Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Timer
CF-Cache-Status
X-Request-Id
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Xss-Protection
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Request-ID
X-Check
X-AspNetMvc-Version
Status
X-Cache-Status
X-Adblock-Key
Timing-Allow-Origin
X-Iinfo
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-Template
Content-Encoding
X-Language
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
Keep-Alive
Xkey
X-Buckets
X-Backend
X-AH-Environment
WPE-Backend
Access-Control-Max-Age
X-Pass-Why
X-Age
X-Server
X-Cache-Group
CF-Ray
Upgrade
X-POWERED-BY
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Pingback
X-Drupal-Dynamic-Cache
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Grace
X-Hacker
X-Amz-Id-2
X-Amz-Request-Id
X-UA-Device
Ali-Swift-Global-Savetime
X-Robots-Tag
Cf-Railgun
P3p
X-LiteSpeed-Cache
X-Envoy-Upstream-Service-Time
X-Proxy-Cache
X-Page-Speed
X-Ua-Compatible
Request-Context
Content-Location
X-Device
X-Ac
X-Node
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cnection
X-Host
X-Server-Id
X-Cache-Lookup
X-Amz-Version-Id
Surrogate-Control
X-Backend-Server
X-Rack-Cache
X-WebKit-CSP
X-Response-Time
X-Rq
X-Application-Context
X-Readtime
X-CST
EagleEye-TraceId
X-Dns-Prefetch-Control
Server-Timing
Pinterest-Generated-By
X-Cloud-Trace-Context
X-TTL
X-Url
X-Instart-Request-ID
X-Px
Request-Id
Report-To
X-Country
X-OneAgent-JS-Injection
X-ORACLE-DMS-ECID
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Rating
Feature-Policy
Edge-Control
Allow
X-Country-Code
X-DynaTrace-JS-Agent
Charset
X-DataDome
X-ESI
X-Server-Name
X-Powered-CMS
X-FTR-Request-ID
X-Vname
X-PC
X-TtlSet
X-Origin-Cache
X-DynaTrace
NEL
X-MS-InvokeApp
X-Goog-Hash
X-Recruiting
X-Varnish-TTL
X-ORACLE-DMS-RID
X-Cached
X-VARITI-CCR
X-Vhost
Content-MD5
X-GitHub-Request-Id
X-Version
RTSS
X-F-Cache
X-Kinja
X-Kinja-Build
X-Cdn-Fetch
X-Kinja-Revision
X-GoogleNews-Bot
X-Exp-Id
X-Exp-Variant
X-Geo-Segment
X-Kinja-Server
X-Powered-By-Plesk
Public-Key-Pins
X-CF-Powered-By
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Env
PB-PID
PB-RID
Arc-Version
X-Mobile-Rewrite
X-Mod-Pagespeed
Verso
X-Client-IP
SPRequestGuid
X-D2id
X-Abt-Application-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-N
Accept-CH
MS-Author-Via
Permitted-Cross-Domain-Policies
X-Do-Not-Hack
X-HeyJason
AR-PoweredBy
AR-ATIME
X-Dispatcher
X-SharePointHealthScore
AR-CACHE
X-Amz-Rid
X-Navigation-Version
X-TEC-API-ORIGIN
X-T
X-TEC-API-ROOT
X-TEC-API-VERSION
DynaTrace
Nginx-Cache
Paypal-Debug-Id
X-Dw-Request-Base-Id
X-Trace
X-Grace
X-Upstream
X-Fastly-Request-ID
X-Varnish-Age
Arr-Disable-Session-Affinity
Accept-CH-Lifetime
X-FastCGI-Cache
X-Hits
TCN
X-Amz-Meta-S3cmd-Attrs
X-Shield-Request-Id
X-Id
X-Forwarded-Proto
X-DIS-Request-ID
X-Pad
X-Origin-Upstream-Status
X-XRDS-Location
SPIisLatency
SPRequestDuration
X-Cache-Hit
X-Content-Options
X-Ruxit-JS-Agent
X-Content-Digest
X-Logged-In
X-IPLB-Instance
Realpath
X-Kinsta-Cache
Access-Control-Request-Method
Mrf-Cache-Status
X-Acc-Meta-Resource-Type
MRF-Tech
X-B
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-NF-Request-ID
AR-SID
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Storage-Class
X-SS-Set-Cookie
X-Webkit-CSP
X-Vcap-Request-Id
X-HW
X-Oneagent-Js-Injection
S
X-MSEdge-Ref
X-Debug
Service-Worker-Allowed
Server-Name
X-Ser
X-FTR-Cache-Status
X-FTR-Realm
X-PressLabs-Stats
X-FTR-DC
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Backend
X-FTR-Backend-Server
X-Frontend
Tracecode
X-FTR-Expires
Fastcgi-Cache
X-Cache-Key
X-Wix-Server-Artifact-Id
Rt-Fastcgi-Cache
Eomportal-Instance
X-Server-ID
X-GUploader-UploadID
AMP-Access-Control-Allow-Source-Origin
X-Forwarded-For
Surrogate-Key
Alternate-Protocol
Cleartype
X-Cache-Rule
X-NewRelic-App-Data
Cache-Status
X-Srv
X-NWS-LOG-UUID
X-HS-Hub-Id
X-HS-Content-Id
X-Analytics
Backend-Timing
X-VCache
Host
X-Revision
TP-Cache
TP-L2-Cache
X-User-Agent
X-Rid
FilterID
X-FTR-Cache-Host
X-Whom
X-Debug-Info
X-AOL-HN
Fastly-Restarts
Public-Key-Pins-Report-Only
X-Via-JSL
X-Akam-SW-Version
X-Varnish-Backend
X-Oracle-Dms-Rid
X-Cache-2
ServerID
X-Content-Powered-By
X-RateLimit-Remaining
X-Request-Received
X-Request-Processing-Time
X-Zen-Fury
Accept-Charset
Viewport
X-Cdn
X-Accel-Buffering
X-Kinja-Server-Push
X-Mobile
Front-End-Https
X-WPE-Loopback-Upstream-Addr
X-Ttl
X-Cached-By
Liferay-Portal
X-Node-Name
X-B3-Traceid
X-App-Environment
X-LB-Cache
X-Hostname
X-Page-Id
X-Content-Security-Policy-Report-Only
X-Magnolia-Registration
X-Cluster
X-Tumblr-User
X-Varnish-Hostname
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Cache-Control
Host-Header
X-Akamai-Edgescape
Cache-Tag
X-B3-Sampled
X-Handled-By
X-Device-Type
X-Framework
X-Request-Guid
X-TT
Upgrade-Insecure-Requests
X-Platform-Server
X-B-Cache
X-FB-Debug
X-BCube-Filmed-By
X-Instance
X-Signature
DC
X-Cache-Server
X-Origin-Server
Server-Node
X-TT-TIMESTAMP
X-TA-CDN-Provider
Source
X-XRDS-LOCATION
Retry-After
MicrosoftSharePointTeamServices
X-Accel-Expires
X-Contextid
X-Servedby
X-WA-Info
Server-Info
HitInfo
HitType
X-Cache-Action
X-Amzn-Trace-Id
X-Varnish-Server
X-Cache-Operation
X-URL
X-Middleton-Display
X-Correlation-Id
X-Sol
Display
X-APP-VERSION
X-Port
X-Distil-CS
X-Daa-Tunnel
X-Edge-Location
X-Generated-By
X-Geo-Country
X-Hyper-Cache
AsisCache
X-Amz-Replication-Status
Webserver
X-CACHE-GROUP
Content-Script-Type
X-GeoIP
Content-Style-Type
GEO-INFO
X-S
X-WebKit-CSP-Report-Only
X-Tumblr-Pixel-2
X-RequestSource
X-Tumblr-Pixel-1
X-Seen-By
ServedBy
X-Newrelic-App-Data
X-Wix-Request-Id
Actual-Object-TTL
X-TX-ID
X-Locale
X-Edge-Cache-Key
X-FW-Hash
X-FW-Serve
X-Status
X-Edge-Cache
X-FW-Server
X-Jobs
X-Varnish-Hits
X-FW-Type
X-Region
X-UUID
X-FW-Static
X-Drupal-Cache-Tags
X-Adobe-Loc
Healthy
X-Adobe-Content
X-Varnish-Grace
User-Agent
X-Response-Served-From
X-DataStream-Cache-Status
SRV
Filters
Refresh
X-Amz-Server-Side-Encryption
NGB
S-Cnection
X-Proxied
Response
X-Middleton-Response
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Cache-TTL-Remaining
AR-Request-ID
X-Correlation-ID
X-CDN-Forward
IBM-Web2-Location
X-Fastcgi-Cache
X-AppVersion
X-Cache-Age
X-App-Server
X-Activity-Id
X-Az
X-Esi
X-Pc-Hit
X-Pc-Key
X-Pc-Appver
X-Cache-Remote
X-Content-Type
Cache
Payment
X-Cache-NE
X-Cacheable-TTL
X-UA
X-Ruxit-Js-Agent
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Unique-ID
X-Cache-TTL
Country
X-Vg-Webcache
Served-By
X-Akamai-Transformed
Datacenter
X-Mode
X-HS-Cache-Config
HostName
Edge-Cache-Tag
X-Real-IP
X-ProcessESI
Load-Balancing
X-RN-RSRV
X-Source
X-RemovedCookies
X-Rendered-As
Meta-Geo
X-Detected-As
Machine
X-Sucuri-ID
X-Is-Bot
X-ProxyCache-Key
X-Proxy
X-PCL
User-Cache-Control
X-BYPASS-REASON
X-OCL
X-Rocket-Nginx-Bypass
X-ProxyCache-Status
X-FC-Vary-Parameters
Access-Control-Allow-Method
Backend
Mn-Server-Ip
Cache-Key
L5d-Success-Class
Cache-Name
Webcakes-Region
X-EIG-Tracking-Id
X-Debug-Cache
X-Grey
X-Viewer-Country
X-Human
X-Hosted-By
X-Varnish-IP
X-PERF
X-Cache-Config
X-ServerID
X-Tb
X-Pubstack
X-Varnish-Cacheable
X-Cache-Category-Id
X-BB-IP
X-Origin-Hint
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-GeoIP-Country
TWC-Device-Class
Property-Id
TWC-Connection-Speed
TWC-Privacy
Webcakes-App-Name
X-Backend-Name
X-Origin
X-ApacheServer
X-Amz-Meta-Surrogate-Control
Webcakes-App-Version
Now
DB-Nickname
X-ATG-Version
Access-Control-Request-Headers
X-CDN-Cache
X-CCM
X-Via-Fastly
Azure-InstanceId
S-Rt
X-Environment-Context
X-Generated
Azure-SiteName
X-Routing-Service
X-Access
ServerName
X-Zipkin-Id
Azure-Version
X-Varnish-Cache-Hits
Azure-SlotName
Azure-RegionName
X-Format
X-OVcl
X-Hit
X-OVcl-Cache
X-TNCMS
X-Section
X-Site-Version
X-NodeID
X-Original-Request
X-JoinUs
X-Upgrade-Enabled
X-Loop
X-L-Path
X-SplitTest
X-Agile
X-IP
X-App-Name
X-Agile-Age
X-AWS-Id
X-Ocache
X-TWH-CORRELATION-ID
X-LJ-Flow-ID
X-VWS-Id
X-Xfnlog-Site
X-Www-Served-By
X-NGENIX-Cache
X-Agile-Id
X-Storage
X-Pc-Host
X-Pc-Date
X-Origin-CC
X-Drupal-Cache-Contexts
X-Rule
X-HS-Combine-CSS
X-Akamai-Request-ID
X-Proxy-Build
Selected-FE
X-Timing-Wait
X-Cache-Var-Map
X-Cache-Var
XServer
X-Vgn-Hpd-Reason
X-Time-Microsecs
X-NC
X-Upstream-CT
X-Upstream-HT
X-PHP-Backend
X-UA-Device-Type
From-Origin
X-NCache
OT-Force-Account-Verify
X-RateLimit-Limit
X-Internal-Host
X-Litespeed-Cache
X-Microcachable
X-Distributor
X-Release
X-Mrs-Cache
X-Mrs-Age
X-Mshield-Cache-Status
Ar-Sid
X-Forwarded-Host
X-Mrs-Cache-Hits
X-M-Log
Fastcgi-Useragent
Fastly-SSL
X-M-Reqid
X-Feature
X-Qnm-Cache
Fastcgi-X-Cache
X-Nginx-Cache
LB
Fastcgi-X-Cache-Version
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
Pagetype
X-Ms-Request-Id
X-Ms-Lease-Status
X-Ms-Version
X-Ms-Blob-Type
X-Cache-Backend
X-Birta-Served
X-Birta-Cache-Post
Powered-By-ChinaCache
X-Connection-Hash
NtCoent-Length
X-Twitter-Response-Tags
X-Transaction
Pagespeed
X-Labrador-Cache-Channel
MIME-Version
X-Instance-Name
X-V
X-EdgeConnect-Cache-Status
X-B3-Spanid
X-VG-TLSProxy
X-Webkit-Csp
Frame-Options
X-GZip
X-Varnish-Beresp-Ttl
X-Ah-Environment
X-Web-Node
PageSpeed
X-C
Time
Ec-Rule-Version
Meta-Geo-Continent
NGX
Ajk
IsBot
Server-Int
T-Server
Rendered-Blocks
Fly-Cache
AKAMAI
Arc-Country
Fly-Request-Id
Host-ID
Cache-Prefix
MD5-Digest
BehaviorPad-Version
X-BB-ID
X-PAYTM-SRV-ID
X-Org
X-Redis-Cache
X-Region-Sid
X-Request-UUID
X-Request-URI
X-NU-AKA-ACS-Version
X-No-Session
X-IN-APIGATEWAY
X-Hnp-Log
X-IN-SSL-APIGATEWAY
X-IN-WAF
X-Logtrace-Id
X-Irp-Debug
X-Rewrite-Enabled
X-Rojux
X-Via-CDN
X-VG-WebServer
X-Via-Edge
X-Via-SSL
Xc-Version
X-WebServer
X-UE-Client-Country
X-Trv-Group
X-ScT
X-S-Cookie
X-Server-By
X-Server-Time
X-SRCache-Key
X-SIPLIST1
X-Generation-Time
X-Generated-In
X-Accel-Expires-Debug
X-A-Wwc
X-Application
X-ARC
X-Block-Status
X-B-Cookie
X-A-Dgt
X-A-Dcw
Web-Mar-Node
VivaBuild
Www
X-A
X-A-Dam
X-A-Ccd
X-Cache-Bucket
X-CF-Lambda-Fn
X-Dispatcher-Server
X-Died
X-DPWN-IS-SECURE
X-From
X-Gen-Mode
X-G
X-Developer
X-Destination
X-CS
X-CF-Lambda-Version
X-CUA
X-D
X-Date
Viewtype
V-Age
Cneonction
X-FireWall-Port
X-SERVER-NAME
NodeID
X-Debug-Cookies
MI-Cache-Age
MI-Cache
X-Atg-Version
On-Server
X-Debug-Log
Origin-Edge-Control
MI-API
Origin-Cache-Control
X-Owner
HA-Urlpath
HA-Servedtime
HA-Ipaddr
HA-Host
X-Eu-Site
X-ElasticPress-Search
X-Origin-TTL
X-NX-Host
Magicmarker
Kp-EeAlive
X-Csrf-Token
Proxy-Connection
X-Cache-CFC
X-Phone
X-ServiceProvider
X-Cache-Enabled
X-Platform
X-S-Maxage
X-Amz-Meta-Cache-Control
X-RCS-CacheZone
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Sf
True-Client-Country-4JS
Request-EU
Request-Country
Release
Ha-Gx-Prefs
Request-Time
X-Crawler
SN
X-CGP
Server-Host
X-Core-Value
Pragrma
X-Node-Id
HA-Georegion
CDCHOST
Cache-Tags
X-We-Are-Hiring
Country-Code
Decoy-Debug-Key
Esi-Enabled
Decoy-Debug-TTL
Decoy-Debug-Status
X-Wikidot-Backend
Backend-Name
WZWS-RAY
X-HTML-Minification-Powered-By
X-GeoIP-City
X-Hl-Ver
X-Powered-By-ANYU
X-Sucuri-Cache
X-Wikidot-Static-Cache
X-Layer
X-Key
X-MI-In-Market
X-VServer
X-Var-Ttl
HA-Geocountry
X-UnsetCookies
HA-Geocity
GMS-Ver
HA-Cloudapp
X-F5-Cache
X-External-Request-Id
HA-Geolat
X-Fastly-Cache
HA-Geolon
X-Varnish-Action
X-Webstats-RespID
X-App-Version
X-Oss-Storage-Class
Cteonnt-Length
X-Oss-Request-Id
X-NWS-UUID-VERIFY
X-Oss-Hash-Crc64ecma
X-HOST
X-Oss-Object-Type
X-Oss-Server-Time
X-Backend-Host
X-Location
X-Cache-Expires
X-Cache-Host
X-MSEdge-Features
X-Epic-Correlation-Id
X-Backend-TTL
X-Backend-Url
X-GeoIP-Country-Code
X-Passed-To-PostProcessResponse
X-Backend-State
X-Passed-To-DLL
X-Fstrz
X-Croise-Owner
X-Alternate-Cache-Key
X-Passed-To-BeforeDispatch
X-Passed-To
X-Developers
X-Device-Os
X-Matched-Rule
X-Nginx-Cache-Key
X-Content-Age
X-Cdn-Origin
X-Cache-URL
X-Cache-Srv
X-Cdn-Srv
X-Fetched-On
X-MSEdge-Flight
X-Ckpd-Fst-Backend
X-FW-Version
X-Gannett-Site-Version
X-Shopify-Stage
RNT-Time
X-Variation
RNT-Machine
X-Up
Heartbleed
Section-Io-Cache
Server-ID
X-TT-LOGID
X-Hash
Fastly-Backend-Name
X-Skip-Cache
X-Sn-Servicetimems
Platform
X-Swa-Ws
X-Stale
X-Thinkindot-L3
X-Trace-Id
Is-Eu
X-Tumblr-Pixel-3
Odigeo-Trace-Id
X-Sorting-Hat-PodId
PFcat
Origin
X-Sorting-Hat-ShopId
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Returned-From-PostProcessResponse
X-Secret
Adler-Geo
X-Returned-From
X-Response-By
X-Reboot
X-Actual-URL
Mobile-Detection-Method
X-Request-Time
Thinkindot-Control
X-Worker
X-ShopId
Apple-News-Services-Handled
X-ShardId
Uber-Trace-Id
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Server-IP
Apple-News-Services-Host
X-CACHE-AGE
X-VCT
Fastly-SIE
Fastly-SWR
Content-Disposition
Countrycode
HTTPS
Resin-Trace
Sid
X-Rebelmouse-Cache-Control
X-Servername
X-Core-Mission
X-Clientip
X-Rebelmouse-Surrogate-Control
X-Alicdn-Da-Ups-Status
X-Planisys-CDN-Rules
X-Store
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Iejgwucgyu
CDN
X-Ezoic-Cdn
RequestId
X-Policy
X-Servedbyhost
WP-Super-Cache
X-Pf-Uncompressing
X-Cache-ASPX
X-TIME
X-GEO
Warning
Powered
X-Proto
REQUESTUUID
ProcessTime
X-Ua
CF-IPCountry
Dnion-Transfer-Encoding
X-Cluster-Node
X-Refresh
X-GoCache-CacheStatus
Mail-Subject
NODE
We-Hiring
X-Real-Ip
X-DC
X-Pjax-Url
Xserver
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
ViewerVersion
X-B3-TraceId
X-Dc
X-Req
NnCoection
X-Page-Type
X-Origin-Date
X-Origin-Expires
X-Varnish-Ttl
X-Endurance-Cache-Level
X-Cache-Control-Set-By
X-Surge-Debug
X-Edge-IP
Geoip-Latitude
GeoIp-Country-Code
X-Varnish-HitMiss
X-HCF
X-Newrelic-Synthetics
X-Server-W
X-CLOUD-TRACE-CONTEXT
X-COUNTRY
X-Time
X-Nc
X-Guploader-Uploadid
Processtime
Hostname
WWW-Authenticate
X-Server-Group
X-Aed
X-Oracle-Dms-Ecid
Pramga
SD-X-WS
X-Ms-Lease-State
Geoip-City
CACHE
MS-CV
X-Wa
A
X-Varnish-URL
TSSecure
PICS-Label
X-CSRF-Token
X-Wix-Route-ID
X-Datadome
Dont-Set-Cookie
X-Varnish-Beresp-TTL
X-Aicache-OS
X-Varnish-Url
X-GRACE
X-Cdn-Forward
X-Hello
X-From-Cache
X-Edge-Server
Cdn-Request-Time
X-ABtesting
X-Gdpr
Cdn-Host
X-Flog
X-Akamai-Request-ID2
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Ratelimit-Limit
DataCenter
Node
X-Geo
Cdn
X-WA
X-Nananana
X-Auto-Login
Lfy
Lb
X-RTag
Ms-Operation-Id
X-UPSTREAM-Address
Mime-Version
X-Use-Magma
COMMERCE-SERVER-SOFTWARE
X-Cache-HT
X-Optimization
FSS-Proxy
X-Env
Get-Access-Time
FSS-Cache
Is-Session-Tracking
X-Load-Cache
X-Wix-Petri-Ex
X-EC-Security-Audit
GeoIP-Latitude
GeoIP-Country-Code
X-APP
GeoIP-City
X-SRV
X-Fastly-Backend-Reqs
PageType
X-Sentry-ID
Who
X-WR-MODIFICATION
X-Via-NSCOPI
X-PAGE-TYPE
Rt-Proxy-Cache
X-Gen-Id
X-Unique-Id
X-Cache-FS-Status
X-CACHE-KEY
X-NGINX-Cache
X-GDPR
X-Served-From
Ws
X-Cookie
X-Ibm-Trace
X-Check-Cacheable
X-Meta-Tbi-Cache-Vertical
X-Cache-Id
X-Ver
X-Dynatrace-Js-Agent
X-Cache-Info
Memcached
X-Bip
X-Thanos
X-MP-GENERATED-AT
Httpd-Identifier
X-FORWARDED-FOR
Ohc-File-Size
X-Swift-Error
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Proxy-Server
X-Path-Route
Powered-By
Pics-Label
X-PJAX-URL
X-Be
Memory
X-Fe
X-Request-Start
X-B3-SpanId
X-Fastly-Cache-Hits
X-Dw-Trace-Id
V-Cache
Group
X-HS-Status
X-RateLimit-Reset
X-Cache-Ttl
URI
Version
X-CDN-Pop
X-CDN-Pop-IP
X-Shard
Cf-Ipcountry
X-ServedByHost
X-LiteSpeed-Cache-Control
X-P-T
X-ID
Apicache-Version
Apicache-Store
Amp-Access-Control-Allow-Source-Origin
X-GZIP
Xet-Cookie
Requestid
X-VC
X-SB
GW-Server
Ohc-Response-Time
AGE-Hash
UCS
X-PF-Uncompressing
NX-Cache
X-Bug-Bounty
Fastly-Soc-X-Request-Id
Serverid
X-User
X-Varnish-Info
X-Info
X-Akamai-ERRuleID
X-StackifyID
N-Cache
X-Akamai-ERPolicy
X-Ratelimit-Remaining
If-Modified-Since
X-Micro-Cache
CDN-Cache
X-CacheKey
CDN-Node
CDN-Cache-Hit
X-RAMCache
X-Route-Name
X-ServerName
Https
X-BBXSRF
X-Providence-Cookie
X-SD-PageType
X-Grace-Duration
X-Litespeed-Cache-Control
X-RequestId
X-Cache-Handler
X-Flags
X-Is-Crawler