Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Request-Id
X-Xss-Protection
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
X-Runtime
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Adblock-Key
X-Check
Alt-Svc
X-Cacheable
X-Generator
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Cache-Status
X-AspNetMvc-Version
X-Permitted-Cross-Domain-Policies
X-Iinfo
X-Template
Status
X-Language
Timing-Allow-Origin
X-Buckets
X-Content-Security-Policy
Content-Encoding
X-CDN
X-Kinja-Server-Push
Xkey
X-Turbo-Charged-By
Upgrade
X-Type
Access-Control-Expose-Headers
Keep-Alive
WPE-Backend
X-Pass-Why
Access-Control-Max-Age
CF-Ray
X-Backend
X-AH-Environment
X-Ua-Compatible
X-Drupal-Dynamic-Cache
X-Age
X-Cache-Group
X-Server
X-Request-ID
X-Via
X-Proxy-Cache
Grace
X-Pingback
X-Nginx-Cache-Status
X-Amz-Id-2
X-Amz-Request-Id
X-Server-Powered-By
X-Robots-Tag
X-Hacker
X-UA-Device
X-Varnish-Cache
EagleId
X-Page-Speed
Request-Context
X-LiteSpeed-Cache
Cf-Railgun
X-Envoy-Upstream-Service-Time
X-CST
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Server-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-Amz-Version-Id
X-Ac
X-OneAgent-JS-Injection
X-Node
Server-Timing
Feature-Policy
X-Iejgwucgyu
X-Cnection
X-Response-Time
Allow
X-Rq
X-Cache-Lookup
Content-Location
X-Backend-Server
Report-To
EagleEye-TraceId
X-Readtime
Surrogate-Control
X-Host
X-Application-Context
Request-Id
X-Url
X-ORACLE-DMS-ECID
X-Rack-Cache
X-Origin-Cache
X-Clacks-Overhead
X-Country
NEL
X-FTR-Request-ID
Rating
X-Country-Code
X-Cloud-Trace-Context
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-DataDome
X-Instart-Request-ID
X-Px
X-Ruxit-JS-Agent
X-Vhost
X-MS-InvokeApp
Charset
X-VARITI-CCR
X-Mod-Pagespeed
Edge-Control
Accept-CH
X-Varnish-TTL
X-Goog-Hash
X-Mobile-Rewrite
PB-RID
Verso
Arc-Version
PB-PID
X-GitHub-Request-Id
X-DynaTrace
X-Version
X-TTL
X-Cdn
X-Vname
X-TtlSet
X-PC
X-B3-TraceId
X-ESI
Pinterest-Generated-By
X-Powered-By-Plesk
X-D2id
X-Server-Name
X-GoogleNews-Bot
X-Kinja
X-Exp-Variant
X-Exp-Id
X-Cached
X-Cdn-Fetch
X-Use-Magma
X-Kinja-Server
X-Kinja-Build
X-Kinja-Revision
X-ORACLE-DMS-RID
SPRequestGuid
X-Dispatcher
X-Origin-Upstream-Status
X-Upstream-Env
X-Powered-CMS
X-Abt-Application-Version
X-SharePointHealthScore
X-T
RTSS
Accept-CH-Lifetime
MS-Author-Via
X-Recruiting
X-Trace
Public-Key-Pins
X-Navigation-Version
X-Shield-Request-Id
Content-MD5
AR-PoweredBy
AR-ATIME
AR-CACHE
X-SRCache-Store-Status
X-SRCache-Fetch-Status
SPIisLatency
SPRequestDuration
X-Amz-Rid
X-DIS-Request-ID
X-Fastly-Request-ID
X-HW
Arr-Disable-Session-Affinity
X-Client-IP
Realpath
X-DynaTrace-JS-Agent
X-Accel-Buffering
X-Wix-Server-Artifact-Id
X-Forwarded-Proto
X-F-Cache
X-B
X-Upstream
X-Oracle-Dms-Rid
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Ser
X-Amz-Meta-S3cmd-Attrs
X-Via-JSL
Service-Worker-Allowed
X-Pinterest-Rid
Pinterest-Version
X-Id
X-FTR-Backend
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-DC
X-Dw-Request-Base-Id
X-FTR-Balancer
X-Dns-Prefetch-Control
X-Vcap-Request-Id
X-Server-ID
X-FTR-Expires
X-Varnish-Age
Paypal-Debug-Id
Front-End-Https
AR-Request-ID
X-Goog-Storage-Class
Nginx-Cache
X-Debug
X-Acc-Meta-Resource-Type
X-TEC-API-VERSION
X-MSEdge-Ref
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-XRDS-Location
X-Hits
X-Kinsta-Cache
X-Ttl
X-NF-Request-ID
X-N
Ar-Sid
X-FTR-Cache-Host
X-Logged-In
X-Mrf-Section-Lastmod
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
S
X-NewRelic-App-Data
X-Akam-SW-Version
X-Frontend
X-HS-Content-Id
X-HS-Hub-Id
X-Forwarded-For
X-PressLabs-Stats
Alternate-Protocol
X-Grace
X-User-Agent
AMP-Access-Control-Allow-Source-Origin
Tracecode
X-TA-CDN-Provider
X-CACHE-GROUP
X-FastCGI-Cache
X-DataStream-Cache-Status
DynaTrace
X-Amzn-Trace-Id
X-Cache-Key
X-Pad
Server-Name
X-Content-Digest
Refresh
X-Content-Options
Backend-Timing
X-Analytics
Accept-Charset
X-Sol
X-Debug-Info
MicrosoftSharePointTeamServices
Display
X-Middleton-Display
X-CF-Powered-By
Access-Control-Request-Method
X-LB-Cache
X-Az
X-Rid
X-Page-Id
X-Activity-Id
X-AppVersion
X-Zen-Fury
FilterID
X-IPLB-Instance
Powered-By-ChinaCache
Host
X-Content-Type
MS-CV
X-Magnolia-Registration
ServerID
TP-L2-Cache
TP-Cache
Fastcgi-Cache
Response
X-Middleton-Response
TCN
Cache-Status
X-Cache-Hit
X-Mobile
X-Content-Powered-By
X-Hostname
Surrogate-Key
X-RateLimit-Remaining
X-Srv
X-VCache
X-WA-Info
X-Seen-By
X-ATG-Version
X-GUploader-UploadID
X-B3-Sampled
X-Fastcgi-Cache
Rt-Fastcgi-Cache
X-Cached-By
X-Request-Processing-Time
X-Varnish-Backend
X-Request-Received
X-Revision
X-Cluster
X-Signature
X-SS-Set-Cookie
X-Cache-Action
X-Cache-Age
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-B-Cache
X-Tumblr-Pixel-0
X-Tumblr-User
X-Content-Security-Policy-Report-Only
X-Tumblr-Pixel
X-Platform-Server
X-Instance
X-Edge-Location
Cleartype
X-Request-Guid
Source
X-XRDS-LOCATION
X-PHP-Backend
X-Framework
X-Drupal-Cache-Tags
X-Whom
X-Akamai-Edgescape
X-Ruxit-Js-Agent
X-Origin-Server
X-App-Environment
X-Handled-By
X-TT
X-Wix-Request-Id
ViewerVersion
X-Cache-Control
Host-Header
Server-Info
X-NWS-LOG-UUID
X-BCube-Filmed-By
X-Cache-Rule
X-Generated-By
DC
X-AOL-HN
X-Varnish-Hostname
X-Cache-2
X-App-Server
X-Amz-Apigw-Id
X-Amzn-RequestId
Retry-After
X-Geo-Country
Server-Node
X-FW-Static
X-Varnish-Server
X-FW-Server
X-FW-Type
X-FW-Hash
X-FW-Serve
Eomportal-Instance
Fusion-Source
Fusion-Content-Source
Fusion-Component-Id
Fusion-Content-Id
Fusion-Template-Id
X-Correlation-Id
X-Real-IP
X-FB-Debug
Payment
Webserver
X-Device-Type
Actual-Object-TTL
Access-Control-Allow-Method
X-Response-Served-From
Cache
X-Amz-Server-Side-Encryption
AsisCache
X-Tumblr-Pixel-1
X-Varnish-Hits
X-TT-TIMESTAMP
X-Tumblr-Pixel-2
Filters
GEO-INFO
Content-Script-Type
Edge-Cache-Tag
ServedBy
Content-Style-Type
X-Cacheable-TTL
X-TX-ID
X-UUID
X-Varnish-Grace
X-WebKit-CSP-Report-Only
X-Region
X-Jobs
Healthy
X-Adobe-Content
X-Varnish-IP
Upgrade-Insecure-Requests
X-Adobe-Loc
X-Servedby
X-Drupal-Cache-Contexts
Viewport
X-Amz-Replication-Status
X-RTag
X-Contextid
Ms-Operation-Id
Country
NGB
X-Rendered-As
X-Accel-Expires
X-Locale
X-WPE-Loopback-Upstream-Addr
X-Esi
X-Cache-Config
Cache-Tv-Group
X-UA-Device-Type
From-Origin
X-RequestSource
X-Cache-TTL-Remaining
X-BACKEND-TTL
HitType
X-Cache-Server
X-Ezoic-Cdn
X-Cache-Operation
X-VG-WebCache
X-Cache-Remote
X-APP-VERSION
Pagespeed
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Fastly-Restarts
X-Oneagent-Js-Injection
X-Cache-TTL
X-Storage
X-Content-Age
X-Upgrade-Enabled
X-Hit
Fastcgi-Useragent
X-FW-Dynamic
X-S
Cache-Tags
X-Redis-Cache
X-Daa-Tunnel
X-RateLimit-Limit
X-Mode
Served-By
Datacenter
Cache-Tag
X-Cache-NE
NtCoent-Length
X-Is-Bot
Meta-Geo
X-Path-Route
Machine
Load-Balancing
X-JoinUs
X-Cache-Var-Map
X-Cache-Var
X-Generated
X-NGENIX-Cache
SRV
X-Backend-Name
X-Source
X-NCache
Origin-Cache-Control
X-Hl-Ver
Origin-Edge-Control
X-Rule
X-Internal-Host
X-RN-RSRV
X-Detected-As
X-Akamai-Request-ID
X-Edge-IP
X-Agile-Id
Vix-Hermes-Req-Id
Selected-FE
Now
Cache-Key
X-Agile
X-Agile-Age
X-Cache-Category-Id
X-BYPASS-REASON
X-Origin-Response-Time
X-CDN-Cache
X-Pubstack
X-ProxyCache-Status
X-Tb
X-Time-Microsecs
X-Timing-Wait
X-TNCMS
X-Labrador-Cache-Channel
X-ProxyCache-Key
X-Origin-Host
X-L-Path
X-Proxy
X-App-Version
X-Loop
X-ServerID
X-Grey
X-Hosted-By
X-Proxy-Build
X-Web-Node
X-Status
X-Environment-Context
X-FC-Vary-Parameters
X-Www-Served-By
X-Varnish-Cacheable
X-Viewer-Country
X-Pc-Hit
X-PCL
X-Pc-Key
X-IP
X-Via-Fastly
X-Pc-Appver
Xserver
X-Birta-Cache-Post
X-Birta-Served
X-RemovedCookies
X-OCL
X-GeoIP
X-Varnish-Cache-Hits
X-PERF
X-ProcessESI
X-ApacheServer
X-Origin
X-Format
X-Original-Request
X-Site-Version
DB-Nickname
X-CCM
X-VG-TLSProxy
X-Debug-Cache
X-Human
Public-Key-Pins-Report-Only
S-Rt
Cache-Name
X-Akamai-Transformed
Azure-RegionName
Azure-SiteName
Azure-SlotName
Azure-InstanceId
X-App-Name
X-Zipkin-Id
X-Proxied
X-MP-GENERATED-AT
X-Routing-Service
X-Xfnlog-Site
We-Hiring
Azure-Version
X-Access
X-Section
Mail-Subject
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
X-Origin-Hint
X-Cache-Enabled
TWC-GeoIP-LatLong
Property-Id
Webcakes-App-Version
Webcakes-Region
Webcakes-App-Name
TWC-Locale-Group
TWC-Privacy
User-Cache-Control
Fastcgi-X-Cache-Version
X-Ocache
X-Sucuri-ID
X-Microcachable
Liferay-Portal
S-Cnection
X-Request-Time
Access-Control-Request-Headers
X-Guploader-Uploadid
X-CACHE-KEY
X-Protected-By
X-Nginx-Cache
X-EdgeConnect-Cache-Status
X-GEO
AR-SID
X-Cdn-Forward
X-UA
X-Webstats-RespID
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Tumblr-Pixel-3
X-GRACE
X-Upstream-Proxy
X-FW-Version
PageSpeed
X-FB-TRIP-ID
X-Origin-CC
X-Correlation-ID
User-Agent
X-Upstream-HT
X-Upstream-CT
X-Proto
X-Trace-Id
X-Ua
X-Yottaa-Optimizations
Cache-Hits
X-Yottaa-Metrics
X-Node-Name
Ohc-File-Size
X-Varnish-Beresp-Grace
X-Forwarded-Host
X-Varnish-Beresp-Status
Powered
X-ES-SERVER
X-Unique-ID
X-Endurance-Cache-Level
LB
X-Varnish-Beresp-Ttl
X-Cache-Backend
X-Nc
X-Pc-Date
X-Edge-Cache
X-Pc-Host
X-Edge-Cache-Key
X-ElasticPress-Search
X-OVcl
X-OVcl-Cache
Frame-Options
X-Rocket-Nginx-Bypass
Section-Io-Cache
Nel
HostName
X-Server-Cache
L5d-Success-Class
X-Origin-TTL
X-V
X-Time
X-TIME
X-Parent-Response-Time
IBM-Web2-Location
X-Pc-Subdomain
Fastcgi-X-Cache
OT-Force-Account-Verify
X-Vgn-Hpd-Reason
X-LI-UUID
X-LI-Proto
GMS-Ver
X-Info
X-Li-Fabric
X-Irp-Debug
X-Li-Pop
X-Micro-Cache
X-SRCache-Key
Cache-Prefix
Country-Code
BehaviorPad-Version
Arc-Country
X-Origin-Expires
X-Origin-Date
Decoy-Debug-Key
Decoy-Debug-Status
Fastly-SWR
Fly-Cache
Fastly-SIE
X-IN-WAF
Decoy-Debug-TTL
Ec-Rule-Version
Fly-Request-Id
Meta-Geo-Continent
X-Application
X-ARC
X-Auto-Login
X-B-Cookie
X-Date
X-Amz-Meta-Cache-Control
Www
X-Accel-Expires-Debug
X-Aed
X-BB-ID
X-Block-Status
X-Cache-URL
X-Cdn-Srv
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Cache-Info
X-Cache-Id
X-Cache-Bucket
X-Cache-FS-Status
X-Cache-Host
VivaBuild
Viewtype
Mobile-Detection-Method
Node
X-Generated-In
X-Gen-Mode
X-Goog-Meta-Goog-Reserved-File-Mtime
Memcached
X-IN-APIGATEWAY
X-Hnp-Log
MD5-Digest
Powered-By
X-From
X-Distil-CS
X-Died
X-Developer
X-Destination
X-DPWN-IS-SECURE
Resin-Trace
X-Fetched-On
Rendered-Blocks
X-External-Request-Id
X-IN-SSL-APIGATEWAY
X-NU-AKA-ACS-Version
X-Connection-Hash
X-Region-Sid
X-ServiceProvider
X-User
X-Request-UUID
X-Reboot
X-Rebelmouse-Surrogate-Control
X-TT-LOGID
X-Trv-Group
X-Transaction
X-Rebelmouse-Cache-Control
X-Server-Group
X-UE-Client-Country
X-Rojux
X-S-Cookie
X-Rewrite-Enabled
X-PAYTM-SRV-ID
X-PHP-Host
X-S-Maxage
X-ScT
X-Server-By
Xc-Version
X-We-Are-Hiring
X-VG-WebServer
X-Twitter-Response-Tags
X-Sucuri-Cache
X-SIPLIST1
Server-Host
X-Distributor
SD-X-WS
X-Dispatcher-Server
X-Cache-Grace
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Shopify-Stage
X-Secret
X-Thanos
X-Epic-Correlation-Id
X-FireWall-Port
X-G
X-Core-Mission
X-Gannett-Site-Version
X-Svr
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Crawler
X-Fastly-Cache
Request-Time
Thinkindot-Control
True-Client-Country-4JS
X-Server-Time
X-A-Wwc
X-ShardId
X-A-Dgt
X-Bip
X-Alternate-Cache-Key
X-Backend-Host
X-D
X-Backend-Url
X-Thinkindot-L3
X-CUA
X-A-Dcw
X-Cache-Debug
X-Debug-Cookies
X-Debug-Log
X-Cache-Expires
X-ShopId
Web-Mar-Node
X-A-Dam
X-A-Ccd
X-A
X-Sf
Platform
X-AWS-Id
X-Request-URI
X-Nginx-Cache-Key
Content-Disposition
X-RateLimit-Remaining-Second
Fastly-Backend-Name
X-Matched-Rule
X-Response-By
X-Level-Front-Cache
X-SERVER
X-Var-Ttl
X-Logtrace-Id
X-Node-Id
X-LJ-Flow-ID
X-Proxy-Cache-Status
X-Proxy-Upstream
X-Policy
X-Wikidot-Static-Cache
X-Platform
X-RateLimit-Limit-Second
Adler-Geo
X-VWS-Id
X-NX-Host
Backend
X-Wikidot-Backend
Ajk
X-LAGOON
X-Location
Mn-Server-Ip
X-Hash
Magicmarker
Lfy
X-Variation
X-GeoIP-Country-Code
Origin
On-Server
X-Via-NSCOPI
X-Generated-On
IsBot
X-Varnish-Action
Is-Eu
Warning
X-R9-Blue-Green-Version
X-Newrelic-App-Data
X-HS-Cache-Config
X-Passed-To-DLL
X-Stale
X-Passed-To-BeforeDispatch
X-Passed-To
X-Croise-Owner
X-Passed-To-PostProcessResponse
X-Returned-From-PostProcessResponse
X-Swa-Ws
X-Core-Value
X-Instart-Isnd
Countrycode
X-Fstrz
Fastly-Soc-X-Request-Id
X-Returned-From-DLL
X-Generation-Time
X-Debug-Cache-Expiry
X-Up
X-C
X-Device-Os
X-Debug-Cache-Fetch
X-UnsetCookies
X-Clientip
X-Varnish-Authentication
X-Key
Who
X-Returned-From-BeforeDispatch
X-Server-IP
X-Debug-Cache-Store
CDCHOST
X-Eu-Site
X-Returned-From
X-Backend-State
Server-Int
Pagetype
Server-Surrogate-Control
CACHE
SS
Server-Cache-Control
RNT-Time
HA-Ipaddr
Proxy-Connection
Cache-Cookie-Set-Lfrom
X-Via-CDN
RNT-Machine
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-Cache-ASPX
Version
Fastly-SSL
X-CGP
X-Amz-Meta-Surrogate-Control
Kp-EeAlive
X-Actual-URL
AKAMAI
Ha-Gx-Prefs
X-Dc
Heartbleed
Pramga
PFcat
Apple-News-Services-Parsed-Url
X-Cluster-Node
X-Qloud-Router
Apple-News-Services-Request-Url
Apple-News-Services-Host
X-MSEdge-Features
X-MSEdge-Flight
X-Varnish-Url
X-F5-Cache
X-Developers
X-No-Session
Apple-News-Services-Handled
X-Servername
GW-Server
REQUESTUUID
X-Page-Type
Server-ID
Release
X-Dynatrace-Js-Agent
X-B3-Traceid
X-Cache-Miss-From
NGX
X-Sedo-Request-Id
X-CDN-Forward
X-TrackingId
Esi-Enabled
X-Store
X-Refresh
X-Pjax-Url
X-EIG-Tracking-Id
X-Cache-CFC
MIME-Version
X-NC
X-RCS-CacheZone
MI-Cache
Time
X-MI-In-Market
MI-API
RequestId
FastCGI-Cache
MI-Cache-Age
X-Layer
X-B3-SpanId
X-Be
X-URL
X-Oss-Server-Time
X-Oss-Request-Id
SID
X-SN
X-IPS-LoggedIn
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Ratelimit-Remaining
HA-Geolat
HA-Servedtime
HA-Cloudapp
X-From-Cache
X-Owner
HA-Georegion
HA-Geocountry
HA-Geolon
HA-Geocity
HA-Urlpath
HA-Host
X-Mrs-Cache
X-Mrs-Age
X-Mrs-Cache-Hits
X-Mshield-Cache-Status
X-Real-Ip
X-Unique-Id-Primal
Cteonnt-Length
Odigeo-Trace-Id
X-RequestId
X-Servedbyhost
PICS-Label
Cdn
X-CMS-Context
X-Hyper-Cache
CF-IPCountry
Backend-Name
X-FPC
X-Geo
Mime-Version
X-Ratelimit-Limit
X-Webkit-CSP
X-CSRF-TOKEN
X-Webkit-Csp
Memory
X-CLOUD-TRACE-CONTEXT
HTTPS
Cdn-Request-Time
X-WebServer
Cdn-Host
X-Instart-Info
X-Phone
X-Edge-Server
X-Wa
X-Req
Processtime
X-DC
CDN
X-Request-Start
X-Atg-Version
X-B3-Spanid
X-WR-MODIFICATION
GeoIP-Country-Code
Ohc-Response-Time
Cf-Ipcountry
X-Aicache-OS
X-Release
X-Pf-Uncompressing
Hostname
ProcessTime
X-HS-Combine-CSS
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Mobile-URL
GeoIP-Latitude
X-Load-Cache
X-Newrelic-Synthetics
XServer
X-NodeID
X-VServer
X-GZip
Cross-Origin-Window-Policy
X-SERVER-NAME
X-HTML-Minification-Powered-By
X-ND-Cache
X-Served-From
X-Server-W
X-Varnish-Beresp-TTL
X-Fastly-Country-Code
X-Varnish-Ttl
Rt-Proxy-Cache
X-WA
X-GoCache-CacheStatus
T-Server
URI
X-Skip-Cache
X-FORWARDED-FOR
Accept-Ch-Lifetime
X-PF-Uncompressing
X-Lb-Id
X-LB-ID
X-Oracle-Dms-Ecid
X-Tb-Optimization-Total-Bytes-Saved
X-Nananana
X-Unique-Id
X-VC-Cache
X-MServer
X-Sn-Servicetimems
V-Age
Ohc-Cache-HIT
X-COUNTRY
X-CSRF-Token
X-Cdn-Origin
X-Datadome
X-ServedByHost
X-APP
X-Worker
Pics-Label
X-SVT-ORM-RULES
Proxy-Firewall
X-Cms-Context
X-UPSTREAM-Address
X-SVT-ORM-VERSION
X-SRV
X-P-T
X-Gateway-Cache-Status
X-UCC
X-Gateway-Skip-Cache
Get-Access-Time
Uber-Trace-Id
N-Cache
X-LiteSpeed-Cache-Control
X-Gateway-Cache-Key
Is-Session-Tracking
A
X-Fastly-Cache-Hits
Amp-Access-Control-Allow-Source-Origin
DataCenter
X-CACHE-AGE
ServerName
X-Check-Cacheable
X-HS-Status
X-BE
X-Requestid
X-RCS-Backend
X-GZIP
X-Processor
X-NGINX-Cache
X-ID
Dnion-Transfer-Encoding
X-Hp-Webp
X-BBXSRF
X-Optimization
X-Cache-HT
Geoip-Latitude
X-PJAX-URL
X-Vg-Webcache
X-Backend-TTL
X-Csrf-Token
WP-Super-Cache
X-Fe
GeoIp-Country-Code
X-PAGE-TYPE
Cneonction
X-Varnish-URL
X-Port
X-StackifyID
WZWS-RAY
X-GDPR
X-Org
Requestid
Serverid
X-NWS-UUID-VERIFY
X-Via-Edge
X-HostName
RequestUuid
X-Dw-Trace-Id
Server-Id
X-Cache-Ttl
X-Via-SSL
X-ServerName
Cache-Provider
X-LiteSpeed-Tag
X-Git-Hash
Lb
X-GeoIP-City
X-VCT
DSUID
X-Request-Url
X-RAMCache
178proxuri
189phosttRef
X-Gdpr
Pragrma
409pxxline
X-Planisys-CDN-TTL
X-Instance-Name
X-Planisys-CDN-Rules
Correlation-Id
355prline
352pxline
X-CS
Xxline
219prxHost
225prxHost
286prxHost
X-Planisys-CDN-Cache
188prxHost