Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
Accept-Ranges
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
X-Xss-Protection
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
Alt-Svc
Status
X-AspNetMvc-Version
X-Cache-Status
X-DNS-Prefetch-Control
X-Check
P3p
X-Iinfo
X-Adblock-Key
X-FRAME-OPTIONS
X-CDN
Timing-Allow-Origin
X-Content-Security-Policy
X-Permitted-Cross-Domain-Policies
X-Turbo-Charged-By
Content-Encoding
X-Template
X-Language
Keep-Alive
X-Type
X-AH-Environment
X-Via
X-Cache-Group
X-Backend
X-Request-ID
WPE-Backend
X-Pass-Why
X-Buckets
X-Age
X-Server
X-Nginx-Cache-Status
Access-Control-Max-Age
X-Server-Powered-By
X-Pingback
Xkey
X-Varnish-Cache
Grace
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Expose-Headers
X-Hacker
X-UA-Device
X-Amz-Request-Id
Cf-Railgun
X-Page-Speed
X-Amz-Id-2
X-Proxy-Cache
X-Robots-Tag
EagleId
X-Envoy-Upstream-Service-Time
Request-Context
X-Node
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Ac
X-Device
Ali-Swift-Global-Savetime
X-Cnection
X-Host
X-Amz-Version-Id
Content-Location
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Server-Id
Surrogate-Control
X-Backend-Server
X-Cache-Lookup
X-OneAgent-JS-Injection
X-Rack-Cache
X-Response-Time
X-Px
X-Instart-Request-ID
X-CST
Server-Timing
Request-Id
X-Readtime
X-Rq
X-Url
X-Clacks-Overhead
Pinterest-Generated-By
X-Do-Not-Hack
X-HeyJason
Permitted-Cross-Domain-Policies
EagleEye-TraceId
X-Ua-Compatible
Edge-Control
X-Application-Context
X-Country
X-Cloud-Trace-Context
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-MS-InvokeApp
Report-To
X-Server-Name
Charset
X-DynaTrace-JS-Agent
X-ESI
SPRequestGuid
X-Country-Code
Allow
X-DataDome
X-SharePointHealthScore
Rating
X-Varnish-TTL
X-Ruxit-JS-Agent
X-Vname
X-TtlSet
X-PC
X-Cached
X-Powered-CMS
X-Powered-By-Plesk
X-DynaTrace
X-Recruiting
X-CF-Powered-By
X-FTR-Request-ID
NEL
X-Vhost
X-D2id
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Geo-Segment
X-Kinja-Build
X-Kinja-Server
X-Kinja
X-Kinja-Revision
Public-Key-Pins
Pinterest-Version
X-Upstream-Env
X-Pinterest-Rid
X-TTL
X-F-Cache
X-Version
X-T
Cartoon
X-GoogleNews-Bot
X-VARITI-CCR
X-N
X-Dw-Request-Base-Id
SPRequestDuration
SPIisLatency
X-Mod-Pagespeed
X-Ttl
X-Abt-Application-Version
RTSS
Verso
Content-MD5
MS-Author-Via
Nginx-Cache
Feature-Policy
X-GitHub-Request-Id
X-Dispatcher
X-Goog-Hash
X-Navigation-Version
X-Client-IP
X-Amz-Rid
X-SRCache-Fetch-Status
X-SRCache-Store-Status
MicrosoftSharePointTeamServices
X-Forwarded-Proto
X-Hits
Realpath
AR-PoweredBy
AR-CACHE
AR-ATIME
X-Shield-Request-Id
X-Origin-Cache
X-Cdn
X-Trace
Paypal-Debug-Id
DynaTrace
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Content-Options
X-Id
X-Content-Digest
X-Server-ID
X-Kinsta-Cache
X-Zen-Fury
X-B
TCN
X-Grace
Arr-Disable-Session-Affinity
Alternate-Protocol
X-Varnish-Age
AR-SID
Fastcgi-Cache
X-Sol
X-Upstream
X-Cache-Key
MRF-Tech
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-Acc-Meta-Resource-Type
Access-Control-Request-Method
X-Pad
X-Ser
PB-RID
PB-PID
X-Mobile-Rewrite
X-Middleton-Display
Display
X-Fastly-Request-ID
X-FastCGI-Cache
X-Nf-Srv-Version
X-NF-Request-ID
X-Via-JSL
X-User-Agent
X-DIS-Request-ID
X-Vcap-Request-Id
Pagespeed
X-Middleton-Response
Response
X-MSEdge-Ref
Eomportal-Instance
X-Forwarded-For
Rt-Fastcgi-Cache
Arc-Version
X-Cache-Rule
X-PressLabs-Stats
X-Frontend
Front-End-Https
X-Cache-Hit
X-Logged-In
X-SS-Set-Cookie
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Generation
X-IPLB-Instance
Server-Name
Host
X-Hostname
X-Whom
S
Surrogate-Key
X-VCache
Tracecode
X-FTR-Backend
X-Country-Code-Real
X-XRDS-LOCATION
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-Expires
X-FTR-DC
X-FTR-Cache-Status
X-Request-Received
X-Request-Processing-Time
X-Analytics
Backend-Timing
X-HS-Content-Id
X-Debug
Cache-Status
X-AOL-HN
TP-Cache
TP-L2-Cache
X-Magnolia-Registration
Refresh
X-Instance
X-Rid
X-HW
X-Contextid
ServerID
FilterID
X-Litespeed-Cache
X-Activity-Id
X-Az
X-AppVersion
X-Proxied
X-XRDS-Location
X-Srv
Public-Key-Pins-Report-Only
X-Wix-Server-Artifact-Id
Cleartype
HitInfo
HitType
Server-Info
X-UUID
X-B3-Traceid
X-WPE-Loopback-Upstream-Addr
AMP-Access-Control-Allow-Source-Origin
X-FTR-Cache-Host
X-Content-Security-Policy-Report-Only
X-Varnish-Backend
X-APP-VERSION
X-Varnish-Server
Service-Worker-Allowed
Liferay-Portal
X-Mobile
X-Origin-Upstream-Status
X-Cache-Control
Served-By
Accept-Charset
X-Revision
Source
X-Cache-Server
X-Amzn-Trace-Id
X-TT
X-Newrelic-App-Data
X-Geo-Country
X-Tumblr-Pixel-0
X-App-Environment
Server-Node
X-Tumblr-Pixel
X-BCube-Filmed-By
X-Hail-Hydra
X-PC-Key
X-Correlation-Id
X-Tumblr-User
X-PC-Hit
X-PC-AppVer
Retry-After
MS-CV
Host-Header
X-Framework
X-Page-Id
X-Device-Type
X-Request-Guid
X-PHP-Backend
DC
X-Handled-By
X-Varnish-Hostname
X-Cache-2
X-B-Cache
X-Cache-Config
X-Cache-Operation
X-Signature
Powered-By-ChinaCache
X-RateLimit-Remaining
X-FB-Debug
X-Origin-Server
X-ATG-Version
Viewport
X-Origin
S-Cnection
X-NWS-LOG-UUID
Edge-Cache-Tag
X-HS-Cache-Config
X-NewRelic-App-Data
X-Cache-Action
X-Debug-Info
X-TT-TIMESTAMP
Fastly-Restarts
X-Ocache
X-PC-Host
X-PC-Date
X-Sucuri-ID
X-Cached-By
X-Hyper-Cache
X-B3-Sampled
X-WA-Info
Actual-Object-TTL
X-Webkit-Csp
NGB
X-Content-Powered-By
X-Akam-SW-Version
X-Microcachable
X-Drupal-Cache-Tags
X-LB-Cache
X-ADI-VCache
X-Shield-Cache-Expires
X-Accel-Expires
Upgrade-Insecure-Requests
X-Generated-By
AsisCache
X-Cache-NE
Filters
SRV
X-App-Server
X-Cache-Age
X-WebKit-CSP-Report-Only
X-Distil-CS
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-FW-Server
X-Yottaa-Metrics
X-FW-Hash
X-FW-Static
X-Internal-Host
X-RTag
X-FW-Serve
X-FW-Type
X-Yottaa-Optimizations
X-RequestSource
ServedBy
Content-Style-Type
Content-Script-Type
X-URL
X-Cacheable-TTL
X-GeoIP
X-Locale
X-Wix-Request-Id
X-S
X-Seen-By
X-Jobs
X-Cluster
X-Node-Name
X-Accel-Buffering
X-Varnish-Hits
X-Geo
Cache
X-Amz-Server-Side-Encryption
X-TX-ID
From-Origin
Datacenter
X-ServedBy
X-Varnish-Grace
X-Platform-Server
X-GUploader-UploadID
X-Varnish-Cache-Hits
X-RateLimit-Limit
X-Adobe-Loc
X-Akamai-Edgescape
X-Adobe-Content
X-GZip
X-Vg-Webcache
X-Varnish-IP
X-Sucuri-Cache
X-UA
X-Dns-Prefetch-Control
X-CLOUD-TRACE-CONTEXT
X-Cache-TTL-Remaining
Cache-Tag
X-HS-Combine-CSS
X-CDN-Forward
X-Edge-Cache-Key
X-Edge-Cache
X-Storage
X-Oneagent-Js-Injection
X-Akamai-Transformed
X-Drupal-Cache-Contexts
X-Mode
X-Cache-Remote
X-Real-IP
X-Region
X-Source
X-Amz-Replication-Status
X-Distributor
X-Proxy
X-Rendered-As
X-RN-RSRV
X-Amzn-RequestId
Meta-Geo
X-Detected-As
X-Amz-Apigw-Id
X-Is-Bot
X-MP-GENERATED-AT
X-ProcessESI
X-Path-Route
Machine
X-RemovedCookies
Load-Balancing
X-NCache
X-Guploader-Uploadid
Ohc-File-Size
ServerName
Mn-Server-Ip
HostName
GEO-INFO
X-FC-Vary-Parameters
X-Agile-Id
X-ApacheServer
X-Akamai-Request-ID
Fastly-SSL
X-Agile-Age
X-Agile
Cache-Key
X-Time-Microsecs
X-Backend-Name
X-Upgrade-Enabled
X-Kinja-Server-Push
X-TWH-CORRELATION-ID
X-PERF
X-Amz-Meta-Surrogate-Control
Azure-InstanceId
X-Edge-Location
Azure-RegionName
S-Rt
Azure-Version
Azure-SlotName
Azure-SiteName
X-Cache-Var-Map
X-Varnish-Cacheable
X-ServerID
X-OVcl-Cache
X-OVcl
X-Viewer-Country
X-Web-Node
X-Proto
Backend
X-Webstats-RespID
X-OCL
X-NodeID
User-Agent
X-Cache-Var
X-Cache-Category-Id
X-CDN-Cache
X-Cluster-Node
X-Human
X-Grey
X-EIG-Tracking-Id
X-BB-IP
X-PCL
X-Daa-Tunnel
X-LJ-Flow-ID
Now
Property-Id
Selected-FE
TWC-Connection-Speed
X-IP
X-Optimization
X-Origin-Hint
LB
L5d-Success-Class
X-Cache-HT
X-Port
TWC-Device-Class
X-Original-Request
X-Dc
TWC-GeoIP-Country
X-App-Name
X-Format
X-Generation-Time
X-AWS-Id
X-Debug-Cache
X-BYPASS-REASON
X-CCM-LastModified
X-Instance-Name
X-Access
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Privacy
Webcakes-App-Name
Webcakes-Region
Webcakes-App-Version
X-ProxyCache-Key
X-Proxy-Build
X-Via-Fastly
X-Timing-Wait
X-SplitTest
X-Site-Version
X-VWS-Id
X-Zipkin-Id
X-JoinUs
Healthy
Access-Control-Allow-Method
X-Section
X-Www-Served-By
X-Pubstack
Countrycode
X-Routing-Service
Cache-Name
X-ProxyCache-Status
User-Cache-Control
X-Meta-Tbi-Cache-Vertical
DB-Nickname
X-Birta-Cache-Post
X-Birta-Served
Fastcgi-Useragent
X-Hosted-By
X-TNCMS
Country
X-Labrador-Cache-Channel
X-Loop
X-Tb
Payment
X-Xfnlog-Site
X-CCM
X-Generated
Cache-Hits
X-Tumblr-Pixel-3
X-Request-Time
RATING
X-Time
X-Surge-Debug
X-Origin-CC
X-DataStream-Cache-Status
Ec-Rule-Version
X-Ezoic-Cdn
X-Newrelic-Synthetics
X-Real-Ip
X-Hit
X-Unique-ID
X-Cache-Bucket
WP-Super-Cache
X-TA-CDN-Provider
X-Nc
X-Cache-Enabled
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
X-B3-TraceId
X-B3-Spanid
X-Feature
Origin-Edge-Control
Origin-Cache-Control
X-Render-Type
X-Nginx-Cache
X-UA-Device-Type
X-Correlation-ID
X-L-Path
RequestId
X-Environment-Context
X-Servedby
X-Varnish-Beresp-Status
NODE
X-NU-AKA-ACS-Version
Xserver
X-Varnish-Beresp-Grace
X-Status
X-Skip-Cache
X-HS-Hub-Id
X-Esi
X-Content-Type
X-WR-MODIFICATION
X-NGENIX-Cache
Apicache-Store
Apicache-Version
X-Be
X-EdgeConnect-Cache-Status
Access-Control-Request-Headers
Ws
X-ElasticPress-Search
X-Vgn-Hpd-Reason
Warning
X-D
X-Haproxy-Ip
X-Destination
IBM-Web2-Location
X-Date
X-Generated-In
X-Server-Time
X-From
Ajk
X-Fastly-Cache
X-G
X-Died
X-Haproxy-Hostname
X-Developer
X-CF-Lambda-Version
X-A-Ccd
X-A
Www
X-A-Dam
X-A-Dcw
X-Accel-Expires-Debug
X-A-Wwc
X-A-Dgt
VivaBuild
Host-ID
Sta2Tusw
Meta-Geo-Continent
Resin-Trace
Memcached
MD5-Digest
Viewtype
T-Server
X-Application
GMS-Ver
BehaviorPad-Version
X-CF-Lambda-Fn
Cache-Prefix
X-Connection-Hash
Apple-News-Services-Request-Url
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-BBXSRF
X-BB-ID
Fly-Request-Id
X-B-Cookie
X-ARC
Fly-Cache
Fastly-Soc-X-Request-Id
Fastcgi-X-Cache
Fastcgi-X-Cache-Version
AKAMAI
X-Cache-Backend
X-SRCache-Key
X-Via-Edge
X-Trv-Group
X-SVT-ORM-RULES
X-ND-Cache
X-No-Session
X-SVT-ORM-VERSION
X-Upstream-CT
X-We-Are-Hiring
X-Upstream-HT
Webserver
X-Logtrace-Id
X-Server-By
X-Public
X-Twitter-Response-Tags
X-Planisys-CDN-Cache
X-User
X-Wix-Route-ID
X-Transaction
X-Rojux
X-Planisys-CDN-TTL
X-Region-Sid
X-S-Cookie
X-VG-WebServer
X-PAYTM-SRV-ID
X-Via-CDN
X-IN-APIGATEWAY
X-Planisys-CDN-Rules
Time
X-Rewrite-Enabled
Xc-Version
X-IN-WAF
X-Fastcgi-Cache
X-IN-SSL-APIGATEWAY
X-Rebelmouse-Surrogate-Control
Uber-Trace-Id
X-Rebelmouse-Cache-Control
IsBot
X-Cdn-Origin
X-Var-Ttl
Fastly-SWR
X-Trace-Id
X-NX-Host
X-Auto-Login
Fastly-SIE
X-Core-Value
X-Cache-Expires
UCS
V-Age
X-Phone
X-Cache-Host
X-CS
X-Forwarded-Host
Request-Time
NGX
X-F5-Cache
X-Wikidot-Static-Cache
Rendered-Blocks
X-Rocket-Nginx-Bypass
Origin
X-ScT
X-Up
X-Hl-Ver
Release
Server-Int
X-Wikidot-Backend
X-Debug-Log
X-Cache-Ttl
X-SIPLIST1
X-Sn-Servicetimems
X-Amz-Meta-Cache-Control
X-Via-NSCOPI
X-Debug-Cookies
X-Croise-Owner
X-Webkit-CSP
X-C
X-GoCache-CacheStatus
Thinkindot-CacheControl
Proxy-Connection
Pramga
X-V
Thinkindot-Control
X-TT-LOGID
Thinkindot-CacheControl-Type
Server-Host
Who
X-UnsetCookies
X-Cache-Id
X-Edge-IP
X-Epic-Correlation-Id
X-Eu-Site
X-DPWN-IS-SECURE
X-Request-URI
X-Crawler
X-Developers
X-ServiceProvider
X-FireWall-Port
X-GeoIP-Country-Code
X-Server-Group
X-UE-Client-Country
X-GeoIP-City
X-Server-IP
X-Frame-Option
X-Fstrz
X-Thanos
X-Matched-Rule
X-Node-Id
X-Backend-Url
X-MI-In-Market
X-Backend-TTL
X-Backend-State
X-Thinkindot-L3
X-Backend-Host
X-Platform
Powered-By
X-Cdn-Srv
X-CGP
X-Clientip
X-Cache-Debug
X-Cache-CFC
X-Bip
X-Bug-Bounty
X-Amz-Meta-S3cmd-Attrs
On-Server
HA-Ipaddr
HA-Host
Ha-Gx-Prefs
Decoy-Debug-Status
HA-Servedtime
Content-Disposition
Decoy-Debug-Key
HA-Urlpath
HA-Georegion
HA-Geolon
HA-Geocity
HA-Cloudapp
GW-Server
Decoy-Debug-TTL
HA-Geocountry
HA-Geolat
Backend-Name
HTTPS
Heartbleed
X-CACHE-AGE
Cache-Cookie-Set-Lfrom
MI-Cache
Odigeo-Trace-Id
Ohc-Response-Time
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
OT-Force-Account-Verify
MI-Cache-Age
Cneonction
X-Content-Age
X-Hnp-Log
X-MSEdge-Flight
X-Passed-To
X-Passed-To-DLL
X-Passed-To-BeforeDispatch
X-MSEdge-Features
X-Gen-Mode
X-Device-Os
Adler-Geo
X-Info
X-Dispatcher-Server
X-Location
X-Env
X-Passed-To-PostProcessResponse
X-Returned-From-BeforeDispatch
PFcat
X-Stale
X-Servername
X-Cache-Srv
Country-Code
X-Worker
X-VServer
X-Varnish-Id
X-Varnish-HitMiss
X-WebServer
X-Core-Mission
X-Fetched-On
X-Response-By
X-Reboot
X-RCS-CacheZone
X-Ver
X-Release
X-Returned-From
X-Hash
Pragrma
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-Ruxit-Js-Agent
X-HCF
Is-Eu
Platform
CDCHOST
Httpd-Identifier
Web-Mar-Node
X-Actual-URL
REQUESTUUID
Esi-Enabled
X-Cache-Time
X-Ckpd-Fst-Backend
X-Cache-Control-Set-By
X-Block-Status
Mime-Version
NnCoection
X-S-Maxage
Request-EU
Request-Country
X-ShardId
X-Origin-Date
X-Origin-Expires
MI-API
X-ShopId
X-Refresh
Server-ID
X-Shopify-Stage
X-Served-From
X-Sorting-Hat-PrivacyLevel
X-Sorting-Hat-Section
X-Sorting-Hat-ShopId
X-Sorting-Hat-ShopId-Cached
X-Sorting-Hat-PodId-Cached
X-Sorting-Hat-PodId
Fastly-Backend-Name
Kp-EeAlive
X-Alternate-Cache-Key
X-Sorting-Hat-FeatureSet
X-TIME
X-Cache-URL
Dnion-Transfer-Encoding
X-Page-Type
X-Pjax-Url
X-P-T
Cache-Provider
NtCoent-Length
X-Svr
X-Req
X-Varnish-Beresp-Ttl
X-Cache-ASPX
X-StackifyID
Drupal-Pagecache-Memcache
X-App-Version
X-Gannett-Site-Version
X-Secret
Processtime
X-Origin-TTL
X-Amz-Meta-S3b-Last-Modified
X-Csrf-Token
X-Pf-Uncompressing
Version
X-EC-Security-Audit
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Server-Time
Ar-Sid
X-Amz-Meta-Sha256
X-Wix-Petri-Ex
Memory
Accept-Ch
SN
Pagetype
X-Rule
Dont-Set-Cookie
X-Varnish-Url
WebServer
X-Ua
X-NC
X-Kong-Proxy-Latency
Geoip-Latitude
X-Kong-Upstream-Latency
X-CSRF-Token
X-LiteSpeed-Cache-Control
GeoIp-Country-Code
X-GRACE
X-From-Cache
X-RateLimit-Remaining-Second
Geoip-City
X-RateLimit-Limit-Second
X-Varnish-Beresp-TTL
FSS-Proxy
Cteonnt-Length
PageType
FSS-Cache
X-Cache-Handler
Arc-Country
X-Yottaa-Sig
Brightspot-Id
Cdn
PICS-Label
X-Irp-Debug
X-Load-Cache
CF-IPCountry
X-LB-CacheStatus
X-LB-Node
X-Request-Start
X-Cdn-Forward
X-Ratelimit-Remaining
X-ROOTCache
MIME-Version
Edgecast
If-Modified-Since
COMMERCE-SERVER-SOFTWARE
X-Redis-Cache
Sid
X-SERVER-NAME
X-COUNTRY
X-Sf
X-Request-UUID
X-Fastly-Backend-Reqs
PROCESSING-IP
BORDER-IP
X-DC
X-Endurance-Cache-Level
RNT-Time
X-Tid
RNT-Machine
X-Requestid
X-GDPR
XServer
X-Ratelimit-Limit
X-TId
X-Servedbyhost
X-Varnish-Action
X-ServedByHost
X-B3-SpanId
X-RequestId
Powered
X-Layer
X-Nananana
X-BE
X-Rocket-Nginx-Serving-Static
Cache-Tags
X-Resolver-IP
Cf-Ipcountry
Frame-Options
Pics-Label
X-Cache-TTL
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
Node
NodeID
X-Fastly-Cache-Hits
Amp-Access-Control-Allow-Source-Origin
X-Atg-Version
CACHE
CDN
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-UPSTREAM-Address
X-Key
GeoIP-Country-Code
X-Owner
GeoIP-City
We-Hiring
X-Gdpr
Mail-Subject
GeoIP-Latitude
PageSpeed
X-VG-WebCache
X-HTML-Minification-Powered-By
X-Dynatrace-Js-Agent
Hostname
X-Server-W
X-Shard
X-Varnish-URL
X-Varnish-Ttl
X-Use-Magma
X-Alicdn-Da-Ups-Status
X-Dynatrace
Lfy
Accept-CH
Web-Mar-Region
X-Ms-Version
X-Aicache-OS
X-Ms-Lease-Status
X-Ms-Blob-Type
X-Ms-Request-Id
X-Sentry-ID
X-GZIP
ProcessTime
X-PF-Uncompressing
X-VG-TLSProxy
X-ABtesting
X-Flog
WZWS-RAY
Dynatrace
Cdn-Request-Time
X-CACHE-KEY
Cdn-Host
X-Powered-By-ANYU
X-Swa-Ws
X-GEO
URI
X-Edge-Server
True-Client-Country-4JS
X-NGINX-Cache
X-Dw-Trace-Id
Xet-Cookie
DataCenter
Rt-Proxy-Cache
X-Org
Is-Session-Tracking
Max-Age
GEO-REGION-INFO
X-PJAX-URL
X-CDN-Pop-IP
X-NWS-UUID-VERIFY
X-Policy
X-Front
X-Ms-Lease-State
X-PAGE-TYPE
X-Oa-Upstreams
Group
X-Cookie
X-CDN-Pop
Get-Access-Time
X-Check-Cacheable
X-Vcache
V-Cache
X-Unique-Id
X-Trv-Request-Id
Requestid
X-M-Log
X-SB
X-Varnish-ID
X-Varnish-Info
X-VC
X-Mem
X-M-Reqid
X-Qnm-Cache
N-Cache
RequestUuid
X-RSL
X-Amzn-Remapped-Connection
X-VID
X-External-Request-Id
X-Response-Served-From
X-RPS
X-Amzn-Remapped-Date
CF-Cached-On
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Hello
X-Cache-FS-Status
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Proxy-Server
X-Remote-IP
X-Powered-By-Defense
X-Litespeed-Tag
SID
X-DI
X-DSS
X-DW
X-DB
X-Litespeed-Cache-Control
X-RAMCache
WS
X-Fe
X-RPM