Cache-Hits
X-Varnish-Cacheable
X-Loop
X-Request-Time
X-Cache-Bucket
Access-Control-Allow-Method
X-JoinUs
X-CLOUD-TRACE-CONTEXT
X-Surge-Debug
X-Generated
X-Tumblr-Pixel-3
X-Backend-Name
Payment
X-Tb
X-Guploader-Uploadid
Selected-FE
RATING
X-Ezoic-Cdn
X-Time
Countrycode
X-Proxy-Build
X-Timing-Wait
Ec-Rule-Version
X-Origin-CC
X-Hit
X-Render-Type
X-Feature
X-Correlation-ID
X-Cache-Enabled
X-DataStream-Cache-Status
X-B3-Spanid
X-Newrelic-Synthetics
X-Unique-ID
X-Dc
WP-Super-Cache
X-Nginx-Cache
Origin-Edge-Control
Origin-Cache-Control
X-Oneagent-Js-Injection
X-Real-Ip
X-Environment-Context
X-CACHE-AGE
X-L-Path
X-UA-Device-Type
X-Nc
NODE
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
RequestId
X-NU-AKA-ACS-Version
X-Skip-Cache
Xserver
X-B3-TraceId
X-NGENIX-Cache
Access-Control-Request-Headers
X-WR-MODIFICATION
Webserver
X-Content-Type
X-Vgn-Hpd-Reason
X-Status
X-Be
X-COUNTRY
X-ElasticPress-Search
X-Cache-Backend
X-Upstream-HT
X-Servedby
X-Upstream-CT
Time
X-EdgeConnect-Cache-Status
Ws
Warning
BehaviorPad-Version
X-D
X-Connection-Hash
X-No-Session
AKAMAI
X-Logtrace-Id
X-ND-Cache
X-SRCache-Key
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-CF-Lambda-Fn
X-Wix-Route-ID
Xc-Version
X-PAYTM-SRV-ID
X-Cache-Id
X-From
X-CF-Lambda-Version
VivaBuild
X-A-Dgt
X-A-Wwc
X-Accel-Expires-Debug
X-Amz-Meta-Cache-Control
X-A-Dcw
X-A-Dam
X-Generated-In
X-A
X-A-Ccd
X-Application
X-ARC
X-BBXSRF
Www
Ajk
X-Haproxy-Ip
X-BB-ID
X-B-Cookie
X-G
X-Haproxy-Hostname
X-Cache-Host
Viewtype
X-Rojux
X-S-Cookie
Sta2Tusw
X-Trv-Group
Fastcgi-X-Cache-Version
X-Rewrite-Enabled
Fly-Request-Id
X-Twitter-Response-Tags
Fly-Cache
X-DPWN-IS-SECURE
X-Developer
T-Server
X-SVT-ORM-VERSION
Fastcgi-X-Cache
X-SVT-ORM-RULES
Fastly-Soc-X-Request-Id
X-Transaction
X-Server-By
X-Died
X-Server-Time
X-Fastly-Cache
X-Region-Sid
Meta-Geo-Continent
X-We-Are-Hiring
X-Destination
Resin-Trace
X-Date
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Public
X-Via-Edge
X-Via-CDN
Host-ID
GMS-Ver
X-Planisys-CDN-Cache
X-User
MD5-Digest
X-VG-WebServer
Cache-Prefix
Memcached
X-GoCache-CacheStatus
IBM-Web2-Location
X-Croise-Owner
Server-Int
Rendered-Blocks
Fastly-SWR
Fastly-SIE
IsBot
NGX
Release
Origin
Request-Time
X-Cache-Time
X-FireWall-Port
X-Rebelmouse-Surrogate-Control
X-Forwarded-Host
X-Var-Ttl
X-Debug-Log
X-Rebelmouse-Cache-Control
X-Up
X-Request-URI
X-Trace-Id
X-Sn-Servicetimems
X-SIPLIST1
X-ScT
X-F5-Cache
X-Debug-Cookies
X-Wikidot-Backend
X-Cache-Expires
X-Cdn-Origin
X-Cache-CFC
V-Age
UCS
X-NX-Host
X-Fstrz
X-CS
X-Wikidot-Static-Cache
X-Core-Value
X-Phone
X-Frame-Option
Uber-Trace-Id
Odigeo-Trace-Id
Apicache-Store
X-Varnish-Beresp-Ttl
Apicache-Version
X-Webkit-CSP
Cneonction
X-C
X-Developers
X-Device-Os
Thinkindot-CacheControl
X-Dispatcher-Server
X-Content-Age
X-Ckpd-Fst-Backend
X-Edge-IP
X-Gen-Mode
X-GeoIP-City
X-Eu-Site
X-Epic-Correlation-Id
X-Env
X-CGP
X-Cdn-Srv
X-Amz-Meta-S3cmd-Attrs
X-Backend-Host
X-Actual-URL
Thinkindot-CacheControl-Type
Who
Thinkindot-Control
X-Backend-State
X-Backend-TTL
X-Bug-Bounty
X-Cache-Debug
X-GeoIP-Country-Code
X-Block-Status
X-Backend-Url
Web-Mar-Node
X-Location
X-UE-Client-Country
X-UnsetCookies
X-TT-LOGID
X-Thinkindot-L3
X-ServiceProvider
X-Stale
X-V
X-StackifyID
X-IN-SSL-APIGATEWAY
X-IN-WAF
X-IN-APIGATEWAY
X-Worker
X-VServer
X-WebServer
X-Servername
X-Server-IP
X-Passed-To-BeforeDispatch
Fastly-Backend-Name
X-Passed-To
X-MI-In-Market
OT-Force-Account-Verify
X-Matched-Rule
X-Passed-To-PostProcessResponse
X-Reboot
X-Served-From
X-Server-Group
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-Returned-From
X-Returned-From-BeforeDispatch
X-Hnp-Log
X-Passed-To-DLL
Decoy-Debug-TTL
HA-Georegion
Ha-Gx-Prefs
Content-Disposition
Heartbleed
Ohc-Response-Time
Is-Eu
Decoy-Debug-Key
Esi-Enabled
Backend-Name
Powered-By
Platform
HA-Servedtime
HA-Ipaddr
HA-Host
Proxy-Connection
Pramga
Pragrma
Cache-Cookie-Set-From
MI-Cache-Age
Cache-Cookie-Set-Idcheck
GW-Server
HA-Cloudapp
HA-Urlpath
Cache-Cookie-Set-Lfrom
Httpd-Identifier
Server-Host
HA-Geocity
HA-Geocountry
MI-Cache
HA-Geolon
Decoy-Debug-Status
Adler-Geo
CDCHOST
On-Server
HTTPS
HA-Geolat
X-TIME
X-Core-Mission
X-MSEdge-Features
NnCoection
Kp-EeAlive
X-Node-Id
X-RCS-CacheZone
X-Hash
X-Auto-Login
X-Varnish-Id
X-Ver
X-MSEdge-Flight
X-Page-Type
X-Response-By
X-Sorting-Hat-PodId
X-Via-NSCOPI
Request-EU
X-Rocket-Nginx-Bypass
X-S-Maxage
REQUESTUUID
X-ShardId
X-Sorting-Hat-FeatureSet
Server-ID
X-Shopify-Stage
X-ShopId
Request-Country
X-Sorting-Hat-PodId-Cached
X-Cache-Srv
X-Sorting-Hat-ShopId-Cached
X-Hl-Ver
X-Release
PFcat
X-Alternate-Cache-Key
X-Fetched-On
X-Cache-Ttl
X-Sorting-Hat-Section
X-Sorting-Hat-PrivacyLevel
X-Sorting-Hat-ShopId
Ar-Sid
X-HS-Hub-Id
X-Secret
X-Origin-Date
X-Gannett-Site-Version
X-Origin-Expires
X-Thanos
X-Svr
X-Cache-URL
MI-API
X-HCF
X-Amz-Meta-S3b-Last-Modified
X-Crawler
Drupal-Pagecache-Memcache
X-Info
X-Cache-Control-Set-By
X-Bip
X-Varnish-HitMiss
X-Platform
X-Clientip
X-P-T
X-Fastcgi-Cache
Cache-Provider
X-Refresh
Mime-Version
X-Req
NtCoent-Length
Country-Code
Dnion-Transfer-Encoding
Version
X-Pf-Uncompressing
Processtime
Cteonnt-Length
X-SERVER-NAME
X-Origin-TTL
X-Amz-Meta-Sha256
Accept-Ch
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
X-NC
Pagetype
X-Csrf-Token
X-Oss-Hash-Crc64ecma
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Yottaa-Sig
X-EC-Security-Audit
Memory
X-From-Cache
X-Kong-Proxy-Latency
X-Pjax-Url
X-Kong-Upstream-Latency
X-Cache-ASPX
X-DC
X-Varnish-Url
WebServer
Arc-Country
X-App-Version
X-CSRF-Token
FSS-Cache
FSS-Proxy
X-Ua
X-Irp-Debug
SN
Brightspot-Id
X-LiteSpeed-Cache-Control
Geoip-City
GeoIp-Country-Code
Geoip-Latitude
X-Ruxit-Js-Agent
PageType
PICS-Label
X-Wix-Petri-Ex
X-Dynatrace
X-Redis-Cache
Dont-Set-Cookie
X-LB-Node
CF-IPCountry
MIME-Version
X-Rule
If-Modified-Since
Sid
X-LB-CacheStatus
X-Cache-Handler
X-ROOTCache
COMMERCE-SERVER-SOFTWARE
X-Atg-Version
Cdn
X-Request-Start
X-Request-UUID
X-Endurance-Cache-Level
X-Ratelimit-Remaining
X-Fastly-Backend-Reqs
Edgecast
X-Load-Cache
X-Varnish-Beresp-TTL
X-Cdn-Forward
X-TId
X-Requestid
X-Varnish-Action
X-GRACE
BORDER-IP
PROCESSING-IP
X-Servedbyhost
X-Layer
X-Sf
X-Ratelimit-Limit
RNT-Machine
X-ServedByHost
X-GDPR
RNT-Time
X-Tid
XServer
Frame-Options
X-Rocket-Nginx-Serving-Static
X-RequestId
Dynatrace
X-Cache-TTL
X-Nananana
X-BE
X-B3-SpanId
X-Fastly-Cache-Hits
X-Resolver-IP
CDN
Powered
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
Pics-Label
X-Key
X-Owner
Cf-Ipcountry
Amp-Access-Control-Allow-Source-Origin
Cache-Tags
NodeID
CACHE
X-HTML-Minification-Powered-By
Node
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
GeoIP-Latitude
Web-Mar-Region
X-Gdpr
Mail-Subject
We-Hiring
GeoIP-Country-Code
X-Server-W
GeoIP-City
DataCenter
PageSpeed
X-Flog
X-Shard
X-Dynatrace-Js-Agent
X-Varnish-Ttl
X-VG-WebCache
X-ABtesting
X-Use-Magma
ProcessTime
X-Powered-By-ANYU
X-Sentry-ID
X-UPSTREAM-Address
WZWS-RAY
Lfy
X-NWS-UUID-VERIFY
X-GZIP
X-Varnish-URL
Max-Age
Accept-CH
Get-Access-Time
X-CDN-Pop-IP
Is-Session-Tracking
X-CDN-Pop
X-Ms-Request-Id
Hostname
X-Ms-Version
X-Ms-Lease-Status
X-Ms-Blob-Type
X-Aicache-OS
URI
X-PF-Uncompressing
X-PJAX-URL
X-GEO
X-Mem
X-NGINX-Cache
X-Alicdn-Da-Ups-Status
Xet-Cookie
X-Dw-Trace-Id
True-Client-Country-4JS
Cdn-Request-Time
Cdn-Host
X-Front
X-Oa-Upstreams
X-Powered-By-Defense
X-Cache-FS-Status
Requestid
X-Edge-Server
X-Check-Cacheable
X-VG-TLSProxy
X-Cookie
X-Trv-Request-Id
X-Remote-IP
Magicmarker
X-Unique-Id
X-Proxy-Server
RequestUuid
X-Varnish-ID
X-Policy
X-Ms-Lease-State
X-ByteArk-Cache
X-Swa-Ws
X-PAGE-TYPE
X-DB
X-DSS
X-DW
X-RPM
X-RPS
X-RSL
X-DI
X-VID
X-RAMCache
X-Acquia-Application-Trace
X-Zalando-Page-Type
CF-Cached-On
X-Acquia-Application-UUID
X-Akamai-ERRuleID
X-Hello
X-Zalando-Child-Request-Id
X-Litespeed-Tag
WS
X-Fe
X-Akamai-ERPolicy
X-Micro-Cache
SID
X-Litespeed-Cache-Control