Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Accept-Ranges
Last-Modified
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Xss-Protection
X-AspNetMvc-Version
Status
Timing-Allow-Origin
X-Check
X-Cache-Status
X-Adblock-Key
X-Iinfo
X-Request-ID
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-Content-Security-Policy
Content-Encoding
X-CDN
X-Template
X-Language
X-Turbo-Charged-By
Keep-Alive
X-Type
X-Buckets
EagleId
Xkey
X-Via
X-Backend
X-AH-Environment
WPE-Backend
X-Age
X-Pass-Why
Access-Control-Max-Age
X-Server
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Cache-Group
X-Varnish-Cache
X-Pingback
Upgrade
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
Grace
X-Hacker
P3p
X-UA-Device
Cf-Railgun
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Ua-Compatible
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
Request-Context
X-CST
X-Node
X-Device
X-Cache-Lookup
X-Ac
Content-Location
X-Host
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cnection
Surrogate-Control
X-Amz-Version-Id
X-WebKit-CSP
X-Backend-Server
X-Rack-Cache
X-Server-Id
X-Response-Time
X-Rq
X-Px
X-Readtime
X-Application-Context
Pinterest-Generated-By
X-Dns-Prefetch-Control
Allow
X-OneAgent-JS-Injection
X-Instart-Request-ID
EagleEye-TraceId
X-Cloud-Trace-Context
X-Clacks-Overhead
X-Url
Request-Id
Permitted-Cross-Domain-Policies
X-HeyJason
X-Do-Not-Hack
Server-Timing
X-Country
Report-To
Rating
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country-Code
X-Varnish-TTL
Charset
Edge-Control
X-ESI
X-TTL
X-Powered-CMS
X-PC
X-Vname
X-TtlSet
X-Server-Name
X-FTR-Request-ID
X-CF-Powered-By
X-DataDome
Feature-Policy
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-MS-InvokeApp
X-Goog-Hash
X-Cached
X-Origin-Cache
NEL
Public-Key-Pins
X-Vhost
X-Recruiting
X-DynaTrace-JS-Agent
X-DynaTrace
X-Geo-Segment
X-GoogleNews-Bot
X-Exp-Variant
X-VARITI-CCR
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-F-Cache
X-Version
X-Powered-By-Plesk
X-Mod-Pagespeed
X-Server-ID
X-Upstream-Env
Pinterest-Version
X-T
X-Pinterest-Rid
X-SRCache-Fetch-Status
X-SRCache-Store-Status
AR-ATIME
AR-PoweredBy
PB-PID
PB-RID
X-Mobile-Rewrite
X-D2id
Arc-Version
AR-CACHE
Content-MD5
Verso
X-Abt-Application-Version
X-N
RTSS
X-Client-IP
X-Dispatcher
X-Cdn
SPRequestGuid
X-Amz-Rid
X-SharePointHealthScore
X-Ruxit-JS-Agent
X-GitHub-Request-Id
X-Forwarded-Proto
X-Hits
Nginx-Cache
X-Navigation-Version
X-Dw-Request-Base-Id
X-Ttl
X-B
Paypal-Debug-Id
Realpath
X-Upstream
X-Grace
X-Content-Digest
X-Pad
X-Varnish-Age
X-Shield-Request-Id
X-TEC-API-ORIGIN
X-Id
X-TEC-API-ROOT
X-TEC-API-VERSION
Arr-Disable-Session-Affinity
X-Content-Options
MS-Author-Via
X-Cache-Hit
TCN
X-Kinsta-Cache
X-NWS-LOG-UUID
Access-Control-Request-Method
X-Goog-Generation
X-Logged-In
SPIisLatency
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
SPRequestDuration
X-Goog-Stored-Content-Length
X-Acc-Meta-Resource-Type
DynaTrace
S
Mrf-Cache-Status
MRF-Tech
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-FastCGI-Cache
X-Trace
X-Origin-Upstream-Status
X-XRDS-Location
X-Vcap-Request-Id
X-VCache
X-MSEdge-Ref
X-DIS-Request-ID
X-HW
X-Zen-Fury
Cleartype
Eomportal-Instance
Surrogate-Key
X-Country-Code-Real
X-FTR-DC
X-FTR-Expires
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-Balancer
X-Cache-Rule
X-Frontend
X-FTR-Backend-Server
Front-End-Https
X-FTR-Backend
X-Fastly-Request-ID
X-HS-Content-Id
X-HS-Hub-Id
X-IPLB-Instance
Service-Worker-Allowed
Cache-Status
X-PressLabs-Stats
X-Via-JSL
X-NF-Request-ID
X-User-Agent
Server-Name
X-Forwarded-For
X-SS-Set-Cookie
Tracecode
X-Hostname
X-Request-Received
X-Request-Processing-Time
X-Varnish-Backend
Fastcgi-Cache
X-Analytics
Backend-Timing
X-Cache-2
Host
X-Wix-Server-Artifact-Id
Rt-Fastcgi-Cache
FilterID
X-AOL-HN
Viewport
Alternate-Protocol
Public-Key-Pins-Report-Only
TP-Cache
TP-L2-Cache
X-Whom
Display
X-Sol
X-Middleton-Display
X-Revision
X-FTR-Cache-Host
X-Proxied
X-Rid
X-Content-Powered-By
X-Middleton-Response
Response
X-Srv
X-Az
X-Oneagent-Js-Injection
AR-SID
X-AppVersion
X-Activity-Id
X-Debug-Info
ServerID
X-Debug
AMP-Access-Control-Allow-Source-Origin
X-Ser
X-Cache-Control
X-Contextid
X-Magnolia-Registration
X-Daa-Tunnel
X-Cached-By
X-Akam-SW-Version
Ar-Sid
X-Mobile
X-Cache-Server
X-Newrelic-App-Data
X-WPE-Loopback-Upstream-Addr
Refresh
MicrosoftSharePointTeamServices
Server-Info
HitInfo
X-Webkit-Csp
HitType
X-Cache-Key
X-Page-Id
Accept-Charset
X-Instance
Cache-Tag
X-FB-Debug
X-Framework
X-XRDS-LOCATION
X-App-Server
X-Cache-Age
X-Varnish-Grace
Retry-After
X-Varnish-Hostname
X-Geo-Country
X-LB-Cache
X-PHP-Backend
X-Content-Security-Policy-Report-Only
X-URL
X-Fastcgi-Cache
X-Generated-By
X-App-Environment
X-Request-Guid
X-B-Cache
X-Signature
X-TT
Host-Header
X-BCube-Filmed-By
X-Cache-Operation
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-User
X-Handled-By
Upgrade-Insecure-Requests
Server-Node
Source
X-Origin-Server
X-Accel-Expires
X-Device-Type
X-B3-Traceid
Powered-By-ChinaCache
X-Platform-Server
X-RateLimit-Remaining
X-Hyper-Cache
DC
X-Akamai-Edgescape
X-WA-Info
Liferay-Portal
AR-Request-ID
X-Amz-Meta-S3cmd-Attrs
X-CACHE-GROUP
X-TT-TIMESTAMP
X-Amzn-Trace-Id
X-Cache-Action
X-Drupal-Cache-Tags
X-ATG-Version
Fastly-Restarts
X-Correlation-Id
X-APP-VERSION
X-B3-Sampled
X-NewRelic-App-Data
X-Node-Name
Accept-CH
X-Cluster
Webserver
X-GUploader-UploadID
X-Varnish-Server
X-Port
X-Edge-Location
X-Accel-Buffering
NGB
X-Dynatrace-Js-Agent
X-Cacheable-TTL
X-S
X-Seen-By
X-WebKit-CSP-Report-Only
X-Locale
X-GeoIP
X-Wix-Request-Id
Filters
Actual-Object-TTL
X-Jobs
X-Wix-Petri-Ex
ServedBy
X-Tumblr-Pixel-1
X-Varnish-Hits
X-Tumblr-Pixel-2
X-Source
AsisCache
X-RequestSource
X-FW-Serve
X-FW-Server
X-FW-Hash
X-FW-Type
X-FW-Static
X-Amz-Replication-Status
GEO-INFO
X-Region
X-Guploader-Uploadid
X-RTag
MS-CV
X-UA
X-Distil-CS
X-Cache-TTL-Remaining
Cache
S-Cnection
X-UA-Device-Type
X-Edge-Cache
X-Edge-Cache-Key
X-Webkit-CSP
HostName
X-Cache-Config
Served-By
Content-Style-Type
Content-Script-Type
X-Correlation-ID
X-Adobe-Loc
X-Adobe-Content
Country
X-Ruxit-Js-Agent
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-TA-CDN-Provider
X-Ocache
Datacenter
X-Cache-Remote
X-Vg-Webcache
X-Sucuri-ID
X-Drupal-Cache-Contexts
X-Esi
Ohc-File-Size
X-Servedby
X-Varnish-IP
X-Microcachable
X-GZip
X-Status
X-Amz-Server-Side-Encryption
X-Internal-Host
PageSpeed
X-UUID
X-DataStream-Cache-Status
X-TX-ID
X-Akamai-Transformed
X-Ezoic-Cdn
X-Unique-ID
IBM-Web2-Location
Xserver
Healthy
X-PC-Key
X-PC-Hit
X-PC-AppVer
X-RateLimit-Limit
X-Akamai-Request-ID
X-Agile-Id
Machine
Meta-Geo
X-Mode
User-Cache-Control
X-App-Name
X-Agile
Access-Control-Allow-Method
X-Agile-Age
X-Rendered-As
X-PC-Date
X-Vgn-Hpd-Reason
X-ProxyCache-Key
X-PC-Host
X-Detected-As
X-Web-Node
X-IP
X-Generated
X-ProxyCache-Status
X-Is-Bot
X-RN-RSRV
X-Grey
X-Cache-Category-Id
X-BYPASS-REASON
Load-Balancing
X-JoinUs
X-OVcl
X-Debug-Cache
X-ServerID
X-Xfnlog-Site
Mn-Server-Ip
X-Origin
X-Timing-Wait
Selected-FE
X-OVcl-Cache
X-TNCMS
X-Backend-Name
X-CCM
X-Loop
X-Instance-Name
X-Proxy-Build
X-PCL
X-NodeID
X-OCL
L5d-Success-Class
X-NGENIX-Cache
Cache-Name
X-Varnish-Cache-Hits
Now
X-Upgrade-Enabled
X-Human
X-Content-Type
X-Hosted-By
X-FC-Vary-Parameters
X-Viewer-Country
X-Varnish-Cacheable
DB-Nickname
X-BB-IP
Backend
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Tb
S-Rt
Payment
ServerName
X-Time-Microsecs
User-Agent
X-Original-Request
Azure-Version
Azure-SiteName
Azure-RegionName
Azure-InstanceId
Azure-SlotName
X-Proxy
X-Via-Fastly
X-CDN-Cache
X-Rocket-Nginx-Bypass
X-Distributor
X-EIG-Tracking-Id
Cache-Key
X-PERF
X-Site-Version
X-RemovedCookies
X-ProcessESI
X-NCache
X-ApacheServer
X-Access
X-AWS-Id
X-LJ-Flow-ID
Dont-Set-Cookie
X-Routing-Service
X-SplitTest
X-Section
X-Www-Served-By
X-Zipkin-Id
X-TWH-CORRELATION-ID
X-VWS-Id
TWC-Device-Class
TWC-GeoIP-Country
TWC-Locale-Group
TWC-GeoIP-LatLong
Webcakes-App-Name
X-Amz-Meta-Surrogate-Control
X-Format
X-Origin-CC
Webcakes-Region
TWC-Connection-Speed
Webcakes-App-Version
TWC-Privacy
Access-Control-Request-Headers
X-Origin-Hint
X-Pubstack
Property-Id
X-Real-IP
X-CDN-Forward
X-Time
X-Path-Route
SRV
X-Storage
Pagespeed
X-Cache-Backend
X-Environment-Context
X-L-Path
LB
Ms-Operation-Id
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Object-Type
WZWS-RAY
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Connection-Hash
X-Transaction
X-Twitter-Response-Tags
X-Cache-Ttl
Cteonnt-Length
X-Sucuri-Cache
X-HS-Cache-Config
Countrycode
X-Webstats-RespID
Edge-Cache-Tag
X-Proto
X-Optimization
X-Generation-Time
X-Labrador-Cache-Channel
X-Real-Ip
X-Cache-HT
X-Ah-Environment
X-Amzn-RequestId
X-M-Log
X-Qnm-Cache
X-SERVER-NAME
X-Amz-Apigw-Id
X-M-Reqid
X-B3-Spanid
X-Hit
X-MP-GENERATED-AT
Apicache-Version
X-Nc
Apicache-Store
X-Newrelic-Synthetics
X-Meta-Tbi-Cache-Vertical
X-Birta-Cache-Post
X-Birta-Served
Cache-Hits
X-Tumblr-Pixel-3
X-ServedBy
Fastly-SSL
X-Cache-NE
X-Release
X-V
NnCoection
X-Varnish-Beresp-Grace
X-Cache-Enabled
From-Origin
X-Varnish-Beresp-Status
X-SERVER
X-Dc
X-EdgeConnect-Cache-Status
ProcessTime
Ec-Rule-Version
X-App-Version
X-Upstream-HT
Ws
X-Rule
X-Upstream-CT
X-A-Dam
X-A-Dcw
X-A-Ccd
Warning
VivaBuild
Web-Mar-Node
X-Wix-Route-ID
Www
X-A
X-A-Dgt
X-Block-Status
X-BB-ID
X-Cache-URL
X-CF-Lambda-Version
X-D
X-B-Cookie
X-ARC
X-A-Wwc
X-Worker
X-Accel-Expires-Debug
X-Alternate-Cache-Key
X-Application
X-WebServer
V-Age
MD5-Digest
Kp-EeAlive
Meta-Geo-Continent
MI-Cache
MI-Cache-Age
Httpd-Identifier
Host-ID
Country-Code
Fly-Cache
Fly-Request-Id
GMS-Ver
Rendered-Blocks
Request-Country
Xc-Version
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Date
T-Server
SN
Request-EU
Resin-Trace
Server-Host
Server-ID
Viewtype
X-Via-Edge
X-Trv-Group
X-Response-By
X-Thinkindot-L3
X-Rewrite-Enabled
X-Rojux
X-TT-LOGID
X-Region-Sid
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-RCS-CacheZone
X-UE-Client-Country
X-S-Cookie
X-S-Maxage
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-SRCache-Key
X-SVT-ORM-RULES
X-ShopId
X-ShardId
X-ScT
X-Server-By
X-Server-Time
X-Sf
X-Planisys-CDN-Cache
X-PAYTM-SRV-ID
X-Fetched-On
X-Env
X-Via-CDN
X-From
X-G
X-DPWN-IS-SECURE
X-Dispatcher-Server
X-We-Are-Hiring
X-SVT-ORM-VERSION
X-Developer
X-Died
Cneonction
X-Gen-Mode
X-NU-AKA-ACS-Version
X-Org
X-Origin-Date
X-Origin-Expires
X-VG-WebServer
X-MI-In-Market
X-Generated-In
X-Hl-Ver
X-Hnp-Log
X-Matched-Rule
X-Destination
X-CF-Lambda-Fn
NODE
X-C
BehaviorPad-Version
Cache-Prefix
X-Varnish-Beresp-Ttl
Decoy-Debug-TTL
Odigeo-Trace-Id
RNT-Machine
X-CS
NGX
Decoy-Debug-Key
Decoy-Debug-Status
RNT-Time
Adler-Geo
Ajk
Platform
PFcat
Origin-Edge-Control
Proxy-Connection
Release
X-Crawler
X-Redis-Cache
Origin-Cache-Control
Cdn-Host
X-Cache-Bucket
X-Amz-Meta-Cache-Control
X-SIPLIST1
NtCoent-Length
X-Backend-Host
X-Server-IP
X-Backend-Url
X-Backend-State
X-Alicdn-Da-Ups-Status
X-Cache-CFC
Uber-Trace-Id
Apple-News-Services-Handled
Cdn-Request-Time
X-VServer
X-Clientip
X-Cache-Host
X-Request-URI
Server-Int
Pragrma
X-No-Session
X-Node-Id
X-Hash
X-Device-Os
X-ServiceProvider
X-GeoIP-Country-Code
X-GeoIP-City
X-Origin-TTL
X-Fstrz
X-Via-SSL
Apple-News-Services-Host
Is-Eu
Fastly-Backend-Name
X-IN-WAF
X-Edge-Server
Apple-News-Services-Request-Url
True-Client-Country-4JS
IsBot
X-IN-APIGATEWAY
X-IN-SSL-APIGATEWAY
X-Logtrace-Id
MI-API
Apple-News-Services-Parsed-Url
X-ElasticPress-Search
X-Returned-From
X-Cache-Srv
X-Geo
X-NX-Host
X-Cache-Expires
CDCHOST
X-HCF
X-Returned-From-PostProcessResponse
X-Cache-ASPX
X-Cdn-Origin
X-Cache-FS-Status
X-Returned-From-DLL
X-Cache-Control-Set-By
X-Returned-From-BeforeDispatch
X-Content-Age
X-Platform
X-Developers
X-Croise-Owner
X-Phone
X-Passed-To-PostProcessResponse
X-Reboot
X-Server-Group
X-Rebelmouse-Surrogate-Control
X-Debug-Log
X-Rebelmouse-Cache-Control
X-Debug-Cookies
X-Epic-Correlation-Id
X-Eu-Site
X-Core-Mission
X-FireWall-Port
X-Forwarded-Host
X-Ckpd-Fst-Backend
X-CGP
X-Core-Value
X-Passed-To
X-Passed-To-DLL
X-F5-Cache
X-Passed-To-BeforeDispatch
X-Fastly-Cache
X-Cdn-Srv
X-Actual-URL
X-Backend-TTL
HA-Servedtime
HA-Ipaddr
HA-Host
HA-Urlpath
Heartbleed
AKAMAI
Powered-By
On-Server
Origin
Ha-Gx-Prefs
HA-Georegion
Fastly-SIE
Esi-Enabled
Content-Disposition
Cache-Tags
Fastly-SWR
HA-Cloudapp
HA-Geolon
HA-Geolat
HA-Geocountry
HA-Geocity
Request-Time
HTTPS
X-Up
X-Varnish-HitMiss
X-UnsetCookies
X-Swa-Ws
Time
X-Sn-Servicetimems
X-Ver
X-Trace-Id
X-VG-TLSProxy
X-Kong-Proxy-Latency
Frame-Options
X-Kong-Upstream-Latency
X-Atg-Version
XServer
X-HS-Combine-CSS
X-B3-TraceId
X-Nginx-Cache
X-From-Cache
Is-Session-Tracking
Get-Access-Time
WWW-Authenticate
X-Cdn-Forward
X-Location
X-Wikidot-Static-Cache
Fastly-Soc-X-Request-Id
X-GoCache-CacheStatus
X-P-T
X-Powered-By-ANYU
X-Skip-Cache
Who
X-Edge-IP
Backend-Name
X-Refresh
X-Response-Served-From
X-Var-Ttl
X-Stale
RequestId
X-Wikidot-Backend
Dnion-Transfer-Encoding
X-Ms-Blob-Type
X-Ms-Lease-Status
X-Key
X-Owner
X-Ms-Version
X-Ms-Request-Id
X-Info
NodeID
X-MSEdge-Features
X-Pjax-Url
X-Cache-TTL
X-Servername
X-NC
X-Req
Ohc-Response-Time
X-CUA
X-MSEdge-Flight
X-Micro-Cache
X-BBXSRF
X-Cache-Time
We-Hiring
X-Csrf-Token
Mail-Subject
X-WR-MODIFICATION
X-GRACE
Cdn
X-Varnish-Url
Mime-Version
X-Pf-Uncompressing
X-Request-Time
X-Page-Type
X-NWS-UUID-VERIFY
MIME-Version
X-Litespeed-Cache
Dynatrace
WP-Super-Cache
X-CSRF-Token
X-COUNTRY
X-TIME
Section-Io-Cache
X-User
X-External-Request-Id
PageType
X-Pc-Hit
Accept-CH-Lifetime
X-CCM-LastModified
X-Pc-Appver
X-Pc-Key
CF-IPCountry
Cartoon
PICS-Label
X-LiteSpeed-Cache-Control
Magicmarker
X-Varnish-Action
X-Ua
X-DC
X-Pc-Date
X-Pc-Host
X-Aicache-OS
GW-Server
X-Servedbyhost
UCS
X-Cache-Handler
FastCGI-Cache
X-GDPR
Geoip-Latitude
GeoIp-Country-Code
X-Request-UUID
Geoip-City
X-Varnish-Beresp-TTL
X-HOST
Version
X-Dynatrace
X-GEO
X-Variation
X-Ibm-Trace
X-Irp-Debug
X-Fastly-Backend-Reqs
Rt-Proxy-Cache
CACHE
X-Varnish-Id
X-Cache-Id
CDN
X-Nananana
Arc-Country
X-Bip
X-Server-W
X-Thanos
X-TId
Memcached
COMMERCE-SERVER-SOFTWARE
Node
X-Gdpr
X-HTML-Minification-Powered-By
X-CACHE-KEY
Sid
Processtime
Memory
X-ServedByHost
X-Load-Cache
Pagetype
X-Shard
X-FW-Version
GeoIP-City
X-Layer
If-Modified-Since
X-Via-NSCOPI
X-StackifyID
GeoIP-Latitude
X-BE
X-Wa
X-CLOUD-TRACE-CONTEXT
GeoIP-Country-Code
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Sentry-ID
X-Ig-Deployment-Stage
X-Nginx-Cache-Key
Pics-Label
X-Nf-Srv-Version
X-Be
X-UPSTREAM-Address
Sta2Tusw
X-Proxy-Server
DataCenter
X-Auto-Login
X-Ratelimit-Remaining
RATING
X-Varnish-Ttl
X-Cluster-Node
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
Cf-Ipcountry
X-FORWARDED-FOR
X-Frame-Option
URI
X-Tid
X-Datadome
X-Akamai-Request-ID2
X-Gannett-Site-Version
X-SRV
X-PAGE-TYPE
X-Fastly-Cache-Hits
Srv
X-Varnish-URL
X-NGINX-Cache
X-Secret
X-Gen-Id
X-Ratelimit-Limit
X-PF-Uncompressing
Hostname
Lb
X-Cache-Var
X-Cache-Var-Map
X-Hail-Hydra
X-PJAX-URL
X-ID
Cache-Provider
SD-X-WS
X-EC-Security-Audit
Mobile-Detection-Method
X-GZIP
X-Feature
Pramga
X-WA
X-CacheKey
X-B3-SpanId
X-Dw-Trace-Id
X-VCT
OT-Force-Account-Verify
X-Store
X-APP
X-Unique-Id
X-Litespeed-Cache-Control
X-Bug-Bounty
Serverid
X-VG-WebCache
Xet-Cookie
X-Check-Cacheable
X-Haproxy-Ip
X-Haproxy-Hostname
X-RAMCache
X-Surge-Debug
X-Distil-Cs
V-Cache
Group
X-CDN-Pop-IP
X-Public
X-Endurance-Cache-Level
X-Akamai-ERRuleID
X-CDN-Pop
X-Akamai-ERPolicy
X-Fe
Requestid
Cache-Cookie-Set-From
X-Varnish-ID
Powered
SID
X-VC
X-SB
X-Policy
Cache-Cookie-Set-Idcheck
X-Cookie
X-Request-Start
X-Cache-Debug
X-Grace-Duration
X-ADI-VCache
X-ND-Cache
X-SD-PageType
X-ServerName
Cache-Cookie-Set-Lfrom
X-Shield-Cache-Expires