Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
X-Powered-By
Strict-Transport-Security
X-Content-Type-Options
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
X-Xss-Protection
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
CF-Ray
X-Generator
Content-Security-Policy-Report-Only
Alt-Svc
X-AspNetMvc-Version
Status
X-Cache-Status
X-DNS-Prefetch-Control
X-Check
X-Iinfo
X-Adblock-Key
X-FRAME-OPTIONS
Timing-Allow-Origin
X-CDN
X-Content-Security-Policy
X-Turbo-Charged-By
X-Permitted-Cross-Domain-Policies
Content-Encoding
X-Template
X-Language
Keep-Alive
X-Via
X-Type
X-Request-ID
X-AH-Environment
X-Backend
X-Cache-Group
WPE-Backend
X-Pass-Why
X-Nginx-Cache-Status
X-Buckets
X-Server
X-Age
X-Server-Powered-By
Access-Control-Max-Age
X-Pingback
Xkey
X-Varnish-Cache
Grace
Access-Control-Expose-Headers
Upgrade
X-Drupal-Dynamic-Cache
X-Hacker
X-UA-Device
X-Amz-Request-Id
P3p
X-Page-Speed
Cf-Railgun
X-Proxy-Cache
X-Amz-Id-2
EagleId
X-Robots-Tag
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Envoy-Upstream-Service-Time
Request-Context
Ali-Swift-Global-Savetime
X-Node
X-Ac
X-Device
Content-Location
X-Host
X-Cnection
X-Amz-Version-Id
X-Cache-Lookup
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
Surrogate-Control
X-Backend-Server
X-Server-Id
X-OneAgent-JS-Injection
X-Rack-Cache
X-Instart-Request-ID
X-Px
X-CST
X-Response-Time
Request-Id
X-Readtime
Server-Timing
X-Rq
Permitted-Cross-Domain-Policies
X-Do-Not-Hack
X-HeyJason
X-Clacks-Overhead
X-Cloud-Trace-Context
X-Url
EagleEye-TraceId
Pinterest-Generated-By
X-Ua-Compatible
Edge-Control
X-Application-Context
X-Country
X-MS-InvokeApp
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Allow
Charset
X-Server-Name
Report-To
SPRequestGuid
X-DynaTrace-JS-Agent
X-Country-Code
X-SharePointHealthScore
X-DataDome
X-TTL
X-Varnish-TTL
X-Cached
X-ESI
Rating
X-Vname
X-TtlSet
X-PC
X-Ruxit-JS-Agent
X-Powered-CMS
X-Powered-By-Plesk
X-Recruiting
Public-Key-Pins
X-FTR-Request-ID
X-D2id
NEL
X-Vhost
X-Version
X-F-Cache
X-Kinja-Revision
X-Cdn-Fetch
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Env
X-Geo-Segment
X-Kinja
X-Kinja-Server
X-Exp-Variant
X-Kinja-Build
X-Exp-Id
X-N
X-CF-Powered-By
SPRequestDuration
SPIisLatency
MS-Author-Via
X-DynaTrace
X-Dw-Request-Base-Id
X-VARITI-CCR
Cartoon
X-Cdn
X-T
X-GoogleNews-Bot
X-Mod-Pagespeed
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
Content-MD5
AR-ATIME
AR-PoweredBy
AR-CACHE
Nginx-Cache
RTSS
X-Abt-Application-Version
X-GitHub-Request-Id
MicrosoftSharePointTeamServices
Feature-Policy
X-Server-ID
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Shield-Request-Id
Verso
X-Amz-Rid
X-Navigation-Version
X-Dispatcher
X-Forwarded-Proto
X-Trace
X-Hits
X-Client-IP
X-Goog-Hash
Realpath
X-Origin-Cache
AR-SID
Arr-Disable-Session-Affinity
Paypal-Debug-Id
X-Kinsta-Cache
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Zen-Fury
X-Grace
X-Id
X-Content-Options
TCN
X-B
X-Content-Digest
X-Varnish-Age
X-Cache-Key
X-Ser
Alternate-Protocol
X-Sol
X-Ttl
Fastcgi-Cache
X-Upstream
DynaTrace
Access-Control-Request-Method
X-Via-JSL
MRF-Tech
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Fastly-Request-ID
X-Pad
X-Middleton-Display
Display
X-FastCGI-Cache
X-Nf-Srv-Version
X-NF-Request-ID
X-Vcap-Request-Id
X-DIS-Request-ID
X-IPLB-Instance
PB-RID
PB-PID
X-Middleton-Response
Response
X-User-Agent
X-Mobile-Rewrite
Front-End-Https
X-SS-Set-Cookie
Pagespeed
Rt-Fastcgi-Cache
X-Frontend
Eomportal-Instance
X-Cache-Rule
X-Logged-In
X-MSEdge-Ref
X-PressLabs-Stats
X-Whom
Server-Name
X-Acc-Meta-Resource-Type
X-Forwarded-For
X-Cache-Hit
X-VCache
X-Newrelic-App-Data
Host
X-Hostname
S
Tracecode
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-NWS-LOG-UUID
Cache-Status
X-XRDS-LOCATION
Arc-Version
X-Debug
Liferay-Portal
X-FTR-Expires
X-Country-Code-Real
X-FTR-Realm
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-DC
Surrogate-Key
X-Request-Received
X-Request-Processing-Time
X-HS-Content-Id
X-XRDS-Location
X-AOL-HN
X-Analytics
X-UUID
Backend-Timing
FilterID
Server-Info
HitType
HitInfo
TP-Cache
TP-L2-Cache
X-Magnolia-Registration
Public-Key-Pins-Report-Only
X-Wix-Server-Artifact-Id
X-Instance
Refresh
X-Contextid
X-Rid
ServerID
X-Activity-Id
X-Az
X-Proxied
X-AppVersion
X-Webkit-Csp
X-WPE-Loopback-Upstream-Addr
X-Srv
X-HW
Service-Worker-Allowed
X-Content-Security-Policy-Report-Only
X-HS-Cache-Config
Edge-Cache-Tag
X-Varnish-Server
X-Correlation-Id
Cleartype
X-B3-Traceid
AMP-Access-Control-Allow-Source-Origin
X-Mobile
X-Origin
X-Revision
S-Cnection
X-Varnish-Backend
X-FTR-Cache-Host
Served-By
Fastly-Restarts
X-Amzn-Trace-Id
Source
X-Geo-Country
X-PHP-Backend
X-TT
X-APP-VERSION
X-RateLimit-Remaining
Retry-After
X-Framework
X-B-Cache
X-Signature
X-App-Environment
X-FB-Debug
X-Cache-Config
X-Varnish-Hostname
Powered-By-ChinaCache
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Device-Type
X-Cache-Server
X-Sucuri-ID
X-Cache-Operation
X-Cache-Control
X-PC-Hit
X-PC-Key
X-Request-Guid
X-Hail-Hydra
Host-Header
Server-Node
X-BCube-Filmed-By
X-Cache-Action
X-PC-AppVer
Accept-Charset
X-Handled-By
X-Cache-2
MS-CV
X-Page-Id
DC
X-Hyper-Cache
X-Origin-Upstream-Status
X-TT-TIMESTAMP
X-Ocache
Actual-Object-TTL
X-Debug-Info
X-Origin-Server
X-Shield-Cache-Expires
X-WA-Info
X-ADI-VCache
Cache
X-ATG-Version
X-PC-Host
X-PC-Date
X-Content-Powered-By
Viewport
NGB
X-Accel-Expires
Upgrade-Insecure-Requests
X-Microcachable
X-LB-Cache
X-Daa-Tunnel
SRV
X-Cached-By
X-Cache-NE
X-URL
X-HS-Combine-CSS
AsisCache
X-Drupal-Cache-Tags
X-Accel-Buffering
Filters
X-Amz-Server-Side-Encryption
X-Yottaa-Optimizations
X-Generated-By
X-Yottaa-Metrics
X-Akam-SW-Version
ServedBy
X-Cacheable-TTL
X-B3-Sampled
X-Jobs
X-App-Server
X-TX-ID
X-Seen-By
X-Wix-Request-Id
X-WebKit-CSP-Report-Only
X-GeoIP
X-S
X-RequestSource
X-Cluster
X-Akamai-Edgescape
X-Sucuri-Cache
X-Tumblr-Pixel-1
X-Geo
X-Distil-CS
X-FW-Serve
X-Tumblr-Pixel-2
X-Internal-Host
X-Varnish-Hits
X-FW-Type
X-FW-Server
X-RTag
From-Origin
X-FW-Hash
X-Locale
X-FW-Static
Content-Style-Type
X-Adobe-Content
X-Adobe-Loc
Content-Script-Type
X-Varnish-IP
Datacenter
X-Feature
X-Varnish-Cache-Hits
X-Dns-Prefetch-Control
X-Cache-Remote
X-Varnish-Grace
X-GZip
HostName
X-Cache-Age
X-Storage
X-Node-Name
X-Platform-Server
X-Edge-Cache-Key
X-Edge-Cache
X-Oneagent-Js-Injection
X-Cache-TTL-Remaining
X-Vg-Webcache
X-ServedBy
X-Akamai-Transformed
X-Esi
X-Guploader-Uploadid
X-UA
X-Region
X-CDN-Forward
X-RateLimit-Limit
X-NewRelic-App-Data
X-Mode
X-Cache-Bucket
Cache-Tag
Country
X-Amz-Replication-Status
X-Kinja-Server-Push
X-Distributor
Load-Balancing
RATING
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
X-GUploader-UploadID
X-Source
X-Agile-Id
X-Agile-Age
X-Agile
ServerName
X-Drupal-Cache-Contexts
X-Proto
Ohc-File-Size
Fastly-SSL
X-Cache-Var
X-PERF
X-ProcessESI
X-RemovedCookies
X-Cache-Category-Id
X-Path-Route
X-MP-GENERATED-AT
X-BYPASS-REASON
X-Cache-Var-Map
X-BB-IP
X-Grey
X-Is-Bot
X-Detected-As
X-Akamai-Request-ID
X-Viewer-Country
X-Time-Microsecs
X-Web-Node
GEO-INFO
Machine
Mn-Server-Ip
Cache-Key
X-ProxyCache-Status
X-EIG-Tracking-Id
Meta-Geo
X-Rendered-As
X-ProxyCache-Key
X-RN-RSRV
X-ApacheServer
X-JoinUs
X-Webstats-RespID
X-Request-Time
Healthy
L5d-Success-Class
X-Cache-HT
Cache-Name
X-NCache
X-CCM
X-Real-IP
X-Optimization
X-Debug-Cache
Cache-Hits
X-ServerID
X-TWH-CORRELATION-ID
X-Xfnlog-Site
Backend
Now
X-Upgrade-Enabled
X-CDN-Cache
X-PCL
X-Generated
X-Port
X-NodeID
X-Labrador-Cache-Channel
X-OCL
Azure-Version
X-TA-CDN-Provider
Azure-SlotName
Azure-RegionName
X-OVcl
X-Original-Request
Access-Control-Allow-Method
Azure-InstanceId
Azure-SiteName
X-Human
X-Real-Ip
X-Pubstack
X-Cluster-Node
X-FC-Vary-Parameters
X-Render-Type
X-Amz-Meta-Surrogate-Control
S-Rt
X-Edge-Location
X-OVcl-Cache
X-Hosted-By
X-Hit
X-Instance-Name
X-Via-Fastly
WP-Super-Cache
Webcakes-Region
Webcakes-App-Version
X-Access
X-TNCMS
X-App-Name
X-SplitTest
X-Surge-Debug
User-Cache-Control
TWC-Privacy
TWC-Connection-Speed
Property-Id
TWC-Device-Class
TWC-GeoIP-Country
TWC-Locale-Group
TWC-GeoIP-LatLong
X-AWS-Id
X-Site-Version
X-LJ-Flow-ID
X-IP
X-Proxy
X-Loop
X-Meta-Tbi-Cache-Vertical
X-Origin-Hint
X-Nginx-Cache
X-Generation-Time
X-Format
X-Birta-Cache-Post
X-Varnish-Cacheable
X-Birta-Served
X-Section
X-CCM-LastModified
X-Routing-Service
X-Backend-Name
Webcakes-App-Name
X-Proxy-Build
X-Www-Served-By
X-Zipkin-Id
Selected-FE
DB-Nickname
X-Timing-Wait
X-VWS-Id
LB
X-Time
Fastcgi-Useragent
Countrycode
X-Ezoic-Cdn
X-Newrelic-Synthetics
X-Cache-Enabled
X-Tumblr-Pixel-3
User-Agent
X-Origin-CC
X-Nc
Payment
Origin-Edge-Control
Origin-Cache-Control
X-Tb
X-Dc
X-B3-TraceId
X-Environment-Context
Xserver
X-L-Path
Ec-Rule-Version
X-Unique-ID
X-DataStream-Cache-Status
X-Servedby
X-UA-Device-Type
RequestId
X-Skip-Cache
X-B3-Spanid
X-CACHE-AGE
X-Litespeed-Cache
X-NU-AKA-ACS-Version
X-NGENIX-Cache
Access-Control-Request-Headers
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
Webserver
X-WR-MODIFICATION
X-Upstream-HT
Time
X-Upstream-CT
X-Vgn-Hpd-Reason
NODE
X-EdgeConnect-Cache-Status
X-Correlation-ID
Warning
X-Cache-Ttl
X-Croise-Owner
X-Generated-In
X-S-Cookie
X-Logtrace-Id
X-Developer
X-Destination
X-DPWN-IS-SECURE
X-Died
X-From
X-Cache-Backend
X-G
Cache-Prefix
X-A-Dcw
X-ElasticPress-Search
X-A-Dgt
T-Server
V-Age
X-A-Ccd
X-A
X-A-Dam
Resin-Trace
Fly-Request-Id
X-B-Cookie
X-Cache-Host
X-Cache-Id
X-ARC
X-Application
Fly-Cache
X-A-Wwc
Ajk
X-D
X-SRCache-Key
X-Status
X-Webkit-CSP
IBM-Web2-Location
X-Be
Ws
X-Cache-Time
X-Haproxy-Hostname
Cneonction
X-Cache-Expires
X-Debug-Log
X-NX-Host
X-Fstrz
X-Fastly-Cache
X-Haproxy-Ip
X-Debug-Cookies
X-Varnish-Beresp-Ttl
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Public
X-Region-Sid
X-Planisys-CDN-Cache
X-Content-Type
Request-Time
X-ND-Cache
X-No-Session
X-PAYTM-SRV-ID
X-Connection-Hash
X-CF-Lambda-Version
Fastly-Soc-X-Request-Id
VivaBuild
Fastcgi-X-Cache-Version
Fastcgi-X-Cache
Www
Viewtype
Sta2Tusw
Meta-Geo-Continent
Memcached
MD5-Digest
Host-ID
X-Amz-Meta-Cache-Control
X-BB-ID
X-Var-Ttl
AKAMAI
X-UE-Client-Country
X-Request-URI
X-CF-Lambda-Fn
Apple-News-Services-Handled
Apple-News-Services-Host
X-BBXSRF
BehaviorPad-Version
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Rewrite-Enabled
X-CS
X-Transaction
X-Twitter-Response-Tags
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Server-Time
X-User
X-VG-WebServer
X-Wix-Route-ID
Xc-Version
X-We-Are-Hiring
X-Via-Edge
X-Via-CDN
X-Server-By
X-Trv-Group
X-Rojux
X-Oss-Storage-Class
X-CSRF-Token
X-StackifyID
X-Oss-Request-Id
X-Oss-Server-Time
UCS
X-Dynatrace
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Rebelmouse-Surrogate-Control
X-Dispatcher-Server
Fastly-SWR
Fastly-SIE
X-F5-Cache
X-RCS-CacheZone
X-Core-Value
X-Epic-Correlation-Id
X-Trace-Id
X-Hash
X-Release
X-Hl-Ver
X-IN-SSL-APIGATEWAY
X-IN-APIGATEWAY
X-IN-WAF
X-Wikidot-Static-Cache
X-Cdn-Origin
X-Up
X-Sorting-Hat-ShopId-Cached
X-Via-NSCOPI
X-WebServer
X-Cache-CFC
Drupal-Pagecache-Memcache
X-Wikidot-Backend
X-Sorting-Hat-ShopId
X-Sorting-Hat-Section
X-ShopId
X-ShardId
X-Device-Os
X-Shopify-Stage
X-Sorting-Hat-FeatureSet
X-Sorting-Hat-PrivacyLevel
X-Sorting-Hat-PodId-Cached
X-Sorting-Hat-PodId
X-S-Maxage
Uber-Trace-Id
Server-ID
X-Fastcgi-Cache
Request-EU
GMS-Ver
X-SIPLIST1
X-Alternate-Cache-Key
X-GeoIP-Country-Code
Request-Country
Proxy-Connection
NGX
X-Secret
X-Phone
Odigeo-Trace-Id
X-ScT
Origin
IsBot
Release
Version
X-Forwarded-Host
X-Frame-Option
X-Sn-Servicetimems
Dnion-Transfer-Encoding
X-FireWall-Port
Server-Int
X-Rebelmouse-Cache-Control
X-Auto-Login
Rendered-Blocks
X-Gannett-Site-Version
X-C
Mime-Version
X-Ruxit-Js-Agent
X-Yottaa-Sig
Thinkindot-CacheControl-Type
MI-Cache-Age
X-Date
X-Actual-URL
X-Returned-From-DLL
X-Backend-TTL
X-Backend-Url
X-Backend-State
X-Returned-From-PostProcessResponse
X-Amz-Meta-S3cmd-Attrs
X-Backend-Host
X-Accel-Expires-Debug
Ohc-Response-Time
PFcat
Pragrma
Platform
Powered-By
Who
OT-Force-Account-Verify
X-Worker
On-Server
X-Rocket-Nginx-Bypass
Server-Host
Web-Mar-Node
Pramga
Thinkindot-Control
X-UnsetCookies
X-ServiceProvider
X-Hnp-Log
X-Location
X-Matched-Rule
X-GoCache-CacheStatus
X-GeoIP-City
X-Stale
MI-Cache
X-Gen-Mode
X-Servername
X-MI-In-Market
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Server-Group
X-Passed-To
X-Node-Id
X-MSEdge-Features
X-MSEdge-Flight
X-Server-IP
X-Fetched-On
X-Thinkindot-L3
X-V
X-Cache-Debug
X-Cache-Srv
X-Cdn-Srv
X-Ver
X-Response-By
X-Returned-From-BeforeDispatch
X-Block-Status
X-Returned-From
X-Served-From
X-Reboot
X-Developers
X-Edge-IP
X-Env
X-Eu-Site
X-Core-Mission
X-Content-Age
X-TT-LOGID
X-CGP
X-Ckpd-Fst-Backend
X-VServer
Thinkindot-CacheControl
Esi-Enabled
X-Crawler
Decoy-Debug-TTL
Adler-Geo
Fastly-Backend-Name
X-Origin-Date
X-Origin-Expires
HA-Geocity
GW-Server
Decoy-Debug-Status
Decoy-Debug-Key
Cache-Cookie-Set-From
Backend-Name
X-Info
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Content-Disposition
MI-API
CDCHOST
HA-Geocountry
HA-Cloudapp
HA-Host
Ha-Gx-Prefs
HA-Georegion
X-Page-Type
HA-Ipaddr
Httpd-Identifier
HA-Urlpath
HA-Servedtime
HTTPS
Is-Eu
Country-Code
Heartbleed
HA-Geolat
HA-Geolon
Kp-EeAlive
NnCoection
X-Bip
X-Bug-Bounty
X-Varnish-Id
X-HCF
X-Thanos
X-Cache-Control-Set-By
X-Cache-URL
X-Clientip
X-Platform
X-Varnish-HitMiss
REQUESTUUID
X-Svr
NtCoent-Length
X-App-Version
Apicache-Store
Apicache-Version
Cteonnt-Length
X-RateLimit-Limit-Second
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Refresh
X-RateLimit-Remaining-Second
Cache-Provider
X-Amz-Meta-S3b-Last-Modified
X-Req
FSS-Cache
X-TIME
X-Origin-TTL
FSS-Proxy
X-P-T
X-Ua
X-LiteSpeed-Cache-Control
Arc-Country
Brightspot-Id
X-Varnish-Url
X-Irp-Debug
Ar-Sid
WebServer
X-CLOUD-TRACE-CONTEXT
X-LB-CacheStatus
X-LB-Node
Processtime
X-DC
X-Pf-Uncompressing
X-Pjax-Url
COMMERCE-SERVER-SOFTWARE
Pagetype
PageType
X-ROOTCache
X-EC-Security-Audit
Accept-Ch
Sid
Memory
X-Ratelimit-Limit
X-From-Cache
X-Request-Start
X-Request-UUID
X-Amz-Meta-Sha256
If-Modified-Since
X-Endurance-Cache-Level
X-Ratelimit-Remaining
Cdn
X-Cache-ASPX
Dynatrace
X-Load-Cache
X-Atg-Version
SN
X-Cdn-Forward
X-Varnish-Action
X-NC
Geoip-City
X-Layer
Geoip-Latitude
X-Fastly-Backend-Reqs
Edgecast
GeoIp-Country-Code
PICS-Label
X-SERVER-NAME
X-Dynatrace-Js-Agent
X-COUNTRY
X-GRACE
CF-IPCountry
BORDER-IP
PROCESSING-IP
X-Csrf-Token
X-Redis-Cache
X-Cache-Handler
X-ServedByHost
X-GDPR
X-Rocket-Nginx-Serving-Static
X-Varnish-Beresp-TTL
MIME-Version
X-TId
X-Requestid
X-Tid
Frame-Options
X-HS-Hub-Id
X-B3-SpanId
X-Nananana
X-RequestId
X-Fastly-Cache-Hits
Dont-Set-Cookie
NodeID
X-Servedbyhost
X-Wix-Petri-Ex
X-Owner
X-BE
X-Resolver-IP
X-Key
X-NWS-UUID-VERIFY
Pics-Label
Cf-Ipcountry
X-Cf-Powered-By
X-Rule
X-Sf
GeoIP-Latitude
Web-Mar-Region
RNT-Machine
X-Server-W
Node
GeoIP-City
RNT-Time
GeoIP-Country-Code
ProcessTime
X-Cache-TTL
CACHE
X-Flog
X-ABtesting
X-HTML-Minification-Powered-By
WZWS-RAY
X-Sentry-ID
CDN
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
Mail-Subject
We-Hiring
Lfy
X-Powered-By-ANYU
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-FORWARDED-FOR
Get-Access-Time
Is-Session-Tracking
X-VG-WebCache
PageSpeed
X-CDN-Pop
Powered
X-Varnish-Ttl
X-Shard
X-CDN-Pop-IP
Max-Age
X-Use-Magma
Amp-Access-Control-Allow-Source-Origin
Accept-CH
X-SRV
X-ByteArk-Cache
X-Mem
Cache-Tags
X-GZIP
XServer
Magicmarker
X-Cache-FS-Status
URI
X-PF-Uncompressing
X-GEO
X-Front
X-PJAX-URL
X-UPSTREAM-Address
DataCenter
X-Check-Cacheable
X-Powered-By-Defense
X-Unique-Id
Xet-Cookie
X-Dw-Trace-Id
X-Oa-Upstreams
X-Trv-Request-Id
X-Gdpr
X-Varnish-URL
X-Ms-Lease-Status
X-Ms-Version
X-Micro-Cache
X-Zalando-Child-Request-Id
X-Zalando-Page-Type
X-Remote-IP
X-Ms-Request-Id
X-Ms-Blob-Type
X-Cookie
V-Cache
Group
N-Cache
Rt-Proxy-Cache
X-Fe
Requestid
X-VarnCache
X-PAGE-TYPE
X-Aicache-OS
X-PARISIEN-Cache-Rendered
X-Safe-Firewall
X-SB
X-VarnPar2
X-VarnPar1
RequestUuid
X-VC
X-Proxy-Server
X-HGenerator
X-Varnish-ID
Hostname
X-NGINX-Cache
X-RAMCache
WS
SID
X-ProxyCache-Args
X-Alicdn-Da-Ups-Status
WWW-Authenticate
X-M-Log
X-M-Reqid
X-Qnm-Cache
X-Acquia-Application-Trace
X-Acquia-Application-UUID
CF-Cached-On
X-Hello
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Litespeed-Tag