Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Timer
CF-Cache-Status
X-Request-Id
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Xss-Protection
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Request-ID
X-Check
X-AspNetMvc-Version
Status
X-Cache-Status
X-Adblock-Key
Timing-Allow-Origin
X-Iinfo
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-Template
Content-Encoding
X-Language
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
Keep-Alive
Xkey
X-Buckets
X-Backend
X-AH-Environment
WPE-Backend
Access-Control-Max-Age
X-Pass-Why
X-Age
X-Cache-Group
X-Server
CF-Ray
Upgrade
X-POWERED-BY
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Pingback
X-Drupal-Dynamic-Cache
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Grace
X-Hacker
X-Amz-Request-Id
X-Amz-Id-2
X-UA-Device
Ali-Swift-Global-Savetime
X-Robots-Tag
Cf-Railgun
P3p
X-LiteSpeed-Cache
X-Envoy-Upstream-Service-Time
X-Proxy-Cache
X-Page-Speed
X-Ua-Compatible
Request-Context
Content-Location
X-Device
X-Ac
X-Node
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cnection
X-Host
X-Cache-Lookup
X-Amz-Version-Id
Surrogate-Control
X-Server-Id
X-WebKit-CSP
X-Backend-Server
X-Rack-Cache
X-Rq
X-Response-Time
X-Application-Context
X-CST
X-Readtime
X-Dns-Prefetch-Control
EagleEye-TraceId
Server-Timing
Pinterest-Generated-By
X-Url
X-Cloud-Trace-Context
X-Instart-Request-ID
X-OneAgent-JS-Injection
X-Px
X-TTL
Request-Id
Report-To
X-Country
X-Clacks-Overhead
X-ORACLE-DMS-ECID
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Rating
Feature-Policy
Edge-Control
Allow
X-Country-Code
X-DynaTrace-JS-Agent
Charset
X-ESI
X-Server-Name
X-Powered-CMS
X-FTR-Request-ID
X-DataDome
X-PC
X-TtlSet
X-Vname
X-Origin-Cache
X-DynaTrace
NEL
X-MS-InvokeApp
X-Goog-Hash
X-Recruiting
X-Varnish-TTL
X-ORACLE-DMS-RID
X-Cached
X-VARITI-CCR
X-Vhost
Content-MD5
X-GitHub-Request-Id
RTSS
X-Version
X-F-Cache
X-Cdn-Fetch
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-Geo-Segment
X-Exp-Variant
X-Powered-By-Plesk
Public-Key-Pins
X-CF-Powered-By
Pinterest-Version
X-Upstream-Env
X-Pinterest-Rid
PB-PID
PB-RID
X-Mod-Pagespeed
Arc-Version
X-Mobile-Rewrite
Verso
X-Client-IP
SPRequestGuid
X-D2id
X-Abt-Application-Version
X-SRCache-Fetch-Status
Accept-CH
MS-Author-Via
X-SRCache-Store-Status
X-N
Permitted-Cross-Domain-Policies
X-Do-Not-Hack
X-HeyJason
AR-PoweredBy
AR-ATIME
X-Dispatcher
X-SharePointHealthScore
AR-CACHE
X-Amz-Rid
X-Navigation-Version
X-T
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
DynaTrace
Nginx-Cache
Paypal-Debug-Id
X-Dw-Request-Base-Id
X-Grace
X-Trace
X-Upstream
X-Fastly-Request-ID
Arr-Disable-Session-Affinity
Accept-CH-Lifetime
X-Hits
X-Varnish-Age
X-FastCGI-Cache
TCN
X-Shield-Request-Id
X-Amz-Meta-S3cmd-Attrs
X-Id
X-Forwarded-Proto
X-DIS-Request-ID
X-Pad
X-Origin-Upstream-Status
X-XRDS-Location
SPRequestDuration
SPIisLatency
X-Cache-Hit
X-Content-Options
X-Ruxit-JS-Agent
X-Content-Digest
X-Logged-In
X-IPLB-Instance
Access-Control-Request-Method
X-Mrf-Item-Lastmod
Mrf-Cache-Status
MRF-Tech
X-Acc-Meta-Resource-Type
X-Mrf-Section-Lastmod
X-B
X-Kinsta-Cache
X-NF-Request-ID
AR-SID
X-Goog-Stored-Content-Length
Realpath
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-SS-Set-Cookie
X-Server-ID
X-Vcap-Request-Id
X-HW
S
X-MSEdge-Ref
X-Debug
Service-Worker-Allowed
Server-Name
X-Ser
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-DC
X-FTR-Balancer
X-PressLabs-Stats
X-Frontend
Tracecode
X-FTR-Expires
X-Wix-Server-Artifact-Id
Fastcgi-Cache
Eomportal-Instance
Rt-Fastcgi-Cache
X-Cache-Key
AMP-Access-Control-Allow-Source-Origin
X-GUploader-UploadID
Surrogate-Key
X-Forwarded-For
Alternate-Protocol
X-Webkit-CSP
X-Oneagent-Js-Injection
Cleartype
X-Cache-Rule
X-NewRelic-App-Data
Cache-Status
X-Srv
X-NWS-LOG-UUID
X-HS-Hub-Id
X-HS-Content-Id
Backend-Timing
X-Analytics
X-VCache
X-User-Agent
TP-Cache
TP-L2-Cache
X-Revision
Host
X-Rid
FilterID
X-Ttl
X-Whom
X-Debug-Info
X-FTR-Cache-Host
Public-Key-Pins-Report-Only
Fastly-Restarts
X-AOL-HN
X-Via-JSL
X-Akam-SW-Version
X-Varnish-Backend
X-Cache-2
X-Oracle-Dms-Rid
ServerID
X-Content-Powered-By
X-RateLimit-Remaining
X-Request-Received
X-Request-Processing-Time
X-Zen-Fury
Viewport
Accept-Charset
X-Cdn
X-Accel-Buffering
X-Kinja-Server-Push
Front-End-Https
X-Mobile
X-WPE-Loopback-Upstream-Addr
Liferay-Portal
X-Cached-By
X-Node-Name
X-B3-Traceid
X-App-Environment
X-Hostname
X-LB-Cache
X-Content-Security-Policy-Report-Only
X-Cache-Control
X-Cluster
X-Varnish-Hostname
X-Tumblr-Pixel-0
X-Tumblr-User
X-Page-Id
X-Magnolia-Registration
X-Tumblr-Pixel
X-B3-Sampled
Host-Header
X-Akamai-Edgescape
Cache-Tag
X-TT
X-Request-Guid
X-Handled-By
X-BCube-Filmed-By
X-Framework
Upgrade-Insecure-Requests
X-Device-Type
X-FB-Debug
X-B-Cache
X-Signature
X-Platform-Server
X-Instance
DC
X-Origin-Server
Server-Node
X-Cache-Server
X-TT-TIMESTAMP
X-TA-CDN-Provider
X-XRDS-LOCATION
Source
Retry-After
MicrosoftSharePointTeamServices
X-Servedby
X-WA-Info
X-Contextid
X-Accel-Expires
Server-Info
HitType
HitInfo
X-Cache-Action
X-Amzn-Trace-Id
X-Varnish-Server
X-Cache-Operation
X-Sol
X-Middleton-Display
Display
X-APP-VERSION
X-Correlation-Id
X-Port
X-Daa-Tunnel
X-Generated-By
X-Geo-Country
X-Distil-CS
X-Edge-Location
AsisCache
X-Hyper-Cache
X-Amz-Replication-Status
X-GeoIP
Content-Script-Type
Webserver
Content-Style-Type
X-WebKit-CSP-Report-Only
X-Tumblr-Pixel-1
X-Newrelic-App-Data
X-Tumblr-Pixel-2
X-RequestSource
GEO-INFO
X-Wix-Request-Id
X-S
Actual-Object-TTL
X-TX-ID
X-Seen-By
ServedBy
X-FW-Static
X-FW-Type
X-FW-Serve
X-FW-Hash
X-Edge-Cache
X-Edge-Cache-Key
X-Jobs
X-FW-Server
X-Status
X-UUID
X-Region
Healthy
X-Locale
X-Adobe-Loc
X-Varnish-Hits
X-Drupal-Cache-Tags
X-Adobe-Content
X-DataStream-Cache-Status
User-Agent
X-Response-Served-From
X-Varnish-Grace
SRV
Filters
NGB
S-Cnection
X-Amz-Server-Side-Encryption
X-Proxied
Refresh
Response
X-Middleton-Response
X-Yottaa-Metrics
Cache
X-Cache-TTL-Remaining
X-Yottaa-Optimizations
AR-Request-ID
IBM-Web2-Location
X-Correlation-ID
X-Fastcgi-Cache
X-Cache-Age
X-AppVersion
X-Activity-Id
X-Az
X-App-Server
X-URL
X-Esi
X-Pc-Appver
X-CDN-Forward
X-Pc-Hit
X-Pc-Key
X-Cache-Remote
X-Content-Type
X-Cacheable-TTL
Payment
X-Cache-NE
X-Unique-ID
X-Kong-Proxy-Latency
X-Ruxit-Js-Agent
X-Kong-Upstream-Latency
X-Cache-TTL
Datacenter
X-UA
X-Vg-Webcache
Country
X-Akamai-Transformed
Served-By
X-Mode
X-HS-Cache-Config
X-Real-IP
HostName
Edge-Cache-Tag
Meta-Geo
Machine
Load-Balancing
X-ProcessESI
X-RemovedCookies
X-Detected-As
X-Sucuri-ID
X-Is-Bot
X-Source
X-RN-RSRV
X-Rendered-As
X-ProxyCache-Key
X-Proxy
X-BYPASS-REASON
X-FC-Vary-Parameters
X-PCL
X-OCL
User-Cache-Control
X-ProxyCache-Status
X-Rocket-Nginx-Bypass
Cache-Key
Mn-Server-Ip
DB-Nickname
Backend
Cache-Name
Access-Control-Allow-Method
L5d-Success-Class
X-Varnish-IP
X-Cache-Config
X-Debug-Cache
X-Cache-Category-Id
X-BB-IP
X-ApacheServer
X-Backend-Name
X-EIG-Tracking-Id
X-Grey
X-Origin-Hint
X-PERF
X-Origin
X-Human
X-Hosted-By
X-Pubstack
X-ServerID
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-Connection-Speed
Property-Id
TWC-Locale-Group
X-Viewer-Country
X-Amz-Meta-Surrogate-Control
X-Tb
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
Now
TWC-Privacy
X-ATG-Version
S-Rt
Azure-Version
Azure-RegionName
ServerName
X-Routing-Service
Azure-SlotName
X-TNCMS
X-Via-Fastly
Access-Control-Request-Headers
X-Section
X-Zipkin-Id
X-Hit
X-Loop
Azure-SiteName
X-L-Path
X-Access
X-JoinUs
X-CCM
X-Environment-Context
X-CDN-Cache
X-Format
X-Generated
X-OVcl-Cache
X-Original-Request
X-Upgrade-Enabled
X-Varnish-Cache-Hits
X-Varnish-Cacheable
X-OVcl
Azure-InstanceId
X-Xfnlog-Site
X-Proxy-Build
Selected-FE
X-Agile
X-Agile-Age
X-IP
X-App-Name
X-AWS-Id
X-NGENIX-Cache
X-LJ-Flow-ID
X-Ocache
X-Storage
X-SplitTest
X-Timing-Wait
X-TWH-CORRELATION-ID
X-Agile-Id
X-VWS-Id
X-Www-Served-By
X-NodeID
X-Drupal-Cache-Contexts
X-Pc-Date
X-Rule
X-Pc-Host
X-HS-Combine-CSS
X-Akamai-Request-ID
X-Origin-CC
X-Site-Version
X-Vgn-Hpd-Reason
X-Cache-Var-Map
X-Cache-Var
X-Upstream-HT
X-NC
X-Upstream-CT
X-Time-Microsecs
X-RateLimit-Limit
X-PHP-Backend
X-UA-Device-Type
From-Origin
XServer
X-NCache
OT-Force-Account-Verify
X-Internal-Host
X-Litespeed-Cache
X-Microcachable
X-Nginx-Cache
X-Release
X-Distributor
X-Mshield-Cache-Status
Ar-Sid
X-Mrs-Cache-Hits
X-Forwarded-Host
X-Mrs-Age
X-Mrs-Cache
Fastcgi-Useragent
X-M-Reqid
LB
X-Feature
Fastcgi-X-Cache
Fastly-SSL
X-M-Log
X-Qnm-Cache
Fastcgi-X-Cache-Version
X-Amzn-RequestId
X-Amz-Apigw-Id
Pagetype
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Ms-Version
X-Ms-Request-Id
X-Ms-Blob-Type
X-Cache-Backend
X-Ms-Lease-Status
X-Birta-Cache-Post
Powered-By-ChinaCache
X-Birta-Served
X-Transaction
NtCoent-Length
X-Connection-Hash
X-Twitter-Response-Tags
Pagespeed
MIME-Version
X-Labrador-Cache-Channel
X-Instance-Name
X-B3-Spanid
X-EdgeConnect-Cache-Status
X-V
Frame-Options
X-VG-TLSProxy
X-Webkit-Csp
X-GZip
X-Varnish-Beresp-Ttl
X-Web-Node
X-Ah-Environment
X-C
PageSpeed
Time
X-IN-SSL-APIGATEWAY
X-Accel-Expires-Debug
X-A-Dam
Cache-Prefix
Rendered-Blocks
X-Redis-Cache
BehaviorPad-Version
Arc-Country
Ajk
Server-Int
NGX
Ec-Rule-Version
IsBot
Host-ID
Fly-Request-Id
Fly-Cache
Meta-Geo-Continent
MD5-Digest
T-Server
X-Region-Sid
X-A-Dcw
X-A-Ccd
X-A
X-A-Dgt
X-Rewrite-Enabled
X-A-Wwc
X-Rojux
X-Request-UUID
X-Request-URI
V-Age
X-PAYTM-SRV-ID
Viewtype
VivaBuild
Www
Web-Mar-Node
X-S-Cookie
X-ScT
X-B-Cookie
X-ARC
X-Died
X-IN-APIGATEWAY
X-Destination
X-Server-Time
X-Application
X-IN-WAF
X-UE-Client-Country
X-DPWN-IS-SECURE
X-Dispatcher-Server
X-BB-ID
X-Trv-Group
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-SRCache-Key
X-D
X-CUA
X-No-Session
X-SIPLIST1
X-NU-AKA-ACS-Version
X-Block-Status
X-Cache-Bucket
X-Date
X-From
X-Developer
X-Generation-Time
Xc-Version
X-Generated-In
X-Gen-Mode
X-Logtrace-Id
X-Hnp-Log
X-Org
X-Via-SSL
X-CS
X-VG-WebServer
X-Via-Edge
X-Irp-Debug
X-G
X-WebServer
X-Via-CDN
X-Server-By
Cneonction
X-FireWall-Port
X-SERVER-NAME
Proxy-Connection
NodeID
MI-Cache-Age
X-HTML-Minification-Powered-By
X-Phone
MI-Cache
On-Server
Origin-Cache-Control
Origin-Edge-Control
Pragrma
Magicmarker
HA-Servedtime
HA-Ipaddr
HA-Host
Ha-Gx-Prefs
HA-Urlpath
X-Platform
X-CGP
X-Core-Value
X-Crawler
Kp-EeAlive
MI-API
Request-Time
X-Amz-Meta-Cache-Control
X-MI-In-Market
X-GeoIP-City
X-Origin-TTL
X-Debug-Log
X-Owner
X-ElasticPress-Search
X-F5-Cache
X-NX-Host
X-External-Request-Id
HA-Georegion
X-Eu-Site
True-Client-Country-4JS
X-Layer
Request-Country
Request-EU
X-Cache-CFC
X-Node-Id
X-Cache-Enabled
X-Fastly-Cache
Server-Host
X-Debug-Cookies
X-Key
SN
X-Hl-Ver
Release
X-S-Maxage
Decoy-Debug-Key
X-Sf
X-Wikidot-Backend
X-We-Are-Hiring
Decoy-Debug-Status
Esi-Enabled
Decoy-Debug-TTL
X-Wikidot-Static-Cache
X-CACHE-GROUP
X-Sucuri-Cache
X-Powered-By-ANYU
WZWS-RAY
AKAMAI
Backend-Name
CDCHOST
Cache-Tags
X-Var-Ttl
Country-Code
X-UnsetCookies
X-Atg-Version
X-RateLimit-Limit-Second
GMS-Ver
HA-Cloudapp
HA-Geolat
HA-Geocountry
HA-Geocity
HA-Geolon
X-Csrf-Token
X-RCS-CacheZone
X-ServiceProvider
X-RateLimit-Remaining-Second
X-VServer
X-Webstats-RespID
X-NWS-UUID-VERIFY
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-App-Version
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Storage-Class
Cteonnt-Length
X-HOST
X-Backend-TTL
X-Backend-Host
X-Cache-Srv
X-Nginx-Cache-Key
X-Cache-Host
X-Sn-Servicetimems
X-Backend-State
X-Backend-Url
X-ShopId
X-ShardId
X-Gannett-Site-Version
X-Shopify-Stage
X-Cache-Expires
X-Sorting-Hat-PodId
X-Skip-Cache
X-Sorting-Hat-ShopId
X-Swa-Ws
X-MSEdge-Flight
X-Tumblr-Pixel-3
X-Device-Os
X-Developers
X-MSEdge-Features
X-FW-Version
Mobile-Detection-Method
X-Epic-Correlation-Id
X-Matched-Rule
X-Fstrz
X-TT-LOGID
X-Trace-Id
X-Clientip
X-Ckpd-Fst-Backend
X-Cdn-Srv
X-Cdn-Origin
X-Content-Age
X-Up
X-Thinkindot-L3
X-Server-IP
X-Stale
X-Cache-URL
X-Returned-From
Section-Io-Cache
RNT-Time
RNT-Machine
X-Hash
Apple-News-Services-Host
Server-ID
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Adler-Geo
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Odigeo-Trace-Id
Fastly-Backend-Name
Is-Eu
Heartbleed
Origin
Countrycode
X-Reboot
Platform
PFcat
Thinkindot-Control
Apple-News-Services-Handled
X-Varnish-Action
X-Returned-From-DLL
Uber-Trace-Id
X-Fetched-On
X-Returned-From-PostProcessResponse
X-Variation
X-Alternate-Cache-Key
X-Location
X-Secret
X-Actual-URL
X-Response-By
X-Returned-From-BeforeDispatch
X-Worker
X-Passed-To-DLL
X-Passed-To-BeforeDispatch
X-Request-Time
X-GeoIP-Country-Code
X-Passed-To-PostProcessResponse
X-Passed-To
X-CACHE-AGE
X-Rebelmouse-Surrogate-Control
Fastly-SWR
X-Rebelmouse-Cache-Control
Fastly-SIE
Resin-Trace
Content-Disposition
X-Croise-Owner
X-Core-Mission
X-VCT
X-Servername
Sid
X-Ua
X-Ezoic-Cdn
X-Alicdn-Da-Ups-Status
X-Planisys-CDN-Cache
CDN
X-Store
X-Planisys-CDN-TTL
HTTPS
X-Oracle-Dms-Ecid
X-Planisys-CDN-Rules
X-Iejgwucgyu
X-Pf-Uncompressing
ProcessTime
X-Servedbyhost
X-Policy
X-Cache-ASPX
Warning
X-GEO
X-Proto
WP-Super-Cache
Powered
Xserver
RequestId
CF-IPCountry
Dnion-Transfer-Encoding
X-Cluster-Node
REQUESTUUID
X-Refresh
NODE
X-GoCache-CacheStatus
X-TIME
Mail-Subject
We-Hiring
X-Real-Ip
X-DC
X-Pjax-Url
X-B3-TraceId
ViewerVersion
X-Datadome
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-Req
Cache-Cookie-Set-From
X-Dc
NnCoection
X-Origin-Expires
X-Origin-Date
X-Page-Type
X-Time
X-Endurance-Cache-Level
X-Varnish-Ttl
X-Varnish-HitMiss
X-Newrelic-Synthetics
X-Surge-Debug
X-Server-W
X-Edge-IP
X-HCF
X-Cache-Control-Set-By
X-CLOUD-TRACE-CONTEXT
GeoIp-Country-Code
Geoip-Latitude
X-COUNTRY
X-Nc
X-Guploader-Uploadid
Hostname
X-Aed
WWW-Authenticate
X-Server-Group
Processtime
Pramga
X-Ms-Lease-State
SD-X-WS
Geoip-City
MS-CV
X-Cdn-Forward
TSSecure
X-CSRF-Token
X-Wix-Route-ID
X-Varnish-Url
A
X-Wa
PICS-Label
X-Aicache-OS
Dont-Set-Cookie
X-GRACE
X-Varnish-URL
X-Varnish-Beresp-TTL
X-Edge-Server
X-DataStream-Origin-MEX-Latency
X-Flog
X-Hello
X-ABtesting
X-Gdpr
X-From-Cache
X-DataStream-MidMile-RTT
X-Akamai-Request-ID2
Cdn-Host
Cdn-Request-Time
Node
Cdn
X-Geo
X-Nananana
X-WA
CACHE
X-RTag
Lb
Lfy
X-UPSTREAM-Address
X-Auto-Login
Ms-Operation-Id
DataCenter
Mime-Version
X-Use-Magma
FSS-Cache
COMMERCE-SERVER-SOFTWARE
FSS-Proxy
X-Cache-HT
X-Optimization
X-Env
GeoIP-Country-Code
Get-Access-Time
Is-Session-Tracking
GeoIP-Latitude
X-Ratelimit-Limit
X-Load-Cache
X-Fastly-Backend-Reqs
GeoIP-City
X-Wix-Petri-Ex
Who
X-SRV
X-EC-Security-Audit
X-Sentry-ID
X-APP
PageType
X-WR-MODIFICATION
X-Via-NSCOPI
X-Unique-Id
X-PAGE-TYPE
X-Gen-Id
X-Cache-FS-Status
Rt-Proxy-Cache
X-CACHE-KEY
X-Check-Cacheable
X-Meta-Tbi-Cache-Vertical
X-Cookie
X-Ibm-Trace
X-Ver
X-Cache-Id
X-GDPR
Ws
X-Dynatrace-Js-Agent
Memcached
X-Cache-Info
X-MP-GENERATED-AT
X-NGINX-Cache
X-Served-From
Httpd-Identifier
X-FORWARDED-FOR
Ohc-File-Size
Pics-Label
X-Thanos
Powered-By
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Swift-Error
X-Bip
X-Path-Route
X-Proxy-Server
X-PJAX-URL
X-Be
URI
X-HS-Status
Version
X-RateLimit-Reset
Group
X-Fastly-Cache-Hits
Memory
X-B3-SpanId
X-Dw-Trace-Id
X-Fe
X-Cache-Ttl
V-Cache
X-CDN-Pop
X-CDN-Pop-IP
X-LiteSpeed-Cache-Control
Cf-Ipcountry
X-Shard
Requestid
X-P-T
X-Request-Start
X-ServedByHost
Amp-Access-Control-Allow-Source-Origin
Apicache-Version
X-ID
Apicache-Store
Fastly-Soc-X-Request-Id
X-SB
X-GZIP
Ohc-Response-Time
UCS
Xet-Cookie
GW-Server
X-Bug-Bounty
X-PF-Uncompressing
X-VC
NX-Cache
AGE-Hash
Serverid
X-Varnish-Info
X-StackifyID
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Info
If-Modified-Since
X-Ratelimit-Remaining
Https
X-User
CDN-Cache-Hit
CDN-Node
N-Cache
CDN-Cache
X-CacheKey
X-Micro-Cache
X-Distil-Cs
X-BE
X-BBXSRF
X-RequestId
X-Cache-Handler
X-SD-PageType
X-RAMCache
X-Litespeed-Cache-Control
X-Flags
X-ServerName
X-Route-Name
X-Providence-Cookie
X-Is-Crawler
X-Grace-Duration