Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
X-Xss-Protection
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
Alt-Svc
Status
X-AspNetMvc-Version
X-Cache-Status
X-DNS-Prefetch-Control
X-Check
P3p
X-Iinfo
X-Adblock-Key
X-FRAME-OPTIONS
X-CDN
Timing-Allow-Origin
X-Content-Security-Policy
X-Permitted-Cross-Domain-Policies
X-Turbo-Charged-By
Content-Encoding
X-Template
X-Language
Keep-Alive
X-Type
X-AH-Environment
X-Via
CF-Ray
X-Cache-Group
X-Backend
WPE-Backend
X-Request-ID
X-Pass-Why
X-Buckets
X-Age
X-Server
X-Nginx-Cache-Status
Access-Control-Max-Age
X-Server-Powered-By
X-Pingback
Xkey
X-Varnish-Cache
Grace
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Expose-Headers
X-Hacker
X-UA-Device
X-Amz-Request-Id
Cf-Railgun
X-Page-Speed
X-Amz-Id-2
X-Proxy-Cache
X-Robots-Tag
EagleId
X-Envoy-Upstream-Service-Time
Request-Context
X-Node
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Ac
X-Device
X-Cnection
X-Host
Ali-Swift-Global-Savetime
Content-Location
X-Amz-Version-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Server-Id
X-WebKit-CSP
Surrogate-Control
X-Backend-Server
X-Cache-Lookup
X-OneAgent-JS-Injection
X-Rack-Cache
X-Response-Time
X-Px
X-Instart-Request-ID
Request-Id
Server-Timing
X-CST
X-Readtime
X-Rq
X-Clacks-Overhead
Pinterest-Generated-By
X-HeyJason
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
X-Url
EagleEye-TraceId
X-Ua-Compatible
Edge-Control
X-Application-Context
X-Cloud-Trace-Context
X-Country
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-MS-InvokeApp
Report-To
X-Server-Name
Charset
X-DynaTrace-JS-Agent
SPRequestGuid
X-Country-Code
Allow
X-ESI
X-DataDome
X-SharePointHealthScore
Rating
X-Varnish-TTL
X-Ruxit-JS-Agent
X-TtlSet
X-Vname
X-PC
X-Cached
X-Powered-CMS
X-Recruiting
X-Powered-By-Plesk
X-FTR-Request-ID
X-CF-Powered-By
X-DynaTrace
X-Vhost
X-D2id
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
NEL
Pinterest-Version
X-Upstream-Env
X-Pinterest-Rid
Public-Key-Pins
X-TTL
X-F-Cache
X-Geo-Segment
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-Kinja-Server
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-Version
X-T
X-N
X-VARITI-CCR
Cartoon
SPRequestDuration
SPIisLatency
X-GoogleNews-Bot
X-Dw-Request-Base-Id
X-Mod-Pagespeed
X-Ttl
Content-MD5
RTSS
MS-Author-Via
Nginx-Cache
X-Abt-Application-Version
Feature-Policy
Verso
X-GitHub-Request-Id
X-Dispatcher
X-Navigation-Version
X-Goog-Hash
MicrosoftSharePointTeamServices
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Client-IP
AR-ATIME
AR-CACHE
AR-PoweredBy
X-Amz-Rid
X-Hits
X-Forwarded-Proto
Realpath
X-Shield-Request-Id
X-Origin-Cache
X-Cdn
X-Trace
Paypal-Debug-Id
X-Content-Options
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Id
X-Zen-Fury
X-Grace
X-Content-Digest
X-Kinsta-Cache
X-Server-ID
DynaTrace
TCN
X-B
Arr-Disable-Session-Affinity
AR-SID
Alternate-Protocol
X-Varnish-Age
X-Cache-Key
X-Sol
Fastcgi-Cache
X-Upstream
MRF-Tech
X-Mrf-Item-Lastmod
Mrf-Cache-Status
Access-Control-Request-Method
X-Mrf-Section-Lastmod
X-Ser
Display
X-Pad
X-Middleton-Display
X-Fastly-Request-ID
X-Acc-Meta-Resource-Type
PB-PID
PB-RID
X-Mobile-Rewrite
X-NF-Request-ID
X-FastCGI-Cache
X-Nf-Srv-Version
X-Via-JSL
X-DIS-Request-ID
X-Vcap-Request-Id
Response
X-Middleton-Response
X-User-Agent
X-Forwarded-For
Front-End-Https
X-MSEdge-Ref
X-Cache-Rule
Rt-Fastcgi-Cache
Eomportal-Instance
X-PressLabs-Stats
X-Frontend
Pagespeed
Arc-Version
X-Logged-In
X-Cache-Hit
X-IPLB-Instance
X-SS-Set-Cookie
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Storage-Class
X-VCache
Server-Name
X-Whom
X-Hostname
Host
Surrogate-Key
X-XRDS-Location
S
Tracecode
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Realm
X-Country-Code-Real
X-FTR-Expires
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Balancer
X-Request-Received
X-Request-Processing-Time
Cache-Status
Backend-Timing
X-Analytics
X-Debug
X-HS-Content-Id
TP-Cache
X-AOL-HN
X-Instance
TP-L2-Cache
X-Magnolia-Registration
X-Contextid
Refresh
X-AppVersion
X-Proxied
X-Rid
X-Az
X-Activity-Id
X-Litespeed-Cache
FilterID
ServerID
X-Wix-Server-Artifact-Id
Public-Key-Pins-Report-Only
X-XRDS-LOCATION
X-Srv
X-HW
X-UUID
Server-Info
HitInfo
HitType
Cleartype
X-WPE-Loopback-Upstream-Addr
X-B3-Traceid
X-Webkit-Csp
X-Newrelic-App-Data
Liferay-Portal
X-FTR-Cache-Host
Service-Worker-Allowed
X-Content-Security-Policy-Report-Only
X-Varnish-Server
X-Mobile
X-APP-VERSION
Served-By
X-Cache-Control
X-Varnish-Backend
X-Revision
AMP-Access-Control-Allow-Source-Origin
Source
X-Origin-Upstream-Status
X-Amzn-Trace-Id
X-Cache-Server
Server-Node
Host-Header
X-PHP-Backend
X-NWS-LOG-UUID
X-PC-Key
X-PC-AppVer
X-Geo-Country
X-TT
X-Request-Guid
X-App-Environment
X-Hail-Hydra
X-PC-Hit
MS-CV
Retry-After
X-BCube-Filmed-By
Accept-Charset
X-Correlation-Id
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Cache-Operation
X-Cache-2
X-RateLimit-Remaining
X-Handled-By
X-Varnish-Hostname
X-Framework
X-Device-Type
DC
Powered-By-ChinaCache
X-Page-Id
X-B-Cache
X-FB-Debug
X-Signature
X-Cache-Config
Edge-Cache-Tag
S-Cnection
X-HS-Cache-Config
X-Origin
X-Origin-Server
X-URL
X-Cache-Action
Fastly-Restarts
X-ATG-Version
Viewport
X-Debug-Info
X-Sucuri-ID
X-TT-TIMESTAMP
X-Ocache
X-PC-Date
X-PC-Host
X-B3-Sampled
Actual-Object-TTL
X-Hyper-Cache
X-Cached-By
X-NewRelic-App-Data
X-WA-Info
NGB
X-ADI-VCache
X-Shield-Cache-Expires
X-Content-Powered-By
X-Microcachable
X-Akam-SW-Version
X-Accel-Expires
X-LB-Cache
X-Drupal-Cache-Tags
Upgrade-Insecure-Requests
Filters
X-Cache-NE
SRV
AsisCache
X-Generated-By
X-Yottaa-Optimizations
ServedBy
X-Yottaa-Metrics
X-App-Server
X-FW-Serve
X-Cacheable-TTL
X-FW-Hash
X-Tumblr-Pixel-1
X-FW-Type
X-FW-Static
Cache
X-Locale
X-WebKit-CSP-Report-Only
X-Tumblr-Pixel-2
X-FW-Server
X-RequestSource
X-Distil-CS
X-RTag
Content-Style-Type
Content-Script-Type
X-Seen-By
X-Wix-Request-Id
X-GeoIP
X-Internal-Host
X-Jobs
X-Accel-Buffering
X-S
X-Cluster
X-TX-ID
X-Amz-Server-Side-Encryption
X-Geo
X-Node-Name
X-Cache-Age
X-Varnish-Hits
From-Origin
X-Varnish-Grace
X-RateLimit-Limit
X-ServedBy
X-Akamai-Edgescape
X-Varnish-Cache-Hits
X-Varnish-IP
Datacenter
X-Adobe-Content
X-Sucuri-Cache
X-Adobe-Loc
X-GZip
X-Platform-Server
X-Vg-Webcache
X-HS-Combine-CSS
X-GUploader-UploadID
X-UA
X-Dns-Prefetch-Control
X-Cache-TTL-Remaining
X-CLOUD-TRACE-CONTEXT
X-Oneagent-Js-Injection
X-Edge-Cache-Key
X-CDN-Forward
X-Edge-Cache
Cache-Tag
X-Akamai-Transformed
X-Storage
X-Mode
X-Cache-Remote
X-Region
X-Daa-Tunnel
X-Real-IP
X-Drupal-Cache-Contexts
X-Amz-Replication-Status
X-Source
HostName
X-Distributor
X-Detected-As
X-Cache-Var-Map
Load-Balancing
X-RN-RSRV
X-Path-Route
X-ProcessESI
X-RemovedCookies
Meta-Geo
X-Is-Bot
Machine
X-Rendered-As
X-MP-GENERATED-AT
X-Cache-Var
Fastly-SSL
X-Proxy
ServerName
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Guploader-Uploadid
X-NCache
X-Viewer-Country
Mn-Server-Ip
X-PERF
X-Time-Microsecs
X-TWH-CORRELATION-ID
X-Web-Node
X-CDN-Cache
Cache-Key
Ohc-File-Size
X-OCL
GEO-INFO
X-Webstats-RespID
X-Kinja-Server-Push
X-PCL
X-Upgrade-Enabled
X-Grey
X-Agile-Id
X-Agile-Age
X-ApacheServer
X-Agile
X-Cache-Category-Id
X-BB-IP
Azure-SiteName
Azure-SlotName
Azure-Version
X-Debug-Cache
Azure-RegionName
S-Rt
X-NodeID
Backend
Azure-InstanceId
X-Cluster-Node
X-Original-Request
X-Amz-Meta-Surrogate-Control
X-Human
X-Via-Fastly
X-Instance-Name
X-Edge-Location
X-OVcl-Cache
X-Proto
X-OVcl
X-EIG-Tracking-Id
X-Akamai-Request-ID
L5d-Success-Class
Country
X-AWS-Id
X-App-Name
X-Cache-HT
X-Access
X-CCM
X-Generation-Time
X-Format
X-CCM-LastModified
Webcakes-Region
Webcakes-App-Version
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
TWC-GeoIP-LatLong
TWC-Locale-Group
Webcakes-App-Name
User-Cache-Control
TWC-Privacy
X-Hosted-By
X-IP
X-BYPASS-REASON
X-Zipkin-Id
X-Xfnlog-Site
X-Www-Served-By
X-FC-Vary-Parameters
X-ProxyCache-Key
X-Varnish-Cacheable
X-ServerID
X-ProxyCache-Status
X-VWS-Id
X-SplitTest
X-Origin-Hint
X-Optimization
X-LJ-Flow-ID
X-Port
X-Pubstack
X-Site-Version
X-Section
X-Routing-Service
Property-Id
Now
Healthy
DB-Nickname
LB
User-Agent
Cache-Name
Cache-Hits
X-Birta-Cache-Post
X-Birta-Served
X-Backend-Name
Access-Control-Allow-Method
X-Meta-Tbi-Cache-Vertical
X-Labrador-Cache-Channel
X-JoinUs
Fastcgi-Useragent
X-Loop
X-TNCMS
X-Proxy-Build
X-Timing-Wait
X-Dc
Selected-FE
Countrycode
X-Generated
X-Tumblr-Pixel-3
X-Tb
X-Request-Time
Payment
X-Surge-Debug
RATING
X-Cache-Bucket
Ec-Rule-Version
X-Ezoic-Cdn
X-Esi
X-Time
X-Origin-CC
X-Hit
X-Real-Ip
X-DataStream-Cache-Status
WP-Super-Cache
X-Cache-Enabled
X-Unique-ID
X-Newrelic-Synthetics
X-TA-CDN-Provider
X-Render-Type
X-Nc
X-B3-TraceId
Origin-Edge-Control
X-Oracle-Dms-Ecid
Origin-Cache-Control
X-Oracle-Dms-Rid
X-Feature
X-Nginx-Cache
X-B3-Spanid
X-UA-Device-Type
RequestId
X-L-Path
X-Correlation-ID
X-Environment-Context
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-NU-AKA-ACS-Version
X-Servedby
Xserver
NODE
X-Skip-Cache
X-NGENIX-Cache
X-Content-Type
X-Status
X-WR-MODIFICATION
Access-Control-Request-Headers
X-Be
X-Vgn-Hpd-Reason
X-CACHE-AGE
Ws
Webserver
X-EdgeConnect-Cache-Status
X-Cache-Backend
X-ElasticPress-Search
X-Upstream-CT
X-Upstream-HT
Apicache-Store
Time
Warning
Apicache-Version
X-Logtrace-Id
X-ND-Cache
X-Fastly-Cache
X-Haproxy-Ip
X-Haproxy-Hostname
X-From
X-G
X-GoCache-CacheStatus
X-Generated-In
IBM-Web2-Location
Fastly-Soc-X-Request-Id
MD5-Digest
Memcached
X-A-Wwc
Meta-Geo-Continent
X-Accel-Expires-Debug
X-Application
X-BB-ID
Host-ID
X-B-Cookie
X-ARC
X-A-Dgt
X-A-Dcw
Viewtype
Resin-Trace
T-Server
Sta2Tusw
VivaBuild
Www
X-A-Dam
X-A-Ccd
X-A
X-BBXSRF
GMS-Ver
BehaviorPad-Version
X-Died
Cache-Prefix
X-Developer
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
AKAMAI
Apple-News-Services-Handled
Apple-News-Services-Host
X-Destination
X-Date
Fly-Request-Id
X-Connection-Hash
X-CF-Lambda-Version
X-CF-Lambda-Fn
Fly-Cache
X-No-Session
X-D
Fastcgi-X-Cache
Fastcgi-X-Cache-Version
Ajk
X-PAYTM-SRV-ID
X-Transaction
X-We-Are-Hiring
X-Fastcgi-Cache
X-Trv-Group
X-Twitter-Response-Tags
X-Via-CDN
X-Via-Edge
X-Region-Sid
X-Rewrite-Enabled
X-Rojux
X-Server-Time
X-SVT-ORM-RULES
X-SRCache-Key
X-HS-Hub-Id
X-SVT-ORM-VERSION
X-S-Cookie
X-Wix-Route-ID
X-Server-By
X-VG-WebServer
Xc-Version
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-User
X-Public
X-Planisys-CDN-TTL
X-IN-WAF
Server-Int
X-Amz-Meta-Cache-Control
X-Up
X-Cdn-Origin
X-DPWN-IS-SECURE
X-Trace-Id
V-Age
X-SIPLIST1
X-Var-Ttl
X-Debug-Log
IsBot
X-Core-Value
X-Phone
X-ScT
X-Wikidot-Static-Cache
X-Debug-Cookies
Request-Time
X-CS
X-Wikidot-Backend
X-Cache-Id
X-Forwarded-Host
X-NX-Host
UCS
Origin
X-Sn-Servicetimems
X-Fstrz
Release
X-IN-SSL-APIGATEWAY
X-IN-APIGATEWAY
X-Cache-Host
Rendered-Blocks
NGX
X-F5-Cache
X-Cache-Expires
X-Request-URI
X-Cache-Ttl
X-C
OT-Force-Account-Verify
X-Webkit-CSP
X-Backend-Host
X-Backend-TTL
X-Backend-Url
X-Backend-State
X-Stale
X-Actual-URL
X-UE-Client-Country
X-Block-Status
Uber-Trace-Id
Who
Web-Mar-Node
X-VServer
Thinkindot-Control
Thinkindot-CacheControl
X-Amz-Meta-S3cmd-Attrs
X-V
X-Thinkindot-L3
X-WebServer
X-UnsetCookies
X-Croise-Owner
X-Rebelmouse-Surrogate-Control
X-Gen-Mode
X-GeoIP-City
X-GeoIP-Country-Code
X-Hl-Ver
X-Frame-Option
X-Eu-Site
X-FireWall-Port
X-Reboot
X-Rebelmouse-Cache-Control
X-RCS-CacheZone
X-Via-NSCOPI
X-Passed-To-PostProcessResponse
X-Passed-To-DLL
X-Passed-To-BeforeDispatch
X-Rocket-Nginx-Bypass
X-MI-In-Market
X-Hnp-Log
X-Location
X-Matched-Rule
X-Auto-Login
X-Returned-From
X-CGP
X-Ckpd-Fst-Backend
X-Server-IP
X-Server-Group
X-ServiceProvider
X-Cdn-Srv
X-Cache-CFC
X-Cache-Debug
X-Cache-Time
X-Content-Age
X-Passed-To
X-Env
X-Epic-Correlation-Id
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Returned-From-PostProcessResponse
X-Edge-IP
X-Developers
X-Device-Os
X-Worker
X-Bug-Bounty
Thinkindot-CacheControl-Type
HA-Georegion
Ha-Gx-Prefs
HA-Geolon
HA-Geolat
HA-Geocountry
HA-Host
HA-Ipaddr
Httpd-Identifier
Decoy-Debug-Status
Heartbleed
HA-Urlpath
HA-Servedtime
HA-Geocity
HA-Cloudapp
Fastly-Backend-Name
Fastly-SIE
Esi-Enabled
Decoy-Debug-Key
Decoy-Debug-TTL
Fastly-SWR
CDCHOST
GW-Server
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Cneonction
HTTPS
MI-Cache-Age
Pramga
Odigeo-Trace-Id
Ohc-Response-Time
Powered-By
Proxy-Connection
MI-Cache
Server-Host
X-Ruxit-Js-Agent
X-Servername
X-Dispatcher-Server
X-Served-From
X-Fetched-On
X-Sorting-Hat-PodId
Backend-Name
X-Sorting-Hat-FeatureSet
X-Shopify-Stage
X-Platform
X-HCF
X-ShopId
X-ShardId
Content-Disposition
X-Response-By
X-Origin-Date
X-Origin-Expires
X-TT-LOGID
X-Cache-Control-Set-By
X-Hash
X-Ver
X-Node-Id
X-Sorting-Hat-ShopId-Cached
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId-Cached
X-Varnish-Id
X-Clientip
X-Sorting-Hat-PrivacyLevel
X-Release
X-Sorting-Hat-Section
X-Crawler
X-Info
PFcat
Pragrma
X-Cache-Srv
On-Server
Kp-EeAlive
X-Alternate-Cache-Key
Request-Country
X-Varnish-HitMiss
Server-ID
X-Core-Mission
Request-EU
REQUESTUUID
Mime-Version
X-TIME
NnCoection
X-S-Maxage
Country-Code
X-Refresh
NtCoent-Length
X-Bip
X-Page-Type
X-MSEdge-Flight
Adler-Geo
Platform
X-Thanos
Is-Eu
X-MSEdge-Features
X-Varnish-Beresp-Ttl
X-StackifyID
Drupal-Pagecache-Memcache
X-P-T
X-Gannett-Site-Version
X-Cache-URL
MI-API
Cache-Provider
X-Req
X-Secret
X-Svr
X-App-Version
Processtime
X-Amz-Meta-S3b-Last-Modified
X-Pjax-Url
X-COUNTRY
X-Csrf-Token
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Origin-TTL
Dnion-Transfer-Encoding
X-Pf-Uncompressing
Version
X-Cache-ASPX
Accept-Ch
Memory
Pagetype
Ar-Sid
X-Amz-Meta-Sha256
X-EC-Security-Audit
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
WebServer
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
SN
X-Varnish-Url
X-Wix-Petri-Ex
X-Ua
X-Yottaa-Sig
Cteonnt-Length
X-NC
FSS-Cache
X-From-Cache
GeoIp-Country-Code
X-LiteSpeed-Cache-Control
Geoip-City
Arc-Country
Geoip-Latitude
FSS-Proxy
X-Rule
Dont-Set-Cookie
PageType
Brightspot-Id
X-Irp-Debug
X-Cache-Handler
X-Varnish-Beresp-TTL
COMMERCE-SERVER-SOFTWARE
X-CSRF-Token
X-LB-Node
X-LB-CacheStatus
PICS-Label
Cdn
X-Cdn-Forward
X-Load-Cache
X-Request-Start
X-DC
X-ROOTCache
Sid
CF-IPCountry
X-Redis-Cache
X-Endurance-Cache-Level
X-Ratelimit-Remaining
MIME-Version
X-Request-UUID
Edgecast
If-Modified-Since
X-SERVER-NAME
X-Requestid
X-GRACE
X-Sf
PROCESSING-IP
X-Fastly-Backend-Reqs
BORDER-IP
X-GDPR
X-TId
RNT-Machine
RNT-Time
X-Varnish-Action
XServer
X-Ratelimit-Limit
X-Layer
X-ServedByHost
X-Tid
X-Servedbyhost
X-B3-SpanId
X-RequestId
Amp-Access-Control-Allow-Source-Origin
X-Dynatrace
X-Atg-Version
X-Nananana
X-BE
Frame-Options
X-Rocket-Nginx-Serving-Static
X-Resolver-IP
Powered
X-Cache-TTL
PageSpeed
Cf-Ipcountry
Pics-Label
Cache-Tags
X-Fastly-Cache-Hits
X-DataStream-MidMile-RTT
CDN
X-DataStream-Origin-MEX-Latency
NodeID
Node
CACHE
X-Owner
X-Key
X-Tec-Api-Root
Dynatrace
X-Tec-Api-Version
X-Tec-Api-Origin
X-Gdpr
GeoIP-City
We-Hiring
GeoIP-Latitude
Mail-Subject
X-HTML-Minification-Powered-By
GeoIP-Country-Code
X-Server-W
X-VG-WebCache
X-Dynatrace-Js-Agent
X-UPSTREAM-Address
X-Shard
Web-Mar-Region
X-Varnish-Ttl
X-Ms-Version
X-Ms-Blob-Type
X-Use-Magma
X-Ms-Lease-Status
X-Ms-Request-Id
WZWS-RAY
Accept-CH
X-ABtesting
X-Varnish-URL
X-Sentry-ID
Hostname
X-Flog
Lfy
X-GZIP
ProcessTime
DataCenter
X-Aicache-OS
X-PF-Uncompressing
X-Powered-By-ANYU
X-Alicdn-Da-Ups-Status
X-CDN-Pop-IP
X-GEO
Is-Session-Tracking
True-Client-Country-4JS
X-VG-TLSProxy
Max-Age
X-CDN-Pop
URI
Get-Access-Time
X-Dw-Trace-Id
X-NGINX-Cache
X-NWS-UUID-VERIFY
Xet-Cookie
X-Trv-Request-Id
X-Mem
X-PJAX-URL
Cdn-Request-Time
Cdn-Host
X-Oa-Upstreams
X-Policy
X-Swa-Ws
X-Front
X-Cookie
X-Check-Cacheable
X-Edge-Server
X-Unique-Id
X-Org
Requestid
Rt-Proxy-Cache
X-Varnish-ID
X-Ms-Lease-State
GEO-REGION-INFO
X-Remote-IP
X-Cache-FS-Status
X-PAGE-TYPE
RequestUuid
X-Powered-By-Defense
Group
V-Cache
Magicmarker
X-Hello
CF-Cached-On
X-RSL
X-VID
X-Akamai-ERRuleID
X-VC
X-SB
X-RPS
X-Akamai-ERPolicy
X-ServerName
X-Acquia-Application-Trace
X-Proxy-Server
SID
X-Litespeed-Cache-Control
X-Fe
X-RAMCache
X-Litespeed-Tag
X-DB
WS
X-Acquia-Application-UUID
X-DW
X-DSS
X-DI
X-RPM