Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Request-Id
X-Xss-Protection
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
X-Runtime
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Adblock-Key
X-Check
Alt-Svc
X-Cacheable
X-Generator
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Cache-Status
X-AspNetMvc-Version
X-Permitted-Cross-Domain-Policies
X-Iinfo
X-Template
X-Language
Status
Timing-Allow-Origin
X-Buckets
X-Content-Security-Policy
Content-Encoding
X-CDN
X-Kinja-Server-Push
Xkey
X-Turbo-Charged-By
Upgrade
X-Type
Access-Control-Expose-Headers
Keep-Alive
WPE-Backend
X-Pass-Why
Access-Control-Max-Age
X-Backend
X-AH-Environment
CF-Ray
X-Cache-Group
X-Age
X-Drupal-Dynamic-Cache
X-Ua-Compatible
X-Server
X-Via
X-Request-ID
X-Proxy-Cache
Grace
X-Pingback
X-Nginx-Cache-Status
X-Server-Powered-By
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Hacker
X-UA-Device
X-Varnish-Cache
X-Page-Speed
EagleId
Request-Context
X-LiteSpeed-Cache
Cf-Railgun
X-Envoy-Upstream-Service-Time
X-CST
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Server-Id
X-Device
X-Amz-Version-Id
X-Ac
X-Node
Server-Timing
X-OneAgent-JS-Injection
Feature-Policy
X-Iejgwucgyu
X-Cnection
X-Response-Time
Allow
X-Rq
Content-Location
X-Backend-Server
X-Cache-Lookup
Report-To
EagleEye-TraceId
Surrogate-Control
X-Readtime
X-Host
X-Application-Context
Request-Id
X-Url
X-ORACLE-DMS-ECID
X-Rack-Cache
X-Origin-Cache
X-Clacks-Overhead
X-Country
X-FTR-Request-ID
Rating
NEL
X-Country-Code
X-Cloud-Trace-Context
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-DataDome
X-Instart-Request-ID
X-Px
X-Vhost
X-MS-InvokeApp
X-Mod-Pagespeed
Charset
X-Ruxit-JS-Agent
X-VARITI-CCR
Accept-CH
Edge-Control
X-Goog-Hash
X-GitHub-Request-Id
PB-PID
Arc-Version
X-Mobile-Rewrite
PB-RID
Verso
X-ESI
X-Varnish-TTL
X-DynaTrace
X-Version
X-Vname
X-PC
X-TtlSet
X-Server-Name
X-TTL
X-Cdn
X-Powered-By-Plesk
X-D2id
Pinterest-Generated-By
X-Kinja-Server
X-GoogleNews-Bot
X-Kinja-Build
X-Use-Magma
X-Kinja
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Revision
X-Cached
X-B3-TraceId
X-Dispatcher
X-Upstream-Env
X-Origin-Upstream-Status
SPRequestGuid
X-Powered-CMS
X-SharePointHealthScore
X-Abt-Application-Version
MS-Author-Via
X-T
Accept-CH-Lifetime
X-Recruiting
RTSS
X-Trace
X-Navigation-Version
Public-Key-Pins
X-Shield-Request-Id
X-Oracle-Dms-Rid
X-ORACLE-DMS-RID
Content-MD5
AR-CACHE
AR-ATIME
AR-PoweredBy
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Amz-Rid
SPIisLatency
SPRequestDuration
X-Fastly-Request-ID
X-HW
X-DIS-Request-ID
X-Client-IP
Arr-Disable-Session-Affinity
Realpath
X-Wix-Server-Artifact-Id
X-Accel-Buffering
X-Forwarded-Proto
X-F-Cache
X-B
X-Server-ID
X-DynaTrace-JS-Agent
X-Upstream
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Amz-Meta-S3cmd-Attrs
X-Ser
X-Via-JSL
Service-Worker-Allowed
X-Pinterest-Rid
Pinterest-Version
X-Dw-Request-Base-Id
X-FTR-Backend-Server
X-Id
X-FTR-Backend
X-FTR-Balancer
X-FTR-Realm
X-Country-Code-Real
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Expires
Front-End-Https
X-Vcap-Request-Id
Paypal-Debug-Id
AR-Request-ID
X-Varnish-Age
X-Dns-Prefetch-Control
X-Ttl
X-Debug
X-Goog-Storage-Class
X-Acc-Meta-Resource-Type
Nginx-Cache
Ar-Sid
X-MSEdge-Ref
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Hits
X-N
X-Kinsta-Cache
X-NF-Request-ID
X-NewRelic-App-Data
X-FTR-Cache-Host
X-Logged-In
Mrf-Cache-Status
X-Mrf-Section-Lastmod
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
S
X-XRDS-Location
X-Akam-SW-Version
X-Forwarded-For
X-Frontend
X-HS-Content-Id
X-HS-Hub-Id
X-Grace
Alternate-Protocol
X-PressLabs-Stats
AMP-Access-Control-Allow-Source-Origin
X-User-Agent
Tracecode
X-Amzn-Trace-Id
X-Cache-Key
DynaTrace
X-DataStream-Cache-Status
X-TA-CDN-Provider
X-CACHE-GROUP
Server-Name
X-Pad
X-Content-Digest
Refresh
X-Content-Options
X-Analytics
Backend-Timing
Accept-Charset
Fastcgi-Cache
X-AppVersion
X-Az
X-Activity-Id
MicrosoftSharePointTeamServices
Powered-By-ChinaCache
FilterID
X-Rid
X-Page-Id
X-LB-Cache
Access-Control-Request-Method
X-Zen-Fury
MS-CV
Display
Host
X-Sol
X-Content-Type
X-IPLB-Instance
X-Middleton-Display
X-Debug-Info
X-Fastcgi-Cache
X-FastCGI-Cache
X-CF-Powered-By
TCN
X-Magnolia-Registration
ServerID
TP-L2-Cache
TP-Cache
X-XRDS-LOCATION
Response
X-Middleton-Response
Cache-Status
X-Cache-Hit
X-ATG-Version
X-Mobile
X-Content-Powered-By
X-Ruxit-Js-Agent
X-Srv
Surrogate-Key
X-VCache
X-Seen-By
X-WA-Info
X-Hostname
X-B3-Sampled
Rt-Fastcgi-Cache
X-RateLimit-Remaining
X-Cached-By
X-Revision
X-Varnish-Backend
X-Request-Received
X-Request-Processing-Time
X-Cache-Action
VIX-Pulpo-Node
X-SS-Set-Cookie
VIX-Pulpo-Upstream-Status
X-B-Cache
X-Signature
X-Cluster
X-Cache-Age
X-Content-Security-Policy-Report-Only
X-Tumblr-Pixel
X-Instance
X-Tumblr-User
X-Tumblr-Pixel-0
Source
X-PHP-Backend
X-Request-Guid
X-Whom
Cleartype
X-Drupal-Cache-Tags
X-Platform-Server
X-Edge-Location
X-Framework
X-Akamai-Edgescape
X-Handled-By
X-App-Environment
X-Origin-Server
Server-Info
X-TT
X-Wix-Request-Id
ViewerVersion
X-GUploader-UploadID
X-Cache-Control
Host-Header
X-BCube-Filmed-By
X-Generated-By
DC
X-Amz-Apigw-Id
X-Amzn-RequestId
X-NWS-LOG-UUID
X-App-Server
X-AOL-HN
X-Varnish-Hostname
X-Cache-Rule
X-Cache-2
X-Geo-Country
X-Oneagent-Js-Injection
X-FW-Static
X-FW-Server
X-FW-Hash
X-FW-Type
X-FW-Serve
Retry-After
X-Varnish-Server
Server-Node
X-Correlation-Id
X-Real-IP
Eomportal-Instance
Fusion-Component-Id
Fusion-Source
Fusion-Content-Source
Fusion-Template-Id
Fusion-Content-Id
X-FB-Debug
Cache
Webserver
X-Device-Type
Payment
X-Response-Served-From
Access-Control-Allow-Method
Actual-Object-TTL
X-Amz-Server-Side-Encryption
X-TT-TIMESTAMP
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
AsisCache
X-Varnish-Hits
ServedBy
X-Cacheable-TTL
X-RTag
Content-Script-Type
GEO-INFO
Ms-Operation-Id
X-TX-ID
X-Varnish-Grace
NGB
X-Jobs
X-WebKit-CSP-Report-Only
X-Region
Content-Style-Type
Filters
X-Amz-Replication-Status
X-UUID
X-Varnish-IP
X-Servedby
Edge-Cache-Tag
X-Contextid
Upgrade-Insecure-Requests
Viewport
X-Rendered-As
Healthy
X-Accel-Expires
X-Drupal-Cache-Contexts
X-Locale
X-UA-Device-Type
Cache-Tv-Group
X-Adobe-Content
Country
X-Adobe-Loc
From-Origin
X-RequestSource
X-Cache-Config
X-WPE-Loopback-Upstream-Addr
HitType
X-BACKEND-TTL
X-Cache-TTL-Remaining
X-Cache-Server
X-Ezoic-Cdn
X-Cache-Remote
X-VG-WebCache
X-Cache-TTL
Pagespeed
X-Cache-Operation
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Fastly-Restarts
Fastcgi-Useragent
X-Content-Age
X-APP-VERSION
X-Storage
X-FW-Dynamic
X-Hit
X-Upgrade-Enabled
Cache-Tags
X-Redis-Cache
X-S
X-Esi
X-Guploader-Uploadid
X-Mode
Datacenter
NtCoent-Length
X-App-Version
Cache-Tag
X-Daa-Tunnel
X-RateLimit-Limit
X-Source
Served-By
Origin-Edge-Control
X-Is-Bot
SRV
Machine
X-Detected-As
X-Generated
X-Internal-Host
X-Path-Route
Load-Balancing
X-Cache-NE
Meta-Geo
X-Rule
X-Hl-Ver
X-RN-RSRV
X-NGENIX-Cache
X-Cache-Var
X-JoinUs
X-Backend-Name
X-NCache
Origin-Cache-Control
X-Cache-Var-Map
Now
X-GeoIP
X-Grey
X-Web-Node
X-TNCMS
X-Origin-Host
X-Www-Served-By
X-Origin-Response-Time
X-Akamai-Request-ID
X-Timing-Wait
X-Time-Microsecs
X-Pubstack
X-ProxyCache-Key
X-Proxy-Build
X-Proxy
X-Tb
X-ServerID
X-Loop
X-Labrador-Cache-Channel
X-Birta-Served
X-BYPASS-REASON
X-Birta-Cache-Post
X-Agile-Id
X-Agile
X-Agile-Age
X-Cache-Category-Id
X-CDN-Cache
X-Hosted-By
X-L-Path
X-ProxyCache-Status
X-FC-Vary-Parameters
X-Edge-IP
X-Environment-Context
Vix-Hermes-Req-Id
Selected-FE
Xserver
X-Varnish-Cacheable
X-ApacheServer
X-Status
X-Via-Fastly
X-ProcessESI
Cache-Key
X-Human
X-Viewer-Country
Cache-Name
X-PERF
X-RemovedCookies
X-Pc-Hit
X-IP
X-Pc-Key
X-Pc-Appver
DB-Nickname
X-PCL
S-Rt
X-Varnish-Cache-Hits
X-CCM
X-OCL
X-Debug-Cache
X-Site-Version
X-Zipkin-Id
X-Xfnlog-Site
X-Proxied
X-Routing-Service
X-MP-GENERATED-AT
We-Hiring
X-Original-Request
Public-Key-Pins-Report-Only
Azure-Version
X-Akamai-Transformed
Azure-InstanceId
Azure-SlotName
X-Format
Mail-Subject
Azure-SiteName
Azure-RegionName
Webcakes-App-Version
TWC-Privacy
Webcakes-App-Name
X-Origin-Hint
X-Origin
X-Section
TWC-GeoIP-LatLong
X-Access
Webcakes-Region
TWC-Locale-Group
TWC-GeoIP-Country
Property-Id
X-VG-TLSProxy
TWC-Device-Class
TWC-Connection-Speed
X-App-Name
Fastcgi-X-Cache-Version
X-Cache-Enabled
X-UA
X-Microcachable
Access-Control-Request-Headers
X-Ocache
X-Sucuri-ID
S-Cnection
User-Cache-Control
Liferay-Portal
Nel
X-Upstream-Proxy
X-Protected-By
X-Request-Time
X-EdgeConnect-Cache-Status
X-Cdn-Forward
X-Nginx-Cache
X-CACHE-KEY
X-Tumblr-Pixel-3
X-DataStream-MidMile-RTT
X-Webstats-RespID
X-FW-Version
X-DataStream-Origin-MEX-Latency
User-Agent
X-GRACE
X-Origin-CC
X-FB-TRIP-ID
X-Proto
X-Trace-Id
PageSpeed
X-Yottaa-Metrics
LB
X-Yottaa-Optimizations
Ohc-File-Size
Cache-Hits
X-GEO
X-Node-Name
X-Nc
X-Varnish-Beresp-Grace
X-Correlation-ID
X-Upstream-HT
X-Upstream-CT
X-Varnish-Beresp-Status
Powered
X-Varnish-Beresp-Ttl
X-ES-SERVER
X-Forwarded-Host
X-Endurance-Cache-Level
X-ElasticPress-Search
Frame-Options
X-Cache-Backend
X-B3-Traceid
X-OVcl-Cache
X-TIME
X-OVcl
L5d-Success-Class
X-Pc-Date
IBM-Web2-Location
X-Edge-Cache-Key
X-Rocket-Nginx-Bypass
X-V
X-Origin-TTL
X-Edge-Cache
X-Ua
AR-SID
X-Pc-Host
X-Vgn-Hpd-Reason
Section-Io-Cache
X-Parent-Response-Time
X-Time
X-Server-Cache
OT-Force-Account-Verify
X-Unique-ID
X-Dynatrace-Js-Agent
Decoy-Debug-TTL
X-Auto-Login
X-ARC
X-Application
X-B-Cookie
X-VG-WebServer
X-Amz-Meta-Cache-Control
X-BB-ID
X-Cache-Bucket
Decoy-Debug-Status
X-LI-UUID
X-We-Are-Hiring
Ec-Rule-Version
Decoy-Debug-Key
X-Block-Status
X-Cache-FS-Status
X-NU-AKA-ACS-Version
GMS-Ver
Fly-Request-Id
X-Cache-Host
Powered-By
Node
MD5-Digest
Mobile-Detection-Method
Meta-Geo-Continent
Memcached
Rendered-Blocks
Resin-Trace
Www
X-Accel-Expires-Debug
X-Origin-Expires
X-Micro-Cache
Fastly-SIE
VivaBuild
Fly-Cache
Fastly-SWR
Viewtype
Xc-Version
X-Cdn-Srv
X-Distil-CS
X-IN-SSL-APIGATEWAY
X-DPWN-IS-SECURE
X-PHP-Host
X-Rebelmouse-Cache-Control
X-Rewrite-Enabled
X-Died
X-Destination
X-IN-WAF
X-Developer
X-Rojux
X-External-Request-Id
X-Fetched-On
X-IN-APIGATEWAY
X-Hnp-Log
X-Region-Sid
X-Reboot
X-Rebelmouse-Surrogate-Control
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated-In
X-From
X-Gen-Mode
Country-Code
X-Request-UUID
X-Date
X-S-Cookie
X-TT-LOGID
X-PAYTM-SRV-ID
X-Trv-Group
X-Transaction
X-SRCache-Key
X-LI-Proto
X-Twitter-Response-Tags
X-Cache-Id
X-Cache-Info
X-UE-Client-Country
X-Cache-URL
X-Li-Pop
X-ServiceProvider
X-Server-Group
X-Connection-Hash
X-Server-By
X-ScT
X-S-Maxage
X-CF-Lambda-Version
X-Origin-Date
X-Li-Fabric
X-Irp-Debug
X-Info
X-CF-Lambda-Fn
X-User
X-Aed
Arc-Country
X-Pc-Subdomain
Cache-Prefix
BehaviorPad-Version
Fastcgi-X-Cache
X-R9-Blue-Green-Version
X-Dc
X-Cache-Grace
Web-Mar-Node
X-Sorting-Hat-ShopId
X-Cache-Expires
X-Cache-Debug
X-Stale
HostName
X-Var-Ttl
X-Sorting-Hat-PodId
X-ShopId
X-ShardId
X-Core-Mission
X-Shopify-Stage
X-Variation
X-SIPLIST1
Mn-Server-Ip
X-Bip
X-Backend-Url
X-A-Wwc
X-Actual-URL
X-VWS-Id
X-A
X-A-Dgt
X-A-Dam
X-A-Dcw
X-Thinkindot-L3
X-Alternate-Cache-Key
X-Swa-Ws
X-Svr
X-Crawler
X-AWS-Id
X-LJ-Flow-ID
X-Thanos
X-A-Ccd
X-D
X-Proxy-Cache-Status
X-Policy
X-Location
X-Proxy-Upstream
X-Level-Front-Cache
X-Request-URI
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Matched-Rule
X-Passed-To-PostProcessResponse
X-Passed-To-BeforeDispatch
X-Passed-To
Content-Disposition
X-NX-Host
X-Passed-To-DLL
X-Nginx-Cache-Key
X-Node-Id
X-Hash
X-Response-By
X-Server-Time
X-Via-CDN
X-Dispatcher-Server
X-Debug-Log
X-Debug-Cookies
X-CUA
X-Varnish-Action
X-Server-IP
X-Via-NSCOPI
X-Returned-From-BeforeDispatch
X-Returned-From
X-Generated-On
X-Returned-From-DLL
X-G
X-FireWall-Port
X-Returned-From-PostProcessResponse
X-Sf
X-Backend-Host
Proxy-Connection
SD-X-WS
Adler-Geo
Server-Host
X-Wikidot-Backend
Fastly-Backend-Name
Request-Time
Backend
X-Wikidot-Static-Cache
Platform
Lfy
Origin
Thinkindot-Control
True-Client-Country-4JS
Is-Eu
IsBot
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
On-Server
X-Sucuri-Cache
X-HS-Cache-Config
X-Qloud-Router
X-Platform
X-Instart-Isnd
X-Key
GW-Server
X-CGP
X-LAGOON
HA-Ipaddr
X-Distributor
Kp-EeAlive
X-Epic-Correlation-Id
X-Eu-Site
X-Secret
X-Fastly-Cache
Magicmarker
X-Device-Os
X-Generation-Time
X-GeoIP-Country-Code
Pagetype
X-Gannett-Site-Version
Heartbleed
Ha-Gx-Prefs
AKAMAI
RNT-Time
CDCHOST
RNT-Machine
Countrycode
Ajk
Server-Cache-Control
X-Cluster-Node
X-UnsetCookies
X-Varnish-Authentication
SS
Server-Surrogate-Control
Server-Int
X-Backend-State
X-No-Session
Fastly-SSL
Who
Pramga
X-C
X-SERVER
X-Logtrace-Id
X-Clientip
Fastly-Soc-X-Request-Id
X-Cache-ASPX
Release
Warning
X-Fstrz
X-Page-Type
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
CACHE
X-MSEdge-Flight
Cache-Cookie-Set-Lfrom
X-MSEdge-Features
X-Developers
X-Core-Value
X-Debug-Cache-Expiry
REQUESTUUID
X-Amz-Meta-Surrogate-Control
X-Varnish-Url
Server-ID
X-Debug-Cache-Fetch
X-Croise-Owner
X-Debug-Cache-Store
Version
X-F5-Cache
Apple-News-Services-Request-Url
X-Cache-Miss-From
X-TrackingId
PFcat
Apple-News-Services-Parsed-Url
X-Pjax-Url
Apple-News-Services-Handled
X-Up
Apple-News-Services-Host
X-Sedo-Request-Id
X-Servername
X-EIG-Tracking-Id
X-Be
RequestId
NGX
X-Refresh
X-Ratelimit-Remaining
X-Newrelic-App-Data
X-Store
Esi-Enabled
X-Cache-CFC
MI-API
SID
X-Layer
MI-Cache
X-RCS-CacheZone
X-MI-In-Market
MI-Cache-Age
X-Geo
X-CDN-Forward
X-URL
X-SN
X-Oss-Storage-Class
X-Oss-Server-Time
X-Owner
X-RequestId
Time
X-Oss-Object-Type
X-Oss-Request-Id
MIME-Version
Cdn
X-From-Cache
X-Oss-Hash-Crc64ecma
X-IPS-LoggedIn
X-B3-SpanId
X-NC
HA-Geocountry
Odigeo-Trace-Id
Mime-Version
HA-Cloudapp
HA-Georegion
HA-Urlpath
PICS-Label
HA-Servedtime
HA-Host
HA-Geolon
HA-Geolat
HA-Geocity
X-Mrs-Cache
X-Unique-Id-Primal
X-Mrs-Cache-Hits
X-Real-Ip
X-Mshield-Cache-Status
X-Mrs-Age
X-Ratelimit-Limit
X-FPC
Cteonnt-Length
X-Hyper-Cache
FastCGI-Cache
HTTPS
X-CMS-Context
Backend-Name
X-Servedbyhost
Hostname
X-Edge-Server
X-Webkit-Csp
Cf-Ipcountry
X-Webkit-CSP
Processtime
Cdn-Request-Time
X-Req
X-Varnish-Ttl
Cdn-Host
CF-IPCountry
X-CLOUD-TRACE-CONTEXT
X-B3-Spanid
X-CSRF-TOKEN
Memory
X-Instart-Info
X-Phone
X-WebServer
X-Wa
Ohc-Response-Time
X-Request-Start
X-Aicache-OS
CDN
X-WR-MODIFICATION
X-DC
X-HS-Combine-CSS
GeoIP-Country-Code
X-Newrelic-Synthetics
X-Mobile-URL
X-Pf-Uncompressing
X-Amzn-Remapped-Date
X-Release
X-Amzn-Remapped-Connection
ProcessTime
X-NodeID
X-Load-Cache
GeoIP-Latitude
X-GZip
X-VServer
Cross-Origin-Window-Policy
XServer
X-WA
X-Atg-Version
X-Lb-Id
X-HTML-Minification-Powered-By
X-Varnish-Beresp-TTL
X-PF-Uncompressing
X-ND-Cache
Rt-Proxy-Cache
X-Server-W
X-Skip-Cache
X-Served-From
X-Fastly-Country-Code
X-Unique-Id
URI
X-Nananana
T-Server
X-FORWARDED-FOR
X-GoCache-CacheStatus
Accept-Ch-Lifetime
Ohc-Cache-HIT
X-Tb-Optimization-Total-Bytes-Saved
X-VC-Cache
X-Oracle-Dms-Ecid
X-ServedByHost
X-CSRF-Token
X-Sn-Servicetimems
X-COUNTRY
X-Cdn-Origin
X-LB-ID
X-MServer
X-Cms-Context
V-Age
X-Gateway-Cache-Key
X-Gateway-Cache-Status
X-Gateway-Skip-Cache
Pics-Label
Uber-Trace-Id
N-Cache
X-Worker
X-UCC
X-APP
X-SRV
X-Datadome
Proxy-Firewall
X-UPSTREAM-Address
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
A
Get-Access-Time
Is-Session-Tracking
X-LiteSpeed-Cache-Control
X-P-T
X-Fastly-Cache-Hits
X-SERVER-NAME
Amp-Access-Control-Allow-Source-Origin
DataCenter
X-HS-Status
ServerName
X-Check-Cacheable
X-Processor
X-CACHE-AGE
X-BBXSRF
X-Hp-Webp
X-Requestid
X-GZIP
X-RCS-Backend
X-NGINX-Cache
X-Cache-HT
X-Optimization
X-ID
Geoip-Latitude
X-BE
Dnion-Transfer-Encoding
X-HostName
X-Backend-TTL
X-Vg-Webcache
X-Port
X-Org
X-Varnish-URL
X-PAGE-TYPE
GeoIp-Country-Code
X-PJAX-URL
WZWS-RAY
X-StackifyID
X-GDPR
X-Fe
Requestid
X-Csrf-Token
Cneonction
Serverid
X-NWS-UUID-VERIFY
X-Via-Edge
X-ServerName
X-Via-SSL
X-Git-Hash
Host-ID
WP-Super-Cache
RequestUuid
X-Dw-Trace-Id
X-LiteSpeed-Tag
X-GeoIP-City
Server-Id
X-Amzn-Remapped-Content-Length
X-Geo-Header
Cache-Provider
X-RAMCache
X-VCT
Pragrma
189phosttRef
X-Planisys-CDN-Cache
Xxline
Correlation-Id
X-Gdpr
X-Planisys-CDN-Rules
X-Instance-Name
X-Request-Url
X-Planisys-CDN-TTL
409pxxline
355prline
219prxHost
188prxHost
178proxuri
225prxHost
X-CS
352pxline
286prxHost
DSUID