Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
X-Request-Id
Access-Control-Allow-Methods
X-Xss-Protection
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Request-ID
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-AspNetMvc-Version
Status
X-Cache-Status
X-Adblock-Key
Timing-Allow-Origin
X-Iinfo
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-Template
Content-Encoding
X-Language
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
Keep-Alive
X-Buckets
Xkey
X-Backend
X-AH-Environment
WPE-Backend
Access-Control-Max-Age
X-Pass-Why
X-Age
X-Server
X-Cache-Group
CF-Ray
Upgrade
X-POWERED-BY
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Pingback
X-Drupal-Dynamic-Cache
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Grace
X-Hacker
X-Amz-Id-2
X-Amz-Request-Id
X-UA-Device
Ali-Swift-Global-Savetime
X-Robots-Tag
Cf-Railgun
P3p
X-LiteSpeed-Cache
X-Envoy-Upstream-Service-Time
X-Proxy-Cache
X-Page-Speed
X-Ua-Compatible
Request-Context
Content-Location
X-Device
X-Ac
X-Node
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cnection
X-Host
X-Server-Id
X-Cache-Lookup
X-Amz-Version-Id
Surrogate-Control
X-WebKit-CSP
X-Backend-Server
X-Rack-Cache
X-Response-Time
X-Rq
X-Application-Context
X-Readtime
X-CST
EagleEye-TraceId
X-Dns-Prefetch-Control
Server-Timing
Pinterest-Generated-By
X-Cloud-Trace-Context
X-TTL
X-Url
X-Instart-Request-ID
Request-Id
X-Px
Report-To
X-Country
X-OneAgent-JS-Injection
X-ORACLE-DMS-ECID
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Rating
Feature-Policy
Edge-Control
Allow
X-Country-Code
X-DynaTrace-JS-Agent
Charset
X-DataDome
X-ESI
X-Server-Name
X-Powered-CMS
X-FTR-Request-ID
X-TtlSet
X-PC
X-Vname
X-Origin-Cache
X-DynaTrace
NEL
X-MS-InvokeApp
X-Goog-Hash
X-Recruiting
X-Varnish-TTL
X-ORACLE-DMS-RID
X-Cached
X-VARITI-CCR
X-Vhost
Content-MD5
X-GitHub-Request-Id
X-Version
RTSS
X-F-Cache
X-Kinja
X-Kinja-Build
X-Cdn-Fetch
X-Kinja-Revision
X-GoogleNews-Bot
X-Exp-Id
X-Exp-Variant
X-Geo-Segment
X-Kinja-Server
X-Powered-By-Plesk
Public-Key-Pins
X-CF-Powered-By
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Env
PB-PID
PB-RID
Arc-Version
X-Mobile-Rewrite
X-Mod-Pagespeed
Verso
X-Client-IP
SPRequestGuid
X-D2id
X-Abt-Application-Version
X-N
Accept-CH
X-SRCache-Store-Status
X-SRCache-Fetch-Status
MS-Author-Via
Permitted-Cross-Domain-Policies
X-HeyJason
X-Do-Not-Hack
AR-PoweredBy
AR-ATIME
X-Dispatcher
X-SharePointHealthScore
AR-CACHE
X-Amz-Rid
X-Navigation-Version
X-TEC-API-ORIGIN
X-T
X-TEC-API-ROOT
X-TEC-API-VERSION
DynaTrace
Nginx-Cache
Paypal-Debug-Id
X-Dw-Request-Base-Id
X-Grace
X-Trace
X-Upstream
X-Fastly-Request-ID
Arr-Disable-Session-Affinity
Accept-CH-Lifetime
X-FastCGI-Cache
X-Hits
X-Varnish-Age
TCN
X-Shield-Request-Id
X-Amz-Meta-S3cmd-Attrs
X-Id
X-Forwarded-Proto
X-DIS-Request-ID
X-Pad
X-Origin-Upstream-Status
X-XRDS-Location
SPIisLatency
SPRequestDuration
X-Cache-Hit
X-Content-Options
X-Ruxit-JS-Agent
X-Logged-In
X-Content-Digest
Realpath
X-IPLB-Instance
Access-Control-Request-Method
Mrf-Cache-Status
X-Acc-Meta-Resource-Type
MRF-Tech
X-B
X-Kinsta-Cache
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-NF-Request-ID
AR-SID
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Storage-Class
X-SS-Set-Cookie
X-HW
X-Vcap-Request-Id
X-Oneagent-Js-Injection
S
X-MSEdge-Ref
X-Debug
Service-Worker-Allowed
X-Ser
Server-Name
X-PressLabs-Stats
X-Frontend
X-FTR-Backend
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Realm
Tracecode
X-FTR-Expires
X-Wix-Server-Artifact-Id
X-Cache-Key
Fastcgi-Cache
X-NewRelic-App-Data
Rt-Fastcgi-Cache
Eomportal-Instance
X-Server-ID
X-GUploader-UploadID
AMP-Access-Control-Allow-Source-Origin
Surrogate-Key
X-Forwarded-For
Alternate-Protocol
X-Webkit-CSP
Cleartype
X-Cache-Rule
Cache-Status
X-Srv
X-NWS-LOG-UUID
X-HS-Hub-Id
X-HS-Content-Id
X-Analytics
Backend-Timing
X-VCache
Host
TP-L2-Cache
TP-Cache
X-User-Agent
X-Revision
X-Rid
FilterID
X-Whom
X-Debug-Info
X-AOL-HN
X-FTR-Cache-Host
Public-Key-Pins-Report-Only
Fastly-Restarts
X-Via-JSL
X-Akam-SW-Version
X-Cache-2
X-Varnish-Backend
X-Oracle-Dms-Rid
ServerID
X-Content-Powered-By
X-RateLimit-Remaining
X-Request-Processing-Time
X-Request-Received
X-Zen-Fury
Viewport
Accept-Charset
X-Cdn
X-Accel-Buffering
X-Kinja-Server-Push
X-Mobile
Front-End-Https
X-WPE-Loopback-Upstream-Addr
X-Ttl
X-Cached-By
Liferay-Portal
X-Node-Name
X-B3-Traceid
X-App-Environment
X-Hostname
X-Page-Id
X-Magnolia-Registration
X-Content-Security-Policy-Report-Only
X-LB-Cache
X-Cluster
X-Tumblr-User
X-Varnish-Hostname
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Cache-Control
Host-Header
X-Akamai-Edgescape
Cache-Tag
X-B3-Sampled
X-Handled-By
X-Device-Type
X-Framework
X-Request-Guid
X-TT
Upgrade-Insecure-Requests
X-Platform-Server
X-B-Cache
X-FB-Debug
X-BCube-Filmed-By
X-Instance
X-Signature
X-Cache-Server
DC
X-Origin-Server
Server-Node
X-TT-TIMESTAMP
X-TA-CDN-Provider
Source
X-XRDS-LOCATION
Retry-After
MicrosoftSharePointTeamServices
X-Accel-Expires
X-WA-Info
X-Contextid
X-Servedby
HitType
HitInfo
Server-Info
X-Cache-Action
X-Amzn-Trace-Id
X-Cache-Operation
X-Varnish-Server
Display
X-APP-VERSION
X-Correlation-Id
X-Middleton-Display
X-Sol
X-URL
X-Distil-CS
X-Port
X-Daa-Tunnel
X-Geo-Country
X-Generated-By
X-Edge-Location
X-Hyper-Cache
AsisCache
X-GeoIP
Content-Script-Type
Content-Style-Type
X-Amz-Replication-Status
Webserver
X-S
X-CACHE-GROUP
X-Tumblr-Pixel-2
X-RequestSource
X-WebKit-CSP-Report-Only
X-Tumblr-Pixel-1
GEO-INFO
X-Locale
X-Wix-Request-Id
X-Seen-By
Actual-Object-TTL
X-TX-ID
ServedBy
X-FW-Server
X-Edge-Cache-Key
X-Edge-Cache
X-FW-Hash
X-FW-Serve
X-FW-Static
X-Varnish-Hits
X-Region
X-Jobs
X-FW-Type
X-UUID
Healthy
X-Adobe-Loc
X-Drupal-Cache-Tags
X-Adobe-Content
X-Status
X-Response-Served-From
X-Varnish-Grace
X-DataStream-Cache-Status
SRV
User-Agent
Filters
Refresh
X-Proxied
X-Amz-Server-Side-Encryption
S-Cnection
NGB
X-Middleton-Response
Response
X-Newrelic-App-Data
X-Yottaa-Optimizations
X-Cache-TTL-Remaining
X-Yottaa-Metrics
X-CDN-Forward
IBM-Web2-Location
X-Correlation-ID
AR-Request-ID
X-Fastcgi-Cache
X-AppVersion
X-Activity-Id
X-App-Server
X-Cache-Age
X-Az
X-Esi
X-Pc-Appver
X-Pc-Hit
X-Pc-Key
X-Cache-Remote
X-Content-Type
Cache
Payment
X-Cache-NE
X-Cacheable-TTL
X-UA
X-Unique-ID
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Ruxit-Js-Agent
X-Cache-TTL
X-Vg-Webcache
Country
Served-By
X-Akamai-Transformed
X-Mode
Datacenter
Edge-Cache-Tag
X-HS-Cache-Config
HostName
X-Real-IP
X-Sucuri-ID
Machine
X-Rendered-As
X-Detected-As
X-Is-Bot
X-Source
Load-Balancing
X-RN-RSRV
X-ProcessESI
Meta-Geo
X-RemovedCookies
X-Proxy
X-BYPASS-REASON
X-PCL
X-ProxyCache-Status
X-FC-Vary-Parameters
X-ProxyCache-Key
User-Cache-Control
X-OCL
X-Rocket-Nginx-Bypass
L5d-Success-Class
Backend
Mn-Server-Ip
Cache-Key
Cache-Name
Access-Control-Allow-Method
Webcakes-Region
X-EIG-Tracking-Id
X-Debug-Cache
X-Grey
X-Viewer-Country
X-Human
X-Hosted-By
X-Varnish-IP
X-PERF
X-Cache-Config
X-ServerID
X-Tb
X-Pubstack
X-Varnish-Cacheable
X-Cache-Category-Id
X-BB-IP
X-Origin-Hint
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-GeoIP-Country
TWC-Device-Class
Property-Id
TWC-Connection-Speed
TWC-Privacy
Webcakes-App-Name
X-Backend-Name
X-Origin
X-ApacheServer
X-Amz-Meta-Surrogate-Control
Webcakes-App-Version
Now
DB-Nickname
X-ATG-Version
X-Via-Fastly
Azure-InstanceId
Azure-RegionName
Access-Control-Request-Headers
X-Environment-Context
X-Generated
S-Rt
Azure-SiteName
X-Varnish-Cache-Hits
Azure-SlotName
X-Routing-Service
X-Access
ServerName
X-Zipkin-Id
X-CCM
Azure-Version
X-CDN-Cache
X-Hit
X-Format
X-OVcl
X-Original-Request
X-TNCMS
X-Site-Version
X-Section
X-NodeID
X-OVcl-Cache
X-Loop
X-L-Path
X-JoinUs
X-Upgrade-Enabled
X-SplitTest
X-Timing-Wait
X-Proxy-Build
X-Agile
Selected-FE
X-App-Name
X-Agile-Age
X-Xfnlog-Site
X-Ocache
X-NGENIX-Cache
X-TWH-CORRELATION-ID
X-LJ-Flow-ID
X-IP
X-VWS-Id
X-Www-Served-By
X-AWS-Id
X-Agile-Id
X-Storage
X-Pc-Host
X-Drupal-Cache-Contexts
X-Pc-Date
X-Rule
X-Origin-CC
X-Akamai-Request-ID
X-HS-Combine-CSS
X-Vgn-Hpd-Reason
XServer
X-Cache-Var-Map
X-Cache-Var
X-Upstream-CT
X-Upstream-HT
X-NC
X-Time-Microsecs
X-PHP-Backend
X-UA-Device-Type
From-Origin
X-RateLimit-Limit
X-NCache
OT-Force-Account-Verify
X-Internal-Host
X-Litespeed-Cache
X-Microcachable
X-Distributor
X-Release
Ar-Sid
X-Mshield-Cache-Status
X-Mrs-Age
X-Mrs-Cache-Hits
X-Forwarded-Host
X-Mrs-Cache
Fastcgi-X-Cache-Version
Fastly-SSL
X-M-Reqid
LB
Fastcgi-Useragent
X-Nginx-Cache
X-Qnm-Cache
X-M-Log
Fastcgi-X-Cache
X-Feature
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Varnish-Beresp-Status
Pagetype
X-Varnish-Beresp-Grace
X-Ms-Lease-Status
X-Ms-Request-Id
X-Ms-Version
X-Ms-Blob-Type
X-Cache-Backend
X-Birta-Served
X-Birta-Cache-Post
Powered-By-ChinaCache
X-Connection-Hash
NtCoent-Length
X-Twitter-Response-Tags
X-Transaction
X-Labrador-Cache-Channel
Pagespeed
MIME-Version
X-EdgeConnect-Cache-Status
X-B3-Spanid
X-V
X-Instance-Name
X-VG-TLSProxy
X-Webkit-Csp
X-Varnish-Beresp-Ttl
X-Ah-Environment
X-Web-Node
X-GZip
Frame-Options
Time
PageSpeed
X-C
AKAMAI
IsBot
NGX
Server-Int
T-Server
Ajk
Meta-Geo-Continent
Rendered-Blocks
Fly-Cache
Ec-Rule-Version
MD5-Digest
Fly-Request-Id
Host-ID
Arc-Country
BehaviorPad-Version
Cache-Prefix
X-BB-ID
X-PAYTM-SRV-ID
X-Org
X-Redis-Cache
X-Region-Sid
X-Request-UUID
X-Request-URI
X-NU-AKA-ACS-Version
X-No-Session
X-IN-APIGATEWAY
X-Hnp-Log
X-IN-SSL-APIGATEWAY
X-IN-WAF
X-Logtrace-Id
X-Irp-Debug
X-Rewrite-Enabled
X-Rojux
X-Via-CDN
X-VG-WebServer
X-Via-Edge
X-Via-SSL
Xc-Version
X-WebServer
X-UE-Client-Country
X-Trv-Group
X-ScT
X-S-Cookie
X-Server-By
X-Server-Time
X-SRCache-Key
X-SIPLIST1
X-Generation-Time
X-Generated-In
X-Accel-Expires-Debug
X-A-Wwc
X-Application
X-ARC
X-Block-Status
X-B-Cookie
X-A-Dgt
X-A-Dcw
Web-Mar-Node
VivaBuild
Www
X-A
X-A-Dam
X-A-Ccd
X-Cache-Bucket
X-CF-Lambda-Fn
X-Dispatcher-Server
X-Died
X-DPWN-IS-SECURE
X-From
X-Gen-Mode
X-G
X-Developer
X-Destination
X-CS
X-CF-Lambda-Version
X-CUA
X-D
X-Date
Viewtype
V-Age
X-SERVER-NAME
X-FireWall-Port
Cneonction
X-Atg-Version
MI-Cache
NodeID
MI-Cache-Age
X-Debug-Log
Origin-Edge-Control
Origin-Cache-Control
X-Debug-Cookies
On-Server
MI-API
X-Owner
HA-Ipaddr
HA-Host
Ha-Gx-Prefs
HA-Georegion
HA-Servedtime
HA-Urlpath
X-Origin-TTL
Magicmarker
Kp-EeAlive
X-ElasticPress-Search
X-Csrf-Token
Proxy-Connection
X-Phone
X-ServiceProvider
X-Cache-Enabled
X-Sf
X-Cache-CFC
X-Platform
X-Amz-Meta-Cache-Control
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-S-Maxage
True-Client-Country-4JS
SN
Request-EU
Request-Country
Release
HA-Geolon
Request-Time
X-Crawler
X-CGP
Server-Host
X-Core-Value
Pragrma
X-NX-Host
X-MI-In-Market
Esi-Enabled
Decoy-Debug-TTL
X-Wikidot-Static-Cache
X-Layer
X-Key
X-Fastly-Cache
Decoy-Debug-Status
Decoy-Debug-Key
Cache-Tags
CDCHOST
HA-Geolat
X-We-Are-Hiring
X-Wikidot-Backend
Backend-Name
Country-Code
X-VServer
X-Sucuri-Cache
X-UnsetCookies
X-Hl-Ver
X-GeoIP-City
GMS-Ver
HA-Cloudapp
HA-Geocountry
HA-Geocity
X-F5-Cache
X-Eu-Site
X-Var-Ttl
X-External-Request-Id
X-Powered-By-ANYU
WZWS-RAY
X-HTML-Minification-Powered-By
X-Webstats-RespID
X-NWS-UUID-VERIFY
Cteonnt-Length
X-HOST
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Object-Type
X-App-Version
X-Backend-Url
X-Node-Id
X-Alternate-Cache-Key
X-Device-Os
X-Nginx-Cache-Key
X-Fetched-On
X-MSEdge-Features
X-GeoIP-Country-Code
X-RCS-CacheZone
X-Epic-Correlation-Id
X-Backend-Host
X-Backend-State
X-Cache-Expires
X-Backend-TTL
X-MSEdge-Flight
X-Location
X-Content-Age
X-Clientip
X-FW-Version
X-Matched-Rule
X-Fstrz
X-Passed-To-BeforeDispatch
X-Passed-To
X-Croise-Owner
X-Ckpd-Fst-Backend
X-Developers
X-Cache-URL
X-Cache-Srv
X-Passed-To-PostProcessResponse
X-Cdn-Origin
X-Cdn-Srv
X-Passed-To-DLL
X-Gannett-Site-Version
X-Cache-Host
X-Shopify-Stage
X-Up
RNT-Machine
Heartbleed
X-Sn-Servicetimems
Platform
Adler-Geo
RNT-Time
X-Variation
X-Varnish-Action
X-Skip-Cache
Server-ID
Section-Io-Cache
X-Sorting-Hat-PodId
PFcat
X-Thinkindot-L3
X-Swa-Ws
X-Trace-Id
Is-Eu
X-TT-LOGID
Mobile-Detection-Method
X-Stale
Origin
X-Sorting-Hat-ShopId
Odigeo-Trace-Id
X-Tumblr-Pixel-3
X-Hash
Thinkindot-CacheControl
X-Returned-From-BeforeDispatch
X-Returned-From
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-Secret
X-Response-By
X-Request-Time
X-Worker
X-Reboot
X-Actual-URL
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-ShopId
Uber-Trace-Id
Thinkindot-Control
Thinkindot-CacheControl-Type
X-ShardId
Fastly-Backend-Name
Countrycode
Apple-News-Services-Request-Url
X-Server-IP
X-CACHE-AGE
Content-Disposition
Fastly-SWR
Fastly-SIE
HTTPS
X-Core-Mission
X-VCT
X-Rebelmouse-Cache-Control
Sid
X-Servername
X-Rebelmouse-Surrogate-Control
Resin-Trace
X-Planisys-CDN-TTL
X-Store
X-Alicdn-Da-Ups-Status
X-Iejgwucgyu
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Ezoic-Cdn
CDN
X-Policy
RequestId
X-Servedbyhost
X-Cache-ASPX
X-Pf-Uncompressing
WP-Super-Cache
X-TIME
X-GEO
Warning
Powered
X-Proto
REQUESTUUID
ProcessTime
X-Ua
CF-IPCountry
Dnion-Transfer-Encoding
X-Cluster-Node
X-Refresh
X-GoCache-CacheStatus
Mail-Subject
NODE
We-Hiring
X-Real-Ip
X-DC
X-Pjax-Url
Xserver
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
ViewerVersion
X-B3-TraceId
X-Dc
X-Req
NnCoection
X-Page-Type
X-Origin-Date
X-Origin-Expires
X-Varnish-Ttl
X-Endurance-Cache-Level
X-Cache-Control-Set-By
X-Surge-Debug
X-Edge-IP
Geoip-Latitude
GeoIp-Country-Code
X-Varnish-HitMiss
X-HCF
X-Newrelic-Synthetics
X-Server-W
X-CLOUD-TRACE-CONTEXT
X-COUNTRY
X-Time
X-Nc
X-Guploader-Uploadid
Processtime
Hostname
WWW-Authenticate
X-Server-Group
X-Aed
X-Oracle-Dms-Ecid
Pramga
SD-X-WS
X-Ms-Lease-State
Geoip-City
CACHE
MS-CV
X-Wa
A
X-Varnish-URL
TSSecure
PICS-Label
X-CSRF-Token
X-Wix-Route-ID
X-Datadome
Dont-Set-Cookie
X-Varnish-Beresp-TTL
X-Aicache-OS
X-Varnish-Url
X-GRACE
X-Cdn-Forward
X-Hello
X-From-Cache
X-Edge-Server
Cdn-Request-Time
X-ABtesting
X-Gdpr
Cdn-Host
X-Flog
X-Akamai-Request-ID2
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Ratelimit-Limit
DataCenter
Node
X-Geo
Cdn
X-WA
X-Nananana
X-Auto-Login
Lfy
Lb
X-RTag
Ms-Operation-Id
X-UPSTREAM-Address
Mime-Version
X-Use-Magma
COMMERCE-SERVER-SOFTWARE
X-Cache-HT
X-Optimization
FSS-Proxy
X-Env
Get-Access-Time
FSS-Cache
Is-Session-Tracking
X-Load-Cache
X-Wix-Petri-Ex
X-EC-Security-Audit
GeoIP-Latitude
GeoIP-Country-Code
X-APP
GeoIP-City
X-SRV
X-Fastly-Backend-Reqs
PageType
X-Sentry-ID
Who
X-WR-MODIFICATION
X-Via-NSCOPI
X-PAGE-TYPE
Rt-Proxy-Cache
X-Gen-Id
X-Unique-Id
X-Cache-FS-Status
X-CACHE-KEY
X-NGINX-Cache
X-GDPR
X-Served-From
Ws
X-Cookie
X-Ibm-Trace
X-Check-Cacheable
X-Meta-Tbi-Cache-Vertical
X-Cache-Id
X-Ver
X-Dynatrace-Js-Agent
X-Cache-Info
Memcached
X-Bip
X-Thanos
X-MP-GENERATED-AT
Httpd-Identifier
X-FORWARDED-FOR
Ohc-File-Size
X-Swift-Error
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Proxy-Server
X-Path-Route
Powered-By
Pics-Label
X-PJAX-URL
X-Be
Memory
X-Fe
X-Request-Start
X-B3-SpanId
X-Fastly-Cache-Hits
X-Dw-Trace-Id
V-Cache
Group
X-HS-Status
X-RateLimit-Reset
X-Cache-Ttl
URI
Version
X-CDN-Pop
X-CDN-Pop-IP
X-Shard
Cf-Ipcountry
X-ServedByHost
X-LiteSpeed-Cache-Control
X-P-T
X-ID
Apicache-Version
Apicache-Store
Amp-Access-Control-Allow-Source-Origin
X-GZIP
Xet-Cookie
Requestid
X-VC
X-SB
GW-Server
Ohc-Response-Time
AGE-Hash
UCS
X-PF-Uncompressing
NX-Cache
X-Bug-Bounty
Fastly-Soc-X-Request-Id
Serverid
X-User
X-Varnish-Info
X-Info
X-Akamai-ERRuleID
X-StackifyID
N-Cache
X-Akamai-ERPolicy
X-Ratelimit-Remaining
If-Modified-Since
X-Micro-Cache
CDN-Cache
X-CacheKey
CDN-Node
CDN-Cache-Hit
X-RAMCache
X-Route-Name
X-ServerName
Https
X-BBXSRF
X-Providence-Cookie
X-SD-PageType
X-Grace-Duration
X-Litespeed-Cache-Control
X-RequestId
X-Cache-Handler
X-Flags
X-Is-Crawler