Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
X-Xss-Protection
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
X-Generator
Content-Security-Policy-Report-Only
Alt-Svc
Status
X-AspNetMvc-Version
X-Cache-Status
X-DNS-Prefetch-Control
X-Check
P3p
X-Iinfo
X-Adblock-Key
X-FRAME-OPTIONS
X-CDN
Timing-Allow-Origin
X-Content-Security-Policy
X-Permitted-Cross-Domain-Policies
X-Turbo-Charged-By
Content-Encoding
X-Template
X-Language
Keep-Alive
X-Type
X-AH-Environment
X-Via
CF-Ray
X-Cache-Group
X-Backend
X-Request-ID
WPE-Backend
X-Pass-Why
X-Buckets
X-Age
X-Server
X-Nginx-Cache-Status
Access-Control-Max-Age
X-Server-Powered-By
X-Pingback
Xkey
X-Varnish-Cache
Grace
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Expose-Headers
X-Hacker
X-UA-Device
X-Amz-Request-Id
Cf-Railgun
X-Page-Speed
X-Amz-Id-2
X-Proxy-Cache
X-Robots-Tag
EagleId
X-Envoy-Upstream-Service-Time
Request-Context
X-Node
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Ac
X-Device
X-Cnection
Ali-Swift-Global-Savetime
X-Host
Content-Location
X-Amz-Version-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Server-Id
X-WebKit-CSP
Surrogate-Control
X-Backend-Server
X-OneAgent-JS-Injection
X-Cache-Lookup
X-Rack-Cache
X-Response-Time
X-Px
X-Instart-Request-ID
Request-Id
X-Readtime
Server-Timing
X-CST
X-Rq
X-Clacks-Overhead
Pinterest-Generated-By
Permitted-Cross-Domain-Policies
X-Do-Not-Hack
X-HeyJason
X-Url
EagleEye-TraceId
X-Ua-Compatible
Edge-Control
X-Application-Context
X-Cloud-Trace-Context
X-Country
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-MS-InvokeApp
Report-To
X-Server-Name
Charset
X-DynaTrace-JS-Agent
SPRequestGuid
X-Country-Code
Allow
X-ESI
X-DataDome
X-SharePointHealthScore
X-Ruxit-JS-Agent
Rating
X-Varnish-TTL
X-Vname
X-TtlSet
X-PC
X-Cached
X-Powered-CMS
X-Powered-By-Plesk
X-Recruiting
X-CF-Powered-By
X-DynaTrace
X-TTL
X-FTR-Request-ID
NEL
X-Vhost
X-D2id
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
Public-Key-Pins
X-Upstream-Env
X-Pinterest-Rid
Pinterest-Version
X-Cdn-Fetch
X-Kinja
X-Exp-Id
X-Kinja-Server
X-Kinja-Build
X-Kinja-Revision
X-Exp-Variant
X-Geo-Segment
X-F-Cache
X-Version
X-T
X-N
Cartoon
X-VARITI-CCR
X-GoogleNews-Bot
SPRequestDuration
SPIisLatency
X-Dw-Request-Base-Id
X-Mod-Pagespeed
Content-MD5
X-Abt-Application-Version
MS-Author-Via
RTSS
Nginx-Cache
Verso
Feature-Policy
X-GitHub-Request-Id
X-Dispatcher
X-Navigation-Version
X-Goog-Hash
X-Ttl
X-SRCache-Fetch-Status
MicrosoftSharePointTeamServices
X-SRCache-Store-Status
X-Client-IP
AR-PoweredBy
X-Amz-Rid
AR-ATIME
AR-CACHE
Realpath
X-Hits
X-Forwarded-Proto
X-Shield-Request-Id
X-Origin-Cache
X-Cdn
X-Trace
Paypal-Debug-Id
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Content-Options
X-Content-Digest
X-Id
X-Server-ID
X-Kinsta-Cache
X-Zen-Fury
DynaTrace
TCN
X-B
Arr-Disable-Session-Affinity
X-Grace
AR-SID
Alternate-Protocol
X-Varnish-Age
Fastcgi-Cache
X-Sol
X-Cache-Key
X-Upstream
Mrf-Cache-Status
X-Mrf-Item-Lastmod
MRF-Tech
X-Mrf-Section-Lastmod
Access-Control-Request-Method
X-Ser
X-Pad
PB-RID
Display
PB-PID
X-Middleton-Display
X-Fastly-Request-ID
X-Acc-Meta-Resource-Type
X-Mobile-Rewrite
X-Nf-Srv-Version
X-FastCGI-Cache
X-NF-Request-ID
X-Via-JSL
X-DIS-Request-ID
X-User-Agent
X-Middleton-Response
Response
X-Vcap-Request-Id
X-MSEdge-Ref
X-Forwarded-For
Front-End-Https
Rt-Fastcgi-Cache
X-Cache-Rule
Eomportal-Instance
Pagespeed
X-Frontend
X-PressLabs-Stats
Arc-Version
X-SS-Set-Cookie
X-IPLB-Instance
X-Logged-In
X-Cache-Hit
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Storage-Class
X-VCache
Server-Name
X-Whom
X-Hostname
Host
Surrogate-Key
S
X-XRDS-Location
Tracecode
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Expires
X-FTR-Realm
X-FTR-Backend
X-FTR-DC
X-FTR-Backend-Server
X-Country-Code-Real
X-Request-Processing-Time
X-Request-Received
X-Analytics
Cache-Status
Backend-Timing
X-Debug
X-HS-Content-Id
TP-Cache
X-AOL-HN
TP-L2-Cache
X-Instance
X-Magnolia-Registration
Refresh
X-Litespeed-Cache
X-Activity-Id
X-Proxied
X-AppVersion
X-Az
X-Rid
ServerID
X-Contextid
Public-Key-Pins-Report-Only
X-Wix-Server-Artifact-Id
FilterID
X-XRDS-LOCATION
X-Srv
X-HW
X-UUID
HitInfo
HitType
Server-Info
Cleartype
X-WPE-Loopback-Upstream-Addr
X-B3-Traceid
Liferay-Portal
X-Webkit-Csp
X-Newrelic-App-Data
X-FTR-Cache-Host
AMP-Access-Control-Allow-Source-Origin
X-Content-Security-Policy-Report-Only
X-Varnish-Server
X-Mobile
Service-Worker-Allowed
X-APP-VERSION
Served-By
X-Varnish-Backend
X-Cache-Control
X-Origin-Upstream-Status
X-Revision
X-Cache-Server
X-Amzn-Trace-Id
Source
X-PHP-Backend
X-BCube-Filmed-By
X-TT
X-Hail-Hydra
X-NWS-LOG-UUID
Server-Node
X-Correlation-Id
MS-CV
X-Tumblr-Pixel
X-Tumblr-Pixel-0
Host-Header
X-Device-Type
X-App-Environment
X-Geo-Country
X-Tumblr-User
Accept-Charset
X-PC-AppVer
X-PC-Key
X-Framework
X-RateLimit-Remaining
X-Cache-2
Retry-After
DC
X-Handled-By
X-Varnish-Hostname
X-Cache-Operation
X-PC-Hit
X-B-Cache
X-Signature
Powered-By-ChinaCache
X-Request-Guid
X-Cache-Config
X-FB-Debug
X-Origin
S-Cnection
Edge-Cache-Tag
X-HS-Cache-Config
X-Page-Id
X-Origin-Server
Fastly-Restarts
X-URL
X-Cache-Action
X-Debug-Info
Viewport
X-TT-TIMESTAMP
X-Sucuri-ID
X-ATG-Version
X-Ocache
X-B3-Sampled
X-PC-Date
X-PC-Host
X-Hyper-Cache
Actual-Object-TTL
X-NewRelic-App-Data
X-Cached-By
X-WA-Info
NGB
X-Shield-Cache-Expires
X-ADI-VCache
X-Content-Powered-By
X-Microcachable
X-Drupal-Cache-Tags
X-LB-Cache
X-Akam-SW-Version
X-Accel-Expires
Upgrade-Insecure-Requests
X-Cache-NE
SRV
AsisCache
Filters
X-Generated-By
X-App-Server
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Internal-Host
X-Distil-CS
X-FW-Serve
Cache
X-RequestSource
X-RTag
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-FW-Static
X-FW-Type
X-FW-Server
ServedBy
X-WebKit-CSP-Report-Only
X-FW-Hash
X-Wix-Request-Id
X-Cacheable-TTL
Content-Style-Type
Content-Script-Type
X-Seen-By
X-GeoIP
X-Accel-Buffering
X-Jobs
X-Locale
X-TX-ID
X-Cluster
X-Amz-Server-Side-Encryption
X-S
X-Geo
X-Varnish-Hits
X-Cache-Age
X-Node-Name
From-Origin
X-Akamai-Edgescape
X-ServedBy
X-RateLimit-Limit
X-Adobe-Content
X-Adobe-Loc
Datacenter
X-Varnish-Grace
X-Varnish-Cache-Hits
X-Sucuri-Cache
X-Platform-Server
X-Varnish-IP
X-GZip
X-UA
X-HS-Combine-CSS
X-GUploader-UploadID
X-Vg-Webcache
X-Dns-Prefetch-Control
X-Cache-TTL-Remaining
X-CLOUD-TRACE-CONTEXT
X-CDN-Forward
Cache-Tag
X-Edge-Cache
X-Edge-Cache-Key
X-Storage
X-Cache-Remote
X-Mode
X-Akamai-Transformed
X-Region
X-Drupal-Cache-Contexts
X-Real-IP
X-Daa-Tunnel
X-Amz-Replication-Status
X-Source
X-Distributor
HostName
Meta-Geo
X-Cache-Var
X-Cache-Var-Map
Load-Balancing
X-Detected-As
X-RemovedCookies
X-RN-RSRV
X-ProcessESI
X-Is-Bot
X-Rendered-As
Machine
X-MP-GENERATED-AT
X-Path-Route
X-Guploader-Uploadid
X-NCache
X-Proxy
X-Amzn-RequestId
X-Amz-Apigw-Id
ServerName
X-Akamai-Request-ID
X-ApacheServer
X-TWH-CORRELATION-ID
X-Cache-Category-Id
Ohc-File-Size
X-Viewer-Country
X-Upgrade-Enabled
Cache-Key
X-Time-Microsecs
X-Grey
Fastly-SSL
X-OCL
GEO-INFO
X-Kinja-Server-Push
Mn-Server-Ip
X-PERF
X-PCL
Country
X-Agile-Id
Azure-InstanceId
Azure-RegionName
X-CDN-Cache
X-BB-IP
L5d-Success-Class
Azure-SiteName
X-Amz-Meta-Surrogate-Control
X-Agile-Age
X-Agile
X-EIG-Tracking-Id
X-FC-Vary-Parameters
Azure-SlotName
X-NodeID
X-OVcl
X-OVcl-Cache
X-Proto
X-Debug-Cache
X-Via-Fastly
X-Webstats-RespID
X-Web-Node
Azure-Version
Backend
Property-Id
X-ProxyCache-Status
Webcakes-App-Version
TWC-Device-Class
TWC-Connection-Speed
X-Varnish-Cacheable
TWC-Privacy
X-ServerID
TWC-Locale-Group
S-Rt
Webcakes-App-Name
TWC-GeoIP-LatLong
Webcakes-Region
TWC-GeoIP-Country
X-CCM-LastModified
X-Port
X-Original-Request
X-Pubstack
X-Routing-Service
X-Section
X-Origin-Hint
X-Optimization
X-Generation-Time
X-Format
X-Human
X-Instance-Name
X-LJ-Flow-ID
X-SplitTest
X-VWS-Id
X-Cache-HT
X-BYPASS-REASON
X-AWS-Id
X-App-Name
X-ProxyCache-Key
Now
X-CCM
X-Xfnlog-Site
X-Www-Served-By
X-Zipkin-Id
X-Cluster-Node
X-Edge-Location
X-Access
Healthy
Cache-Name
User-Agent
LB
DB-Nickname
X-Birta-Cache-Post
Access-Control-Allow-Method
Fastcgi-Useragent
Cache-Hits
X-JoinUs
X-Site-Version
X-Hosted-By
X-Backend-Name
X-Meta-Tbi-Cache-Vertical
X-Labrador-Cache-Channel
User-Cache-Control
X-Birta-Served
X-TNCMS
X-Loop
Countrycode
Selected-FE
X-Generated
X-Timing-Wait
X-Proxy-Build
X-IP
X-Dc
X-Request-Time
Payment
X-Tumblr-Pixel-3
X-Tb
X-Surge-Debug
RATING
X-Cache-Bucket
X-Time
X-Esi
X-Origin-CC
X-Ezoic-Cdn
X-Hit
Ec-Rule-Version
WP-Super-Cache
X-DataStream-Cache-Status
X-Real-Ip
X-Cache-Enabled
X-Unique-ID
X-TA-CDN-Provider
X-Render-Type
X-Nc
X-Newrelic-Synthetics
X-Oneagent-Js-Injection
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-B3-TraceId
Origin-Edge-Control
Origin-Cache-Control
X-Nginx-Cache
X-B3-Spanid
X-Feature
X-UA-Device-Type
X-Correlation-ID
X-L-Path
RequestId
X-Environment-Context
X-NU-AKA-ACS-Version
X-Varnish-Beresp-Grace
X-Skip-Cache
X-Varnish-Beresp-Status
Xserver
NODE
X-Servedby
X-NGENIX-Cache
X-Status
Access-Control-Request-Headers
X-WR-MODIFICATION
X-Content-Type
X-Be
X-CACHE-AGE
X-Vgn-Hpd-Reason
X-EdgeConnect-Cache-Status
X-ElasticPress-Search
Ws
Webserver
Apicache-Version
Time
Apicache-Store
X-Upstream-CT
X-Upstream-HT
Warning
VivaBuild
X-A
Www
Host-ID
BehaviorPad-Version
Cache-Prefix
Fastcgi-X-Cache
Fastcgi-X-Cache-Version
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Ajk
AKAMAI
Apple-News-Services-Handled
Apple-News-Services-Host
Fastly-Soc-X-Request-Id
Fly-Cache
Meta-Geo-Continent
Resin-Trace
Sta2Tusw
T-Server
Memcached
MD5-Digest
Fly-Request-Id
GMS-Ver
X-A-Ccd
Viewtype
X-Died
X-S-Cookie
X-Rojux
X-Server-By
X-Server-Time
X-SRCache-Key
X-Rewrite-Enabled
X-Region-Sid
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Public
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Via-Edge
X-We-Are-Hiring
X-Wix-Route-ID
Xc-Version
X-Via-CDN
X-VG-WebServer
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
X-User
X-PAYTM-SRV-ID
X-No-Session
X-BBXSRF
X-BB-ID
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Connection-Hash
X-B-Cookie
X-ARC
X-A-Dcw
X-A-Dgt
X-Accel-Expires-Debug
X-Application
X-D
X-Date
X-Haproxy-Hostname
X-Haproxy-Ip
X-Logtrace-Id
X-ND-Cache
X-Generated-In
X-G
X-Destination
X-Developer
X-Fastly-Cache
X-From
X-A-Dam
X-A-Wwc
X-Cache-Backend
X-HS-Hub-Id
X-GoCache-CacheStatus
IBM-Web2-Location
X-Fastcgi-Cache
X-Core-Value
Request-Time
X-Forwarded-Host
Release
X-Fstrz
X-Cdn-Origin
X-CS
Rendered-Blocks
X-Trace-Id
X-Wikidot-Static-Cache
X-F5-Cache
X-ScT
Fastly-SIE
UCS
V-Age
X-Rebelmouse-Surrogate-Control
Server-Int
X-Wikidot-Backend
X-Rebelmouse-Cache-Control
X-NX-Host
X-IN-APIGATEWAY
X-SIPLIST1
X-Up
X-Cache-Expires
X-Request-URI
X-Debug-Log
X-Phone
NGX
X-Debug-Cookies
IsBot
X-Var-Ttl
X-Amz-Meta-Cache-Control
X-IN-WAF
X-IN-SSL-APIGATEWAY
Fastly-SWR
X-Cache-Id
Origin
X-Cache-Host
X-DPWN-IS-SECURE
X-Sn-Servicetimems
X-Webkit-CSP
X-Cache-Ttl
OT-Force-Account-Verify
X-C
On-Server
X-Amz-Meta-S3cmd-Attrs
X-Server-Group
X-Cache-Time
Powered-By
X-ServiceProvider
X-UnsetCookies
X-Backend-Host
X-Block-Status
X-Bug-Bounty
MI-Cache-Age
X-Cache-Debug
X-Backend-Url
Ohc-Response-Time
Odigeo-Trace-Id
X-Backend-TTL
X-Croise-Owner
Pramga
X-Server-IP
X-Matched-Rule
X-UE-Client-Country
MI-Cache
X-Node-Id
Uber-Trace-Id
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-TT-LOGID
Web-Mar-Node
X-Ckpd-Fst-Backend
X-CGP
Proxy-Connection
X-Thinkindot-L3
Who
Server-Host
X-RCS-CacheZone
X-Content-Age
Thinkindot-Control
X-Device-Os
Decoy-Debug-Key
Decoy-Debug-Status
Content-Disposition
CDCHOST
Cache-Cookie-Set-Lfrom
Decoy-Debug-TTL
X-Served-From
X-Worker
X-Eu-Site
X-Auto-Login
Esi-Enabled
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-Rocket-Nginx-Bypass
X-Hnp-Log
X-Via-NSCOPI
Cneonction
X-GeoIP-Country-Code
X-GeoIP-City
X-Frame-Option
Backend-Name
X-Hl-Ver
X-Gen-Mode
X-Epic-Correlation-Id
X-FireWall-Port
HA-Ipaddr
HA-Host
Ha-Gx-Prefs
HA-Geolon
X-WebServer
X-Cache-CFC
Heartbleed
HA-Urlpath
HA-Servedtime
HTTPS
X-Developers
HA-Georegion
HA-Geolat
GW-Server
X-MI-In-Market
X-VServer
HA-Geocity
HA-Cloudapp
HA-Geocountry
X-V
X-Dispatcher-Server
X-Reboot
X-Shopify-Stage
X-Returned-From-BeforeDispatch
X-Release
X-Returned-From
X-Hash
X-ShardId
X-Core-Mission
X-Fetched-On
X-Edge-IP
X-Env
X-Origin-Date
X-Servername
X-Cache-Srv
X-ShopId
X-Returned-From-PostProcessResponse
X-Cdn-Srv
X-Returned-From-DLL
Server-ID
Httpd-Identifier
X-Origin-Expires
Fastly-Backend-Name
X-Bip
X-Varnish-Id
Is-Eu
Platform
PFcat
Kp-EeAlive
X-Clientip
X-Crawler
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Thanos
X-Platform
Adler-Geo
X-Passed-To
X-Info
Pragrma
X-Ver
X-Sorting-Hat-PodId-Cached
X-Sorting-Hat-PrivacyLevel
Request-Country
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Actual-URL
X-Backend-State
X-Sorting-Hat-FeatureSet
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId-Cached
X-Sorting-Hat-Section
REQUESTUUID
X-Location
X-Stale
Request-EU
X-TIME
NnCoection
Mime-Version
X-Response-By
X-Varnish-Beresp-Ttl
Country-Code
X-HCF
X-Varnish-HitMiss
X-Cache-URL
X-MSEdge-Features
X-Cache-Control-Set-By
X-S-Maxage
X-Refresh
X-Page-Type
NtCoent-Length
X-MSEdge-Flight
X-StackifyID
X-Req
MI-API
X-Secret
Cache-Provider
Drupal-Pagecache-Memcache
X-Gannett-Site-Version
X-P-T
X-Svr
Processtime
X-App-Version
X-Amz-Meta-S3b-Last-Modified
X-Pjax-Url
X-Oss-Object-Type
X-COUNTRY
X-Origin-TTL
Dnion-Transfer-Encoding
X-Oss-Storage-Class
X-Oss-Server-Time
X-Csrf-Token
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
Version
X-Pf-Uncompressing
X-Cache-ASPX
Accept-Ch
X-Amz-Meta-Sha256
Pagetype
Memory
Ar-Sid
X-EC-Security-Audit
X-Varnish-Url
WebServer
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Cteonnt-Length
X-Ua
X-Wix-Petri-Ex
X-NC
X-Yottaa-Sig
GeoIp-Country-Code
Geoip-Latitude
X-GRACE
X-From-Cache
Geoip-City
X-LiteSpeed-Cache-Control
SN
Arc-Country
FSS-Proxy
FSS-Cache
X-Ruxit-Js-Agent
Dont-Set-Cookie
X-Rule
Brightspot-Id
X-Irp-Debug
PageType
COMMERCE-SERVER-SOFTWARE
X-CSRF-Token
X-LB-CacheStatus
PICS-Label
X-LB-Node
X-Varnish-Beresp-TTL
X-Cache-Handler
Cdn
X-Load-Cache
X-Cdn-Forward
Sid
X-Redis-Cache
CF-IPCountry
X-Request-Start
X-ROOTCache
X-DC
X-Ratelimit-Remaining
X-Endurance-Cache-Level
MIME-Version
If-Modified-Since
X-Request-UUID
Edgecast
X-SERVER-NAME
X-Sf
PROCESSING-IP
X-Requestid
BORDER-IP
X-Fastly-Backend-Reqs
X-TId
X-GDPR
X-Varnish-Action
X-Servedbyhost
RNT-Machine
RNT-Time
XServer
X-Ratelimit-Limit
X-Layer
X-ServedByHost
X-Tid
X-B3-SpanId
X-Dynatrace
X-Atg-Version
X-RequestId
X-Nananana
X-BE
Frame-Options
X-Resolver-IP
X-Rocket-Nginx-Serving-Static
Powered
X-Cache-TTL
X-Fastly-Cache-Hits
Cache-Tags
Pics-Label
Cf-Ipcountry
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
CDN
PageSpeed
Amp-Access-Control-Allow-Source-Origin
Node
NodeID
CACHE
X-Key
X-Owner
Dynatrace
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
GeoIP-Latitude
GeoIP-City
We-Hiring
Mail-Subject
X-Server-W
X-Gdpr
X-HTML-Minification-Powered-By
GeoIP-Country-Code
Web-Mar-Region
X-Varnish-Ttl
X-Dynatrace-Js-Agent
X-UPSTREAM-Address
X-VG-WebCache
X-Shard
X-Ms-Lease-Status
X-Ms-Request-Id
X-Use-Magma
X-Ms-Version
X-Ms-Blob-Type
Accept-CH
X-Varnish-URL
WZWS-RAY
Lfy
Hostname
X-ABtesting
X-Flog
X-Sentry-ID
ProcessTime
DataCenter
X-GZIP
X-PF-Uncompressing
X-Alicdn-Da-Ups-Status
X-Aicache-OS
X-Powered-By-ANYU
X-GEO
X-CDN-Pop
Get-Access-Time
Is-Session-Tracking
X-CDN-Pop-IP
Max-Age
True-Client-Country-4JS
X-VG-TLSProxy
URI
X-Dw-Trace-Id
X-NGINX-Cache
Xet-Cookie
X-NWS-UUID-VERIFY
X-CACHE-KEY
X-Policy
X-Swa-Ws
X-Front
X-Edge-Server
X-PJAX-URL
Cdn-Host
Cdn-Request-Time
X-Trv-Request-Id
X-Cookie
X-Mem
X-Oa-Upstreams
X-Check-Cacheable
X-Unique-Id
Requestid
X-Remote-IP
X-PAGE-TYPE
X-Ms-Lease-State
X-Org
Rt-Proxy-Cache
GEO-REGION-INFO
X-Varnish-ID
X-Powered-By-Defense
RequestUuid
X-Cache-FS-Status
V-Cache
Group
X-VID
X-Proxy-Server
X-RSL
X-RPS
CF-Cached-On
X-Litespeed-Tag
SID
Magicmarker
X-RPM
X-SB
X-VC
X-Acquia-Application-Trace
X-Litespeed-Cache-Control
X-RAMCache
X-Akamai-ERPolicy
X-Fe
X-Akamai-ERRuleID
X-Acquia-Application-UUID
X-DB
WS
X-DW
X-DSS
X-DI
X-Hello