Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
X-Xss-Protection
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
CF-Ray
Alt-Svc
Status
X-AspNetMvc-Version
X-Cache-Status
X-DNS-Prefetch-Control
X-Check
X-Iinfo
X-Adblock-Key
X-FRAME-OPTIONS
Timing-Allow-Origin
X-CDN
X-Content-Security-Policy
X-Turbo-Charged-By
X-Permitted-Cross-Domain-Policies
P3p
Content-Encoding
X-Template
X-Language
Keep-Alive
X-Type
X-AH-Environment
X-Via
X-Request-ID
X-Cache-Group
X-Backend
WPE-Backend
X-Pass-Why
X-Age
X-Buckets
X-Server
X-Nginx-Cache-Status
Access-Control-Max-Age
X-Server-Powered-By
X-Pingback
Xkey
X-Varnish-Cache
Grace
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Expose-Headers
X-Hacker
X-UA-Device
X-Amz-Request-Id
X-Page-Speed
Cf-Railgun
X-Amz-Id-2
X-Proxy-Cache
X-Robots-Tag
EagleId
X-Envoy-Upstream-Service-Time
X-LiteSpeed-Cache
Request-Context
X-Node
X-Swift-CacheTime
X-Swift-SaveTime
X-Ac
X-Device
X-Cnection
Ali-Swift-Global-Savetime
X-Host
Content-Location
X-Amz-Version-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Server-Id
Surrogate-Control
X-WebKit-CSP
X-Backend-Server
X-Cache-Lookup
X-OneAgent-JS-Injection
X-Rack-Cache
X-Response-Time
X-Px
X-Instart-Request-ID
Request-Id
X-Readtime
Server-Timing
X-CST
X-Rq
X-Clacks-Overhead
Permitted-Cross-Domain-Policies
X-Do-Not-Hack
X-HeyJason
Pinterest-Generated-By
X-Ua-Compatible
EagleEye-TraceId
Edge-Control
X-Url
X-Cloud-Trace-Context
X-Application-Context
X-MS-InvokeApp
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country
Report-To
X-Server-Name
X-DynaTrace-JS-Agent
Charset
SPRequestGuid
X-Country-Code
Allow
X-SharePointHealthScore
X-DataDome
X-Ruxit-JS-Agent
X-ESI
Rating
X-Varnish-TTL
X-PC
X-Vname
X-TtlSet
X-Cached
X-Powered-CMS
X-Powered-By-Plesk
X-TTL
X-Recruiting
X-CF-Powered-By
X-FTR-Request-ID
NEL
X-Vhost
X-D2id
X-DynaTrace
X-Upstream-Env
Public-Key-Pins
X-Pinterest-Rid
Pinterest-Version
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Kinja-Build
X-F-Cache
X-Exp-Variant
X-Geo-Segment
X-Cdn-Fetch
X-Kinja
X-Exp-Id
X-Kinja-Server
X-Kinja-Revision
X-Version
X-N
SPRequestDuration
SPIisLatency
X-VARITI-CCR
X-T
X-Dw-Request-Base-Id
Cartoon
X-GoogleNews-Bot
X-Mod-Pagespeed
MS-Author-Via
Content-MD5
RTSS
X-Abt-Application-Version
Nginx-Cache
Feature-Policy
X-GitHub-Request-Id
Verso
AR-CACHE
AR-ATIME
AR-PoweredBy
X-Dispatcher
MicrosoftSharePointTeamServices
X-Navigation-Version
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Goog-Hash
X-Amz-Rid
X-Shield-Request-Id
X-Client-IP
X-Hits
Realpath
X-Forwarded-Proto
X-Cdn
X-Ttl
X-Trace
X-Origin-Cache
Paypal-Debug-Id
X-Server-ID
X-Content-Options
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Zen-Fury
X-Content-Digest
X-Id
X-Kinsta-Cache
AR-SID
Arr-Disable-Session-Affinity
X-Grace
TCN
X-B
DynaTrace
Alternate-Protocol
X-Varnish-Age
X-Cache-Key
Fastcgi-Cache
X-Sol
X-Upstream
MRF-Tech
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-Ser
Access-Control-Request-Method
X-Pad
X-FastCGI-Cache
X-Fastly-Request-ID
Display
X-Middleton-Display
PB-RID
PB-PID
X-Nf-Srv-Version
X-Mobile-Rewrite
X-NF-Request-ID
X-Via-JSL
X-Acc-Meta-Resource-Type
X-DIS-Request-ID
X-Vcap-Request-Id
X-User-Agent
X-Middleton-Response
Response
X-Forwarded-For
Front-End-Https
Pagespeed
Rt-Fastcgi-Cache
X-MSEdge-Ref
X-IPLB-Instance
X-SS-Set-Cookie
X-Cache-Rule
X-PressLabs-Stats
X-Frontend
Eomportal-Instance
X-Logged-In
X-Cache-Hit
Arc-Version
X-Whom
Server-Name
X-VCache
X-Hostname
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
Host
Tracecode
Surrogate-Key
X-XRDS-Location
S
Cache-Status
X-FTR-Backend
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Expires
X-FTR-Balancer
X-FTR-Realm
X-Request-Processing-Time
X-Debug
X-Analytics
Backend-Timing
X-Request-Received
X-XRDS-LOCATION
X-HS-Content-Id
X-Instance
Refresh
TP-Cache
X-AOL-HN
TP-L2-Cache
X-Contextid
X-Activity-Id
X-AppVersion
X-Az
X-Proxied
X-Magnolia-Registration
Public-Key-Pins-Report-Only
X-Rid
FilterID
X-Wix-Server-Artifact-Id
X-Srv
X-Newrelic-App-Data
X-UUID
ServerID
Server-Info
HitInfo
HitType
X-URL
X-B3-Traceid
X-HW
X-WPE-Loopback-Upstream-Addr
Liferay-Portal
X-Webkit-Csp
Cleartype
Service-Worker-Allowed
X-APP-VERSION
X-Varnish-Server
X-Mobile
X-Content-Security-Policy-Report-Only
X-NWS-LOG-UUID
X-FTR-Cache-Host
X-Varnish-Backend
AMP-Access-Control-Allow-Source-Origin
Served-By
X-Cache-Control
X-Revision
X-Amzn-Trace-Id
Source
X-Origin
X-HS-Cache-Config
X-Geo-Country
X-Cache-Server
Edge-Cache-Tag
X-Request-Guid
Host-Header
X-PHP-Backend
Server-Node
X-PC-AppVer
X-PC-Hit
X-Hail-Hydra
X-App-Environment
X-PC-Key
X-Litespeed-Cache
Retry-After
X-BCube-Filmed-By
X-RateLimit-Remaining
X-Device-Type
X-Varnish-Hostname
X-TT
MS-CV
X-Handled-By
X-Cache-Operation
X-Correlation-Id
DC
X-Tumblr-Pixel
S-Cnection
X-Tumblr-User
X-Tumblr-Pixel-0
X-Origin-Upstream-Status
X-Signature
X-Cache-Config
X-B-Cache
X-Framework
Fastly-Restarts
X-FB-Debug
Powered-By-ChinaCache
X-Cache-2
X-Page-Id
Accept-Charset
X-Origin-Server
X-Cache-Action
X-Sucuri-ID
X-TT-TIMESTAMP
X-Ocache
X-Debug-Info
Actual-Object-TTL
X-PC-Host
X-PC-Date
Viewport
X-ATG-Version
X-Shield-Cache-Expires
X-ADI-VCache
X-Hyper-Cache
X-WA-Info
NGB
X-B3-Sampled
X-Content-Powered-By
X-Accel-Expires
X-Microcachable
X-Cached-By
Upgrade-Insecure-Requests
X-Drupal-Cache-Tags
X-LB-Cache
X-Akam-SW-Version
SRV
Filters
X-Cache-NE
AsisCache
Cache
X-Generated-By
X-Yottaa-Metrics
ServedBy
X-Yottaa-Optimizations
X-FW-Type
X-FW-Hash
X-Cacheable-TTL
X-App-Server
X-Internal-Host
X-FW-Serve
X-FW-Server
X-FW-Static
X-RTag
X-S
X-RequestSource
X-Locale
X-Distil-CS
X-Tumblr-Pixel-2
X-GeoIP
X-Tumblr-Pixel-1
X-TX-ID
X-Amz-Server-Side-Encryption
Content-Style-Type
X-WebKit-CSP-Report-Only
X-Seen-By
X-Wix-Request-Id
Content-Script-Type
X-Accel-Buffering
X-Jobs
From-Origin
X-NewRelic-App-Data
X-Cluster
X-Varnish-Hits
X-Geo
X-ServedBy
X-Node-Name
X-Akamai-Edgescape
X-Sucuri-Cache
X-Varnish-Cache-Hits
X-Adobe-Loc
X-Adobe-Content
X-HS-Combine-CSS
X-Varnish-Grace
X-UA
X-RateLimit-Limit
X-Varnish-IP
X-Dns-Prefetch-Control
X-GZip
X-Platform-Server
X-GUploader-UploadID
X-CDN-Forward
X-Cache-Age
X-Vg-Webcache
X-Edge-Cache-Key
X-Edge-Cache
X-Cache-TTL-Remaining
X-Daa-Tunnel
Datacenter
X-Cache-Remote
X-Storage
X-Region
X-Mode
X-Akamai-Transformed
Cache-Tag
X-Real-IP
HostName
X-Esi
X-Amz-Replication-Status
X-Drupal-Cache-Contexts
X-Distributor
X-Kinja-Server-Push
X-Source
X-MP-GENERATED-AT
X-Is-Bot
X-Cache-Var
X-ProcessESI
X-Path-Route
X-Detected-As
X-TA-CDN-Provider
Meta-Geo
X-RemovedCookies
X-Cache-Var-Map
Load-Balancing
X-Rendered-As
Machine
X-RN-RSRV
X-Agile-Age
ServerName
X-Amz-Apigw-Id
Country
X-Amzn-RequestId
Fastly-SSL
X-Agile-Id
X-Agile
X-NCache
X-OCL
X-Cache-Category-Id
X-CDN-Cache
X-Grey
X-Web-Node
X-PCL
X-ApacheServer
X-PERF
X-Time-Microsecs
X-TWH-CORRELATION-ID
X-Upgrade-Enabled
X-BB-IP
Mn-Server-Ip
X-Akamai-Request-ID
X-Webstats-RespID
X-NodeID
X-Viewer-Country
Cache-Key
GEO-INFO
X-Proto
X-Pubstack
X-Via-Fastly
Ohc-File-Size
X-OVcl-Cache
X-Original-Request
X-OVcl
Azure-InstanceId
Azure-RegionName
Cache-Name
S-Rt
L5d-Success-Class
Backend
Azure-Version
Azure-SiteName
Azure-SlotName
X-Cache-HT
X-Amz-Meta-Surrogate-Control
X-Debug-Cache
X-EIG-Tracking-Id
X-Edge-Location
X-Human
X-Cluster-Node
X-Instance-Name
X-Port
X-Optimization
X-Labrador-Cache-Channel
X-Hosted-By
X-Generation-Time
X-LJ-Flow-ID
TWC-GeoIP-Country
X-Format
TWC-Device-Class
Property-Id
X-Routing-Service
X-Section
X-Site-Version
TWC-Connection-Speed
X-IP
TWC-Privacy
X-AWS-Id
X-App-Name
X-Meta-Tbi-Cache-Vertical
X-CCM-LastModified
X-Birta-Cache-Post
X-CCM
X-Birta-Served
X-Request-Time
X-Access
X-Origin-Hint
TWC-Locale-Group
User-Cache-Control
Webcakes-App-Name
Webcakes-Region
Webcakes-App-Version
TWC-GeoIP-LatLong
X-SplitTest
X-Xfnlog-Site
X-Www-Served-By
X-VWS-Id
X-CLOUD-TRACE-CONTEXT
X-Zipkin-Id
X-FC-Vary-Parameters
X-ServerID
X-ProxyCache-Status
X-ProxyCache-Key
X-Proxy
DB-Nickname
X-BYPASS-REASON
Healthy
LB
X-Cache-Bucket
X-Loop
X-TNCMS
Now
X-Varnish-Cacheable
Fastcgi-Useragent
Cache-Hits
X-Guploader-Uploadid
User-Agent
X-Surge-Debug
X-JoinUs
Access-Control-Allow-Method
RATING
X-Generated
X-Backend-Name
X-Tumblr-Pixel-3
X-Ezoic-Cdn
X-Render-Type
Payment
X-Tb
X-Timing-Wait
X-Proxy-Build
X-Origin-CC
Countrycode
X-Feature
X-Hit
Selected-FE
Ec-Rule-Version
X-Dc
X-Cache-Enabled
X-Time
X-Newrelic-Synthetics
X-Oneagent-Js-Injection
WP-Super-Cache
X-B3-Spanid
X-Oracle-Dms-Ecid
X-DataStream-Cache-Status
X-Oracle-Dms-Rid
Origin-Edge-Control
Origin-Cache-Control
X-Nginx-Cache
X-Unique-ID
X-Real-Ip
X-Correlation-ID
X-Nc
X-Environment-Context
X-L-Path
X-UA-Device-Type
RequestId
X-Varnish-Beresp-Grace
NODE
X-NU-AKA-ACS-Version
X-Varnish-Beresp-Status
X-CACHE-AGE
X-Skip-Cache
X-B3-TraceId
X-NGENIX-Cache
Access-Control-Request-Headers
X-Be
X-WR-MODIFICATION
X-COUNTRY
Xserver
X-Servedby
X-Content-Type
X-Vgn-Hpd-Reason
X-ElasticPress-Search
Webserver
X-EdgeConnect-Cache-Status
Time
X-Upstream-CT
X-Cache-Backend
X-Upstream-HT
Ws
X-Status
Warning
X-Application
X-Amz-Meta-Cache-Control
X-A-Wwc
X-Accel-Expires-Debug
X-Wix-Route-ID
X-VG-WebServer
X-Via-CDN
X-User
X-From
X-Trv-Group
X-Via-Edge
X-We-Are-Hiring
X-BB-ID
X-B-Cookie
X-BBXSRF
X-Cache-Host
X-Cache-Id
X-ARC
X-A-Dcw
Meta-Geo-Continent
Memcached
Cache-Prefix
BehaviorPad-Version
Apple-News-Services-Request-Url
Xc-Version
MD5-Digest
Host-ID
Fastcgi-X-Cache
Fastcgi-X-Cache-Version
Fly-Cache
Fly-Request-Id
GMS-Ver
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Www
VivaBuild
X-A
X-A-Ccd
X-Transaction
X-A-Dam
Viewtype
T-Server
AKAMAI
Apple-News-Services-Handled
Ajk
Resin-Trace
Sta2Tusw
X-A-Dgt
X-Twitter-Response-Tags
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Developer
X-Region-Sid
X-Rewrite-Enabled
X-Server-Time
X-Server-By
X-S-Cookie
X-Rojux
X-Died
X-PAYTM-SRV-ID
X-Haproxy-Hostname
Fastly-Soc-X-Request-Id
X-Generated-In
X-G
X-Haproxy-Ip
X-Logtrace-Id
X-DPWN-IS-SECURE
X-Fastly-Cache
X-No-Session
X-ND-Cache
X-Destination
X-Public
X-Connection-Hash
X-CF-Lambda-Version
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-D
X-Date
X-SRCache-Key
X-CF-Lambda-Fn
X-Webkit-CSP
X-Croise-Owner
X-Fstrz
Release
Origin
Request-Time
X-Core-Value
Fastly-SWR
Odigeo-Trace-Id
X-Cdn-Origin
NGX
IsBot
IBM-Web2-Location
X-Forwarded-Host
X-Cache-Time
X-FireWall-Port
X-Frame-Option
X-Var-Ttl
X-Up
X-NX-Host
X-Wikidot-Backend
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Trace-Id
X-Request-URI
X-Wikidot-Static-Cache
X-Debug-Log
X-ScT
X-Debug-Cookies
X-Sn-Servicetimems
X-Cache-CFC
Server-Int
X-SIPLIST1
X-F5-Cache
X-Phone
X-Cache-Expires
V-Age
UCS
Uber-Trace-Id
X-CS
Rendered-Blocks
Fastly-SIE
X-GoCache-CacheStatus
Cneonction
X-TIME
X-Varnish-Beresp-Ttl
Apicache-Store
Apicache-Version
X-Ckpd-Fst-Backend
X-Content-Age
X-Developers
X-Dispatcher-Server
X-Device-Os
X-Epic-Correlation-Id
X-GeoIP-City
X-GeoIP-Country-Code
X-Gen-Mode
X-Eu-Site
X-Env
X-CGP
X-Edge-IP
X-C
X-Amz-Meta-S3cmd-Attrs
X-Backend-Host
X-Actual-URL
Who
Thinkindot-Control
Web-Mar-Node
X-Backend-State
X-Backend-TTL
X-Cache-Ttl
X-Cache-Debug
X-Hnp-Log
X-Bug-Bounty
X-Backend-Url
X-Block-Status
X-Cdn-Srv
X-MI-In-Market
X-TT-LOGID
X-UE-Client-Country
X-Thinkindot-L3
X-StackifyID
X-ServiceProvider
X-Stale
X-UnsetCookies
X-V
X-IN-SSL-APIGATEWAY
X-IN-WAF
X-IN-APIGATEWAY
X-Worker
X-VServer
X-WebServer
X-Servername
X-Server-IP
X-Passed-To
X-Passed-To-BeforeDispatch
X-MSEdge-Flight
X-MSEdge-Features
X-Matched-Rule
Thinkindot-CacheControl-Type
X-Passed-To-DLL
X-Reboot
X-Served-From
X-Server-Group
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-Returned-From
X-Returned-From-BeforeDispatch
X-Location
X-Passed-To-PostProcessResponse
Thinkindot-CacheControl
HA-Host
HA-Ipaddr
HA-Servedtime
Heartbleed
HA-Urlpath
Pragrma
Pramga
HA-Georegion
HA-Geolon
Backend-Name
Cache-Cookie-Set-Idcheck
Proxy-Connection
Decoy-Debug-Status
Powered-By
Cache-Cookie-Set-From
MI-Cache
On-Server
MI-Cache-Age
Cache-Cookie-Set-Lfrom
Ohc-Response-Time
CDCHOST
Content-Disposition
Platform
Httpd-Identifier
HTTPS
Decoy-Debug-Key
Is-Eu
HA-Geolat
Ha-Gx-Prefs
HA-Geocity
HA-Geocountry
HA-Cloudapp
GW-Server
Fastly-Backend-Name
Esi-Enabled
Server-Host
Decoy-Debug-TTL
Adler-Geo
OT-Force-Account-Verify
X-Hash
MI-API
X-Hl-Ver
Kp-EeAlive
X-Page-Type
X-Auto-Login
X-Gannett-Site-Version
X-Fetched-On
X-Shopify-Stage
X-ShopId
X-Via-NSCOPI
Drupal-Pagecache-Memcache
X-RCS-CacheZone
X-Rocket-Nginx-Bypass
X-Node-Id
X-Sorting-Hat-PodId-Cached
X-Response-By
X-Sorting-Hat-ShopId-Cached
X-Sorting-Hat-PrivacyLevel
X-Secret
X-Sorting-Hat-ShopId
X-Release
X-Sorting-Hat-PodId
X-Varnish-Id
X-Ver
NnCoection
X-ShardId
X-Sorting-Hat-FeatureSet
X-Sorting-Hat-Section
X-S-Maxage
Request-Country
Server-ID
PFcat
X-Cache-Srv
X-Alternate-Cache-Key
REQUESTUUID
X-Core-Mission
Request-EU
X-Clientip
X-Cache-Control-Set-By
X-Origin-Expires
X-Origin-Date
NtCoent-Length
X-Crawler
X-Bip
X-Info
X-Varnish-HitMiss
X-Amz-Meta-S3b-Last-Modified
X-Cache-URL
X-Thanos
X-Svr
X-HCF
X-Platform
X-Fastcgi-Cache
Mime-Version
Dnion-Transfer-Encoding
Version
X-Req
X-Refresh
Country-Code
X-P-T
Cache-Provider
Processtime
X-Origin-TTL
X-HS-Hub-Id
X-Pf-Uncompressing
X-Oss-Object-Type
X-Oss-Server-Time
Pagetype
X-Oss-Storage-Class
Cteonnt-Length
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Kong-Upstream-Latency
Ar-Sid
X-Pjax-Url
Accept-Ch
X-Kong-Proxy-Latency
X-Yottaa-Sig
X-Amz-Meta-Sha256
Memory
X-From-Cache
X-CSRF-Token
WebServer
Arc-Country
X-EC-Security-Audit
X-App-Version
FSS-Proxy
X-Cache-ASPX
FSS-Cache
X-Csrf-Token
X-NC
GeoIp-Country-Code
X-Varnish-Url
Geoip-City
X-LiteSpeed-Cache-Control
Brightspot-Id
Geoip-Latitude
X-Irp-Debug
X-DC
X-Ruxit-Js-Agent
SN
X-Dynatrace
X-LB-Node
X-LB-CacheStatus
PageType
PICS-Label
X-Ua
X-ROOTCache
Sid
COMMERCE-SERVER-SOFTWARE
X-Redis-Cache
X-Request-Start
X-Request-UUID
CF-IPCountry
Cdn
If-Modified-Since
X-Cache-Handler
Dont-Set-Cookie
MIME-Version
X-Ratelimit-Remaining
X-Wix-Petri-Ex
X-Rule
Edgecast
X-Fastly-Backend-Reqs
X-Endurance-Cache-Level
X-Varnish-Beresp-TTL
X-SERVER-NAME
X-Load-Cache
X-Cdn-Forward
X-Varnish-Action
PROCESSING-IP
X-Atg-Version
BORDER-IP
X-GRACE
X-Requestid
X-Layer
X-TId
X-Ratelimit-Limit
X-Servedbyhost
X-ServedByHost
X-Tid
X-GDPR
X-Sf
XServer
X-RequestId
Frame-Options
Dynatrace
RNT-Time
RNT-Machine
X-Rocket-Nginx-Serving-Static
X-Nananana
X-B3-SpanId
X-Fastly-Cache-Hits
X-Resolver-IP
X-Cache-TTL
CDN
X-BE
NodeID
X-Owner
X-Key
Pics-Label
Amp-Access-Control-Allow-Source-Origin
Powered
Cf-Ipcountry
CACHE
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
Cache-Tags
X-HTML-Minification-Powered-By
Node
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
Mail-Subject
Web-Mar-Region
X-Server-W
We-Hiring
PageSpeed
DataCenter
X-Gdpr
X-Shard
X-Dynatrace-Js-Agent
X-Flog
GeoIP-City
GeoIP-Latitude
X-VG-WebCache
GeoIP-Country-Code
X-ABtesting
X-Varnish-Ttl
X-Use-Magma
X-Sentry-ID
Lfy
X-Powered-By-ANYU
WZWS-RAY
ProcessTime
X-NWS-UUID-VERIFY
X-GZIP
X-CDN-Pop-IP
X-CDN-Pop
Get-Access-Time
Is-Session-Tracking
Max-Age
Accept-CH
X-UPSTREAM-Address
X-Varnish-URL
X-Ms-Blob-Type
X-Ms-Version
X-Ms-Lease-Status
Hostname
X-Ms-Request-Id
X-GEO
X-PF-Uncompressing
X-Mem
X-NGINX-Cache
Xet-Cookie
X-Dw-Trace-Id
X-Trv-Request-Id
X-Oa-Upstreams
X-Remote-IP
X-Check-Cacheable
X-Powered-By-Defense
X-Cache-FS-Status
X-PJAX-URL
URI
X-Cookie
X-Aicache-OS
X-Unique-Id
Magicmarker
Requestid
Cdn-Request-Time
Cdn-Host
X-Alicdn-Da-Ups-Status
X-Varnish-ID
RequestUuid
X-ByteArk-Cache
X-PAGE-TYPE
X-VG-TLSProxy
X-Proxy-Server
X-Front
X-Edge-Server
X-Ms-Lease-State
True-Client-Country-4JS
X-Swa-Ws
X-DB
X-Policy
X-RSL
X-RPM
X-DSS
X-RPS
X-DI
X-DW
X-VID
X-Litespeed-Tag
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Zalando-Child-Request-Id
X-Zalando-Page-Type
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Hello
CF-Cached-On
WS
X-Fe
X-RAMCache
X-Micro-Cache
SID
X-Litespeed-Cache-Control