Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
ETag
CF-RAY
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
X-Xss-Protection
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
CF-Ray
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
Alt-Svc
Status
X-AspNetMvc-Version
X-Cache-Status
X-DNS-Prefetch-Control
X-Check
X-Iinfo
X-FRAME-OPTIONS
X-Adblock-Key
Timing-Allow-Origin
X-CDN
X-Content-Security-Policy
X-Turbo-Charged-By
X-Permitted-Cross-Domain-Policies
P3p
Content-Encoding
X-Template
X-Language
Keep-Alive
X-Type
X-AH-Environment
X-Via
X-Request-ID
X-Cache-Group
X-Backend
WPE-Backend
X-Pass-Why
X-Age
X-Buckets
X-Server
X-Nginx-Cache-Status
Access-Control-Max-Age
X-Server-Powered-By
X-Pingback
Xkey
X-Varnish-Cache
Grace
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Expose-Headers
X-Hacker
X-UA-Device
X-Amz-Request-Id
X-Page-Speed
Cf-Railgun
X-Amz-Id-2
X-Proxy-Cache
X-Robots-Tag
EagleId
X-Envoy-Upstream-Service-Time
X-LiteSpeed-Cache
Request-Context
X-Node
X-Swift-CacheTime
X-Swift-SaveTime
X-Ac
X-Device
X-Cnection
Ali-Swift-Global-Savetime
X-Host
Content-Location
X-Amz-Version-Id
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Server-Id
Surrogate-Control
X-WebKit-CSP
X-Backend-Server
X-Cache-Lookup
X-OneAgent-JS-Injection
X-Rack-Cache
X-Response-Time
X-Instart-Request-ID
X-Px
Request-Id
X-Readtime
X-CST
Server-Timing
X-Rq
X-Clacks-Overhead
X-Do-Not-Hack
X-HeyJason
Permitted-Cross-Domain-Policies
Pinterest-Generated-By
X-Ua-Compatible
EagleEye-TraceId
Edge-Control
X-Url
X-Cloud-Trace-Context
X-Application-Context
X-MS-InvokeApp
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country
Report-To
X-Server-Name
X-DynaTrace-JS-Agent
Charset
SPRequestGuid
Allow
X-Country-Code
X-SharePointHealthScore
X-DataDome
X-Ruxit-JS-Agent
X-ESI
Rating
X-Varnish-TTL
X-PC
X-TtlSet
X-Vname
X-Cached
X-Powered-CMS
X-Powered-By-Plesk
X-TTL
X-Recruiting
X-CF-Powered-By
X-FTR-Request-ID
NEL
X-Vhost
X-D2id
X-DynaTrace
Pinterest-Version
X-Upstream-Env
X-Pinterest-Rid
Public-Key-Pins
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Kinja-Build
X-Kinja-Server
X-Exp-Id
X-Kinja
X-Exp-Variant
X-Geo-Segment
X-Cdn-Fetch
X-Kinja-Revision
X-Version
X-F-Cache
X-N
SPRequestDuration
SPIisLatency
X-VARITI-CCR
X-T
X-Dw-Request-Base-Id
X-GoogleNews-Bot
Cartoon
X-Mod-Pagespeed
MS-Author-Via
Content-MD5
RTSS
X-Abt-Application-Version
Nginx-Cache
Feature-Policy
X-GitHub-Request-Id
Verso
AR-CACHE
AR-PoweredBy
AR-ATIME
MicrosoftSharePointTeamServices
X-Dispatcher
X-Navigation-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Goog-Hash
X-Amz-Rid
X-Shield-Request-Id
X-Client-IP
X-Hits
Realpath
X-Forwarded-Proto
X-Cdn
X-Ttl
X-Trace
X-Origin-Cache
Paypal-Debug-Id
X-Server-ID
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Content-Options
X-Zen-Fury
X-Content-Digest
X-Id
X-Grace
X-Kinsta-Cache
Arr-Disable-Session-Affinity
TCN
AR-SID
X-B
DynaTrace
Alternate-Protocol
X-Varnish-Age
X-Cache-Key
Fastcgi-Cache
X-Sol
X-Upstream
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-Ser
X-Mrf-Section-Lastmod
MRF-Tech
Access-Control-Request-Method
X-Pad
X-FastCGI-Cache
X-Fastly-Request-ID
Display
X-Middleton-Display
PB-RID
PB-PID
X-Mobile-Rewrite
X-NF-Request-ID
X-Nf-Srv-Version
X-Via-JSL
X-Acc-Meta-Resource-Type
X-DIS-Request-ID
X-Vcap-Request-Id
X-User-Agent
X-Middleton-Response
Response
X-Forwarded-For
Front-End-Https
X-IPLB-Instance
X-MSEdge-Ref
Pagespeed
Rt-Fastcgi-Cache
X-Cache-Rule
X-SS-Set-Cookie
X-Frontend
X-PressLabs-Stats
Eomportal-Instance
X-Logged-In
X-Cache-Hit
Arc-Version
Server-Name
X-Whom
X-VCache
X-Hostname
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Generation
Host
Tracecode
Surrogate-Key
X-XRDS-Location
Cache-Status
X-FTR-DC
X-FTR-Expires
X-FTR-Cache-Status
X-Country-Code-Real
S
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Realm
X-Request-Processing-Time
X-Analytics
X-Request-Received
Backend-Timing
X-Debug
X-XRDS-LOCATION
X-HS-Content-Id
Refresh
X-Instance
X-AOL-HN
X-Contextid
X-Magnolia-Registration
TP-L2-Cache
TP-Cache
X-Activity-Id
X-Proxied
X-Az
X-AppVersion
Public-Key-Pins-Report-Only
X-Rid
FilterID
X-Srv
X-Wix-Server-Artifact-Id
ServerID
X-Newrelic-App-Data
X-UUID
HitType
HitInfo
Server-Info
X-URL
X-B3-Traceid
X-WPE-Loopback-Upstream-Addr
X-HW
Liferay-Portal
X-Webkit-Csp
Cleartype
Service-Worker-Allowed
X-APP-VERSION
X-Varnish-Server
X-Mobile
X-Content-Security-Policy-Report-Only
X-NWS-LOG-UUID
X-FTR-Cache-Host
AMP-Access-Control-Allow-Source-Origin
X-Varnish-Backend
Served-By
X-Cache-Control
X-Revision
X-Geo-Country
X-HS-Cache-Config
Source
X-Origin
X-Cache-Server
Edge-Cache-Tag
X-PC-Key
X-PC-Hit
X-Hail-Hydra
Host-Header
Retry-After
Server-Node
X-Amzn-Trace-Id
X-App-Environment
X-PC-AppVer
X-Litespeed-Cache
X-PHP-Backend
X-Request-Guid
X-Varnish-Hostname
X-TT
X-Handled-By
X-BCube-Filmed-By
X-Device-Type
MS-CV
X-RateLimit-Remaining
X-Correlation-Id
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Cache-Operation
X-Tumblr-User
S-Cnection
DC
X-Cache-Config
X-Framework
X-B-Cache
X-Signature
Fastly-Restarts
X-Origin-Upstream-Status
X-FB-Debug
X-Cache-2
Powered-By-ChinaCache
X-Page-Id
Accept-Charset
X-Origin-Server
X-Cache-Action
X-TT-TIMESTAMP
X-Sucuri-ID
X-Ocache
X-Debug-Info
X-PC-Host
X-PC-Date
Actual-Object-TTL
Viewport
X-Shield-Cache-Expires
X-ATG-Version
X-ADI-VCache
X-Hyper-Cache
NGB
X-WA-Info
X-Content-Powered-By
X-B3-Sampled
X-Microcachable
X-Accel-Expires
X-Cached-By
X-Drupal-Cache-Tags
Upgrade-Insecure-Requests
X-LB-Cache
X-Akam-SW-Version
SRV
X-Cache-NE
Filters
AsisCache
Cache
X-Generated-By
X-Yottaa-Metrics
ServedBy
X-Yottaa-Optimizations
X-FW-Type
X-Locale
X-FW-Static
X-FW-Server
X-Internal-Host
X-Cacheable-TTL
X-RequestSource
X-App-Server
X-S
X-FW-Hash
X-RTag
X-FW-Serve
X-WebKit-CSP-Report-Only
X-Wix-Request-Id
Content-Script-Type
Content-Style-Type
X-GeoIP
X-Tumblr-Pixel-2
X-TX-ID
X-Seen-By
X-Amz-Server-Side-Encryption
X-Distil-CS
X-Tumblr-Pixel-1
X-Jobs
X-Accel-Buffering
X-Varnish-Hits
X-Cluster
From-Origin
X-NewRelic-App-Data
X-Geo
X-ServedBy
X-Node-Name
X-Akamai-Edgescape
X-Sucuri-Cache
X-Adobe-Content
X-Adobe-Loc
X-HS-Combine-CSS
X-Varnish-Cache-Hits
X-Varnish-Grace
X-RateLimit-Limit
X-Varnish-IP
X-UA
X-Dns-Prefetch-Control
X-GZip
X-GUploader-UploadID
X-Platform-Server
X-Cache-Age
X-CDN-Forward
X-Vg-Webcache
X-Edge-Cache
X-Daa-Tunnel
X-Edge-Cache-Key
X-Cache-TTL-Remaining
Datacenter
X-Cache-Remote
X-Storage
X-Region
X-Mode
X-Akamai-Transformed
X-Real-IP
Cache-Tag
HostName
X-Esi
X-Drupal-Cache-Contexts
X-Amz-Replication-Status
X-Distributor
X-Source
X-Kinja-Server-Push
Load-Balancing
X-RN-RSRV
X-MP-GENERATED-AT
X-Is-Bot
X-Detected-As
X-Rendered-As
X-RemovedCookies
X-TA-CDN-Provider
X-Path-Route
X-ProcessESI
X-Cache-Var
X-Cache-Var-Map
Machine
Meta-Geo
Fastly-SSL
X-NCache
ServerName
Country
X-NodeID
X-Time-Microsecs
X-OCL
Cache-Key
Mn-Server-Ip
X-PERF
X-PCL
X-Agile
X-BB-IP
X-ApacheServer
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Agile-Id
X-Agile-Age
X-TWH-CORRELATION-ID
X-Viewer-Country
X-Web-Node
X-Webstats-RespID
X-Akamai-Request-ID
GEO-INFO
S-Rt
Ohc-File-Size
X-Amz-Meta-Surrogate-Control
X-Cache-Category-Id
X-CDN-Cache
X-Cache-HT
L5d-Success-Class
Cache-Name
Azure-SiteName
Azure-RegionName
Azure-SlotName
Azure-Version
Backend
X-Cluster-Node
X-Debug-Cache
X-OVcl-Cache
X-OVcl
X-Proto
X-Pubstack
X-Port
X-Via-Fastly
X-Original-Request
X-Optimization
X-EIG-Tracking-Id
X-Edge-Location
X-Grey
X-Human
X-Instance-Name
Azure-InstanceId
X-Upgrade-Enabled
TWC-GeoIP-Country
TWC-Device-Class
TWC-GeoIP-LatLong
TWC-Locale-Group
User-Cache-Control
TWC-Privacy
TWC-Connection-Speed
X-Meta-Tbi-Cache-Vertical
X-Section
X-Site-Version
X-Routing-Service
X-Request-Time
Property-Id
X-Origin-Hint
X-LJ-Flow-ID
Webcakes-App-Name
X-AWS-Id
X-App-Name
X-CCM-LastModified
X-CCM
X-Birta-Served
X-Birta-Cache-Post
X-Format
X-Generation-Time
Webcakes-Region
Webcakes-App-Version
X-Access
X-Labrador-Cache-Channel
X-Hosted-By
X-IP
X-CLOUD-TRACE-CONTEXT
X-SplitTest
X-Zipkin-Id
X-ProxyCache-Status
X-Xfnlog-Site
X-ProxyCache-Key
X-Proxy
X-FC-Vary-Parameters
X-BYPASS-REASON
X-ServerID
DB-Nickname
X-VWS-Id
LB
Healthy
X-Www-Served-By
X-Cache-Bucket
X-TNCMS
X-Varnish-Cacheable
Now
Cache-Hits
Fastcgi-Useragent
X-Loop
X-Guploader-Uploadid
User-Agent
X-Surge-Debug
Access-Control-Allow-Method
X-JoinUs
X-Generated
RATING
X-Backend-Name
X-Tumblr-Pixel-3
X-Tb
Payment
X-Render-Type
X-Timing-Wait
X-Feature
X-Origin-CC
X-Proxy-Build
X-Hit
Selected-FE
Countrycode
X-Ezoic-Cdn
Ec-Rule-Version
X-Cache-Enabled
X-Time
X-Dc
X-Newrelic-Synthetics
X-Oneagent-Js-Injection
WP-Super-Cache
X-DataStream-Cache-Status
X-B3-Spanid
X-Oracle-Dms-Rid
X-Unique-ID
X-Nginx-Cache
X-Real-Ip
X-Oracle-Dms-Ecid
X-Nc
Origin-Cache-Control
X-Correlation-ID
X-L-Path
Origin-Edge-Control
X-Environment-Context
RequestId
X-UA-Device-Type
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-CACHE-AGE
NODE
X-NU-AKA-ACS-Version
X-B3-TraceId
X-Skip-Cache
X-NGENIX-Cache
X-Be
X-COUNTRY
Access-Control-Request-Headers
X-WR-MODIFICATION
X-Servedby
Xserver
X-Vgn-Hpd-Reason
X-Content-Type
X-ElasticPress-Search
Webserver
X-Cache-Backend
X-Upstream-CT
X-Upstream-HT
Time
X-EdgeConnect-Cache-Status
Warning
Ws
Resin-Trace
Memcached
T-Server
Sta2Tusw
X-Accel-Expires-Debug
Fly-Cache
Meta-Geo-Continent
X-A-Dgt
VivaBuild
X-Logtrace-Id
Www
X-A
Fastly-Soc-X-Request-Id
X-A-Ccd
X-A-Dam
Fastcgi-X-Cache-Version
X-ND-Cache
X-A-Dcw
Viewtype
X-A-Wwc
X-Application
X-BBXSRF
X-Cache-Host
X-Cache-Id
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
X-BB-ID
Apple-News-Services-Host
X-Developer
BehaviorPad-Version
X-CF-Lambda-Version
X-No-Session
Cache-Prefix
X-CF-Lambda-Fn
X-Died
GMS-Ver
X-DPWN-IS-SECURE
AKAMAI
Ajk
X-B-Cookie
X-Connection-Hash
Fastcgi-X-Cache
X-ARC
Fly-Request-Id
MD5-Digest
X-Amz-Meta-Cache-Control
X-D
X-Date
X-G
X-From
X-Fastly-Cache
X-Destination
X-Generated-In
Host-ID
X-Haproxy-Hostname
X-Haproxy-Ip
X-Planisys-CDN-Cache
X-Rojux
X-Server-By
X-Server-Time
X-Via-Edge
X-Rewrite-Enabled
Xc-Version
X-Wix-Route-ID
X-We-Are-Hiring
X-Via-CDN
X-SRCache-Key
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
X-Status
X-User
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-VG-WebServer
X-Region-Sid
X-S-Cookie
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Public
X-PAYTM-SRV-ID
X-Croise-Owner
X-Webkit-CSP
X-Cache-Time
X-Cache-CFC
X-Cache-Expires
X-ScT
X-NX-Host
X-CS
X-Debug-Cookies
X-Core-Value
Fastly-SIE
X-Phone
Fastly-SWR
IBM-Web2-Location
Request-Time
Rendered-Blocks
Release
UCS
Uber-Trace-Id
X-Up
Server-Int
X-Trace-Id
Origin
X-Sn-Servicetimems
X-Debug-Log
IsBot
X-Var-Ttl
Odigeo-Trace-Id
NGX
X-SIPLIST1
X-Cdn-Origin
X-Frame-Option
X-Wikidot-Backend
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Forwarded-Host
X-Fstrz
X-F5-Cache
X-Request-URI
X-FireWall-Port
X-Wikidot-Static-Cache
X-GoCache-CacheStatus
X-TIME
Apicache-Store
X-Varnish-Beresp-Ttl
Apicache-Version
Cneonction
X-MSEdge-Features
X-Actual-URL
X-Matched-Rule
X-Amz-Meta-S3cmd-Attrs
X-Passed-To-PostProcessResponse
X-Thinkindot-L3
X-MI-In-Market
X-V
X-Passed-To-DLL
Thinkindot-Control
X-Gen-Mode
X-Passed-To
X-IN-APIGATEWAY
Thinkindot-CacheControl-Type
X-GeoIP-City
X-UnsetCookies
V-Age
X-TT-LOGID
Who
X-Stale
Web-Mar-Node
X-Passed-To-BeforeDispatch
X-Reboot
X-IN-WAF
X-MSEdge-Flight
X-Eu-Site
X-Served-From
X-Env
X-Edge-IP
X-Ckpd-Fst-Backend
X-CGP
X-Server-Group
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-Content-Age
X-Developers
X-VServer
X-Hnp-Log
X-Returned-From-PostProcessResponse
X-Device-Os
X-Dispatcher-Server
X-WebServer
X-Cdn-Srv
X-GeoIP-Country-Code
X-Backend-Url
X-ServiceProvider
Thinkindot-CacheControl
X-Backend-TTL
X-Epic-Correlation-Id
X-Backend-Host
X-Backend-State
X-Block-Status
X-Bug-Bounty
X-Servername
X-Returned-From
X-Server-IP
X-IN-SSL-APIGATEWAY
X-Cache-Debug
X-C
X-Worker
X-Location
Proxy-Connection
HA-Geolon
HA-Georegion
HA-Geolat
HA-Geocountry
HA-Geocity
Ha-Gx-Prefs
HA-Host
Heartbleed
Httpd-Identifier
HA-Urlpath
HA-Servedtime
Cache-Cookie-Set-Idcheck
HA-Cloudapp
GW-Server
Backend-Name
Content-Disposition
CDCHOST
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
Decoy-Debug-Key
Decoy-Debug-Status
Fastly-Backend-Name
X-Cache-Ttl
Esi-Enabled
Adler-Geo
Decoy-Debug-TTL
HTTPS
HA-Ipaddr
Powered-By
MI-Cache-Age
Ohc-Response-Time
On-Server
X-StackifyID
Platform
Pragrma
MI-Cache
Is-Eu
Pramga
Server-Host
OT-Force-Account-Verify
X-Fetched-On
X-Gannett-Site-Version
X-Hash
X-RCS-CacheZone
X-Node-Id
X-Auto-Login
X-Rocket-Nginx-Bypass
X-Page-Type
X-Via-NSCOPI
X-Hl-Ver
X-Secret
X-Sorting-Hat-ShopId
X-Sorting-Hat-ShopId-Cached
X-UE-Client-Country
X-Sorting-Hat-Section
X-Sorting-Hat-PrivacyLevel
X-Sorting-Hat-PodId
X-Sorting-Hat-PodId-Cached
X-Varnish-Id
NnCoection
X-Sorting-Hat-FeatureSet
X-Response-By
X-ShardId
X-ShopId
X-Shopify-Stage
X-Ver
X-Release
X-S-Maxage
PFcat
X-Alternate-Cache-Key
Kp-EeAlive
Request-Country
Request-EU
Server-ID
REQUESTUUID
X-Cache-Srv
MI-API
Drupal-Pagecache-Memcache
X-Core-Mission
X-Clientip
X-HCF
X-Platform
Mime-Version
NtCoent-Length
X-Info
X-Svr
X-Fastcgi-Cache
X-Thanos
X-Cache-Control-Set-By
X-Origin-Date
X-Bip
X-Origin-Expires
X-Amz-Meta-S3b-Last-Modified
X-Crawler
X-Cache-URL
X-Varnish-HitMiss
Version
Dnion-Transfer-Encoding
X-Req
X-Refresh
Cache-Provider
X-P-T
Processtime
Country-Code
X-Origin-TTL
X-Pf-Uncompressing
X-HS-Hub-Id
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
Pagetype
Cteonnt-Length
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Server-Time
X-Yottaa-Sig
Accept-Ch
X-Kong-Proxy-Latency
Ar-Sid
X-Amz-Meta-Sha256
X-RateLimit-Limit-Second
X-Pjax-Url
X-RateLimit-Remaining-Second
X-Kong-Upstream-Latency
Memory
X-App-Version
WebServer
X-CSRF-Token
X-Csrf-Token
FSS-Cache
X-From-Cache
X-Cache-ASPX
X-EC-Security-Audit
FSS-Proxy
Arc-Country
X-NC
GeoIp-Country-Code
X-LiteSpeed-Cache-Control
X-Irp-Debug
Geoip-Latitude
Brightspot-Id
Geoip-City
X-Varnish-Url
X-Ruxit-Js-Agent
X-DC
SN
X-Dynatrace
Sid
X-LB-Node
X-ROOTCache
X-Ua
PageType
PICS-Label
X-LB-CacheStatus
COMMERCE-SERVER-SOFTWARE
X-Redis-Cache
CF-IPCountry
X-Cache-Handler
If-Modified-Since
X-Request-UUID
X-Request-Start
Cdn
MIME-Version
X-Ratelimit-Remaining
Dont-Set-Cookie
X-Rule
X-Wix-Petri-Ex
X-Fastly-Backend-Reqs
Edgecast
X-Endurance-Cache-Level
X-SERVER-NAME
X-Load-Cache
X-Varnish-Beresp-TTL
X-Varnish-Action
X-Cdn-Forward
PROCESSING-IP
BORDER-IP
X-Atg-Version
X-GRACE
X-Requestid
X-Layer
X-TId
X-Ratelimit-Limit
X-Servedbyhost
X-GDPR
X-Tid
X-ServedByHost
X-Sf
XServer
X-Rocket-Nginx-Serving-Static
X-RequestId
Frame-Options
Dynatrace
RNT-Time
RNT-Machine
X-Nananana
X-Fastly-Cache-Hits
X-Resolver-IP
X-B3-SpanId
X-Cache-TTL
X-BE
CDN
Pics-Label
X-Owner
NodeID
Cf-Ipcountry
Amp-Access-Control-Allow-Source-Origin
Powered
X-Key
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
CACHE
Cache-Tags
X-HTML-Minification-Powered-By
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
Node
We-Hiring
Mail-Subject
Web-Mar-Region
X-Server-W
DataCenter
PageSpeed
X-ABtesting
GeoIP-City
X-VG-WebCache
GeoIP-Latitude
GeoIP-Country-Code
X-Shard
X-Dynatrace-Js-Agent
X-Gdpr
X-Varnish-Ttl
X-Flog
X-Use-Magma
X-Sentry-ID
WZWS-RAY
X-Powered-By-ANYU
Lfy
X-GZIP
ProcessTime
X-NWS-UUID-VERIFY
X-UPSTREAM-Address
Accept-CH
X-Varnish-URL
X-CDN-Pop-IP
Get-Access-Time
Is-Session-Tracking
X-CDN-Pop
Max-Age
X-Ms-Version
X-Ms-Blob-Type
Hostname
X-Ms-Request-Id
X-Ms-Lease-Status
X-PF-Uncompressing
X-Mem
X-GEO
Xet-Cookie
X-Dw-Trace-Id
X-NGINX-Cache
X-Powered-By-Defense
X-Cache-FS-Status
X-Remote-IP
URI
X-Aicache-OS
X-Trv-Request-Id
X-Check-Cacheable
X-Cookie
X-PJAX-URL
X-Oa-Upstreams
X-Unique-Id
Magicmarker
Cdn-Request-Time
X-Varnish-ID
X-Alicdn-Da-Ups-Status
Requestid
RequestUuid
Cdn-Host
X-Edge-Server
X-VG-TLSProxy
X-Proxy-Server
X-ByteArk-Cache
X-PAGE-TYPE
X-Ms-Lease-State
True-Client-Country-4JS
X-Front
X-Swa-Ws
X-VID
X-Policy
X-RSL
X-RPS
X-DW
X-RPM
X-DI
X-DSS
X-DB
X-RAMCache
CF-Cached-On
X-Zalando-Page-Type
X-Hello
X-Micro-Cache
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Litespeed-Tag
X-Zalando-Child-Request-Id
WS
X-Fe
X-Acquia-Application-Trace
X-Acquia-Application-UUID
SID
X-Litespeed-Cache-Control