Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Request-Id
X-Xss-Protection
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
X-Runtime
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Adblock-Key
X-Check
Alt-Svc
X-Cacheable
X-Generator
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Cache-Status
X-AspNetMvc-Version
X-Permitted-Cross-Domain-Policies
X-Iinfo
X-Template
Status
X-Language
Timing-Allow-Origin
X-Buckets
X-Content-Security-Policy
Content-Encoding
X-CDN
X-Kinja-Server-Push
Xkey
X-Turbo-Charged-By
Upgrade
X-Type
Access-Control-Expose-Headers
Keep-Alive
WPE-Backend
X-Pass-Why
Access-Control-Max-Age
X-Backend
X-AH-Environment
CF-Ray
X-Age
X-Drupal-Dynamic-Cache
X-Server
X-Ua-Compatible
X-Cache-Group
X-Via
X-Request-ID
X-Proxy-Cache
Grace
X-Pingback
X-Nginx-Cache-Status
X-Server-Powered-By
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Hacker
X-UA-Device
X-Varnish-Cache
X-Page-Speed
EagleId
Request-Context
X-LiteSpeed-Cache
Cf-Railgun
X-Envoy-Upstream-Service-Time
X-CST
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Server-Id
X-Device
X-Amz-Version-Id
X-Ac
X-Node
Server-Timing
X-OneAgent-JS-Injection
Feature-Policy
X-Iejgwucgyu
X-Cnection
X-Response-Time
Allow
X-Rq
Content-Location
X-Cache-Lookup
X-Backend-Server
Report-To
EagleEye-TraceId
X-Readtime
Surrogate-Control
X-Host
X-Application-Context
Request-Id
X-Url
X-ORACLE-DMS-ECID
X-Rack-Cache
X-Origin-Cache
X-Clacks-Overhead
X-Country
NEL
X-FTR-Request-ID
Rating
X-Country-Code
X-Cloud-Trace-Context
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-DataDome
X-Instart-Request-ID
X-Px
X-Vhost
X-MS-InvokeApp
Charset
X-Mod-Pagespeed
X-Ruxit-JS-Agent
X-VARITI-CCR
Edge-Control
Accept-CH
X-Goog-Hash
X-GitHub-Request-Id
PB-RID
Arc-Version
X-Mobile-Rewrite
PB-PID
Verso
X-ESI
X-TTL
X-Varnish-TTL
X-DynaTrace
X-Version
X-PC
X-Vname
X-TtlSet
X-Server-Name
X-Cdn
X-D2id
X-Powered-By-Plesk
Pinterest-Generated-By
X-Cdn-Fetch
X-Kinja-Server
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Revision
X-Use-Magma
X-Exp-Variant
X-Kinja
X-Exp-Id
X-Cached
X-B3-TraceId
SPRequestGuid
X-Upstream-Env
X-Dispatcher
X-Origin-Upstream-Status
X-Powered-CMS
X-SharePointHealthScore
X-Abt-Application-Version
X-T
MS-Author-Via
X-Recruiting
Accept-CH-Lifetime
RTSS
X-Trace
X-Navigation-Version
Public-Key-Pins
X-Shield-Request-Id
X-Oracle-Dms-Rid
X-ORACLE-DMS-RID
Content-MD5
AR-ATIME
AR-CACHE
AR-PoweredBy
X-Amz-Rid
SPIisLatency
SPRequestDuration
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Fastly-Request-ID
X-DIS-Request-ID
X-HW
X-Client-IP
Realpath
Arr-Disable-Session-Affinity
X-Accel-Buffering
X-Wix-Server-Artifact-Id
X-Forwarded-Proto
X-F-Cache
X-Server-ID
X-B
X-DynaTrace-JS-Agent
X-Upstream
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Ser
X-Amz-Meta-S3cmd-Attrs
X-Via-JSL
Service-Worker-Allowed
X-Pinterest-Rid
Pinterest-Version
X-Dw-Request-Base-Id
X-CACHE-GROUP
X-Id
X-FTR-Realm
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Backend
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Expires
X-Vcap-Request-Id
Paypal-Debug-Id
Front-End-Https
AR-Request-ID
X-Varnish-Age
X-Dns-Prefetch-Control
X-Debug
X-Goog-Storage-Class
X-Acc-Meta-Resource-Type
Nginx-Cache
X-MSEdge-Ref
Ar-Sid
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Kinsta-Cache
X-Hits
X-N
X-XRDS-Location
X-NF-Request-ID
X-NewRelic-App-Data
X-Logged-In
X-FTR-Cache-Host
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
X-Ttl
MRF-Tech
Mrf-Cache-Status
S
X-Akam-SW-Version
X-Frontend
X-Forwarded-For
X-HS-Content-Id
X-HS-Hub-Id
X-Grace
Alternate-Protocol
X-PressLabs-Stats
X-User-Agent
AMP-Access-Control-Allow-Source-Origin
Tracecode
X-DataStream-Cache-Status
X-Cache-Key
X-Amzn-Trace-Id
DynaTrace
X-TA-CDN-Provider
X-FastCGI-Cache
X-Pad
Server-Name
X-Content-Digest
Refresh
X-Content-Options
X-Analytics
Backend-Timing
Fastcgi-Cache
X-Az
X-AppVersion
X-Activity-Id
Powered-By-ChinaCache
MicrosoftSharePointTeamServices
X-Zen-Fury
Accept-Charset
X-LB-Cache
X-Page-Id
Access-Control-Request-Method
X-Rid
FilterID
X-Content-Type
X-IPLB-Instance
X-Middleton-Display
MS-CV
X-Sol
Display
Host
X-CF-Powered-By
X-Debug-Info
TCN
X-Magnolia-Registration
ServerID
X-Middleton-Response
TP-L2-Cache
TP-Cache
Response
Cache-Status
X-ATG-Version
X-Cache-Hit
X-Mobile
X-Content-Powered-By
X-Fastcgi-Cache
X-Ruxit-Js-Agent
X-Srv
Surrogate-Key
X-VCache
X-Seen-By
X-WA-Info
X-Hostname
X-B3-Sampled
Rt-Fastcgi-Cache
X-XRDS-LOCATION
X-RateLimit-Remaining
X-Revision
X-Varnish-Backend
X-Request-Processing-Time
X-Request-Received
X-Cached-By
X-GUploader-UploadID
X-Cache-Age
VIX-Pulpo-Node
X-Cluster
X-Signature
X-Cache-Action
X-B-Cache
X-SS-Set-Cookie
VIX-Pulpo-Upstream-Status
X-Tumblr-Pixel
X-Content-Security-Policy-Report-Only
X-Tumblr-User
X-Tumblr-Pixel-0
X-Instance
X-Whom
X-Request-Guid
X-PHP-Backend
Source
Cleartype
X-Drupal-Cache-Tags
X-Framework
X-Akamai-Edgescape
X-TT
X-Edge-Location
X-Handled-By
X-Origin-Server
X-Platform-Server
X-App-Environment
X-Wix-Request-Id
ViewerVersion
Host-Header
Server-Info
X-Cache-Control
X-BCube-Filmed-By
X-Generated-By
X-NWS-LOG-UUID
DC
X-Cache-Rule
X-Cache-2
X-Amz-Apigw-Id
X-Amzn-RequestId
X-AOL-HN
X-Geo-Country
X-Oneagent-Js-Injection
X-Varnish-Hostname
X-App-Server
Retry-After
X-FW-Server
X-FW-Hash
X-FW-Serve
X-FW-Type
X-FW-Static
Server-Node
X-Varnish-Server
Eomportal-Instance
X-Real-IP
Fusion-Content-Id
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Source
X-Correlation-Id
X-FB-Debug
Payment
X-Device-Type
Webserver
Access-Control-Allow-Method
X-Amz-Server-Side-Encryption
X-Response-Served-From
Actual-Object-TTL
X-Tumblr-Pixel-2
AsisCache
X-Tumblr-Pixel-1
ServedBy
X-TT-TIMESTAMP
GEO-INFO
X-Varnish-Grace
NGB
X-Jobs
X-Varnish-Hits
X-RTag
X-Region
Content-Script-Type
Ms-Operation-Id
Content-Style-Type
Filters
X-WebKit-CSP-Report-Only
X-TX-ID
X-UUID
Edge-Cache-Tag
X-Servedby
Viewport
X-Varnish-IP
X-Cacheable-TTL
X-Amz-Replication-Status
Upgrade-Insecure-Requests
X-Contextid
Healthy
X-Drupal-Cache-Contexts
X-Locale
Country
X-Adobe-Content
Cache
X-Adobe-Loc
X-Rendered-As
X-Accel-Expires
X-Cache-Config
X-UA-Device-Type
Cache-Tv-Group
X-RequestSource
From-Origin
X-WPE-Loopback-Upstream-Addr
X-BACKEND-TTL
HitType
X-Cache-TTL-Remaining
X-Ezoic-Cdn
X-Cache-Server
X-Cache-Remote
X-VG-WebCache
X-Cache-TTL
X-Cache-Operation
Pagespeed
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Fastly-Restarts
X-Content-Age
Fastcgi-Useragent
X-APP-VERSION
X-Storage
X-FW-Dynamic
Cache-Tags
X-Hit
X-Upgrade-Enabled
X-S
X-Redis-Cache
X-Esi
X-Mode
Cache-Tag
X-App-Version
X-Daa-Tunnel
X-RateLimit-Limit
X-Source
Served-By
NtCoent-Length
Load-Balancing
X-NCache
X-Is-Bot
X-NGENIX-Cache
X-Path-Route
X-Rule
X-RN-RSRV
X-Internal-Host
X-Hl-Ver
X-Backend-Name
Meta-Geo
X-Cache-Var
X-Cache-Var-Map
X-Generated
X-Detected-As
Machine
SRV
X-Cache-NE
X-FC-Vary-Parameters
X-Edge-IP
X-BYPASS-REASON
X-Hosted-By
X-JoinUs
X-GeoIP
X-Labrador-Cache-Channel
X-Birta-Served
X-Birta-Cache-Post
Datacenter
Now
Origin-Cache-Control
Origin-Edge-Control
Vix-Hermes-Req-Id
Selected-FE
X-Origin-Host
X-Loop
X-Pubstack
X-Web-Node
X-TNCMS
X-Timing-Wait
X-Tb
X-Time-Microsecs
X-ProxyCache-Status
X-Www-Served-By
X-Origin-Response-Time
X-Akamai-Request-ID
X-Proxy
X-Proxy-Build
X-ProxyCache-Key
Cache-Name
Cache-Key
X-ApacheServer
X-Cache-Category-Id
X-Viewer-Country
X-Environment-Context
X-Pc-Appver
X-L-Path
X-Pc-Hit
X-Pc-Key
X-PERF
X-IP
X-Human
X-ServerID
X-ProcessESI
X-RemovedCookies
X-Grey
X-CDN-Cache
X-Via-Fastly
X-Status
X-PCL
S-Rt
X-Varnish-Cacheable
X-Varnish-Cache-Hits
X-Site-Version
X-OCL
X-Debug-Cache
X-Guploader-Uploadid
X-Akamai-Transformed
X-CCM
DB-Nickname
Public-Key-Pins-Report-Only
X-VG-TLSProxy
X-Agile-Age
X-Proxied
X-Original-Request
X-MP-GENERATED-AT
X-Routing-Service
X-Agile-Id
X-Agile
X-Xfnlog-Site
We-Hiring
Azure-InstanceId
Azure-Version
X-Format
X-Zipkin-Id
Azure-SlotName
Azure-RegionName
Mail-Subject
Azure-SiteName
X-Access
X-Origin-Hint
X-Origin
X-Cache-Enabled
Webcakes-Region
X-Section
Xserver
TWC-GeoIP-LatLong
TWC-Connection-Speed
Property-Id
TWC-Device-Class
TWC-GeoIP-Country
TWC-Privacy
TWC-Locale-Group
Webcakes-App-Name
Webcakes-App-Version
X-App-Name
Fastcgi-X-Cache-Version
X-UA
X-Sucuri-ID
User-Cache-Control
S-Cnection
X-Ocache
Access-Control-Request-Headers
X-Microcachable
Liferay-Portal
X-Upstream-Proxy
X-Protected-By
X-EdgeConnect-Cache-Status
X-Cdn-Forward
X-Request-Time
X-DataStream-Origin-MEX-Latency
X-CACHE-KEY
X-DataStream-MidMile-RTT
X-Tumblr-Pixel-3
X-FW-Version
X-Webstats-RespID
X-Nginx-Cache
User-Agent
X-GEO
X-Proto
X-FB-TRIP-ID
X-GRACE
X-Origin-CC
X-Trace-Id
X-Yottaa-Optimizations
X-Yottaa-Metrics
LB
PageSpeed
Cache-Hits
X-Node-Name
Ohc-File-Size
Powered
X-Upstream-CT
X-Upstream-HT
X-Correlation-ID
X-ES-SERVER
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Endurance-Cache-Level
X-Varnish-Beresp-Ttl
X-Forwarded-Host
X-Nc
X-ElasticPress-Search
X-Pc-Host
X-Cache-Backend
X-Pc-Date
X-OVcl
X-OVcl-Cache
L5d-Success-Class
X-Unique-ID
X-TIME
X-B3-Traceid
Frame-Options
AR-SID
X-V
IBM-Web2-Location
Section-Io-Cache
X-Origin-TTL
X-Edge-Cache-Key
X-Edge-Cache
X-Rocket-Nginx-Bypass
X-Ua
X-Parent-Response-Time
X-Vgn-Hpd-Reason
X-Time
Nel
X-Server-Cache
X-Pc-Subdomain
X-Dynatrace-Js-Agent
OT-Force-Account-Verify
X-Cache-Info
Ec-Rule-Version
X-Accel-Expires-Debug
X-Origin-Date
Decoy-Debug-TTL
Mobile-Detection-Method
X-NU-AKA-ACS-Version
X-Cache-URL
X-We-Are-Hiring
X-VG-WebServer
Node
X-Origin-Expires
Fastly-SIE
MD5-Digest
X-Server-By
Www
X-Rebelmouse-Cache-Control
X-Cdn-Srv
X-Goog-Meta-Goog-Reserved-File-Mtime
X-CF-Lambda-Fn
Arc-Country
X-Irp-Debug
X-Connection-Hash
X-Li-Fabric
X-Info
BehaviorPad-Version
Cache-Prefix
X-IN-APIGATEWAY
X-IN-SSL-APIGATEWAY
X-IN-WAF
X-Li-Pop
X-LI-Proto
X-Request-UUID
X-User
X-Cache-Id
Decoy-Debug-Status
X-CF-Lambda-Version
Decoy-Debug-Key
X-LI-UUID
Meta-Geo-Continent
Memcached
Country-Code
X-Micro-Cache
X-Generated-In
X-Server-Group
X-Date
X-B-Cookie
Resin-Trace
X-ServiceProvider
X-Distil-CS
X-BB-ID
Rendered-Blocks
X-Rojux
Fastcgi-X-Cache
X-Auto-Login
X-ARC
X-Transaction
X-Destination
X-ScT
X-Rebelmouse-Surrogate-Control
X-Developer
Viewtype
X-Application
X-Twitter-Response-Tags
X-S-Cookie
VivaBuild
X-DPWN-IS-SECURE
X-Block-Status
Fly-Request-Id
X-Cache-FS-Status
X-Gen-Mode
GMS-Ver
Fly-Cache
Fastly-SWR
X-PAYTM-SRV-ID
X-Hnp-Log
X-PHP-Host
X-TT-LOGID
Xc-Version
Powered-By
X-External-Request-Id
X-Trv-Group
X-Reboot
X-SRCache-Key
X-Cache-Bucket
X-From
X-Aed
X-Rewrite-Enabled
X-Region-Sid
CACHE
X-VWS-Id
X-AWS-Id
X-R9-Blue-Green-Version
X-Dc
X-LJ-Flow-ID
X-Debug-Log
X-D
X-CUA
X-Crawler
X-Alternate-Cache-Key
X-Bip
X-Debug-Cookies
X-Backend-Url
X-Cache-Debug
X-Amz-Meta-Cache-Control
X-Backend-Host
X-A
X-A-Wwc
X-A-Dgt
X-A-Dcw
X-A-Dam
X-Actual-URL
Web-Mar-Node
X-Cache-Expires
X-A-Ccd
X-Cache-Grace
X-Cache-Host
X-Core-Mission
X-Passed-To-BeforeDispatch
X-Thinkindot-L3
X-Thanos
X-Wikidot-Static-Cache
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Swa-Ws
X-Server-Time
X-Svr
X-Sf
X-Proxy-Cache-Status
X-Proxy-Upstream
X-Server-IP
X-Wikidot-Backend
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-UE-Client-Country
X-Returned-From-PostProcessResponse
X-S-Maxage
X-Returned-From
X-Response-By
X-Varnish-Action
X-Variation
X-Request-URI
X-Var-Ttl
X-Stale
X-ShardId
X-Level-Front-Cache
X-Hash
X-Location
X-Logtrace-Id
X-Matched-Rule
X-Generated-On
X-G
X-Dispatcher-Server
X-Fastly-Cache
X-Fetched-On
X-FireWall-Port
X-Nginx-Cache-Key
X-Node-Id
X-SIPLIST1
X-Shopify-Stage
X-ShopId
X-Sorting-Hat-ShopId
X-Policy
X-Sorting-Hat-PodId
X-NX-Host
X-Passed-To
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Died
Thinkindot-CacheControl
Origin
X-Via-NSCOPI
Mn-Server-Ip
Platform
Ajk
Adler-Geo
Proxy-Connection
Backend
Magicmarker
Is-Eu
HostName
Fastly-Backend-Name
X-Via-CDN
Content-Disposition
Lfy
IsBot
Request-Time
On-Server
Thinkindot-Control
Thinkindot-CacheControl-Type
True-Client-Country-4JS
Server-Host
X-HS-Cache-Config
X-Sucuri-Cache
Warning
X-No-Session
GW-Server
CDCHOST
Cache-Cookie-Set-Lfrom
X-Fstrz
Who
X-Croise-Owner
Cache-Cookie-Set-Idcheck
Kp-EeAlive
Heartbleed
X-Device-Os
X-Eu-Site
Fastly-SSL
X-SERVER
X-Gannett-Site-Version
X-Secret
Fastly-Soc-X-Request-Id
X-Distributor
HA-Ipaddr
X-Core-Value
X-Generation-Time
Ha-Gx-Prefs
Countrycode
X-C
X-Clientip
Pramga
X-Varnish-Authentication
X-LAGOON
X-Key
X-Cache-ASPX
Server-Cache-Control
RNT-Machine
RNT-Time
X-Backend-State
Release
SD-X-WS
SS
Pagetype
Server-Surrogate-Control
X-CGP
X-Qloud-Router
Cache-Cookie-Set-From
Server-Int
X-UnsetCookies
AKAMAI
X-Cluster-Node
X-Platform
X-Instart-Isnd
Version
X-Page-Type
X-GeoIP-Country-Code
X-Debug-Cache-Expiry
X-Up
X-MSEdge-Features
X-Debug-Cache-Fetch
X-F5-Cache
REQUESTUUID
X-Amz-Meta-Surrogate-Control
X-Developers
X-Debug-Cache-Store
X-MSEdge-Flight
X-Epic-Correlation-Id
Apple-News-Services-Host
PFcat
Apple-News-Services-Handled
X-Varnish-Url
X-Pjax-Url
Server-ID
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Sedo-Request-Id
NGX
X-Cache-Miss-From
X-Servername
X-TrackingId
X-Be
RequestId
X-EIG-Tracking-Id
X-Ratelimit-Remaining
X-Refresh
X-CDN-Forward
X-Newrelic-App-Data
Esi-Enabled
X-Store
X-Cache-CFC
MIME-Version
X-NC
X-RCS-CacheZone
SID
X-MI-In-Market
X-Layer
MI-Cache
MI-API
MI-Cache-Age
X-URL
X-B3-SpanId
X-IPS-LoggedIn
Time
X-From-Cache
X-Oss-Server-Time
X-Oss-Storage-Class
X-SN
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
HA-Cloudapp
X-RequestId
PICS-Label
HA-Geocountry
HA-Geolat
HA-Host
HA-Georegion
HA-Urlpath
HA-Geolon
HA-Servedtime
HA-Geocity
X-Owner
X-Mshield-Cache-Status
X-Mrs-Age
X-Unique-Id-Primal
X-Mrs-Cache
X-Real-Ip
X-Mrs-Cache-Hits
X-Geo
Cdn
X-Ratelimit-Limit
Cteonnt-Length
X-Hyper-Cache
Odigeo-Trace-Id
X-FPC
X-Servedbyhost
FastCGI-Cache
Mime-Version
X-CMS-Context
Backend-Name
HTTPS
CF-IPCountry
Hostname
Cdn-Host
Cdn-Request-Time
X-Varnish-Ttl
X-Webkit-Csp
X-Req
X-CSRF-TOKEN
Processtime
X-Webkit-CSP
X-Edge-Server
X-CLOUD-TRACE-CONTEXT
Memory
X-Instart-Info
CDN
X-WebServer
X-Phone
X-B3-Spanid
Cf-Ipcountry
X-Request-Start
Ohc-Response-Time
X-Wa
X-WR-MODIFICATION
XServer
X-Pf-Uncompressing
X-Aicache-OS
X-Mobile-URL
X-DC
X-Amzn-Remapped-Connection
X-HS-Combine-CSS
X-Release
X-Newrelic-Synthetics
X-Load-Cache
GeoIP-Country-Code
X-Amzn-Remapped-Date
ProcessTime
X-GZip
X-NodeID
GeoIP-Latitude
X-VServer
Cross-Origin-Window-Policy
X-Lb-Id
X-HTML-Minification-Powered-By
X-Atg-Version
X-WA
X-Skip-Cache
Rt-Proxy-Cache
X-Varnish-Beresp-TTL
X-Server-W
X-Served-From
X-Fastly-Country-Code
X-PF-Uncompressing
X-ND-Cache
Accept-Ch-Lifetime
URI
T-Server
X-GoCache-CacheStatus
X-FORWARDED-FOR
Ohc-Cache-HIT
X-Unique-Id
X-Tb-Optimization-Total-Bytes-Saved
X-VC-Cache
X-Oracle-Dms-Ecid
X-Nananana
X-ServedByHost
X-Cdn-Origin
V-Age
X-MServer
X-Sn-Servicetimems
X-COUNTRY
X-LB-ID
X-Cms-Context
X-CSRF-Token
X-Datadome
Pics-Label
X-Gateway-Cache-Status
X-APP
X-UCC
X-UPSTREAM-Address
X-Gateway-Skip-Cache
X-SRV
N-Cache
Proxy-Firewall
X-Gateway-Cache-Key
X-Worker
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
DataCenter
X-P-T
A
X-LiteSpeed-Cache-Control
Get-Access-Time
Is-Session-Tracking
Uber-Trace-Id
X-Fastly-Cache-Hits
X-SERVER-NAME
Amp-Access-Control-Allow-Source-Origin
X-HS-Status
X-Processor
X-CACHE-AGE
X-Check-Cacheable
ServerName
X-Requestid
X-NGINX-Cache
X-GZIP
X-Hp-Webp
X-BBXSRF
X-RCS-Backend
X-BE
Dnion-Transfer-Encoding
X-Cache-HT
X-ID
X-HostName
Geoip-Latitude
X-Optimization
X-Backend-TTL
X-Vg-Webcache
X-StackifyID
X-Fe
X-PJAX-URL
X-PAGE-TYPE
X-Port
X-Csrf-Token
X-GDPR
WZWS-RAY
GeoIp-Country-Code
Requestid
X-Varnish-URL
Cneonction
X-Org
Serverid
X-NWS-UUID-VERIFY
Server-Id
X-Git-Hash
X-VCT
X-GeoIP-City
X-LiteSpeed-Tag
X-ServerName
X-Via-SSL
X-Via-Edge
WP-Super-Cache
X-Geo-Header
X-Dw-Trace-Id
X-Amzn-Remapped-Content-Length
Cache-Provider
Host-ID
RequestUuid
X-Fastly-Backend-Reqs
X-RAMCache
X-Request-Url
189phosttRef
219prxHost
225prxHost
188prxHost
178proxuri
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
DSUID
286prxHost
352pxline
Correlation-Id
X-Gdpr
Pragrma
X-Instance-Name
Xxline
355prline
409pxxline
X-Planisys-CDN-Cache
X-CS