Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
X-Powered-By
Strict-Transport-Security
X-Content-Type-Options
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
X-Xss-Protection
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
CF-Ray
Content-Security-Policy-Report-Only
X-Generator
Alt-Svc
X-AspNetMvc-Version
Status
X-Cache-Status
X-DNS-Prefetch-Control
X-Check
X-Iinfo
X-Adblock-Key
X-FRAME-OPTIONS
Timing-Allow-Origin
X-CDN
X-Content-Security-Policy
X-Turbo-Charged-By
X-Permitted-Cross-Domain-Policies
Content-Encoding
X-Template
X-Language
Keep-Alive
X-Via
X-Type
X-AH-Environment
X-Request-ID
X-Backend
X-Cache-Group
WPE-Backend
X-Pass-Why
X-Nginx-Cache-Status
X-Buckets
X-Server
X-Age
X-Server-Powered-By
Access-Control-Max-Age
X-Pingback
Xkey
X-Varnish-Cache
Grace
Access-Control-Expose-Headers
Upgrade
X-Drupal-Dynamic-Cache
X-Hacker
X-UA-Device
X-Amz-Request-Id
P3p
X-Page-Speed
Cf-Railgun
X-Proxy-Cache
X-Amz-Id-2
EagleId
X-Robots-Tag
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Envoy-Upstream-Service-Time
Request-Context
Ali-Swift-Global-Savetime
X-Node
X-Ac
X-Device
Content-Location
X-Cnection
X-Host
X-Amz-Version-Id
X-Cache-Lookup
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Backend-Server
Surrogate-Control
X-Server-Id
X-OneAgent-JS-Injection
X-Rack-Cache
X-Instart-Request-ID
X-Px
X-CST
X-Response-Time
Request-Id
X-Readtime
Server-Timing
X-Rq
Permitted-Cross-Domain-Policies
X-HeyJason
X-Clacks-Overhead
X-Do-Not-Hack
X-Cloud-Trace-Context
X-Url
Pinterest-Generated-By
X-Ua-Compatible
EagleEye-TraceId
Edge-Control
X-Application-Context
X-Country
X-MS-InvokeApp
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Allow
Charset
X-Server-Name
SPRequestGuid
X-DynaTrace-JS-Agent
Report-To
X-Country-Code
X-SharePointHealthScore
X-DataDome
X-Varnish-TTL
X-TTL
X-Cached
X-TtlSet
X-Vname
X-PC
X-ESI
Rating
X-Ruxit-JS-Agent
X-Powered-CMS
X-Powered-By-Plesk
X-Recruiting
Public-Key-Pins
X-FTR-Request-ID
X-D2id
X-Vhost
X-Version
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Env
X-N
SPRequestDuration
X-Kinja-Build
SPIisLatency
X-Exp-Variant
X-Kinja
X-Kinja-Server
X-Geo-Segment
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Revision
MS-Author-Via
NEL
X-CF-Powered-By
X-F-Cache
X-DynaTrace
X-VARITI-CCR
X-Cdn
X-T
X-Dw-Request-Base-Id
Cartoon
X-Mod-Pagespeed
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-GoogleNews-Bot
Content-MD5
AR-PoweredBy
AR-ATIME
AR-CACHE
Nginx-Cache
RTSS
X-GitHub-Request-Id
Feature-Policy
MicrosoftSharePointTeamServices
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Abt-Application-Version
X-Shield-Request-Id
X-Server-ID
Verso
X-Amz-Rid
X-Navigation-Version
X-Dispatcher
X-Trace
X-Forwarded-Proto
X-Hits
X-Client-IP
X-Goog-Hash
Realpath
X-Origin-Cache
AR-SID
Arr-Disable-Session-Affinity
Paypal-Debug-Id
X-Kinsta-Cache
X-Zen-Fury
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Id
X-Content-Options
TCN
X-Grace
X-B
X-Content-Digest
X-Varnish-Age
Alternate-Protocol
X-Cache-Key
X-Ser
X-Sol
X-Ttl
Fastcgi-Cache
DynaTrace
X-Upstream
Access-Control-Request-Method
X-Via-JSL
X-Mrf-Item-Lastmod
MRF-Tech
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Fastly-Request-ID
X-Pad
X-Middleton-Display
Display
X-FastCGI-Cache
X-Vcap-Request-Id
X-Nf-Srv-Version
X-NF-Request-ID
X-DIS-Request-ID
PB-PID
PB-RID
X-Middleton-Response
X-IPLB-Instance
Response
X-User-Agent
X-Mobile-Rewrite
Front-End-Https
Pagespeed
Rt-Fastcgi-Cache
X-Frontend
X-Logged-In
X-SS-Set-Cookie
Eomportal-Instance
X-MSEdge-Ref
X-Cache-Rule
X-PressLabs-Stats
Server-Name
X-Whom
X-Acc-Meta-Resource-Type
X-Newrelic-App-Data
X-VCache
X-Forwarded-For
Host
X-Cache-Hit
X-Hostname
S
Tracecode
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Metageneration
X-NWS-LOG-UUID
Cache-Status
X-XRDS-LOCATION
X-Debug
Arc-Version
Liferay-Portal
X-FTR-Cache-Status
X-FTR-Balancer
X-Request-Received
X-FTR-Expires
X-FTR-Backend
X-FTR-DC
X-Country-Code-Real
X-FTR-Realm
X-Request-Processing-Time
X-FTR-Backend-Server
Surrogate-Key
X-Analytics
X-HS-Content-Id
Backend-Timing
X-XRDS-Location
X-AOL-HN
X-UUID
HitType
HitInfo
FilterID
Server-Info
X-Wix-Server-Artifact-Id
X-Magnolia-Registration
X-Instance
Public-Key-Pins-Report-Only
X-Contextid
Refresh
TP-Cache
TP-L2-Cache
ServerID
X-Rid
X-Az
X-Proxied
X-AppVersion
X-Activity-Id
X-Webkit-Csp
X-WPE-Loopback-Upstream-Addr
X-Srv
X-Content-Security-Policy-Report-Only
Service-Worker-Allowed
X-HW
Cleartype
Edge-Cache-Tag
X-HS-Cache-Config
X-Varnish-Server
X-Correlation-Id
X-B3-Traceid
AMP-Access-Control-Allow-Source-Origin
S-Cnection
X-Varnish-Backend
X-Revision
X-Origin
X-Mobile
X-FTR-Cache-Host
Served-By
Fastly-Restarts
X-Amzn-Trace-Id
Source
X-Geo-Country
X-TT
X-APP-VERSION
X-PHP-Backend
X-Framework
X-FB-Debug
X-App-Environment
X-RateLimit-Remaining
Retry-After
X-Varnish-Hostname
Powered-By-ChinaCache
X-Cache-Config
X-B-Cache
X-Sucuri-ID
X-Cache-Server
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Signature
X-Tumblr-User
X-PC-Hit
X-Request-Guid
Host-Header
X-PC-Key
X-Cache-Action
X-PC-AppVer
X-Cache-Control
Server-Node
MS-CV
Accept-Charset
X-Device-Type
X-Cache-Operation
X-Page-Id
X-Hail-Hydra
X-Cache-2
X-Origin-Upstream-Status
X-Hyper-Cache
DC
X-BCube-Filmed-By
X-TT-TIMESTAMP
X-Handled-By
X-Ocache
Actual-Object-TTL
X-ADI-VCache
X-Shield-Cache-Expires
X-Origin-Server
X-WA-Info
X-Debug-Info
Cache
X-ATG-Version
X-PC-Host
X-PC-Date
Viewport
X-Content-Powered-By
Upgrade-Insecure-Requests
NGB
X-Accel-Expires
X-Microcachable
X-Daa-Tunnel
X-LB-Cache
X-Cached-By
SRV
X-Cache-NE
X-URL
X-HS-Combine-CSS
AsisCache
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Drupal-Cache-Tags
Filters
X-Accel-Buffering
X-Cacheable-TTL
X-Generated-By
X-Akam-SW-Version
X-Jobs
X-App-Server
X-B3-Sampled
X-Amz-Server-Side-Encryption
X-Wix-Request-Id
X-GeoIP
X-S
X-WebKit-CSP-Report-Only
X-Seen-By
X-RequestSource
ServedBy
X-TX-ID
X-Sucuri-Cache
X-Akamai-Edgescape
X-Varnish-Hits
X-FW-Hash
X-Distil-CS
X-FW-Static
X-Tumblr-Pixel-1
X-Geo
X-FW-Server
X-Locale
X-Tumblr-Pixel-2
X-FW-Serve
X-RTag
X-Cluster
X-FW-Type
Content-Style-Type
X-Adobe-Loc
X-Adobe-Content
X-Internal-Host
Content-Script-Type
From-Origin
X-Varnish-IP
X-Feature
Datacenter
X-Dns-Prefetch-Control
X-Varnish-Cache-Hits
X-GZip
HostName
X-Cache-Remote
X-Varnish-Grace
X-Storage
X-Cache-Age
X-Edge-Cache-Key
X-Node-Name
X-Edge-Cache
X-Cache-TTL-Remaining
X-Vg-Webcache
X-Oneagent-Js-Injection
X-ServedBy
X-Esi
X-Platform-Server
X-Akamai-Transformed
X-Guploader-Uploadid
X-Region
X-CDN-Forward
X-UA
X-RateLimit-Limit
X-NewRelic-App-Data
X-Mode
Country
X-Cache-Bucket
Cache-Tag
X-Amz-Replication-Status
X-Distributor
X-Kinja-Server-Push
Load-Balancing
X-Amz-Apigw-Id
RATING
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
X-Amzn-RequestId
X-Agile-Id
X-Agile-Age
X-Agile
X-GUploader-UploadID
Fastly-SSL
X-Proto
ServerName
X-Source
Ohc-File-Size
X-BB-IP
X-ProcessESI
X-PERF
X-Path-Route
X-MP-GENERATED-AT
X-RemovedCookies
X-Rendered-As
X-Web-Node
X-Viewer-Country
X-Time-Microsecs
X-RN-RSRV
X-Is-Bot
X-Detected-As
GEO-INFO
X-ProxyCache-Status
X-ProxyCache-Key
X-EIG-Tracking-Id
Machine
Meta-Geo
X-Cache-Var-Map
X-Cache-Var
X-ApacheServer
Mn-Server-Ip
X-BYPASS-REASON
X-JoinUs
Cache-Hits
X-Real-IP
X-Drupal-Cache-Contexts
X-Grey
X-Optimization
X-NCache
X-Cache-HT
X-CCM
Healthy
X-Cache-Category-Id
Cache-Key
X-Akamai-Request-ID
L5d-Success-Class
Cache-Name
X-OCL
X-Debug-Cache
X-PCL
X-CDN-Cache
Backend
Now
X-Generated
X-ServerID
X-Webstats-RespID
X-Xfnlog-Site
X-Request-Time
X-TWH-CORRELATION-ID
X-Cluster-Node
X-Port
WP-Super-Cache
X-Edge-Location
X-Via-Fastly
X-Upgrade-Enabled
Azure-Version
Azure-InstanceId
Azure-RegionName
Azure-SiteName
Azure-SlotName
X-Hit
X-OVcl-Cache
X-OVcl
X-Labrador-Cache-Channel
X-TA-CDN-Provider
X-Render-Type
X-NodeID
X-Instance-Name
X-Www-Served-By
Webcakes-Region
Access-Control-Allow-Method
TWC-Connection-Speed
S-Rt
Property-Id
DB-Nickname
LB
TWC-Device-Class
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Privacy
User-Cache-Control
X-Proxy
X-Zipkin-Id
Webcakes-App-Name
Webcakes-App-Version
X-Backend-Name
X-Site-Version
X-FC-Vary-Parameters
X-Amz-Meta-Surrogate-Control
X-Surge-Debug
X-Generation-Time
X-Hosted-By
X-Origin-Hint
X-Routing-Service
X-Human
X-CCM-LastModified
Selected-FE
X-Original-Request
X-Proxy-Build
X-Varnish-Cacheable
X-App-Name
X-Timing-Wait
X-Pubstack
X-LJ-Flow-ID
X-Nginx-Cache
X-Loop
X-IP
X-Section
X-TNCMS
X-SplitTest
X-VWS-Id
X-Access
X-AWS-Id
X-Format
X-Time
Countrycode
X-Real-Ip
Fastcgi-Useragent
X-Ezoic-Cdn
X-Newrelic-Synthetics
X-Meta-Tbi-Cache-Vertical
X-Birta-Cache-Post
X-Cache-Enabled
X-Birta-Served
User-Agent
X-Tumblr-Pixel-3
X-Origin-CC
Origin-Cache-Control
Origin-Edge-Control
X-B3-TraceId
X-Dc
X-Nc
X-Tb
Xserver
X-L-Path
X-Environment-Context
Payment
Ec-Rule-Version
X-Unique-ID
X-DataStream-Cache-Status
X-Servedby
RequestId
X-UA-Device-Type
X-CACHE-AGE
X-B3-Spanid
X-Skip-Cache
X-NU-AKA-ACS-Version
X-Litespeed-Cache
Access-Control-Request-Headers
X-NGENIX-Cache
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-WR-MODIFICATION
X-Upstream-CT
X-Upstream-HT
Webserver
Time
X-Vgn-Hpd-Reason
NODE
X-EdgeConnect-Cache-Status
X-Croise-Owner
Warning
X-Cache-Ttl
X-Correlation-ID
X-Cache-Id
X-Destination
X-ElasticPress-Search
X-Died
X-Developer
X-Generated-In
X-Cache-Backend
X-DPWN-IS-SECURE
X-G
Cache-Prefix
X-A-Dam
X-A-Dcw
X-A-Ccd
X-D
X-SRCache-Key
X-A-Dgt
X-A-Wwc
X-Cache-Host
X-B-Cookie
X-ARC
X-Application
V-Age
X-A
Fly-Request-Id
X-From
Fly-Cache
Ajk
T-Server
X-S-Cookie
X-Logtrace-Id
Resin-Trace
Ws
X-Webkit-CSP
X-Status
X-Be
MD5-Digest
Xc-Version
Host-ID
X-Fstrz
X-UE-Client-Country
Request-Time
X-Debug-Log
X-Debug-Cookies
X-CS
X-Cache-Expires
X-Cache-Time
X-NX-Host
X-Request-URI
Fastcgi-X-Cache
Fastcgi-X-Cache-Version
BehaviorPad-Version
AKAMAI
X-Var-Ttl
Fastly-Soc-X-Request-Id
Memcached
X-Trv-Group
VivaBuild
X-Transaction
X-Public
Www
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Amz-Meta-Cache-Control
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Server-Time
X-Rojux
X-Server-By
X-Varnish-Beresp-Ttl
Sta2Tusw
X-Region-Sid
Viewtype
X-Rewrite-Enabled
X-BB-ID
X-PAYTM-SRV-ID
X-Via-CDN
X-Haproxy-Ip
X-CF-Lambda-Version
X-Haproxy-Hostname
X-Via-Edge
X-Connection-Hash
X-Fastly-Cache
X-We-Are-Hiring
X-Wix-Route-ID
X-ND-Cache
X-BBXSRF
X-User
X-Twitter-Response-Tags
Cneonction
X-No-Session
Meta-Geo-Continent
X-CF-Lambda-Fn
X-VG-WebServer
IBM-Web2-Location
UCS
X-Content-Type
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Server-Time
X-Dynatrace
X-StackifyID
X-Oss-Object-Type
X-Oss-Storage-Class
NGX
X-Cache-CFC
X-Hl-Ver
X-Cdn-Origin
X-IN-APIGATEWAY
X-Phone
Origin
Odigeo-Trace-Id
X-Core-Value
X-Wikidot-Static-Cache
X-GeoIP-Country-Code
X-Frame-Option
X-Forwarded-Host
GMS-Ver
Apple-News-Services-Request-Url
X-Wikidot-Backend
X-F5-Cache
X-Hash
IsBot
Apple-News-Services-Host
X-ShardId
X-ShopId
Server-Int
X-Sorting-Hat-ShopId-Cached
X-S-Maxage
X-ScT
X-Shopify-Stage
X-Sorting-Hat-PodId-Cached
X-Sorting-Hat-PodId
X-Sorting-Hat-FeatureSet
X-Sorting-Hat-ShopId
Rendered-Blocks
X-SIPLIST1
X-IN-SSL-APIGATEWAY
X-WebServer
Release
Apple-News-Services-Handled
X-Sorting-Hat-PrivacyLevel
X-Trace-Id
X-IN-WAF
X-Release
X-RCS-CacheZone
X-Via-NSCOPI
X-Sn-Servicetimems
Apple-News-Services-Parsed-Url
X-Sorting-Hat-Section
Request-Country
Request-EU
Proxy-Connection
X-Fastcgi-Cache
Dnion-Transfer-Encoding
X-Alternate-Cache-Key
Server-ID
X-Dispatcher-Server
Version
X-Device-Os
X-Auto-Login
X-C
Mime-Version
X-Yottaa-Sig
X-GeoIP-City
X-GoCache-CacheStatus
Httpd-Identifier
HTTPS
X-FireWall-Port
MI-API
MI-Cache
X-Fetched-On
Heartbleed
X-Gannett-Site-Version
X-Gen-Mode
HA-Georegion
HA-Geocity
HA-Geocountry
HA-Cloudapp
GW-Server
X-Hnp-Log
HA-Geolat
HA-Geolon
HA-Ipaddr
HA-Servedtime
HA-Host
Ha-Gx-Prefs
MI-Cache-Age
HA-Urlpath
X-Edge-IP
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Block-Status
X-Cache-Debug
X-Cache-Srv
Server-Host
Thinkindot-Control
Uber-Trace-Id
Who
X-Amz-Meta-S3cmd-Attrs
X-Backend-State
Web-Mar-Node
X-Backend-TTL
X-Cdn-Srv
X-CGP
X-Location
X-Developers
X-Env
Ohc-Response-Time
X-Epic-Correlation-Id
X-Ruxit-Js-Agent
PFcat
X-Core-Mission
Pramga
X-Ckpd-Fst-Backend
Pragrma
Powered-By
X-Content-Age
X-Eu-Site
Fastly-SIE
X-Thinkindot-L3
X-UnsetCookies
Country-Code
X-Up
X-ServiceProvider
X-Server-Group
X-Reboot
X-Response-By
X-Rocket-Nginx-Bypass
X-Matched-Rule
X-V
Kp-EeAlive
X-Info
X-Accel-Expires-Debug
X-Crawler
X-Date
X-Origin-Date
X-Origin-Expires
X-Ver
X-CSRF-Token
X-VServer
X-Page-Type
X-Rebelmouse-Surrogate-Control
X-Secret
Decoy-Debug-Key
Decoy-Debug-Status
X-Rebelmouse-Cache-Control
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Decoy-Debug-TTL
Drupal-Pagecache-Memcache
X-MI-In-Market
Fastly-SWR
X-MSEdge-Features
X-MSEdge-Flight
Esi-Enabled
Cache-Cookie-Set-From
CDCHOST
NnCoection
X-Returned-From-DLL
X-Backend-Url
X-Returned-From-PostProcessResponse
X-Passed-To-DLL
X-Worker
X-Returned-From-BeforeDispatch
X-Passed-To-PostProcessResponse
X-Returned-From
X-Backend-Host
X-Actual-URL
X-Bug-Bounty
X-Served-From
X-Servername
X-Server-IP
X-Passed-To-BeforeDispatch
X-TT-LOGID
X-Stale
X-Passed-To
X-Varnish-HitMiss
X-HCF
X-Cache-Control-Set-By
X-Node-Id
X-Varnish-Id
X-Svr
X-Clientip
On-Server
OT-Force-Account-Verify
Platform
Is-Eu
Fastly-Backend-Name
Adler-Geo
Backend-Name
REQUESTUUID
Content-Disposition
NtCoent-Length
X-App-Version
Apicache-Version
Apicache-Store
X-Amz-Meta-S3b-Last-Modified
X-Refresh
X-RateLimit-Remaining-Second
X-Platform
Cache-Provider
X-Cache-URL
X-Req
X-Bip
X-RateLimit-Limit-Second
X-Kong-Upstream-Latency
X-Thanos
Cteonnt-Length
X-Kong-Proxy-Latency
FSS-Cache
X-Origin-TTL
FSS-Proxy
X-TIME
X-LiteSpeed-Cache-Control
X-P-T
X-Varnish-Url
X-Ua
Arc-Country
Brightspot-Id
WebServer
X-Irp-Debug
Ar-Sid
X-CLOUD-TRACE-CONTEXT
X-LB-Node
X-LB-CacheStatus
Processtime
X-Pf-Uncompressing
X-Pjax-Url
X-DC
Pagetype
PageType
COMMERCE-SERVER-SOFTWARE
Accept-Ch
Sid
X-ROOTCache
X-EC-Security-Audit
Memory
X-Ratelimit-Limit
X-Amz-Meta-Sha256
X-From-Cache
X-Request-Start
X-Request-UUID
X-Cache-ASPX
Cdn
X-Endurance-Cache-Level
X-Ratelimit-Remaining
If-Modified-Since
Dynatrace
X-Atg-Version
X-Load-Cache
SN
X-Varnish-Action
X-Cdn-Forward
X-NC
X-Fastly-Backend-Reqs
PICS-Label
Edgecast
GeoIp-Country-Code
Geoip-Latitude
X-Layer
Geoip-City
X-SERVER-NAME
BORDER-IP
PROCESSING-IP
X-Redis-Cache
X-Csrf-Token
X-GRACE
X-COUNTRY
CF-IPCountry
X-GDPR
X-Rocket-Nginx-Serving-Static
X-Cache-Handler
MIME-Version
X-Varnish-Beresp-TTL
X-TId
X-Tid
X-Requestid
X-Dynatrace-Js-Agent
X-ServedByHost
Frame-Options
X-HS-Hub-Id
X-Nananana
X-B3-SpanId
Dont-Set-Cookie
X-Fastly-Cache-Hits
X-RequestId
NodeID
X-Wix-Petri-Ex
X-Servedbyhost
X-Owner
X-BE
X-Resolver-IP
X-Key
X-NWS-UUID-VERIFY
Pics-Label
X-Sf
X-Cf-Powered-By
Cf-Ipcountry
X-Rule
X-Server-W
Node
GeoIP-Latitude
RNT-Machine
RNT-Time
Web-Mar-Region
GeoIP-City
GeoIP-Country-Code
CACHE
ProcessTime
X-Cache-TTL
X-Sentry-ID
WZWS-RAY
X-HTML-Minification-Powered-By
X-ABtesting
X-Flog
CDN
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
Get-Access-Time
We-Hiring
X-DataStream-Origin-MEX-Latency
Is-Session-Tracking
X-VG-WebCache
X-Powered-By-ANYU
X-DataStream-MidMile-RTT
X-FORWARDED-FOR
Lfy
Mail-Subject
PageSpeed
X-Shard
Powered
X-CDN-Pop
X-Varnish-Ttl
Max-Age
X-CDN-Pop-IP
X-Use-Magma
X-SRV
Accept-CH
X-Mem
X-ByteArk-Cache
Cache-Tags
Amp-Access-Control-Allow-Source-Origin
XServer
X-GZIP
X-PF-Uncompressing
Magicmarker
URI
X-Cache-FS-Status
X-Check-Cacheable
X-Front
X-UPSTREAM-Address
X-Powered-By-Defense
X-PJAX-URL
X-GEO
DataCenter
X-Dw-Trace-Id
Xet-Cookie
X-Unique-Id
X-Trv-Request-Id
X-Ms-Version
X-Oa-Upstreams
X-Varnish-URL
X-Ms-Request-Id
X-Zalando-Page-Type
X-Gdpr
X-Micro-Cache
X-Zalando-Child-Request-Id
X-Remote-IP
X-Ms-Lease-Status
X-Ms-Blob-Type
X-Cookie
Group
V-Cache
X-SB
Rt-Proxy-Cache
X-Varnish-ID
X-Safe-Firewall
RequestUuid
X-Fe
N-Cache
X-PARISIEN-Cache-Rendered
X-VarnCache
X-Proxy-Server
X-PAGE-TYPE
X-HGenerator
X-VarnPar1
X-VC
Requestid
X-VarnPar2
X-Aicache-OS
Hostname
X-NGINX-Cache
WS
SID
X-ProxyCache-Args
X-RAMCache
X-M-Log
X-Hello
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Acquia-Application-UUID
CF-Cached-On
X-Qnm-Cache
X-Alicdn-Da-Ups-Status
X-Litespeed-Tag
X-Acquia-Application-Trace
X-M-Reqid
WWW-Authenticate