Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Request-Id
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
X-Runtime
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Adblock-Key
X-Check
Alt-Svc
X-Cacheable
X-Generator
Content-Security-Policy-Report-Only
X-AspNetMvc-Version
X-Cache-Status
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-Template
X-Iinfo
X-Language
Status
Timing-Allow-Origin
X-Buckets
X-FRAME-OPTIONS
X-Content-Security-Policy
Content-Encoding
X-Kinja-Server-Push
Xkey
X-CDN
X-Turbo-Charged-By
Upgrade
X-Type
Keep-Alive
Access-Control-Expose-Headers
X-Request-ID
WPE-Backend
X-Pass-Why
X-AH-Environment
X-Backend
Access-Control-Max-Age
X-Age
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Server
X-Proxy-Cache
X-Via
Grace
X-Pingback
X-Nginx-Cache-Status
X-Server-Powered-By
X-Robots-Tag
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
X-Varnish-Cache
X-UA-Device
X-Page-Speed
EagleId
Request-Context
X-LiteSpeed-Cache
X-Envoy-Upstream-Service-Time
Cf-Railgun
X-CST
X-Ua-Compatible
X-Swift-SaveTime
X-Swift-CacheTime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Ali-Swift-Global-Savetime
X-Device
X-Amz-Version-Id
X-WebKit-CSP
X-Server-Id
Server-Timing
X-Ac
X-Node
Allow
X-Response-Time
Feature-Policy
X-OneAgent-JS-Injection
X-Rq
X-Cnection
X-Iejgwucgyu
Content-Location
X-Backend-Server
X-Cache-Lookup
Report-To
EagleEye-TraceId
Surrogate-Control
X-Host
X-Readtime
X-Application-Context
Request-Id
X-ORACLE-DMS-ECID
P3p
X-Rack-Cache
X-Url
X-Origin-Cache
X-Clacks-Overhead
X-Country
NEL
X-FTR-Request-ID
Rating
X-Country-Code
X-Cloud-Trace-Context
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-DataDome
X-Cdn
X-Px
X-Ruxit-JS-Agent
X-Instart-Request-ID
X-Mod-Pagespeed
Charset
X-Vhost
X-VARITI-CCR
X-MS-InvokeApp
Accept-CH
Pinterest-Generated-By
Edge-Control
X-Goog-Hash
X-GitHub-Request-Id
Verso
X-PC
X-TtlSet
X-Vname
X-Upstream-Env
X-Server-Name
PB-RID
PB-PID
X-Mobile-Rewrite
Arc-Version
X-ESI
X-Version
X-DynaTrace
X-Origin-Upstream-Status
X-TTL
X-Powered-By-Plesk
X-B3-TraceId
X-Dns-Prefetch-Control
X-D2id
X-Kinja-Revision
X-Kinja-Build
X-Exp-Id
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja
X-Kinja-Server
X-Use-Magma
X-Cdn-Fetch
X-Cached
X-Dispatcher
SPRequestGuid
X-Recruiting
X-SharePointHealthScore
MS-Author-Via
X-Abt-Application-Version
X-ORACLE-DMS-RID
X-Varnish-TTL
X-Powered-CMS
Accept-CH-Lifetime
X-Navigation-Version
RTSS
Content-MD5
AR-PoweredBy
AR-ATIME
AR-CACHE
X-Shield-Request-Id
X-T
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Public-Key-Pins
X-Trace
X-Forwarded-Proto
X-Client-IP
Arr-Disable-Session-Affinity
X-Amz-Rid
X-Fastly-Request-ID
X-HW
X-Wix-Server-Artifact-Id
X-Accel-Buffering
X-DynaTrace-JS-Agent
SPRequestDuration
SPIisLatency
Realpath
X-Oracle-Dms-Rid
X-DIS-Request-ID
Service-Worker-Allowed
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Server-ID
X-Goog-Generation
X-Goog-Metageneration
Paypal-Debug-Id
AR-Request-ID
X-Amz-Meta-S3cmd-Attrs
Front-End-Https
X-Upstream
X-Ser
X-B
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Realm
X-Country-Code-Real
X-FTR-DC
X-FTR-Backend
X-FTR-Backend-Server
X-Pinterest-Rid
Pinterest-Version
X-FTR-Expires
X-F-Cache
X-Via-JSL
X-Id
X-Vcap-Request-Id
X-Dw-Request-Base-Id
Ar-Sid
X-Debug
X-Varnish-Age
X-Goog-Storage-Class
X-XRDS-Location
X-Acc-Meta-Resource-Type
X-Ttl
X-Kinsta-Cache
X-MSEdge-Ref
Nginx-Cache
X-N
X-Hits
X-NF-Request-ID
X-DataStream-Cache-Status
X-FTR-Cache-Host
S
X-NewRelic-App-Data
X-Logged-In
X-Akam-SW-Version
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
MRF-Tech
X-B3-TraceId-Primal
X-Forwarded-For
Tracecode
Alternate-Protocol
X-Frontend
X-Grace
X-User-Agent
X-HS-Hub-Id
X-HS-Content-Id
X-PressLabs-Stats
X-Amzn-Trace-Id
TCN
Server-Name
X-Content-Options
X-Content-Digest
X-CACHE-GROUP
AMP-Access-Control-Allow-Source-Origin
Refresh
X-FastCGI-Cache
Powered-By-ChinaCache
Display
X-Sol
X-Content-Type
X-Middleton-Display
Access-Control-Request-Method
X-Pad
DynaTrace
X-Analytics
Backend-Timing
MicrosoftSharePointTeamServices
X-LB-Cache
Accept-Charset
X-AppVersion
X-Zen-Fury
X-Az
FilterID
X-IPLB-Instance
X-Rid
X-Activity-Id
X-Page-Id
Response
Fastcgi-Cache
Host
X-CF-Powered-By
X-Middleton-Response
X-Debug-Info
X-Cache-Key
X-Fastcgi-Cache
ServerID
MS-CV
X-Cache-Hit
Cache-Status
TP-Cache
X-Magnolia-Registration
TP-L2-Cache
X-Oneagent-Js-Injection
X-Srv
X-Seen-By
X-VCache
X-Hostname
X-Content-Powered-By
X-RateLimit-Remaining
X-Mobile
X-ATG-Version
X-Revision
X-Cached-By
X-WA-Info
X-Varnish-Backend
X-GUploader-UploadID
X-Whom
Surrogate-Key
Host-Header
X-Request-Received
X-Request-Processing-Time
X-B3-Sampled
X-SS-Set-Cookie
X-Instance
VIX-Pulpo-Upstream-Status
Server-Info
VIX-Pulpo-Node
X-Cluster
X-Cache-Action
X-Drupal-Cache-Tags
X-Handled-By
X-Content-Security-Policy-Report-Only
Source
DC
X-Request-Guid
X-Ruxit-Js-Agent
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
ViewerVersion
X-Wix-Request-Id
Cleartype
X-PHP-Backend
X-Real-IP
X-B-Cache
X-Signature
X-TT
X-Framework
X-Origin-Server
X-Platform-Server
X-Akamai-Edgescape
Fusion-Source
Fusion-Content-Source
Fusion-Template-Id
X-Amz-Apigw-Id
X-Amzn-RequestId
Fusion-Component-Id
Fusion-Content-Id
X-Cache-Age
X-App-Environment
X-XRDS-LOCATION
Rt-Fastcgi-Cache
X-Geo-Country
X-App-Server
X-FW-Type
X-FW-Hash
X-FW-Server
X-FW-Static
X-FW-Serve
X-Generated-By
X-AOL-HN
X-Varnish-Server
X-BCube-Filmed-By
X-Cache-Control
Server-Node
X-Edge-Location
X-TA-CDN-Provider
X-Varnish-Hostname
X-NWS-LOG-UUID
Retry-After
X-Cache-Rule
X-Upstream-Proxy
X-Correlation-Id
X-Amz-Server-Side-Encryption
X-Varnish-Grace
Payment
X-Cache-2
X-Amz-Replication-Status
Access-Control-Allow-Method
X-Response-Served-From
Pagespeed
Eomportal-Instance
X-FB-Debug
X-TT-TIMESTAMP
X-Tumblr-Pixel-2
X-Varnish-Hits
GEO-INFO
ServedBy
X-Ezoic-Cdn
X-UA-Device-Type
X-Cacheable-TTL
X-Cache-Config
X-Tumblr-Pixel-1
Actual-Object-TTL
AsisCache
Webserver
Content-Script-Type
X-WebKit-CSP-Report-Only
Ms-Operation-Id
X-Drupal-Cache-Contexts
X-Jobs
X-UUID
X-RTag
X-Contextid
NGB
Filters
X-TX-ID
Healthy
Content-Style-Type
X-Region
X-Varnish-IP
Viewport
X-Adobe-Loc
X-VG-WebCache
Upgrade-Insecure-Requests
X-Adobe-Content
Cache-Tv-Group
Country
X-Rendered-As
X-RequestSource
HitType
X-Cache-TTL
X-Locale
X-Accel-Expires
From-Origin
Fastcgi-Useragent
X-Cache-TTL-Remaining
X-Device-Type
X-BACKEND-TTL
X-FW-Dynamic
X-Cache-Server
X-Servedby
Edge-Cache-Tag
X-Content-Age
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-WPE-Loopback-Upstream-Addr
Cache-Tags
Cache
X-Cache-Remote
X-Redis-Cache
X-Source
X-Upgrade-Enabled
Datacenter
X-Cache-Operation
X-DataStream-Origin-MEX-Latency
X-Hit
X-DataStream-MidMile-RTT
X-Storage
X-Esi
Fastly-Restarts
X-CACHE-KEY
X-RateLimit-Limit
X-APP-VERSION
X-GeoIP
X-Mode
Cache-Tag
X-S
X-App-Version
NtCoent-Length
X-Internal-Host
X-Is-Bot
Load-Balancing
X-Pubstack
X-JoinUs
X-RN-RSRV
X-Hl-Ver
X-Time-Microsecs
Machine
X-TNCMS
Meta-Geo
X-Labrador-Cache-Channel
X-Backend-Name
X-Cache-Var
X-Cache-Var-Map
X-Akamai-Request-ID
X-Agile-Id
X-Agile
X-Agile-Age
Served-By
X-Loop
Xserver
X-Origin-Response-Time
Vix-Hermes-Req-Id
X-Detected-As
X-NGENIX-Cache
X-Path-Route
X-Status
Cache-Key
X-Cache-Category-Id
X-ProxyCache-Key
X-ProxyCache-Status
X-L-Path
X-FC-Vary-Parameters
X-Proxy-Build
X-Rule
X-ServerID
X-Timing-Wait
X-Varnish-Cacheable
X-Grey
X-Hosted-By
X-Tb
X-Environment-Context
X-Edge-IP
X-Birta-Cache-Post
X-Birta-Served
Selected-FE
Origin-Edge-Control
X-Www-Served-By
X-BYPASS-REASON
X-Generated
X-Proxy
X-Origin-Host
X-CDN-Cache
X-NCache
Now
Origin-Cache-Control
TWC-Privacy
TWC-Locale-Group
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Property-Id
SRV
TWC-Connection-Speed
TWC-Device-Class
X-ApacheServer
X-Cache-Enabled
X-Web-Node
X-Via-Fastly
S-Rt
X-Microcachable
X-IP
X-VG-TLSProxy
X-RemovedCookies
X-Guploader-Uploadid
X-Origin-Hint
X-PERF
X-ProcessESI
Cache-Name
X-Viewer-Country
X-Varnish-Cache-Hits
Azure-RegionName
Azure-SiteName
Azure-SlotName
Public-Key-Pins-Report-Only
Azure-InstanceId
X-Akamai-Transformed
X-OCL
X-Human
X-MP-GENERATED-AT
Azure-Version
Access-Control-Request-Headers
X-CCM
Fastcgi-X-Cache-Version
DB-Nickname
X-Format
X-PCL
User-Agent
We-Hiring
Cache-Hits
X-Routing-Service
X-Xfnlog-Site
X-Access
X-Zipkin-Id
X-Proxied
X-Site-Version
X-Debug-Cache
X-App-Name
Mail-Subject
X-Section
X-Daa-Tunnel
X-Varnish-Ttl
X-ES-SERVER
Liferay-Portal
X-GEO
X-Node-Name
LB
S-Cnection
X-Protected-By
X-FW-Version
X-Origin
X-Sucuri-ID
X-EdgeConnect-Cache-Status
X-Original-Request
X-Pc-Key
X-Nginx-Cache
X-Pc-Hit
X-Pc-Appver
X-Cache-NE
X-Cdn-Forward
CACHE
X-Ocache
X-Proto
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Trace-Id
User-Cache-Control
X-Request-Time
Powered
X-Ua
X-VWS-Id
X-UA
X-Forwarded-Host
X-LJ-Flow-ID
X-AWS-Id
X-GRACE
X-Tumblr-Pixel-3
X-Endurance-Cache-Level
X-Time
X-Nc
L5d-Success-Class
Ohc-File-Size
X-Cluster-Node
Section-Io-Cache
X-Webstats-RespID
X-Unique-ID
Frame-Options
X-Correlation-ID
X-FB-TRIP-ID
X-V
X-Origin-CC
PageSpeed
OT-Force-Account-Verify
X-EIG-Tracking-Id
X-URL
X-Varnish-Beresp-Grace
X-OVcl-Cache
X-Varnish-Beresp-Status
X-OVcl
X-Webkit-Csp
X-Origin-TTL
AR-SID
X-ElasticPress-Search
X-Cache-Backend
Nel
Decoy-Debug-TTL
X-From
Decoy-Debug-Status
Decoy-Debug-Key
X-R9-Blue-Green-Version
X-Rocket-Nginx-Bypass
X-Node-Id
X-BB-ID
X-Li-Fabric
X-Li-Pop
X-LI-Proto
X-LI-UUID
X-Cache-Grace
X-Developer
Cache-Prefix
X-Destination
X-CF-Lambda-Version
X-Distil-CS
X-CF-Lambda-Fn
BehaviorPad-Version
GMS-Ver
Country-Code
Fly-Request-Id
Fly-Cache
Fastly-SIE
X-Connection-Hash
X-Date
Ec-Rule-Version
X-DPWN-IS-SECURE
Arc-Country
X-Goog-Meta-Goog-Reserved-File-Mtime
X-NU-AKA-ACS-Version
X-Cache-FS-Status
X-IN-APIGATEWAY
X-Info
X-IN-WAF
X-Cache-Host
X-Generated-In
X-External-Request-Id
X-Cdn-Srv
X-Cache-URL
X-Fetched-On
X-Cache-Id
X-Cache-Info
X-Irp-Debug
X-Rebelmouse-Cache-Control
X-Aed
X-Backend-State
X-User
X-Accel-Expires-Debug
Powered-By
X-Response-By
X-Request-UUID
X-Reboot
X-Rebelmouse-Surrogate-Control
On-Server
X-Region-Sid
X-Amz-Meta-Cache-Control
X-Rewrite-Enabled
X-Rojux
X-SRCache-Key
Viewtype
Rendered-Blocks
VivaBuild
Www
X-ServiceProvider
X-Server-Group
X-S-Cookie
X-S-Maxage
X-ScT
X-Server-By
Fastly-SWR
X-UE-Client-Country
X-Wikidot-Static-Cache
MD5-Digest
X-Wikidot-Backend
Memcached
SD-X-WS
X-Transaction
X-Twitter-Response-Tags
X-Origin-Date
X-TT-LOGID
X-Origin-Expires
Xc-Version
X-Trv-Group
X-We-Are-Hiring
X-PAYTM-SRV-ID
X-Auto-Login
X-B-Cookie
Mobile-Detection-Method
X-ARC
X-PHP-Host
X-VG-WebServer
X-Application
Node
Meta-Geo-Continent
X-Dc
IBM-Web2-Location
Who
Thinkindot-Control
X-CGP
X-Clientip
Thinkindot-CacheControl-Type
True-Client-Country-4JS
X-Alternate-Cache-Key
X-C
X-Cache-Bucket
X-Block-Status
X-Backend-Host
X-Backend-Url
X-Bip
X-Cache-Debug
X-Cache-Expires
X-A-Dcw
X-A-Ccd
X-A-Dgt
X-A-Wwc
X-Actual-URL
X-A
X-Passed-To
X-Returned-From
X-Variation
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-Request-URI
X-Varnish-Action
X-Proxy-Cache-Status
X-Policy
X-Proxy-Upstream
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Server-IP
X-Sf
X-Svr
X-Stale
X-Swa-Ws
X-Thanos
X-Thinkindot-L3
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-ShopId
X-ShardId
X-Shopify-Stage
X-SIPLIST1
X-Var-Ttl
X-Vgn-Hpd-Reason
Thinkindot-CacheControl
X-Fastly-Cache
X-Eu-Site
X-G
X-Gen-Mode
X-Generated-On
X-Distributor
X-Dispatcher-Server
X-CUA
X-Crawler
X-D
X-Debug-Cookies
X-Debug-Log
X-GeoIP-Country-Code
X-Hash
X-NX-Host
X-Nginx-Cache-Key
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Micro-Cache
X-Matched-Rule
X-LAGOON
X-Hnp-Log
X-Level-Front-Cache
X-Location
X-Logtrace-Id
X-Core-Mission
X-A-Dam
Magicmarker
IsBot
X-Via-CDN
Adler-Geo
Backend
Platform
Ajk
Origin
Is-Eu
HA-Ipaddr
Fastly-Soc-X-Request-Id
Fastly-Backend-Name
Countrycode
Fastly-SSL
Content-Disposition
Ha-Gx-Prefs
CDCHOST
Mn-Server-Ip
Proxy-Connection
Lfy
Request-Time
X-Varnish-Beresp-Ttl
Server-Host
X-Sucuri-Cache
X-HS-Cache-Config
X-Parent-Response-Time
Hostname
Warning
X-Developers
X-SERVER
X-MSEdge-Flight
X-No-Session
Server-Cache-Control
GW-Server
Cache-Cookie-Set-Lfrom
X-Instart-Isnd
Server-Surrogate-Control
Server-Int
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Croise-Owner
X-TrackingId
X-Platform
SS
X-Core-Value
X-MSEdge-Features
X-UnsetCookies
X-Gannett-Site-Version
Web-Mar-Node
SID
Cache-Cookie-Set-From
X-Epic-Correlation-Id
X-F5-Cache
X-Varnish-Authentication
Pramga
Release
X-Secret
X-Fstrz
X-Debug-Cache-Store
X-Qloud-Router
X-Device-Os
X-FireWall-Port
AKAMAI
X-Cache-ASPX
Heartbleed
Cache-Cookie-Set-Idcheck
RNT-Machine
X-Up
RNT-Time
X-Upstream-HT
X-Pc-Date
X-Pc-Host
X-Upstream-CT
X-Pc-Subdomain
X-Server-Time
Apple-News-Services-Host
Pagetype
Apple-News-Services-Handled
X-Varnish-Url
Resin-Trace
Apple-News-Services-Parsed-Url
REQUESTUUID
NGX
Kp-EeAlive
X-SN
X-Page-Type
X-Owner
Server-ID
X-Amz-Meta-Surrogate-Control
X-Key
Apple-News-Services-Request-Url
X-Be
X-Sedo-Request-Id
X-Pjax-Url
X-Cache-Miss-From
X-TIME
X-Server-Cache
Odigeo-Trace-Id
X-IN-SSL-APIGATEWAY
X-Servername
X-B3-Traceid
X-Generation-Time
HTTPS
X-Refresh
X-Newrelic-App-Data
X-Died
X-Via-NSCOPI
Fastcgi-X-Cache
Cdn-Host
X-Oss-Storage-Class
Cdn-Request-Time
X-Edge-Server
X-Oss-Server-Time
X-From-Cache
X-Oss-Hash-Crc64ecma
RequestId
X-Dynatrace-Js-Agent
X-Oss-Object-Type
X-Oss-Request-Id
X-Edge-Cache
ProcessTime
X-CDN-Forward
X-Edge-Cache-Key
MIME-Version
Version
X-B3-SpanId
HostName
Mime-Version
X-NC
X-Servedbyhost
Cdn
X-FPC
PFcat
Cteonnt-Length
Time
X-Mobile-URL
X-Req
X-Ratelimit-Remaining
PICS-Label
FastCGI-Cache
X-NodeID
X-CSRF-TOKEN
X-Amzn-Remapped-Date
X-Cache-CFC
X-VServer
Cross-Origin-Window-Policy
X-Amzn-Remapped-Connection
Esi-Enabled
X-Store
X-Load-Cache
X-GZip
MI-Cache
X-HS-Combine-CSS
Memory
MI-API
X-MI-In-Market
X-Webkit-CSP
X-Hyper-Cache
X-Layer
X-RCS-CacheZone
MI-Cache-Age
CF-IPCountry
X-CLOUD-TRACE-CONTEXT
X-Ratelimit-Limit
X-Geo
X-Wa
HA-Servedtime
Cf-Ipcountry
HA-Geocountry
HA-Geolat
HA-Geocity
X-RequestId
X-IPS-LoggedIn
X-Skip-Cache
HA-Geolon
HA-Cloudapp
HA-Urlpath
HA-Host
HA-Georegion
X-Varnish-Beresp-TTL
Processtime
X-HTML-Minification-Powered-By
Uber-Trace-Id
X-Lb-Id
Amp-Access-Control-Allow-Source-Origin
Ohc-Cache-HIT
CDN
X-DC
Backend-Name
X-B3-Spanid
X-VC-Cache
X-Tb-Optimization-Total-Bytes-Saved
X-Fastly-Country-Code
X-CMS-Context
X-Pf-Uncompressing
X-Aicache-OS
X-Newrelic-Synthetics
X-Cms-Context
X-Real-Ip
X-PF-Uncompressing
XServer
X-Gateway-Skip-Cache
X-WA
X-Gateway-Cache-Status
N-Cache
X-Gateway-Cache-Key
X-UCC
X-Mshield-Cache-Status
X-Mrs-Cache-Hits
X-Unique-Id-Primal
X-Instart-Info
X-Mrs-Cache
X-WR-MODIFICATION
X-Atg-Version
X-Mrs-Age
X-Phone
X-Shard
Ohc-Response-Time
X-WebServer
GeoIP-Country-Code
Accept-Ch-Lifetime
X-Release
X-Processor
X-Request-Start
X-LB-ID
X-Nananana
URI
T-Server
X-Oracle-Dms-Ecid
GeoIP-Latitude
X-Server-W
Pics-Label
X-BBXSRF
X-Hp-Webp
X-MServer
X-COUNTRY
X-CSRF-Token
X-Vcache
X-SRV
X-APP
X-Unique-Id
X-Worker
X-Datadome
X-FORWARDED-FOR
X-ServedByHost
X-VCT
X-Amzn-Remapped-Content-Length
X-Geo-Header
X-GeoIP-City
X-LiteSpeed-Cache-Control
X-ND-Cache
Host-ID
A
Rt-Proxy-Cache
X-Served-From
X-VHOST
X-GoCache-CacheStatus
X-SERVER-NAME
X-Check-Cacheable
UCS
DataCenter
X-HS-Status
X-CACHE-AGE
Request-EU
Request-Country
X-Requestid
X-Optimization
X-Cache-HT
X-GZIP
X-Fastly-Cache-Hits
X-HostName
X-UPSTREAM-Address
X-NGINX-Cache
Geoip-Latitude
Cneonction
X-Cdn-Origin
X-ID
X-Sn-Servicetimems
Dnion-Transfer-Encoding
V-Age
X-Fastly-Backend-Reqs
Pragrma
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
FSS-Cache
FSS-Proxy
X-BE
X-Fpc
X-Backend-TTL
X-ServerName
X-Org
X-PAGE-TYPE
X-Varnish-URL
WZWS-RAY
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Git-Hash
Proxy-Firewall
WP-Super-Cache
X-Dw-Trace-Id
GeoIp-Country-Code
X-PJAX-URL
Requestid
X-Csrf-Token
X-Port
Serverid
Cache-Provider
X-Via-SSL
RequestUuid
X-LiteSpeed-Tag
Is-Session-Tracking
Server-Id
X-Via-Edge
X-P-T
X-Gen-Id
Get-Access-Time
X-NWS-UUID-VERIFY
X-Request-Url
X-Html-Edge-Cache
Xxline
355prline
225prxHost
X-Fe
ServerName
219prxHost
188prxHost
178proxuri
X-CS
DSUID
Inserted-Into-Cache-At
X-StackifyID
189phosttRef
352pxline
286prxHost
X-RAMCache
409pxxline