Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
X-Request-Id
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Xss-Protection
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Request-ID
X-Check
X-AspNetMvc-Version
Status
X-Cache-Status
X-Adblock-Key
Timing-Allow-Origin
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
X-Template
Content-Encoding
X-Language
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
Keep-Alive
Xkey
X-Buckets
X-Backend
X-Cache-Group
X-AH-Environment
Access-Control-Max-Age
WPE-Backend
X-Pass-Why
X-Age
CF-Ray
X-POWERED-BY
X-Server
Upgrade
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Pingback
X-Drupal-Dynamic-Cache
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Grace
X-Hacker
X-Amz-Request-Id
X-Amz-Id-2
X-UA-Device
Ali-Swift-Global-Savetime
X-Robots-Tag
P3p
Cf-Railgun
X-LiteSpeed-Cache
X-Envoy-Upstream-Service-Time
X-Proxy-Cache
X-Ua-Compatible
X-Page-Speed
Request-Context
Content-Location
X-Device
X-Ac
X-Node
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cnection
X-Server-Id
X-Cache-Lookup
X-Host
X-Amz-Version-Id
Surrogate-Control
X-WebKit-CSP
X-Backend-Server
X-Rack-Cache
X-Rq
X-Response-Time
X-Application-Context
X-Readtime
X-CST
X-Dns-Prefetch-Control
EagleEye-TraceId
Pinterest-Generated-By
Server-Timing
X-Url
X-Cloud-Trace-Context
X-TTL
X-Instart-Request-ID
Request-Id
X-OneAgent-JS-Injection
X-Px
Report-To
X-Country
X-ORACLE-DMS-ECID
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Rating
Feature-Policy
Edge-Control
Allow
X-Country-Code
X-DynaTrace-JS-Agent
Charset
X-DataDome
X-ESI
X-Server-Name
X-Powered-CMS
X-FTR-Request-ID
X-Vname
X-PC
X-TtlSet
X-Origin-Cache
X-DynaTrace
NEL
X-MS-InvokeApp
X-ORACLE-DMS-RID
X-Goog-Hash
X-Recruiting
X-Varnish-TTL
X-Cached
X-VARITI-CCR
X-Vhost
X-GitHub-Request-Id
Content-MD5
RTSS
X-F-Cache
X-Version
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Server
X-Geo-Segment
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-Powered-By-Plesk
Public-Key-Pins
X-CF-Powered-By
X-Upstream-Env
X-Pinterest-Rid
Pinterest-Version
PB-PID
PB-RID
X-Mobile-Rewrite
X-Mod-Pagespeed
Arc-Version
Verso
Accept-CH
X-D2id
X-Client-IP
SPRequestGuid
X-Abt-Application-Version
X-SRCache-Store-Status
X-SRCache-Fetch-Status
MS-Author-Via
X-N
X-Dispatcher
AR-ATIME
AR-PoweredBy
X-SharePointHealthScore
X-HeyJason
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
AR-CACHE
X-Amz-Rid
X-Navigation-Version
X-TEC-API-VERSION
X-TEC-API-ROOT
X-T
X-TEC-API-ORIGIN
Nginx-Cache
DynaTrace
Accept-CH-Lifetime
X-Dw-Request-Base-Id
Paypal-Debug-Id
X-Trace
X-Fastly-Request-ID
X-Grace
X-Upstream
X-Varnish-Age
X-Hits
Arr-Disable-Session-Affinity
TCN
X-FastCGI-Cache
X-Origin-Upstream-Status
X-Id
X-Forwarded-Proto
X-DIS-Request-ID
X-Amz-Meta-S3cmd-Attrs
X-Pad
X-Shield-Request-Id
SPIisLatency
SPRequestDuration
X-Content-Options
X-Cache-Hit
AR-SID
X-Logged-In
X-Content-Digest
X-IPLB-Instance
Realpath
X-NF-Request-ID
X-Kinsta-Cache
MRF-Tech
Mrf-Cache-Status
X-Acc-Meta-Resource-Type
X-Mrf-Item-Lastmod
X-B
Access-Control-Request-Method
X-Mrf-Section-Lastmod
X-Ruxit-JS-Agent
X-XRDS-Location
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Stored-Content-Length
X-SS-Set-Cookie
X-HW
X-Vcap-Request-Id
S
X-Debug
X-MSEdge-Ref
X-Ser
Service-Worker-Allowed
Server-Name
X-PressLabs-Stats
X-Country-Code-Real
X-FTR-Backend
X-FTR-Balancer
X-FTR-DC
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-Backend-Server
X-Frontend
X-NewRelic-App-Data
X-Server-ID
Tracecode
X-Oneagent-Js-Injection
X-Wix-Server-Artifact-Id
X-FTR-Expires
X-Cache-Key
Rt-Fastcgi-Cache
Eomportal-Instance
AMP-Access-Control-Allow-Source-Origin
Fastcgi-Cache
Surrogate-Key
X-GUploader-UploadID
X-Forwarded-For
Alternate-Protocol
Cleartype
X-Cache-Rule
Cache-Status
X-NWS-LOG-UUID
X-Srv
X-HS-Content-Id
Backend-Timing
X-HS-Hub-Id
X-Analytics
X-VCache
Host
TP-Cache
TP-L2-Cache
X-Revision
X-Rid
X-User-Agent
FilterID
X-Whom
Fastly-Restarts
X-FTR-Cache-Host
Public-Key-Pins-Report-Only
X-Debug-Info
X-AOL-HN
X-Akam-SW-Version
X-Via-JSL
X-Cache-2
ServerID
X-Varnish-Backend
X-Content-Powered-By
X-RateLimit-Remaining
X-Webkit-CSP
X-Request-Received
X-Cdn
X-Request-Processing-Time
X-Kinja-Server-Push
Viewport
Accept-Charset
X-Zen-Fury
X-Ttl
X-Oracle-Dms-Rid
X-Accel-Buffering
X-Mobile
Front-End-Https
X-XRDS-LOCATION
X-Cached-By
X-WPE-Loopback-Upstream-Addr
X-Node-Name
Liferay-Portal
X-App-Environment
X-LB-Cache
X-Cluster
X-Hostname
X-B3-Traceid
Host-Header
X-Tumblr-Pixel
X-Tumblr-User
X-Varnish-Hostname
X-Content-Security-Policy-Report-Only
X-Tumblr-Pixel-0
X-Magnolia-Registration
X-Page-Id
X-Akamai-Edgescape
X-Framework
X-Request-Guid
X-B3-Sampled
X-Device-Type
X-TT
X-Cache-Control
X-Handled-By
Upgrade-Insecure-Requests
X-B-Cache
Cache-Tag
X-BCube-Filmed-By
X-FB-Debug
X-Signature
X-Platform-Server
X-Instance
DC
X-Cache-Server
X-Origin-Server
Server-Node
X-TT-TIMESTAMP
X-TA-CDN-Provider
X-Correlation-Id
Source
Retry-After
MicrosoftSharePointTeamServices
X-Contextid
X-Accel-Expires
X-Servedby
X-WA-Info
X-Cache-Action
HitType
HitInfo
Server-Info
X-Amzn-Trace-Id
X-Varnish-Server
X-Cache-Operation
X-Distil-CS
X-APP-VERSION
X-Port
X-Daa-Tunnel
X-Sol
Display
X-Middleton-Display
X-Geo-Country
Content-Script-Type
X-Edge-Location
X-Generated-By
Content-Style-Type
X-Hyper-Cache
X-GeoIP
X-Amz-Replication-Status
X-RequestSource
AsisCache
X-WebKit-CSP-Report-Only
Webserver
X-Tumblr-Pixel-2
X-S
X-Tumblr-Pixel-1
GEO-INFO
X-Seen-By
X-Status
Actual-Object-TTL
X-Locale
X-Wix-Request-Id
X-Edge-Cache-Key
X-Edge-Cache
ServedBy
X-FW-Hash
X-FW-Serve
X-FW-Type
X-FW-Static
X-FW-Server
X-Jobs
X-Region
X-Varnish-Hits
X-UUID
X-Response-Served-From
X-TX-ID
User-Agent
X-Drupal-Cache-Tags
X-Adobe-Content
Healthy
X-Adobe-Loc
X-DataStream-Cache-Status
X-Varnish-Grace
Filters
SRV
NGB
X-Fastcgi-Cache
Refresh
X-Cache-Age
X-Amz-Server-Side-Encryption
X-Esi
S-Cnection
IBM-Web2-Location
X-Proxied
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Cache-TTL-Remaining
X-CDN-Forward
Response
X-Middleton-Response
X-Activity-Id
AR-Request-ID
X-Az
X-AppVersion
X-Pc-Hit
X-Pc-Appver
X-Pc-Key
X-App-Server
X-Cache-Remote
X-Content-Type
X-Cache-NE
X-Newrelic-App-Data
Cache
X-Ruxit-Js-Agent
Payment
X-Cacheable-TTL
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Cache-TTL
X-Unique-ID
X-UA
X-ATG-Version
X-Correlation-ID
Served-By
Datacenter
Country
X-Vg-Webcache
Edge-Cache-Tag
X-Mode
X-HS-Cache-Config
X-Akamai-Transformed
X-Sucuri-ID
X-Is-Bot
Machine
Meta-Geo
X-RemovedCookies
X-Detected-As
X-RN-RSRV
X-Rendered-As
X-ProcessESI
Load-Balancing
X-Source
X-Rocket-Nginx-Bypass
HostName
X-ProxyCache-Key
X-Proxy
X-ProxyCache-Status
X-FC-Vary-Parameters
X-BYPASS-REASON
User-Cache-Control
X-Amz-Meta-Surrogate-Control
Webcakes-App-Name
Webcakes-App-Version
X-ServerID
X-Cache-Category-Id
X-Varnish-Cacheable
X-BB-IP
X-Tb
Webcakes-Region
Cache-Name
TWC-GeoIP-Country
Mn-Server-Ip
Now
X-PCL
TWC-Connection-Speed
Property-Id
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Device-Class
Backend
DB-Nickname
L5d-Success-Class
TWC-Privacy
Access-Control-Allow-Method
X-Backend-Name
X-Human
X-Real-IP
X-EIG-Tracking-Id
X-Origin
X-OCL
X-Debug-Cache
X-Origin-Hint
X-Hosted-By
X-Grey
X-L-Path
X-Viewer-Country
X-Loop
X-Varnish-Cache-Hits
X-OVcl-Cache
X-JoinUs
X-Zipkin-Id
Cache-Key
X-CDN-Cache
X-Routing-Service
Azure-RegionName
Azure-SlotName
Azure-Version
Azure-InstanceId
Azure-SiteName
X-Cache-Config
X-Pubstack
X-NodeID
X-Upgrade-Enabled
X-Section
X-Original-Request
ServerName
X-Hit
X-Generated
X-TNCMS
X-Format
S-Rt
X-Access
X-PERF
X-Site-Version
X-ApacheServer
X-Environment-Context
X-OVcl
X-Varnish-IP
X-CCM
X-Agile-Id
Selected-FE
X-Agile-Age
X-IP
X-Proxy-Build
X-Agile
X-HOST
Access-Control-Request-Headers
X-AWS-Id
X-Ocache
X-NGENIX-Cache
X-VWS-Id
X-SplitTest
X-LJ-Flow-ID
X-Timing-Wait
X-TWH-CORRELATION-ID
X-Via-Fastly
X-Rule
X-App-Name
X-Www-Served-By
X-Drupal-Cache-Contexts
X-HS-Combine-CSS
X-Origin-CC
X-URL
X-Pc-Date
X-Pc-Host
X-Cache-Var-Map
X-Storage
X-Akamai-Request-ID
X-Cache-Var
X-Xfnlog-Site
X-Vgn-Hpd-Reason
X-Upstream-HT
X-Upstream-CT
OT-Force-Account-Verify
X-Time-Microsecs
X-Litespeed-Cache
X-RateLimit-Limit
X-UA-Device-Type
X-Nginx-Cache
From-Origin
X-PHP-Backend
X-NCache
X-NC
X-Internal-Host
X-Mrs-Age
X-Microcachable
XServer
X-Mshield-Cache-Status
X-Mrs-Cache-Hits
X-Mrs-Cache
X-Feature
Fastcgi-Useragent
Fastcgi-X-Cache
Fastcgi-X-Cache-Version
X-Distributor
X-Forwarded-Host
X-Release
Fastly-SSL
X-M-Reqid
X-Amzn-RequestId
X-Qnm-Cache
X-Amz-Apigw-Id
X-M-Log
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
LB
X-Cache-Backend
Pagetype
Pagespeed
X-Birta-Served
X-Birta-Cache-Post
X-Twitter-Response-Tags
X-Transaction
X-Connection-Hash
Powered-By-ChinaCache
X-Ms-Request-Id
X-Ms-Lease-Status
X-EdgeConnect-Cache-Status
X-Labrador-Cache-Channel
X-Ms-Version
X-Ms-Blob-Type
X-Webkit-Csp
NtCoent-Length
X-Ah-Environment
X-VG-TLSProxy
X-B3-Spanid
Frame-Options
Ar-Sid
MIME-Version
X-Web-Node
X-V
X-GZip
X-Instance-Name
X-C
X-SERVER-NAME
Time
X-A-Dgt
X-A-Wwc
X-A
X-A-Ccd
X-A-Dam
X-Accel-Expires-Debug
X-A-Dcw
X-BB-ID
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-CS
X-Cache-Bucket
Www
X-ARC
X-B-Cookie
X-Application
T-Server
Ec-Rule-Version
Fly-Cache
Fly-Request-Id
Cache-Prefix
BehaviorPad-Version
Ajk
AKAMAI
Arc-Country
Host-ID
IsBot
Server-Int
V-Age
Viewtype
Rendered-Blocks
NGX
MD5-Digest
Meta-Geo-Continent
VivaBuild
X-Destination
X-ScT
X-Server-By
X-Server-Time
X-S-Cookie
X-Rojux
X-Region-Sid
X-Request-UUID
X-Rewrite-Enabled
X-SIPLIST1
X-SRCache-Key
X-Via-SSL
X-WebServer
Xc-Version
X-Via-Edge
X-Via-CDN
X-Trv-Group
X-UE-Client-Country
X-VG-WebServer
X-Redis-Cache
X-PAYTM-SRV-ID
X-From
X-G
X-Generated-In
X-DPWN-IS-SECURE
X-Dispatcher-Server
X-Date
X-Developer
X-Died
X-Generation-Time
X-IN-APIGATEWAY
X-No-Session
X-NU-AKA-ACS-Version
X-Org
X-Logtrace-Id
X-Irp-Debug
X-IN-SSL-APIGATEWAY
X-IN-WAF
X-CUA
X-D
X-Varnish-Beresp-Ttl
X-App-Version
Cneonction
X-NWS-UUID-VERIFY
X-FireWall-Port
HA-Urlpath
X-Origin-TTL
X-Owner
X-Core-Value
Magicmarker
X-CGP
HA-Servedtime
X-Crawler
HA-Georegion
HA-Cloudapp
GMS-Ver
X-Debug-Cookies
X-Debug-Log
HA-Geocity
HA-Geocountry
HA-Host
HA-Geolon
HA-Geolat
HA-Ipaddr
Origin-Cache-Control
Server-Host
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Platform
X-RCS-CacheZone
SN
Web-Mar-Node
X-Request-URI
X-S-Maxage
X-Amz-Meta-Cache-Control
Request-Time
X-Cache-Enabled
Origin-Edge-Control
X-NX-Host
X-Cache-CFC
X-Phone
Release
X-Block-Status
Pragrma
NodeID
Ha-Gx-Prefs
X-Var-Ttl
X-GeoIP-City
Mobile-Detection-Method
X-UnsetCookies
X-F5-Cache
X-Fastly-Cache
WZWS-RAY
X-Varnish-Action
X-Layer
X-Key
X-Sucuri-Cache
X-Powered-By-ANYU
X-External-Request-Id
Country-Code
X-Node-Id
X-Hl-Ver
X-VServer
Cteonnt-Length
X-Hnp-Log
Backend-Name
X-Gen-Mode
X-Wikidot-Static-Cache
X-Eu-Site
X-We-Are-Hiring
X-Wikidot-Backend
X-Webstats-RespID
PageSpeed
X-Backend-Url
X-Backend-TTL
X-Actual-URL
X-Oss-Server-Time
X-Request-Time
X-Oss-Storage-Class
X-Response-By
X-Reboot
X-Hash
X-Backend-Host
X-Location
X-GeoIP-Country-Code
X-Backend-State
X-Passed-To-PostProcessResponse
X-Epic-Correlation-Id
X-Returned-From
X-Passed-To
X-Croise-Owner
X-MI-In-Market
X-MSEdge-Features
X-ElasticPress-Search
X-Device-Os
X-Developers
X-Oss-Hash-Crc64ecma
X-Nginx-Cache-Key
X-MSEdge-Flight
X-Clientip
X-Fetched-On
X-Oss-Object-Type
X-FW-Version
X-Cache-Host
X-Oss-Request-Id
X-Cache-Expires
X-Cache-Srv
X-Cache-URL
X-Passed-To-BeforeDispatch
X-Matched-Rule
X-Passed-To-DLL
X-Cdn-Srv
X-Cdn-Origin
X-Gannett-Site-Version
X-Secret
MI-Cache-Age
Odigeo-Trace-Id
MI-Cache
MI-API
Countrycode
X-Sf
X-ServiceProvider
On-Server
Platform
X-Thinkindot-L3
X-Up
PFcat
Origin
Decoy-Debug-Key
Kp-EeAlive
Heartbleed
X-Sn-Servicetimems
X-Trace-Id
X-Stale
X-Swa-Ws
X-TT-LOGID
Esi-Enabled
Decoy-Debug-Status
X-Returned-From-BeforeDispatch
Decoy-Debug-TTL
X-Tumblr-Pixel-3
Is-Eu
Proxy-Connection
X-Server-IP
Adler-Geo
Thinkindot-CacheControl
X-HTML-Minification-Powered-By
X-Variation
Section-Io-Cache
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
Uber-Trace-Id
True-Client-Country-4JS
RNT-Time
Server-ID
Request-EU
RNT-Machine
Cache-Tags
Request-Country
Apple-News-Services-Request-Url
Apple-News-Services-Host
Apple-News-Services-Handled
CDCHOST
Apple-News-Services-Parsed-Url
Content-Disposition
Fastly-SWR
X-Fstrz
X-VCT
X-Store
X-Worker
X-Iejgwucgyu
X-Csrf-Token
Fastly-Backend-Name
Fastly-SIE
X-Ckpd-Fst-Backend
X-Sorting-Hat-ShopId
X-Rebelmouse-Surrogate-Control
X-ShardId
Resin-Trace
X-Alternate-Cache-Key
X-Rebelmouse-Cache-Control
Sid
X-Alicdn-Da-Ups-Status
X-ShopId
X-Servername
HTTPS
X-Core-Mission
X-Shopify-Stage
X-Skip-Cache
X-Content-Age
X-Sorting-Hat-PodId
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-CACHE-AGE
X-Planisys-CDN-Cache
X-Ezoic-Cdn
WP-Super-Cache
Powered
X-Policy
REQUESTUUID
X-Refresh
RequestId
X-Ua
CDN
X-Pf-Uncompressing
ProcessTime
Xserver
Warning
X-GEO
X-Cluster-Node
X-Atg-Version
X-Servedbyhost
X-Cache-ASPX
X-Proto
CF-IPCountry
X-Real-Ip
X-TIME
Mail-Subject
Dnion-Transfer-Encoding
We-Hiring
X-Dc
X-GoCache-CacheStatus
NODE
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-Pjax-Url
ViewerVersion
X-B3-TraceId
X-Req
X-Newrelic-Synthetics
X-Endurance-Cache-Level
X-DC
X-Varnish-Ttl
X-Nc
NnCoection
X-Origin-Expires
X-Origin-Date
X-Surge-Debug
X-CLOUD-TRACE-CONTEXT
X-Time
X-Server-W
Geoip-Latitude
GeoIp-Country-Code
X-Page-Type
X-Edge-IP
X-Cache-Control-Set-By
X-HCF
X-COUNTRY
X-Varnish-HitMiss
X-Guploader-Uploadid
Hostname
X-Aed
X-Oracle-Dms-Ecid
X-CSRF-Token
Pramga
WWW-Authenticate
X-Server-Group
SD-X-WS
X-Varnish-Beresp-TTL
A
X-Ms-Lease-State
TSSecure
CACHE
Processtime
Geoip-City
X-Varnish-Url
X-Wix-Route-ID
X-Datadome
PICS-Label
X-GRACE
MS-CV
X-Cdn-Forward
X-Aicache-OS
X-ABtesting
X-Flog
X-Varnish-URL
X-Hello
X-WA
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
Cdn
X-Wa
Dont-Set-Cookie
X-Ratelimit-Limit
Cdn-Request-Time
Cdn-Host
Node
X-From-Cache
X-Geo
X-Gdpr
X-Akamai-Request-ID2
X-Edge-Server
Mime-Version
Lfy
Lb
X-Auto-Login
X-Use-Magma
DataCenter
X-Nananana
FSS-Proxy
X-UPSTREAM-Address
COMMERCE-SERVER-SOFTWARE
FSS-Cache
Ms-Operation-Id
X-WR-MODIFICATION
X-RTag
GeoIP-Country-Code
Is-Session-Tracking
X-Optimization
GeoIP-Latitude
X-Env
GeoIP-City
X-PAGE-TYPE
X-Fastly-Backend-Reqs
Get-Access-Time
X-SRV
X-APP
PageType
X-Cache-HT
X-Load-Cache
X-Unique-Id
Rt-Proxy-Cache
Who
X-Via-NSCOPI
X-EC-Security-Audit
X-CACHE-KEY
X-Sentry-ID
X-Gen-Id
X-Cookie
X-Check-Cacheable
X-GDPR
X-Wix-Petri-Ex
X-Cache-Id
X-Cache-FS-Status
X-Served-From
X-Dynatrace-Js-Agent
X-Ibm-Trace
X-Meta-Tbi-Cache-Vertical
X-FORWARDED-FOR
X-Cache-Info
X-Ver
X-Bip
X-Thanos
Memcached
Ws
X-Proxy-Server
X-Swift-Error
Httpd-Identifier
X-PJAX-URL
Pics-Label
X-MP-GENERATED-AT
X-Be
X-NGINX-Cache
Memory
X-Request-Start
X-HS-Status
X-B3-SpanId
X-SVT-ORM-RULES
Powered-By
X-SVT-ORM-VERSION
Ohc-File-Size
X-Fastly-Cache-Hits
X-Fe
X-RateLimit-Reset
X-Cache-Ttl
V-Cache
Group
X-Path-Route
X-ServedByHost
X-CDN-Pop
X-CDN-Pop-IP
X-Shard
URI
X-Dw-Trace-Id
Cf-Ipcountry
Version
Amp-Access-Control-Allow-Source-Origin
X-ID
Requestid
Xet-Cookie
X-P-T
UCS
X-LiteSpeed-Cache-Control
GW-Server
NX-Cache
X-GZIP
X-Bug-Bounty
X-VC
AGE-Hash
X-PF-Uncompressing
X-SB
Serverid
X-Akamai-ERPolicy
X-Varnish-Info
Apicache-Store
CDN-Cache-Hit
X-Akamai-ERRuleID
CDN-Node
N-Cache
X-CacheKey
X-Ratelimit-Remaining
X-User
CDN-Cache
Fastly-Soc-X-Request-Id
X-StackifyID
Apicache-Version
Ohc-Response-Time
X-Flags
X-Litespeed-Cache-Control
X-Info
X-RequestId
Cache-Hits
X-Micro-Cache
Https
X-Grace-Duration
X-Cache-Handler
If-Modified-Since
X-SD-PageType
X-Providence-Cookie
X-Route-Name
X-ServerName
X-Is-Crawler