Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Pragma
Accept-Ranges
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
X-Request-Id
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Xss-Protection
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Request-ID
X-Check
X-AspNetMvc-Version
Status
X-Cache-Status
X-Adblock-Key
Timing-Allow-Origin
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
X-Template
Content-Encoding
X-Language
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
Keep-Alive
Xkey
X-Buckets
X-Backend
X-AH-Environment
WPE-Backend
Access-Control-Max-Age
X-Pass-Why
X-Age
X-Cache-Group
CF-Ray
X-Server
X-POWERED-BY
Upgrade
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Pingback
X-Drupal-Dynamic-Cache
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Grace
X-Hacker
X-Amz-Id-2
X-Amz-Request-Id
Ali-Swift-Global-Savetime
X-UA-Device
X-Robots-Tag
Cf-Railgun
X-LiteSpeed-Cache
X-Envoy-Upstream-Service-Time
X-Proxy-Cache
X-Ua-Compatible
X-Page-Speed
Request-Context
Content-Location
X-Device
X-Ac
X-Node
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cnection
X-Host
X-Cache-Lookup
X-Server-Id
Surrogate-Control
X-Amz-Version-Id
X-WebKit-CSP
X-Backend-Server
X-Rack-Cache
X-Response-Time
X-Rq
X-CST
X-Application-Context
X-Readtime
X-Dns-Prefetch-Control
EagleEye-TraceId
P3p
Pinterest-Generated-By
Server-Timing
X-TTL
X-Url
X-Cloud-Trace-Context
X-Instart-Request-ID
X-Px
Request-Id
X-OneAgent-JS-Injection
Report-To
X-Country
X-ORACLE-DMS-ECID
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Allow
Rating
Edge-Control
Feature-Policy
X-Country-Code
X-DynaTrace-JS-Agent
Charset
X-DataDome
X-ESI
X-Server-Name
X-Powered-CMS
X-FTR-Request-ID
X-Vname
X-TtlSet
X-PC
X-Origin-Cache
X-DynaTrace
NEL
X-MS-InvokeApp
X-ORACLE-DMS-RID
X-Goog-Hash
X-Recruiting
X-Varnish-TTL
X-Cached
X-VARITI-CCR
X-Vhost
Content-MD5
X-GitHub-Request-Id
RTSS
X-Version
X-F-Cache
X-Cdn-Fetch
X-Exp-Id
X-Geo-Segment
X-Kinja-Revision
X-Kinja-Server
X-Kinja-Build
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja
X-Powered-By-Plesk
X-CF-Powered-By
Public-Key-Pins
X-Upstream-Env
X-Pinterest-Rid
Pinterest-Version
PB-PID
PB-RID
Arc-Version
X-Mobile-Rewrite
X-Mod-Pagespeed
Verso
SPRequestGuid
X-Client-IP
X-D2id
X-Abt-Application-Version
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Permitted-Cross-Domain-Policies
X-HeyJason
X-Do-Not-Hack
X-N
Accept-CH
MS-Author-Via
AR-ATIME
AR-PoweredBy
X-Dispatcher
AR-CACHE
X-SharePointHealthScore
X-Amz-Rid
X-T
X-Navigation-Version
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
DynaTrace
Nginx-Cache
Paypal-Debug-Id
X-Dw-Request-Base-Id
X-Upstream
X-Trace
X-Fastly-Request-ID
X-Grace
Arr-Disable-Session-Affinity
X-Varnish-Age
Accept-CH-Lifetime
X-Hits
TCN
X-FastCGI-Cache
X-Shield-Request-Id
X-Id
X-Amz-Meta-S3cmd-Attrs
X-Forwarded-Proto
X-Origin-Upstream-Status
X-Pad
X-DIS-Request-ID
X-Cache-Hit
SPRequestDuration
SPIisLatency
X-Content-Options
X-Logged-In
X-Content-Digest
X-IPLB-Instance
X-Kinsta-Cache
Access-Control-Request-Method
MRF-Tech
Mrf-Cache-Status
X-B
X-Mrf-Item-Lastmod
X-Acc-Meta-Resource-Type
X-Mrf-Section-Lastmod
X-NF-Request-ID
Realpath
AR-SID
X-Ruxit-JS-Agent
X-Goog-Storage-Class
X-XRDS-Location
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Generation
X-SS-Set-Cookie
X-Vcap-Request-Id
X-HW
S
X-MSEdge-Ref
X-Debug
Service-Worker-Allowed
X-Ser
Server-Name
X-PressLabs-Stats
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Balancer
X-FTR-Cache-Status
X-Frontend
X-FTR-Backend
X-FTR-Realm
X-Server-ID
X-Webkit-CSP
X-FTR-Expires
X-Oneagent-Js-Injection
Tracecode
Fastcgi-Cache
Eomportal-Instance
Rt-Fastcgi-Cache
X-Cache-Key
X-Wix-Server-Artifact-Id
Surrogate-Key
Alternate-Protocol
AMP-Access-Control-Allow-Source-Origin
X-Forwarded-For
X-NewRelic-App-Data
X-GUploader-UploadID
Cleartype
X-Cache-Rule
X-NWS-LOG-UUID
X-Srv
Cache-Status
X-HS-Content-Id
X-HS-Hub-Id
Backend-Timing
X-Analytics
X-VCache
Host
X-User-Agent
X-Revision
TP-Cache
TP-L2-Cache
X-Rid
FilterID
X-Debug-Info
X-Whom
X-FTR-Cache-Host
X-AOL-HN
X-Via-JSL
Public-Key-Pins-Report-Only
Fastly-Restarts
X-Akam-SW-Version
X-Cache-2
X-Varnish-Backend
ServerID
X-Content-Powered-By
X-RateLimit-Remaining
X-Request-Received
X-Request-Processing-Time
X-Cdn
Viewport
X-Zen-Fury
X-Kinja-Server-Push
Accept-Charset
X-Oracle-Dms-Rid
X-Mobile
X-Accel-Buffering
X-XRDS-LOCATION
Front-End-Https
X-WPE-Loopback-Upstream-Addr
X-Cached-By
Liferay-Portal
X-Node-Name
X-Hostname
X-App-Environment
X-LB-Cache
X-B3-Traceid
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Varnish-Hostname
X-Tumblr-User
X-Cluster
X-Page-Id
X-Magnolia-Registration
X-Content-Security-Policy-Report-Only
Host-Header
X-Cache-Control
X-Akamai-Edgescape
X-B3-Sampled
X-Device-Type
X-TT
Cache-Tag
X-Request-Guid
X-Handled-By
X-Framework
X-FB-Debug
X-BCube-Filmed-By
X-Instance
X-Platform-Server
X-Signature
X-B-Cache
Upgrade-Insecure-Requests
DC
X-Cache-Server
Server-Node
X-Origin-Server
X-TT-TIMESTAMP
Source
Retry-After
X-Ttl
MicrosoftSharePointTeamServices
X-Servedby
X-Contextid
X-WA-Info
X-TA-CDN-Provider
HitInfo
Server-Info
X-Accel-Expires
HitType
X-Correlation-Id
X-Cache-Action
X-Daa-Tunnel
X-Varnish-Server
X-Amzn-Trace-Id
X-Port
X-Cache-Operation
Display
X-Distil-CS
X-Middleton-Display
X-Sol
X-APP-VERSION
X-Geo-Country
X-Generated-By
X-Edge-Location
X-Hyper-Cache
AsisCache
Content-Style-Type
Content-Script-Type
X-GeoIP
X-Amz-Replication-Status
X-Tumblr-Pixel-2
X-S
Webserver
X-WebKit-CSP-Report-Only
X-Tumblr-Pixel-1
GEO-INFO
X-RequestSource
X-Locale
X-TX-ID
X-Wix-Request-Id
Actual-Object-TTL
ServedBy
X-Seen-By
X-Jobs
X-FW-Type
X-FW-Server
X-FW-Static
X-FW-Serve
X-Status
X-Edge-Cache-Key
X-Region
X-FW-Hash
X-UUID
X-Edge-Cache
X-Varnish-Hits
X-DataStream-Cache-Status
X-Varnish-Grace
X-Adobe-Content
X-Adobe-Loc
X-Drupal-Cache-Tags
Healthy
X-Response-Served-From
Filters
User-Agent
X-Newrelic-App-Data
NGB
SRV
X-Proxied
X-Amz-Server-Side-Encryption
S-Cnection
Refresh
X-Fastcgi-Cache
X-Cache-Age
Response
X-URL
AR-Request-ID
X-Middleton-Response
X-Cache-TTL-Remaining
IBM-Web2-Location
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Esi
X-CDN-Forward
X-App-Server
X-AppVersion
X-Activity-Id
X-Az
Cache
X-Pc-Appver
X-Pc-Key
X-Pc-Hit
X-Correlation-ID
X-Cache-Remote
X-Ruxit-Js-Agent
X-Cacheable-TTL
Payment
X-Cache-NE
X-Content-Type
X-Unique-ID
X-UA
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Cache-TTL
Datacenter
Served-By
X-Akamai-Transformed
X-Vg-Webcache
Country
X-Mode
X-HS-Cache-Config
Edge-Cache-Tag
X-Source
X-ATG-Version
Machine
Load-Balancing
X-RN-RSRV
X-Detected-As
X-Rendered-As
X-Is-Bot
HostName
X-RemovedCookies
Meta-Geo
X-ProcessESI
X-Proxy
X-Rocket-Nginx-Bypass
X-FC-Vary-Parameters
User-Cache-Control
X-Backend-Name
X-Real-IP
X-PCL
X-Sucuri-ID
X-OCL
Access-Control-Allow-Method
Cache-Name
Cache-Key
Backend
X-Amz-Meta-Surrogate-Control
X-Human
X-Hosted-By
X-BB-IP
X-Origin-Hint
X-Tb
X-ServerID
X-Grey
X-PERF
X-ProxyCache-Key
X-Cache-Category-Id
X-EIG-Tracking-Id
X-ProxyCache-Status
X-Pubstack
X-BYPASS-REASON
X-Varnish-Cacheable
X-Varnish-IP
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-GeoIP-Country
TWC-Device-Class
Property-Id
TWC-Connection-Speed
TWC-Privacy
Webcakes-App-Name
X-ApacheServer
X-Viewer-Country
X-Origin
X-Cache-Config
Webcakes-App-Version
Webcakes-Region
Mn-Server-Ip
DB-Nickname
X-Generated
X-Format
Azure-InstanceId
Azure-RegionName
Access-Control-Request-Headers
X-Hit
X-Storage
Now
X-JoinUs
Azure-SiteName
Azure-SlotName
L5d-Success-Class
X-Access
ServerName
S-Rt
X-CCM
X-CDN-Cache
Azure-Version
X-Environment-Context
X-Debug-Cache
X-Loop
X-L-Path
X-Site-Version
X-Section
X-Upgrade-Enabled
X-Varnish-Cache-Hits
X-Zipkin-Id
X-Via-Fastly
X-Routing-Service
X-TNCMS
X-OVcl-Cache
X-Original-Request
X-NodeID
X-OVcl
X-VWS-Id
X-Agile-Age
X-Agile
X-Www-Served-By
X-NGENIX-Cache
Selected-FE
X-Xfnlog-Site
X-Agile-Id
X-App-Name
X-LJ-Flow-ID
X-Timing-Wait
X-TWH-CORRELATION-ID
X-IP
X-AWS-Id
X-Ocache
X-SplitTest
X-Proxy-Build
X-Pc-Date
X-Pc-Host
X-Origin-CC
X-Rule
X-Drupal-Cache-Contexts
X-Akamai-Request-ID
X-HS-Combine-CSS
X-Vgn-Hpd-Reason
X-Time-Microsecs
X-PHP-Backend
X-Cache-Var
X-Cache-Var-Map
X-Upstream-CT
X-Upstream-HT
X-RateLimit-Limit
XServer
X-NC
X-NCache
From-Origin
X-Internal-Host
X-Microcachable
OT-Force-Account-Verify
X-UA-Device-Type
Ar-Sid
X-Feature
X-Nginx-Cache
X-Distributor
X-Release
X-Mrs-Cache-Hits
X-Mrs-Cache
X-Forwarded-Host
X-Mrs-Age
X-Mshield-Cache-Status
X-M-Reqid
X-M-Log
LB
Fastcgi-X-Cache-Version
Fastly-SSL
Fastcgi-Useragent
Fastcgi-X-Cache
X-Qnm-Cache
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Cache-Backend
Pagetype
X-Ms-Lease-Status
X-Ms-Version
X-Ms-Request-Id
X-Ms-Blob-Type
X-Twitter-Response-Tags
X-Birta-Cache-Post
X-Birta-Served
X-Transaction
X-Connection-Hash
X-Webkit-Csp
X-Labrador-Cache-Channel
X-V
X-Instance-Name
NtCoent-Length
X-Ah-Environment
X-EdgeConnect-Cache-Status
X-B3-Spanid
Frame-Options
MIME-Version
Pagespeed
X-Web-Node
X-VG-TLSProxy
PageSpeed
X-GZip
Powered-By-ChinaCache
X-Varnish-Beresp-Ttl
X-C
X-SERVER-NAME
X-DPWN-IS-SECURE
X-Developer
X-Died
X-Dispatcher-Server
AKAMAI
Web-Mar-Node
Fly-Cache
Fly-Request-Id
VivaBuild
Www
X-A
Ec-Rule-Version
X-A-Dam
X-A-Ccd
Viewtype
V-Age
Meta-Geo-Continent
IsBot
MD5-Digest
NGX
Host-ID
T-Server
Server-Int
Rendered-Blocks
X-A-Dcw
X-A-Dgt
Ajk
X-CF-Lambda-Version
X-CF-Lambda-Fn
Arc-Country
X-CS
Time
X-Date
X-D
X-CUA
BehaviorPad-Version
Cache-Prefix
X-Application
X-Accel-Expires-Debug
X-A-Wwc
X-ARC
X-B-Cookie
X-Cache-Bucket
X-Block-Status
X-BB-ID
X-Destination
X-G
X-Irp-Debug
X-NU-AKA-ACS-Version
X-WebServer
X-Rojux
X-Org
X-IN-WAF
X-From
X-SIPLIST1
X-IN-APIGATEWAY
X-IN-SSL-APIGATEWAY
X-Redis-Cache
X-Region-Sid
X-Via-CDN
X-Rewrite-Enabled
X-VG-WebServer
X-No-Session
X-Via-Edge
X-Request-UUID
X-Logtrace-Id
X-Via-SSL
X-Request-URI
X-Hnp-Log
X-SRCache-Key
X-ScT
X-CACHE-GROUP
X-PAYTM-SRV-ID
X-Generated-In
X-S-Cookie
X-Gen-Mode
X-Trv-Group
X-Server-Time
X-UE-Client-Country
Xc-Version
X-Generation-Time
X-Server-By
X-Oss-Hash-Crc64ecma
X-NWS-UUID-VERIFY
X-HOST
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Server-Time
X-FireWall-Port
X-App-Version
Cteonnt-Length
X-Oss-Object-Type
Cneonction
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
Proxy-Connection
X-ServiceProvider
NodeID
Origin-Cache-Control
MI-Cache-Age
MI-Cache
X-S-Maxage
MI-API
Origin-Edge-Control
Pragrma
Request-Time
Server-Host
Request-EU
Request-Country
X-Platform
Release
SN
X-Cache-Enabled
X-HTML-Minification-Powered-By
Magicmarker
X-Debug-Log
X-Debug-Cookies
X-Key
X-Wikidot-Backend
X-Hl-Ver
X-GeoIP-City
X-F5-Cache
X-Fastly-Cache
X-Wikidot-Static-Cache
X-External-Request-Id
X-ElasticPress-Search
X-Eu-Site
X-We-Are-Hiring
X-Layer
X-NX-Host
X-Var-Ttl
X-UnsetCookies
X-Origin-TTL
X-Owner
X-Amz-Meta-Cache-Control
X-Varnish-Action
X-Node-Id
X-Crawler
X-VServer
X-Core-Value
X-CGP
X-Cache-CFC
X-MI-In-Market
X-Phone
On-Server
HA-Geolat
HA-Geocountry
HA-Georegion
Ha-Gx-Prefs
HA-Ipaddr
HA-Host
HA-Geocity
HA-Cloudapp
Esi-Enabled
Backend-Name
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
GMS-Ver
Country-Code
HA-Geolon
Kp-EeAlive
Cache-Tags
HA-Servedtime
HA-Urlpath
CDCHOST
X-Sucuri-Cache
X-Webstats-RespID
Apple-News-Services-Request-Url
X-Cache-Expires
X-Thinkindot-L3
X-Stale
X-Sorting-Hat-ShopId
X-Swa-Ws
X-Developers
X-Tumblr-Pixel-3
X-Trace-Id
X-TT-LOGID
X-Sorting-Hat-PodId
X-Cache-URL
X-Cdn-Origin
X-Cdn-Srv
Apple-News-Services-Parsed-Url
X-Cache-Srv
Apple-News-Services-Handled
Apple-News-Services-Host
X-Croise-Owner
Adler-Geo
X-Clientip
X-Ckpd-Fst-Backend
X-Cache-Host
X-FW-Version
X-Nginx-Cache-Key
X-Returned-From
X-Response-By
X-MSEdge-Flight
X-MSEdge-Features
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Request-Time
X-Passed-To
X-Reboot
X-RCS-CacheZone
X-Powered-By-ANYU
X-Passed-To-PostProcessResponse
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-Returned-From-PostProcessResponse
X-Matched-Rule
X-ShopId
X-Fstrz
X-Fetched-On
X-Shopify-Stage
X-Epic-Correlation-Id
X-Skip-Cache
X-Gannett-Site-Version
X-ShardId
X-Secret
X-Location
X-Server-IP
X-Hash
X-Sf
X-GeoIP-Country-Code
X-Sn-Servicetimems
X-Content-Age
Uber-Trace-Id
True-Client-Country-4JS
Thinkindot-Control
X-Worker
WZWS-RAY
Countrycode
Fastly-Backend-Name
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Odigeo-Trace-Id
Heartbleed
Is-Eu
Origin
PFcat
Section-Io-Cache
Platform
X-Actual-URL
Mobile-Detection-Method
X-Backend-Url
X-Variation
X-Up
X-Backend-Host
X-Alternate-Cache-Key
X-Backend-TTL
X-Backend-State
X-Atg-Version
HTTPS
Fastly-SWR
X-Csrf-Token
X-Alicdn-Da-Ups-Status
Sid
X-VCT
Resin-Trace
Content-Disposition
RNT-Machine
Fastly-SIE
X-Core-Mission
X-Planisys-CDN-TTL
Server-ID
X-Rebelmouse-Surrogate-Control
X-Planisys-CDN-Rules
X-Servername
X-Rebelmouse-Cache-Control
X-Device-Os
RNT-Time
X-Planisys-CDN-Cache
X-CACHE-AGE
X-Store
X-Ezoic-Cdn
X-GEO
RequestId
WP-Super-Cache
X-Cache-ASPX
ProcessTime
X-Policy
X-Servedbyhost
X-Pf-Uncompressing
X-Ua
CDN
Warning
Dnion-Transfer-Encoding
NODE
REQUESTUUID
Powered
X-Proto
X-TIME
X-GoCache-CacheStatus
CF-IPCountry
X-Refresh
X-Real-Ip
X-Cluster-Node
Mail-Subject
X-Req
Xserver
We-Hiring
X-B3-TraceId
X-Pjax-Url
X-Dc
X-DC
NnCoection
Cache-Cookie-Set-From
X-Origin-Expires
X-Origin-Date
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-Varnish-Ttl
X-HCF
ViewerVersion
X-Newrelic-Synthetics
X-Cache-Control-Set-By
X-Varnish-HitMiss
X-Litespeed-Cache
X-CLOUD-TRACE-CONTEXT
X-Edge-IP
X-Time
X-Server-W
GeoIp-Country-Code
X-COUNTRY
X-Surge-Debug
X-Page-Type
Geoip-Latitude
X-Nc
X-Guploader-Uploadid
X-Endurance-Cache-Level
Hostname
X-Server-Group
WWW-Authenticate
Processtime
X-CSRF-Token
X-Oracle-Dms-Ecid
SD-X-WS
X-Aed
X-Iejgwucgyu
Geoip-City
PICS-Label
A
X-Ms-Lease-State
Pramga
X-Wix-Route-ID
MS-CV
X-Datadome
X-Aicache-OS
Dont-Set-Cookie
X-Varnish-Url
X-GRACE
TSSecure
X-Varnish-URL
X-Varnish-Beresp-TTL
X-Wa
X-Cdn-Forward
X-From-Cache
X-Akamai-Request-ID2
Cdn-Request-Time
Cdn-Host
X-Edge-Server
X-Gdpr
X-Hello
Cdn
X-WA
X-DataStream-MidMile-RTT
Node
X-DataStream-Origin-MEX-Latency
CACHE
X-ABtesting
X-Flog
Ms-Operation-Id
X-RTag
Lb
DataCenter
X-Use-Magma
Mime-Version
Is-Session-Tracking
X-Optimization
X-Cache-HT
X-Auto-Login
X-Geo
X-Nananana
X-Env
X-UPSTREAM-Address
Lfy
Get-Access-Time
COMMERCE-SERVER-SOFTWARE
X-Ratelimit-Limit
X-Load-Cache
X-Wix-Petri-Ex
GeoIP-City
Who
GeoIP-Country-Code
X-APP
X-Fastly-Backend-Reqs
GeoIP-Latitude
PageType
X-PAGE-TYPE
X-SRV
FSS-Cache
FSS-Proxy
X-WR-MODIFICATION
X-Cache-FS-Status
X-Unique-Id
X-Sentry-ID
X-Gen-Id
X-CACHE-KEY
X-EC-Security-Audit
X-Meta-Tbi-Cache-Vertical
X-Ibm-Trace
X-GDPR
Rt-Proxy-Cache
X-Ver
X-Via-NSCOPI
Ws
X-Check-Cacheable
X-Dynatrace-Js-Agent
X-Cache-Id
X-FORWARDED-FOR
X-Cookie
X-NGINX-Cache
Httpd-Identifier
Ohc-File-Size
Pics-Label
X-Proxy-Server
X-MP-GENERATED-AT
X-Bip
X-Path-Route
Powered-By
X-PJAX-URL
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
Memcached
X-Cache-Info
X-Swift-Error
X-Thanos
X-Served-From
X-Be
Version
X-RateLimit-Reset
X-B3-SpanId
X-Fastly-Cache-Hits
URI
Group
V-Cache
X-Cache-Ttl
X-Dw-Trace-Id
X-Fe
X-Shard
X-P-T
X-LiteSpeed-Cache-Control
Cf-Ipcountry
X-CDN-Pop-IP
X-CDN-Pop
Memory
X-HS-Status
X-Request-Start
X-ServedByHost
Amp-Access-Control-Allow-Source-Origin
Apicache-Version
X-ID
Apicache-Store
X-GZIP
X-PF-Uncompressing
Fastly-Soc-X-Request-Id
NX-Cache
AGE-Hash
Ohc-Response-Time
X-Bug-Bounty
Requestid
X-SB
X-VC
Xet-Cookie
Serverid
GW-Server
UCS
X-Ratelimit-Remaining
X-Info
X-Varnish-Info
If-Modified-Since
X-Akamai-ERRuleID
X-CacheKey
CDN-Cache
CDN-Cache-Hit
CDN-Node
X-StackifyID
X-Akamai-ERPolicy
X-Micro-Cache
N-Cache
X-Cache-Handler
X-User
X-Litespeed-Cache-Control
X-RequestId
X-Flags
X-RAMCache
Https
X-BBXSRF
X-ServerName
X-Route-Name
X-Grace-Duration
X-Is-Crawler
X-Providence-Cookie
X-SD-PageType