Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Accept-Ranges
Last-Modified
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
X-Xss-Protection
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-AspNetMvc-Version
Status
Timing-Allow-Origin
X-Check
X-Cache-Status
X-Adblock-Key
X-Iinfo
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-Content-Security-Policy
Content-Encoding
X-CDN
X-Template
X-Language
X-Turbo-Charged-By
X-Request-ID
Keep-Alive
X-Type
X-Buckets
EagleId
Xkey
X-Via
X-Backend
X-AH-Environment
WPE-Backend
X-Age
X-Pass-Why
Access-Control-Max-Age
X-Server
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Cache-Group
X-Varnish-Cache
X-Pingback
Upgrade
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
Grace
X-Hacker
P3p
X-UA-Device
Cf-Railgun
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Ua-Compatible
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
Request-Context
X-CST
X-Node
X-Device
X-Cache-Lookup
X-Ac
Content-Location
X-Host
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cnection
X-Amz-Version-Id
Surrogate-Control
X-WebKit-CSP
X-Backend-Server
X-Rack-Cache
X-Server-Id
X-Response-Time
X-Rq
X-Px
X-Readtime
X-Application-Context
Pinterest-Generated-By
X-Dns-Prefetch-Control
Allow
X-OneAgent-JS-Injection
X-Instart-Request-ID
EagleEye-TraceId
X-Cloud-Trace-Context
X-Clacks-Overhead
X-Url
Server-Timing
Request-Id
Permitted-Cross-Domain-Policies
X-Do-Not-Hack
X-HeyJason
X-Country
Report-To
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country-Code
X-Varnish-TTL
Rating
Charset
Edge-Control
X-ESI
X-TTL
X-Powered-CMS
X-TtlSet
X-PC
X-Vname
X-FTR-Request-ID
X-Server-Name
X-CF-Powered-By
X-DataDome
Feature-Policy
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-MS-InvokeApp
X-Goog-Hash
X-Cached
X-Origin-Cache
NEL
Public-Key-Pins
X-Recruiting
X-Vhost
X-DynaTrace-JS-Agent
X-DynaTrace
X-VARITI-CCR
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Server
X-GoogleNews-Bot
X-Exp-Id
X-Kinja
X-Geo-Segment
X-Kinja-Build
X-Kinja-Revision
X-F-Cache
X-Version
X-Powered-By-Plesk
X-Mod-Pagespeed
X-Server-ID
X-Upstream-Env
Pinterest-Version
X-Pinterest-Rid
X-T
X-SRCache-Fetch-Status
X-SRCache-Store-Status
AR-ATIME
AR-PoweredBy
PB-PID
PB-RID
X-D2id
Arc-Version
AR-CACHE
X-Mobile-Rewrite
Content-MD5
X-Client-IP
Verso
X-Abt-Application-Version
RTSS
X-N
X-Dispatcher
X-Cdn
SPRequestGuid
X-Amz-Rid
X-SharePointHealthScore
X-Ruxit-JS-Agent
X-GitHub-Request-Id
X-Forwarded-Proto
X-Hits
Nginx-Cache
X-Navigation-Version
X-Dw-Request-Base-Id
X-Ttl
X-B
Paypal-Debug-Id
Realpath
X-Upstream
X-Grace
X-Pad
X-Content-Digest
X-Varnish-Age
X-Shield-Request-Id
X-TEC-API-VERSION
X-Id
X-TEC-API-ROOT
X-TEC-API-ORIGIN
Arr-Disable-Session-Affinity
X-Content-Options
MS-Author-Via
X-Cache-Hit
TCN
X-Kinsta-Cache
Access-Control-Request-Method
X-NWS-LOG-UUID
SPRequestDuration
SPIisLatency
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Storage-Class
X-Logged-In
X-Goog-Stored-Content-Length
X-Acc-Meta-Resource-Type
S
DynaTrace
Mrf-Cache-Status
X-Mrf-Section-Lastmod
MRF-Tech
X-Mrf-Item-Lastmod
X-FastCGI-Cache
X-Trace
X-XRDS-Location
X-Origin-Upstream-Status
X-Vcap-Request-Id
X-VCache
X-MSEdge-Ref
X-DIS-Request-ID
X-HW
X-Zen-Fury
Cleartype
Eomportal-Instance
X-FTR-Balancer
Surrogate-Key
X-FTR-Realm
X-FTR-Expires
X-FTR-DC
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Backend
Front-End-Https
X-Cache-Rule
X-Frontend
X-HS-Hub-Id
X-Fastly-Request-ID
X-HS-Content-Id
Service-Worker-Allowed
X-PressLabs-Stats
X-IPLB-Instance
Cache-Status
X-Via-JSL
X-NF-Request-ID
X-User-Agent
Server-Name
X-Forwarded-For
X-SS-Set-Cookie
Tracecode
X-Request-Received
X-Request-Processing-Time
X-Hostname
X-Varnish-Backend
Fastcgi-Cache
X-Cache-2
Backend-Timing
X-Analytics
Host
X-Wix-Server-Artifact-Id
FilterID
Viewport
Alternate-Protocol
X-AOL-HN
Rt-Fastcgi-Cache
TP-Cache
X-Whom
Public-Key-Pins-Report-Only
X-FTR-Cache-Host
TP-L2-Cache
X-Sol
Display
X-Revision
X-Middleton-Display
X-Content-Powered-By
X-Proxied
X-Rid
X-Middleton-Response
Response
X-Srv
X-Activity-Id
X-Az
X-Oneagent-Js-Injection
X-AppVersion
AR-SID
X-Debug-Info
ServerID
X-Debug
AMP-Access-Control-Allow-Source-Origin
X-Ser
X-Contextid
X-Cache-Control
X-Magnolia-Registration
X-Cached-By
X-Daa-Tunnel
X-Akam-SW-Version
Ar-Sid
X-Mobile
X-Cache-Server
X-WPE-Loopback-Upstream-Addr
X-Newrelic-App-Data
Refresh
MicrosoftSharePointTeamServices
Server-Info
HitType
X-Webkit-Csp
HitInfo
Accept-Charset
X-Cache-Key
X-Page-Id
X-Instance
X-XRDS-LOCATION
X-FB-Debug
Cache-Tag
X-Varnish-Grace
X-App-Server
X-Framework
X-Cache-Age
X-PHP-Backend
Retry-After
X-Fastcgi-Cache
X-URL
X-Content-Security-Policy-Report-Only
X-Generated-By
X-Varnish-Hostname
X-LB-Cache
X-App-Environment
X-Signature
X-TT
X-Request-Guid
X-Cache-Operation
X-BCube-Filmed-By
Host-Header
X-B-Cache
X-Geo-Country
Server-Node
X-Origin-Server
X-Tumblr-Pixel-0
X-Handled-By
X-Tumblr-Pixel
X-Tumblr-User
Source
Upgrade-Insecure-Requests
X-Device-Type
X-Accel-Expires
X-B3-Traceid
Powered-By-ChinaCache
X-RateLimit-Remaining
X-Platform-Server
X-Hyper-Cache
DC
X-Akamai-Edgescape
X-Amz-Meta-S3cmd-Attrs
X-WA-Info
AR-Request-ID
Liferay-Portal
X-CACHE-GROUP
X-TT-TIMESTAMP
X-Amzn-Trace-Id
X-Cache-Action
X-Drupal-Cache-Tags
X-ATG-Version
Fastly-Restarts
X-APP-VERSION
X-Correlation-Id
X-B3-Sampled
X-NewRelic-App-Data
X-Node-Name
Accept-CH
Webserver
X-Cluster
X-GUploader-UploadID
X-Varnish-Server
X-Port
X-Edge-Location
X-Accel-Buffering
NGB
X-Dynatrace-Js-Agent
X-Cacheable-TTL
X-S
X-Seen-By
X-GeoIP
X-Wix-Request-Id
Filters
X-WebKit-CSP-Report-Only
X-Locale
ServedBy
Actual-Object-TTL
X-Jobs
X-FW-Static
X-FW-Server
X-Tumblr-Pixel-1
X-FW-Type
AsisCache
X-Varnish-Hits
X-Tumblr-Pixel-2
X-Source
X-FW-Hash
X-FW-Serve
X-Amz-Replication-Status
X-RequestSource
X-Wix-Petri-Ex
X-Guploader-Uploadid
X-Region
GEO-INFO
X-UA
MS-CV
X-RTag
X-Distil-CS
X-Cache-TTL-Remaining
S-Cnection
X-UA-Device-Type
Cache
HostName
X-Edge-Cache
X-Edge-Cache-Key
X-Webkit-CSP
X-Cache-Config
Served-By
X-Adobe-Content
Content-Style-Type
X-Correlation-ID
Content-Script-Type
X-Adobe-Loc
Country
X-Ruxit-Js-Agent
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
X-TA-CDN-Provider
Datacenter
X-Ocache
X-Cache-Remote
X-Sucuri-ID
X-Vg-Webcache
X-Drupal-Cache-Contexts
X-Esi
X-Servedby
X-Varnish-IP
X-GZip
X-Microcachable
X-Status
X-Amz-Server-Side-Encryption
PageSpeed
X-UUID
X-DataStream-Cache-Status
X-Internal-Host
Ohc-File-Size
X-Unique-ID
X-Ezoic-Cdn
X-TX-ID
X-Akamai-Transformed
Healthy
IBM-Web2-Location
Xserver
X-PC-AppVer
X-PC-Hit
X-PC-Key
X-RateLimit-Limit
X-ProxyCache-Key
X-RN-RSRV
X-Rendered-As
X-Web-Node
X-Mode
Load-Balancing
X-Is-Bot
X-JoinUs
X-Cache-Category-Id
X-IP
X-Detected-As
X-Grey
X-Generated
X-BYPASS-REASON
X-App-Name
User-Cache-Control
Meta-Geo
Machine
X-Agile
X-Agile-Age
X-Akamai-Request-ID
X-Agile-Id
Access-Control-Allow-Method
X-ProxyCache-Status
X-PC-Date
X-Vgn-Hpd-Reason
X-PC-Host
X-Loop
X-Origin
Selected-FE
X-CCM
X-Backend-Name
X-OVcl
X-ServerID
Mn-Server-Ip
X-Proxy-Build
X-TNCMS
X-OVcl-Cache
X-Timing-Wait
X-Debug-Cache
X-Instance-Name
X-Varnish-Cache-Hits
User-Agent
S-Rt
Payment
Now
L5d-Success-Class
DB-Nickname
X-Upgrade-Enabled
Backend
X-PCL
Cache-Name
X-OCL
X-NodeID
X-Xfnlog-Site
ServerName
X-Tb
X-Yottaa-Metrics
X-Content-Type
X-Viewer-Country
X-NGENIX-Cache
X-BB-IP
X-Yottaa-Optimizations
X-Varnish-Cacheable
X-FC-Vary-Parameters
X-Time-Microsecs
X-Hosted-By
X-Human
Azure-InstanceId
X-Original-Request
X-Distributor
X-EIG-Tracking-Id
Azure-RegionName
X-Rocket-Nginx-Bypass
X-Via-Fastly
X-NCache
X-CDN-Cache
Azure-SlotName
Azure-SiteName
Azure-Version
X-ApacheServer
X-RemovedCookies
X-ProcessESI
X-Site-Version
X-Proxy
Cache-Key
X-PERF
X-TWH-CORRELATION-ID
X-Routing-Service
Dont-Set-Cookie
X-Www-Served-By
X-Access
X-Section
X-LJ-Flow-ID
X-Zipkin-Id
X-VWS-Id
X-SplitTest
X-AWS-Id
TWC-Device-Class
TWC-Connection-Speed
X-Format
TWC-GeoIP-Country
Webcakes-App-Name
Webcakes-Region
Access-Control-Request-Headers
Webcakes-App-Version
X-Amz-Meta-Surrogate-Control
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Privacy
X-Origin-Hint
X-Pubstack
X-Origin-CC
Property-Id
X-Time
X-CDN-Forward
X-Path-Route
X-Real-IP
SRV
X-Storage
X-Cache-Backend
X-L-Path
Pagespeed
X-Environment-Context
Ms-Operation-Id
LB
WZWS-RAY
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Transaction
X-Cache-Ttl
X-Twitter-Response-Tags
X-Connection-Hash
Cteonnt-Length
X-Webstats-RespID
X-HS-Cache-Config
Edge-Cache-Tag
X-Sucuri-Cache
X-Generation-Time
X-Labrador-Cache-Channel
X-Real-Ip
X-Cache-HT
X-Optimization
X-Proto
X-Ah-Environment
X-M-Log
X-SERVER-NAME
X-M-Reqid
X-Amz-Apigw-Id
Countrycode
X-Qnm-Cache
X-Amzn-RequestId
X-B3-Spanid
X-Hit
X-MP-GENERATED-AT
Apicache-Version
Apicache-Store
X-Meta-Tbi-Cache-Vertical
X-Nc
X-Birta-Cache-Post
X-Birta-Served
X-Newrelic-Synthetics
Cache-Hits
X-ServedBy
X-Tumblr-Pixel-3
X-Release
X-Cache-NE
NnCoection
Fastly-SSL
X-V
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Cache-Enabled
From-Origin
X-App-Version
X-Dc
ProcessTime
X-EdgeConnect-Cache-Status
X-SERVER
Ws
X-Upstream-HT
Ec-Rule-Version
X-Upstream-CT
X-C
X-Rule
X-Cache-URL
X-Block-Status
X-CF-Lambda-Version
X-A-Dgt
X-D
X-A-Dam
X-Destination
X-A-Dcw
X-Date
X-BB-ID
Fly-Request-Id
X-A-Ccd
X-Application
X-ARC
X-Alternate-Cache-Key
Country-Code
Fly-Cache
X-A-Wwc
X-Accel-Expires-Debug
X-B-Cookie
Warning
Request-EU
Request-Country
Resin-Trace
Server-Host
Server-ID
Rendered-Blocks
MI-Cache-Age
Kp-EeAlive
MD5-Digest
Meta-Geo-Continent
MI-Cache
SN
T-Server
VivaBuild
Host-ID
GMS-Ver
Web-Mar-Node
Www
Viewtype
V-Age
Thinkindot-CacheControl
Httpd-Identifier
Thinkindot-CacheControl-Type
Thinkindot-Control
X-A
X-G
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-SRCache-Key
X-SVT-ORM-RULES
X-ShopId
X-ShardId
X-ScT
X-S-Maxage
X-Server-By
X-Server-Time
X-Sf
X-SVT-ORM-VERSION
X-Thinkindot-L3
X-WebServer
X-We-Are-Hiring
X-Wix-Route-ID
X-Worker
Xc-Version
X-Via-Edge
X-Via-CDN
X-Trv-Group
X-TT-LOGID
X-UE-Client-Country
X-VG-WebServer
X-S-Cookie
X-Rojux
X-Generated-In
X-Gen-Mode
X-Hl-Ver
X-Hnp-Log
X-Matched-Rule
Cneonction
X-From
X-Dispatcher-Server
X-Died
X-DPWN-IS-SECURE
X-Env
X-Fetched-On
X-MI-In-Market
X-NU-AKA-ACS-Version
X-RCS-CacheZone
X-Planisys-CDN-TTL
X-Region-Sid
X-Response-By
X-Rewrite-Enabled
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Org
X-Origin-Date
X-Origin-Expires
X-PAYTM-SRV-ID
X-Developer
X-CF-Lambda-Fn
Cache-Prefix
BehaviorPad-Version
NODE
X-Varnish-Beresp-Ttl
True-Client-Country-4JS
PFcat
Platform
X-Redis-Cache
Proxy-Connection
Pragrma
X-Backend-Url
Origin-Cache-Control
Apple-News-Services-Parsed-Url
MI-API
Apple-News-Services-Request-Url
Apple-News-Services-Host
NGX
Release
Odigeo-Trace-Id
Origin-Edge-Control
Apple-News-Services-Handled
Cdn-Request-Time
Decoy-Debug-Key
Server-Int
Cdn-Host
Uber-Trace-Id
X-VServer
X-Request-URI
Decoy-Debug-Status
Decoy-Debug-TTL
Ajk
X-CS
X-Cache-Host
X-Crawler
X-Content-Age
Adler-Geo
X-ServiceProvider
X-Edge-Server
X-Backend-Host
X-Node-Id
X-Hash
X-GeoIP-Country-Code
X-GeoIP-City
X-Fstrz
X-Origin-TTL
X-Backend-State
X-No-Session
X-Logtrace-Id
CDCHOST
X-IN-WAF
X-IN-SSL-APIGATEWAY
Fastly-Backend-Name
X-IN-APIGATEWAY
X-SIPLIST1
X-Server-IP
X-Cache-Bucket
X-Via-SSL
X-Cache-CFC
X-Device-Os
X-Amz-Meta-Cache-Control
Is-Eu
IsBot
X-Alicdn-Da-Ups-Status
NtCoent-Length
X-ElasticPress-Search
X-Cache-Expires
X-Cache-FS-Status
X-Returned-From-DLL
X-Cdn-Origin
X-Geo
X-Returned-From-PostProcessResponse
X-Cdn-Srv
X-Server-Group
X-Cache-ASPX
X-Returned-From-BeforeDispatch
X-Cache-Control-Set-By
X-Cache-Srv
X-Returned-From
X-Debug-Cookies
X-Passed-To-DLL
X-Fastly-Cache
X-Passed-To-PostProcessResponse
X-Eu-Site
X-Epic-Correlation-Id
X-Passed-To-BeforeDispatch
X-FireWall-Port
X-HCF
X-NX-Host
X-Passed-To
X-Forwarded-Host
X-Phone
X-Platform
X-Core-Value
X-Core-Mission
X-Clientip
X-Ckpd-Fst-Backend
X-Croise-Owner
X-Debug-Log
X-Rebelmouse-Cache-Control
X-Developers
X-Rebelmouse-Surrogate-Control
X-Reboot
X-CGP
X-Actual-URL
HTTPS
Backend-Name
Heartbleed
X-Backend-TTL
HA-Servedtime
Origin
Powered-By
RNT-Machine
Request-Time
AKAMAI
On-Server
HA-Ipaddr
HA-Host
Fastly-SWR
HA-Cloudapp
Fastly-SIE
Esi-Enabled
Content-Disposition
HA-Geocity
HA-Geocountry
Ha-Gx-Prefs
HA-Georegion
HA-Geolon
HA-Geolat
RNT-Time
HA-Urlpath
X-Up
X-Varnish-HitMiss
X-Ver
X-UnsetCookies
X-Trace-Id
X-Sn-Servicetimems
X-Swa-Ws
X-VG-TLSProxy
Who
X-Wikidot-Backend
Time
X-Wikidot-Static-Cache
XServer
X-Nginx-Cache
Frame-Options
X-Atg-Version
X-Kong-Proxy-Latency
X-B3-TraceId
X-HS-Combine-CSS
X-Kong-Upstream-Latency
X-From-Cache
X-P-T
Is-Session-Tracking
X-Location
X-Cdn-Forward
X-GoCache-CacheStatus
X-Powered-By-ANYU
Fastly-Soc-X-Request-Id
Cache-Tags
WWW-Authenticate
X-Stale
X-Edge-IP
Get-Access-Time
X-Refresh
RequestId
X-Var-Ttl
X-Skip-Cache
X-Response-Served-From
X-F5-Cache
Dnion-Transfer-Encoding
X-Ms-Lease-Status
X-Ms-Blob-Type
X-Ms-Request-Id
X-Info
X-Key
X-Owner
X-Ms-Version
NodeID
X-MSEdge-Features
Ohc-Response-Time
X-Req
X-CUA
X-Pjax-Url
X-NC
X-Cache-TTL
X-Servername
X-MSEdge-Flight
X-BBXSRF
X-Micro-Cache
X-Csrf-Token
X-Cache-Time
Mail-Subject
X-Pf-Uncompressing
We-Hiring
Cdn
X-WR-MODIFICATION
X-GRACE
Mime-Version
X-Varnish-Url
X-Request-Time
X-Page-Type
WP-Super-Cache
X-NWS-UUID-VERIFY
Dynatrace
X-Litespeed-Cache
MIME-Version
X-User
X-COUNTRY
X-External-Request-Id
X-TIME
Section-Io-Cache
X-CSRF-Token
PageType
X-Pc-Key
X-Pc-Hit
X-Pc-Appver
Accept-CH-Lifetime
X-CCM-LastModified
CF-IPCountry
Cartoon
Magicmarker
X-LiteSpeed-Cache-Control
PICS-Label
X-Varnish-Action
X-Ua
X-DC
X-Pc-Date
X-Pc-Host
X-Cache-Handler
UCS
GW-Server
Geoip-Latitude
GeoIp-Country-Code
Geoip-City
X-Servedbyhost
X-Aicache-OS
RATING
FastCGI-Cache
X-Request-UUID
X-GDPR
X-Varnish-Beresp-TTL
Version
X-HOST
X-Variation
X-Dynatrace
X-GEO
X-Ibm-Trace
X-Cache-Id
X-Fastly-Backend-Reqs
CACHE
X-Varnish-Id
Rt-Proxy-Cache
X-Irp-Debug
CDN
X-Nananana
COMMERCE-SERVER-SOFTWARE
X-Thanos
X-Bip
X-TId
Memcached
X-Server-W
Arc-Country
Node
Processtime
X-HTML-Minification-Powered-By
X-CACHE-KEY
Memory
Sid
X-ServedByHost
X-Gdpr
Pagetype
X-Load-Cache
X-Wa
X-Shard
X-Layer
GeoIP-Latitude
GeoIP-Country-Code
X-BE
If-Modified-Since
GeoIP-City
X-CLOUD-TRACE-CONTEXT
X-FW-Version
X-StackifyID
X-Via-NSCOPI
Pics-Label
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Ig-Deployment-Stage
X-Nginx-Cache-Key
X-Sentry-ID
X-Be
X-Nf-Srv-Version
X-Varnish-Ttl
X-UPSTREAM-Address
X-Auto-Login
DataCenter
Sta2Tusw
X-Ratelimit-Remaining
X-Proxy-Server
X-Cluster-Node
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Tid
X-Frame-Option
X-FORWARDED-FOR
Cf-Ipcountry
URI
X-Datadome
X-NGINX-Cache
Lb
Srv
X-PAGE-TYPE
X-Varnish-URL
X-Secret
X-SRV
X-Akamai-Request-ID2
X-Gannett-Site-Version
X-Fastly-Cache-Hits
X-Ratelimit-Limit
X-Gen-Id
Hostname
X-Cache-Var
X-Hail-Hydra
X-Cache-Var-Map
X-EC-Security-Audit
X-PJAX-URL
X-PF-Uncompressing
Mobile-Detection-Method
X-ID
Cache-Provider
SD-X-WS
X-GZIP
X-Bug-Bounty
X-Store
OT-Force-Account-Verify
X-VCT
X-Litespeed-Cache-Control
X-Dw-Trace-Id
X-CacheKey
X-APP
X-Feature
X-WA
X-B3-SpanId
X-Unique-Id
Pramga
Serverid
Xet-Cookie
X-VG-WebCache
X-CDN-Pop
X-Public
X-CDN-Pop-IP
X-Distil-Cs
Group
X-Haproxy-Ip
X-Check-Cacheable
X-Akamai-ERRuleID
X-RAMCache
X-Surge-Debug
X-Fe
X-Endurance-Cache-Level
X-Haproxy-Hostname
V-Cache
X-Akamai-ERPolicy
X-SB
X-VC
Powered
SID
X-Policy
X-SD-PageType
X-Cache-Debug
Cache-Cookie-Set-From
X-ServerName
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-Cookie
X-Varnish-ID
X-ADI-VCache
X-Grace-Duration
X-Request-Start
Requestid
X-Shield-Cache-Expires
X-ND-Cache