Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
Strict-Transport-Security
X-Powered-By
X-Content-Type-Options
CF-RAY
ETag
Link
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Access-Control-Allow-Origin
Content-Language
Content-Security-Policy
X-UA-Compatible
P3P
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
X-Xss-Protection
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
Alt-Svc
Status
X-AspNetMvc-Version
X-Cache-Status
X-DNS-Prefetch-Control
X-Check
P3p
X-Iinfo
X-Adblock-Key
X-FRAME-OPTIONS
X-CDN
Timing-Allow-Origin
X-Content-Security-Policy
X-Permitted-Cross-Domain-Policies
X-Turbo-Charged-By
Content-Encoding
X-Template
X-Language
Keep-Alive
X-Type
X-AH-Environment
X-CONTENT-TYPE-OPTIONS
X-Via
X-Cache-Group
X-Backend
X-Request-ID
WPE-Backend
X-Pass-Why
X-Buckets
X-Age
X-Server
X-Nginx-Cache-Status
Access-Control-Max-Age
X-XSS-PROTECTION
X-Server-Powered-By
X-Pingback
Xkey
X-Varnish-Cache
Grace
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Expose-Headers
X-Hacker
X-UA-Device
X-Amz-Request-Id
Cf-Railgun
X-Page-Speed
X-Amz-Id-2
X-Proxy-Cache
X-Robots-Tag
EagleId
X-Envoy-Upstream-Service-Time
Request-Context
X-Node
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Ac
X-Device
Ali-Swift-Global-Savetime
X-Cnection
X-Host
Content-Location
X-Amz-Version-Id
X-WebKit-CSP
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Server-Id
Surrogate-Control
X-Backend-Server
CONTENT-SECURITY-POLICY
X-Cache-Lookup
X-OneAgent-JS-Injection
X-Rack-Cache
X-Response-Time
X-Px
X-Instart-Request-ID
X-CST
Server-Timing
Request-Id
X-Readtime
X-Rq
X-Clacks-Overhead
Pinterest-Generated-By
X-Url
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
X-HeyJason
EagleEye-TraceId
X-Ua-Compatible
Edge-Control
X-Application-Context
X-Cloud-Trace-Context
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country
X-MS-InvokeApp
Report-To
X-Server-Name
Charset
X-DynaTrace-JS-Agent
SPRequestGuid
X-Country-Code
Allow
X-ESI
X-DataDome
X-SharePointHealthScore
Rating
X-Varnish-TTL
X-Ruxit-JS-Agent
X-PC
X-Vname
X-TtlSet
X-Cached
X-Powered-CMS
X-Powered-By-Plesk
X-Recruiting
X-CF-Powered-By
X-FTR-Request-ID
X-DynaTrace
X-Vhost
NEL
X-D2id
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Kinja-Build
X-Kinja-Server
X-Kinja-Revision
X-Cdn-Fetch
Public-Key-Pins
X-Exp-Id
X-Exp-Variant
X-Geo-Segment
X-Kinja
X-TTL
X-F-Cache
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Env
X-Version
X-T
Cartoon
X-VARITI-CCR
X-GoogleNews-Bot
X-N
SPRequestDuration
SPIisLatency
X-Dw-Request-Base-Id
X-Mod-Pagespeed
X-Ttl
X-Abt-Application-Version
RTSS
Verso
Content-MD5
MS-Author-Via
Feature-Policy
Nginx-Cache
X-GitHub-Request-Id
X-Dispatcher
X-Goog-Hash
X-Navigation-Version
X-Client-IP
X-Amz-Rid
X-SRCache-Fetch-Status
X-SRCache-Store-Status
MicrosoftSharePointTeamServices
X-Forwarded-Proto
X-Hits
Realpath
AR-ATIME
AR-PoweredBy
AR-CACHE
X-Shield-Request-Id
X-Origin-Cache
X-Cdn
X-Trace
Paypal-Debug-Id
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Content-Options
X-Id
X-Grace
X-Content-Digest
X-Zen-Fury
X-Server-ID
X-Kinsta-Cache
DynaTrace
X-B
TCN
Arr-Disable-Session-Affinity
Alternate-Protocol
X-Varnish-Age
X-Cache-Key
AR-SID
Fastcgi-Cache
X-Sol
X-Upstream
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
MRF-Tech
X-Acc-Meta-Resource-Type
Access-Control-Request-Method
X-FastCGI-Cache
X-Pad
X-Ser
X-Mobile-Rewrite
PB-PID
PB-RID
X-Fastly-Request-ID
Display
X-Middleton-Display
X-Nf-Srv-Version
X-NF-Request-ID
X-Via-JSL
X-Vcap-Request-Id
X-DIS-Request-ID
X-User-Agent
X-Middleton-Response
Pagespeed
Response
X-Forwarded-For
X-MSEdge-Ref
Eomportal-Instance
Rt-Fastcgi-Cache
Arc-Version
X-Frontend
X-Cache-Rule
X-PressLabs-Stats
Front-End-Https
X-Cache-Hit
X-Logged-In
X-SS-Set-Cookie
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Generation
X-IPLB-Instance
Server-Name
X-Whom
Host
X-Hostname
S
Surrogate-Key
X-VCache
Tracecode
X-FTR-Realm
X-FTR-Expires
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-DC
X-FTR-Backend
X-XRDS-LOCATION
X-Request-Processing-Time
X-Request-Received
X-Analytics
Backend-Timing
Cache-Status
X-Debug
X-HS-Content-Id
TP-L2-Cache
X-AOL-HN
TP-Cache
X-Magnolia-Registration
X-Instance
X-XRDS-Location
Refresh
X-Contextid
X-B3-Traceid
FilterID
X-Proxied
X-HW
X-Rid
ServerID
X-AppVersion
X-Activity-Id
X-Litespeed-Cache
X-Az
X-Srv
Public-Key-Pins-Report-Only
X-Wix-Server-Artifact-Id
Cleartype
HitInfo
HitType
Server-Info
X-UUID
X-WPE-Loopback-Upstream-Addr
X-APP-VERSION
AMP-Access-Control-Allow-Source-Origin
X-FTR-Cache-Host
X-Content-Security-Policy-Report-Only
X-Varnish-Backend
X-Newrelic-App-Data
X-Mobile
X-Origin-Upstream-Status
X-Varnish-Server
Liferay-Portal
Service-Worker-Allowed
X-Cache-Control
Served-By
Accept-Charset
X-Revision
X-TT
X-Amzn-Trace-Id
X-Cache-Server
Source
Server-Node
X-PC-AppVer
X-Request-Guid
X-PC-Key
X-Hail-Hydra
X-PC-Hit
X-Geo-Country
X-App-Environment
X-BCube-Filmed-By
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Page-Id
X-PHP-Backend
X-Tumblr-User
X-Device-Type
Host-Header
Retry-After
MS-CV
X-Framework
X-Handled-By
X-Varnish-Hostname
DC
X-Cache-Config
X-Cache-Operation
X-Signature
X-B-Cache
Powered-By-ChinaCache
X-FB-Debug
X-Cache-2
X-RateLimit-Remaining
X-Origin-Server
Viewport
X-Correlation-Id
X-Origin
S-Cnection
X-NWS-LOG-UUID
X-URL
Edge-Cache-Tag
X-HS-Cache-Config
X-Cache-Action
X-ATG-Version
X-Debug-Info
Fastly-Restarts
X-TT-TIMESTAMP
X-Ocache
X-PC-Date
X-PC-Host
X-Cached-By
X-Sucuri-ID
X-B3-Sampled
Actual-Object-TTL
X-Hyper-Cache
X-WA-Info
NGB
X-NewRelic-App-Data
X-Akam-SW-Version
X-Content-Powered-By
X-LB-Cache
X-Drupal-Cache-Tags
X-Microcachable
X-Shield-Cache-Expires
X-ADI-VCache
X-Accel-Expires
Upgrade-Insecure-Requests
X-Generated-By
X-Cache-NE
AsisCache
Filters
SRV
X-App-Server
X-WebKit-CSP-Report-Only
X-Distil-CS
ServedBy
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Tumblr-Pixel-2
X-RequestSource
X-FW-Hash
X-RTag
X-Locale
X-Internal-Host
X-FW-Server
X-Tumblr-Pixel-1
X-FW-Type
X-FW-Serve
X-FW-Static
Content-Script-Type
X-Cluster
X-GeoIP
Content-Style-Type
X-Cacheable-TTL
X-Jobs
X-S
X-Wix-Request-Id
X-GUploader-UploadID
X-Seen-By
X-ServedBy
X-Node-Name
Cache
X-Cache-Age
X-Amz-Server-Side-Encryption
X-Geo
X-Varnish-Hits
X-Accel-Buffering
X-TX-ID
From-Origin
X-Varnish-Grace
X-UA
Datacenter
X-Platform-Server
X-Varnish-Cache-Hits
X-RateLimit-Limit
X-Adobe-Loc
X-GZip
X-Adobe-Content
X-Akamai-Edgescape
X-Vg-Webcache
X-CDN-Forward
X-Varnish-IP
X-Sucuri-Cache
X-Dns-Prefetch-Control
X-Cache-TTL-Remaining
X-CLOUD-TRACE-CONTEXT
Cache-Tag
X-HS-Combine-CSS
X-Real-IP
X-Edge-Cache
X-Edge-Cache-Key
X-Storage
X-Oneagent-Js-Injection
X-Akamai-Transformed
X-Webkit-Csp
X-Drupal-Cache-Contexts
X-Mode
X-Region
X-Cache-Remote
X-Source
X-Distributor
X-Amz-Replication-Status
X-Proxy
X-RemovedCookies
Machine
X-RN-RSRV
X-MP-GENERATED-AT
Load-Balancing
X-Rendered-As
Meta-Geo
X-Detected-As
X-Amz-Apigw-Id
X-Amzn-RequestId
X-ProcessESI
X-Path-Route
X-Is-Bot
Ohc-File-Size
X-NCache
Fastly-SSL
ServerName
X-Webstats-RespID
X-Upgrade-Enabled
X-TWH-CORRELATION-ID
X-Agile-Age
X-Agile
X-Backend-Name
HostName
X-CDN-Cache
X-FC-Vary-Parameters
Cache-Key
X-Time-Microsecs
X-Kinja-Server-Push
X-ApacheServer
X-Daa-Tunnel
X-Agile-Id
X-BB-IP
Mn-Server-Ip
X-Akamai-Request-ID
GEO-INFO
X-PERF
Azure-RegionName
X-Cluster-Node
X-PCL
Azure-SlotName
Azure-SiteName
Azure-InstanceId
X-OVcl
S-Rt
X-Cache-Var
X-Pubstack
X-OVcl-Cache
X-Cache-Var-Map
X-Cache-Category-Id
Backend
X-Viewer-Country
X-Web-Node
X-Amz-Meta-Surrogate-Control
X-Varnish-Cacheable
X-Proto
X-Grey
X-Human
X-ServerID
User-Agent
Azure-Version
X-EIG-Tracking-Id
X-OCL
X-NodeID
X-Original-Request
Webcakes-App-Name
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
Selected-FE
TWC-GeoIP-LatLong
TWC-Locale-Group
Webcakes-Region
Webcakes-App-Version
TWC-Privacy
X-Access
Healthy
X-Instance-Name
X-IP
X-Site-Version
Property-Id
X-SplitTest
X-Generation-Time
X-Section
X-Routing-Service
X-Proxy-Build
X-Port
X-Origin-Hint
X-Optimization
X-LJ-Flow-ID
X-Meta-Tbi-Cache-Vertical
X-Timing-Wait
X-Via-Fastly
X-CCM-LastModified
X-Debug-Cache
X-Cache-HT
X-Birta-Served
X-AWS-Id
X-Birta-Cache-Post
X-JoinUs
X-Hosted-By
X-Www-Served-By
X-Format
X-Zipkin-Id
Access-Control-Allow-Method
X-Edge-Location
X-App-Name
X-VWS-Id
LB
Countrycode
Cache-Name
Now
L5d-Success-Class
X-ProxyCache-Key
X-TNCMS
X-BYPASS-REASON
DB-Nickname
User-Cache-Control
X-ProxyCache-Status
Fastcgi-Useragent
X-Loop
X-Labrador-Cache-Channel
Country
X-Generated
X-Esi
X-Xfnlog-Site
Payment
X-Tb
X-CCM
Cache-Hits
X-Tumblr-Pixel-3
X-Dc
X-Request-Time
Ec-Rule-Version
X-Guploader-Uploadid
RATING
X-Surge-Debug
X-Newrelic-Synthetics
X-Origin-CC
X-Ezoic-Cdn
X-Unique-ID
X-Hit
WP-Super-Cache
X-DataStream-Cache-Status
X-Cache-Bucket
X-Correlation-ID
X-TA-CDN-Provider
X-B3-Spanid
X-Time
X-Cache-Enabled
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Feature
X-Render-Type
Origin-Cache-Control
X-Real-Ip
X-Nginx-Cache
Origin-Edge-Control
X-Nc
NODE
X-L-Path
X-Environment-Context
X-Varnish-Beresp-Status
RequestId
X-UA-Device-Type
X-Varnish-Beresp-Grace
X-NU-AKA-ACS-Version
X-B3-TraceId
X-Status
X-Be
X-HS-Hub-Id
X-Skip-Cache
X-Content-Type
Apicache-Store
Apicache-Version
X-WR-MODIFICATION
X-NGENIX-Cache
Access-Control-Request-Headers
Ws
X-Cache-Backend
X-EdgeConnect-Cache-Status
Xserver
X-CACHE-AGE
X-ElasticPress-Search
X-Servedby
X-Vgn-Hpd-Reason
IBM-Web2-Location
Warning
X-Via-Edge
Xc-Version
Apple-News-Services-Request-Url
X-Wix-Route-ID
X-We-Are-Hiring
X-PAYTM-SRV-ID
Apple-News-Services-Parsed-Url
AKAMAI
Apple-News-Services-Handled
Ajk
X-VG-WebServer
Apple-News-Services-Host
BehaviorPad-Version
X-Died
MD5-Digest
X-Transaction
X-Accel-Expires-Debug
X-ND-Cache
X-Application
X-A-Wwc
X-A-Dgt
X-A
X-A-Ccd
X-A-Dam
X-A-Dcw
X-ARC
X-B-Cookie
X-D
X-Date
X-Destination
X-Developer
X-Connection-Hash
X-SVT-ORM-VERSION
X-BB-ID
X-BBXSRF
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Trv-Group
Www
X-Server-Time
GMS-Ver
Host-ID
X-User
Fly-Request-Id
Fly-Cache
X-Public
Fastcgi-X-Cache
Fastcgi-X-Cache-Version
Fastly-Soc-X-Request-Id
X-Upstream-HT
X-Upstream-CT
Sta2Tusw
T-Server
Viewtype
VivaBuild
X-Twitter-Response-Tags
Resin-Trace
Memcached
Meta-Geo-Continent
X-No-Session
Cache-Prefix
X-Via-CDN
X-Haproxy-Ip
X-IN-APIGATEWAY
X-IN-SSL-APIGATEWAY
X-Haproxy-Hostname
Webserver
X-S-Cookie
X-G
X-Generated-In
X-IN-WAF
X-Planisys-CDN-Cache
X-Server-By
X-Logtrace-Id
Time
X-Rojux
X-SRCache-Key
X-Planisys-CDN-Rules
X-Fastly-Cache
X-Region-Sid
X-From
X-Planisys-CDN-TTL
X-SVT-ORM-RULES
X-Rewrite-Enabled
X-GoCache-CacheStatus
X-Rocket-Nginx-Bypass
X-NX-Host
X-Amz-Meta-Cache-Control
X-Sn-Servicetimems
X-SIPLIST1
X-Hl-Ver
X-Wikidot-Static-Cache
X-Phone
Fastly-SIE
Fastly-SWR
X-F5-Cache
UCS
Rendered-Blocks
X-Forwarded-Host
Release
NGX
Origin
X-Up
Request-Time
X-Var-Ttl
Uber-Trace-Id
Server-Int
IsBot
V-Age
X-Auto-Login
X-Cache-Expires
X-Wikidot-Backend
X-Trace-Id
X-Rebelmouse-Surrogate-Control
X-ScT
X-Cache-Host
X-Rebelmouse-Cache-Control
X-Core-Value
X-Via-NSCOPI
X-Debug-Cookies
X-Cdn-Origin
X-CS
X-Croise-Owner
X-Debug-Log
X-Cache-Ttl
X-C
X-Webkit-CSP
X-Crawler
X-Returned-From-BeforeDispatch
X-Backend-State
Server-Host
X-Cache-Control-Set-By
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Stale
X-Backend-TTL
X-Backend-Url
X-Server-IP
X-Developers
X-Bug-Bounty
Powered-By
Pramga
X-UE-Client-Country
X-Bip
Proxy-Connection
Thinkindot-Control
X-Clientip
X-Actual-URL
X-Reboot
X-Server-Group
X-Cdn-Srv
X-Location
X-Amz-Meta-S3cmd-Attrs
X-Thinkindot-L3
X-Thanos
X-Cache-Id
X-Cache-CFC
X-Cache-Debug
X-CGP
X-Backend-Host
X-TT-LOGID
Who
Ohc-Response-Time
X-ServiceProvider
X-FireWall-Port
X-Matched-Rule
On-Server
X-V
X-Frame-Option
X-Servername
Odigeo-Trace-Id
X-HCF
X-Epic-Correlation-Id
GW-Server
HA-Cloudapp
X-Returned-From-PostProcessResponse
HA-Georegion
HA-Geolon
HA-Geolat
HA-Geocity
HA-Geocountry
X-Eu-Site
Decoy-Debug-TTL
X-Request-URI
X-GeoIP-City
X-GeoIP-Country-Code
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-Varnish-HitMiss
X-Returned-From-DLL
X-Passed-To
Decoy-Debug-Status
Decoy-Debug-Key
Content-Disposition
Backend-Name
Ha-Gx-Prefs
X-MI-In-Market
HA-Host
X-DPWN-IS-SECURE
OT-Force-Account-Verify
MI-Cache
X-Platform
X-TIME
X-Passed-To-PostProcessResponse
X-Passed-To-DLL
X-Fstrz
X-Edge-IP
X-Passed-To-BeforeDispatch
HTTPS
MI-Cache-Age
HA-Servedtime
HA-Ipaddr
X-Node-Id
HA-Urlpath
X-Returned-From
X-UnsetCookies
Heartbleed
Cneonction
X-Device-Os
X-RCS-CacheZone
X-Cache-Srv
X-Fetched-On
X-Ckpd-Fst-Backend
X-Content-Age
X-Release
Adler-Geo
X-Varnish-Id
X-Gen-Mode
X-WebServer
X-Hash
X-Response-By
X-Env
Is-Eu
X-Worker
X-MSEdge-Flight
X-MSEdge-Features
X-Info
REQUESTUUID
X-VServer
Platform
Pragrma
X-Dispatcher-Server
Httpd-Identifier
X-Ruxit-Js-Agent
Esi-Enabled
X-Ver
X-Block-Status
CDCHOST
X-Cache-Time
Fastly-Backend-Name
Web-Mar-Node
PFcat
X-Core-Mission
X-Hnp-Log
NnCoection
Cache-Provider
X-Origin-Expires
X-Sorting-Hat-ShopId-Cached
X-Origin-Date
X-S-Maxage
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId-Cached
X-Sorting-Hat-Section
X-Alternate-Cache-Key
X-Served-From
Request-Country
X-Varnish-Beresp-Ttl
Request-EU
Server-ID
X-Cache-URL
X-Refresh
X-Sorting-Hat-PodId
X-Sorting-Hat-PrivacyLevel
X-ShopId
X-ShardId
Country-Code
X-Shopify-Stage
Kp-EeAlive
MI-API
X-Sorting-Hat-FeatureSet
Dnion-Transfer-Encoding
X-Req
X-COUNTRY
X-Fastcgi-Cache
X-Svr
X-P-T
NtCoent-Length
Mime-Version
X-Page-Type
Drupal-Pagecache-Memcache
X-Cache-ASPX
Processtime
X-StackifyID
X-Pjax-Url
X-Secret
X-Gannett-Site-Version
X-Pf-Uncompressing
X-Origin-TTL
Accept-Ch
X-Amz-Meta-S3b-Last-Modified
X-EC-Security-Audit
X-Oss-Storage-Class
X-Oss-Request-Id
Pagetype
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Server-Time
Ar-Sid
X-Csrf-Token
Memory
X-Amz-Meta-Sha256
Version
X-NC
SN
X-Wix-Petri-Ex
X-Varnish-Url
WebServer
Geoip-Latitude
GeoIp-Country-Code
Dont-Set-Cookie
X-Rule
Geoip-City
X-App-Version
X-LiteSpeed-Cache-Control
X-CSRF-Token
X-RateLimit-Remaining-Second
X-Kong-Upstream-Latency
X-From-Cache
X-RateLimit-Limit-Second
X-Kong-Proxy-Latency
PICS-Label
FSS-Proxy
Arc-Country
X-Yottaa-Sig
FSS-Cache
X-Load-Cache
Cteonnt-Length
X-Cache-Handler
X-Varnish-Beresp-TTL
X-Ua
PageType
Brightspot-Id
CF-IPCountry
X-Irp-Debug
MIME-Version
X-Request-Start
X-LB-Node
Cdn
X-LB-CacheStatus
X-DC
X-Ratelimit-Remaining
XServer
COMMERCE-SERVER-SOFTWARE
Sid
Edgecast
If-Modified-Since
X-ROOTCache
X-Redis-Cache
X-SERVER-NAME
X-GRACE
BORDER-IP
X-Sf
X-Endurance-Cache-Level
X-Cdn-Forward
PROCESSING-IP
X-Request-UUID
X-Fastly-Backend-Reqs
RNT-Machine
RNT-Time
X-Tid
X-Requestid
X-Ratelimit-Limit
X-Varnish-Action
X-TId
X-ServedByHost
X-Servedbyhost
X-GDPR
Powered
X-RequestId
X-Layer
X-Nananana
X-B3-SpanId
X-Resolver-IP
X-Rocket-Nginx-Serving-Static
X-Dynatrace
X-Atg-Version
Cache-Tags
Frame-Options
X-Cache-TTL
X-DataStream-MidMile-RTT
X-BE
X-DataStream-Origin-MEX-Latency
Cf-Ipcountry
Amp-Access-Control-Allow-Source-Origin
X-Fastly-Cache-Hits
Pics-Label
NodeID
CDN
CACHE
X-Gdpr
X-Tec-Api-Origin
Dynatrace
Node
X-Tec-Api-Version
X-Tec-Api-Root
X-Owner
Mail-Subject
We-Hiring
X-Key
X-UPSTREAM-Address
PageSpeed
X-HTML-Minification-Powered-By
X-Varnish-URL
X-Varnish-Ttl
X-Dynatrace-Js-Agent
X-Server-W
X-Shard
GeoIP-Country-Code
GeoIP-Latitude
GeoIP-City
Hostname
X-VG-WebCache
X-Alicdn-Da-Ups-Status
X-Use-Magma
Lfy
X-Aicache-OS
X-Ms-Version
X-Ms-Blob-Type
X-Sentry-ID
X-Ms-Lease-Status
Web-Mar-Region
X-Ms-Request-Id
ProcessTime
DataCenter
X-GZIP
X-VG-TLSProxy
Accept-CH
X-Flog
WZWS-RAY
X-ABtesting
X-GEO
X-Edge-Server
X-Powered-By-ANYU
X-PF-Uncompressing
X-Front
X-Swa-Ws
Cdn-Request-Time
True-Client-Country-4JS
URI
Cdn-Host
X-PJAX-URL
X-NGINX-Cache
X-Dw-Trace-Id
Xet-Cookie
X-Policy
X-Check-Cacheable
V-Cache
X-PAGE-TYPE
Group
X-Oa-Upstreams
GEO-REGION-INFO
Max-Age
X-CDN-Pop
Rt-Proxy-Cache
X-CDN-Pop-IP
X-Cookie
X-NWS-UUID-VERIFY
X-Vcache
Get-Access-Time
Is-Session-Tracking
X-Ms-Lease-State
X-Org
X-Unique-Id
X-Varnish-Info
N-Cache
X-M-Log
X-M-Reqid
X-Qnm-Cache
X-SB
X-VC
X-Mem
RequestUuid
X-Varnish-ID
X-Trv-Request-Id
Requestid
X-Acquia-Application-UUID
X-Akamai-ERPolicy
X-Akamai-ERRuleID
CF-Cached-On
X-Hello
X-Acquia-Application-Trace
X-Response-Served-From
X-Amzn-Remapped-Date
X-External-Request-Id
X-Amzn-Remapped-Connection
X-Proxy-Server
X-Litespeed-Tag
X-Cache-FS-Status
SID
X-DW
WS
X-DSS
X-DI
X-Fe
X-DB
X-RPM
X-RPS
X-Litespeed-Cache-Control
X-Remote-IP
X-VID
X-RAMCache
X-RSL
X-Powered-By-Defense