Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Request-Id
X-Xss-Protection
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
X-Runtime
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Adblock-Key
X-Check
Alt-Svc
X-Cacheable
X-Generator
Content-Security-Policy-Report-Only
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
X-Permitted-Cross-Domain-Policies
X-Template
X-Iinfo
X-Language
Status
Timing-Allow-Origin
X-Buckets
X-Content-Security-Policy
Content-Encoding
X-Kinja-Server-Push
Xkey
X-Turbo-Charged-By
Upgrade
X-CDN
X-Type
Keep-Alive
Access-Control-Expose-Headers
WPE-Backend
X-Pass-Why
X-AH-Environment
X-Backend
Access-Control-Max-Age
X-Age
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Server
X-Proxy-Cache
X-Via
X-Request-ID
Grace
X-Pingback
X-Nginx-Cache-Status
X-Server-Powered-By
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Hacker
X-Varnish-Cache
X-UA-Device
X-Page-Speed
EagleId
Request-Context
X-LiteSpeed-Cache
Cf-Railgun
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
X-CST
X-Swift-SaveTime
X-Swift-CacheTime
X-Server-Id
Ali-Swift-Global-Savetime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
X-Amz-Version-Id
X-WebKit-CSP
Server-Timing
X-Ac
X-Node
X-OneAgent-JS-Injection
Allow
Feature-Policy
X-Response-Time
X-Iejgwucgyu
X-Cnection
X-Rq
Content-Location
X-Cache-Lookup
X-Backend-Server
Report-To
EagleEye-TraceId
Surrogate-Control
X-Readtime
X-Host
X-Application-Context
Request-Id
X-ORACLE-DMS-ECID
X-Url
P3p
X-Rack-Cache
X-Origin-Cache
X-Cdn
X-Clacks-Overhead
X-Country
NEL
X-FTR-Request-ID
Rating
X-Cloud-Trace-Context
X-Country-Code
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-DataDome
X-Ruxit-JS-Agent
X-Instart-Request-ID
X-Px
X-Vhost
X-Mod-Pagespeed
Charset
X-MS-InvokeApp
X-VARITI-CCR
Edge-Control
Accept-CH
Verso
X-Goog-Hash
X-GitHub-Request-Id
X-TTL
X-Mobile-Rewrite
Arc-Version
PB-RID
PB-PID
Pinterest-Generated-By
X-ESI
X-Server-Name
X-Vname
X-PC
X-TtlSet
X-DynaTrace
X-Version
X-Upstream-Env
X-Powered-By-Plesk
X-D2id
X-Dns-Prefetch-Control
X-Kinja-Server
X-Kinja-Revision
X-Use-Magma
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Build
X-Exp-Variant
X-Kinja
X-Cached
X-B3-TraceId
X-Origin-Upstream-Status
X-Dispatcher
SPRequestGuid
X-Varnish-TTL
X-Recruiting
X-SharePointHealthScore
X-Abt-Application-Version
MS-Author-Via
X-Powered-CMS
RTSS
Accept-CH-Lifetime
X-Navigation-Version
X-T
Content-MD5
X-Shield-Request-Id
Public-Key-Pins
X-Oracle-Dms-Rid
X-ORACLE-DMS-RID
AR-PoweredBy
AR-CACHE
AR-ATIME
X-Trace
X-DynaTrace-JS-Agent
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Amz-Rid
X-Client-IP
X-Forwarded-Proto
Arr-Disable-Session-Affinity
X-HW
X-Fastly-Request-ID
X-Accel-Buffering
X-Wix-Server-Artifact-Id
SPRequestDuration
SPIisLatency
Realpath
X-DIS-Request-ID
X-B
Service-Worker-Allowed
X-Amz-Meta-S3cmd-Attrs
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Generation
X-Upstream
X-Goog-Stored-Content-Encoding
X-Ser
X-F-Cache
X-Pinterest-Rid
Pinterest-Version
AR-Request-ID
Paypal-Debug-Id
Front-End-Https
X-Via-JSL
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Backend
X-FTR-Balancer
X-FTR-DC
X-Id
X-FTR-Expires
X-XRDS-Location
X-Dw-Request-Base-Id
X-Vcap-Request-Id
X-Varnish-Age
X-Debug
Ar-Sid
X-Aspnet-Version
X-Acc-Meta-Resource-Type
X-MSEdge-Ref
X-Goog-Storage-Class
Nginx-Cache
X-Kinsta-Cache
X-Hits
X-N
X-NF-Request-ID
X-FTR-Cache-Host
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-NewRelic-App-Data
X-Logged-In
S
Mrf-Cache-Status
X-Mrf-Section-Lastmod
MRF-Tech
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
X-Ttl
X-Akam-SW-Version
X-DataStream-Cache-Status
X-Forwarded-For
Alternate-Protocol
Tracecode
X-Frontend
X-User-Agent
X-PressLabs-Stats
X-HS-Hub-Id
X-HS-Content-Id
X-Grace
X-Amzn-Trace-Id
X-Server-ID
Server-Name
X-CACHE-GROUP
X-Content-Digest
AMP-Access-Control-Allow-Source-Origin
X-Content-Options
X-FastCGI-Cache
X-Pad
Refresh
TCN
DynaTrace
Powered-By-ChinaCache
X-Content-Type
Access-Control-Request-Method
MicrosoftSharePointTeamServices
X-Analytics
Backend-Timing
X-Sol
Accept-Charset
Display
Fastcgi-Cache
X-LB-Cache
X-Middleton-Display
X-Rid
FilterID
X-Debug-Info
X-CF-Powered-By
X-Zen-Fury
X-Az
Host
X-IPLB-Instance
X-AppVersion
X-Activity-Id
X-Page-Id
X-Cache-Key
ServerID
MS-CV
Response
X-Middleton-Response
X-RateLimit-Remaining
X-Fastcgi-Cache
TP-L2-Cache
TP-Cache
Cache-Status
X-Magnolia-Registration
X-Cache-Hit
X-Hostname
X-Srv
X-Content-Powered-By
X-VCache
X-Seen-By
X-Mobile
X-WA-Info
X-TA-CDN-Provider
X-Revision
X-ATG-Version
Surrogate-Key
X-Cached-By
X-B3-Sampled
X-Request-Processing-Time
X-Request-Received
X-Varnish-Backend
X-SS-Set-Cookie
Host-Header
X-Whom
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-GUploader-UploadID
X-Cluster
X-Instance
X-Cache-Action
X-Content-Security-Policy-Report-Only
Rt-Fastcgi-Cache
X-Tumblr-Pixel
X-Drupal-Cache-Tags
X-Platform-Server
X-Tumblr-User
X-Tumblr-Pixel-0
Server-Info
X-Handled-By
X-B-Cache
Source
X-PHP-Backend
X-Request-Guid
X-Signature
Cleartype
X-Wix-Request-Id
X-Framework
X-TT
ViewerVersion
X-Akamai-Edgescape
X-Origin-Server
X-Cache-Age
X-App-Environment
DC
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Cache-Control
X-Edge-Location
Fusion-Content-Source
X-Geo-Country
Fusion-Source
X-Generated-By
X-BCube-Filmed-By
Fusion-Template-Id
Fusion-Content-Id
Fusion-Component-Id
X-App-Server
X-FW-Serve
X-FW-Type
X-FW-Server
X-FW-Static
X-FW-Hash
X-AOL-HN
X-Varnish-Server
X-Real-IP
Server-Node
X-Oneagent-Js-Injection
X-Cache-Rule
X-NWS-LOG-UUID
X-Varnish-Hostname
X-XRDS-LOCATION
Retry-After
X-Ruxit-Js-Agent
X-Correlation-Id
X-Cache-2
Eomportal-Instance
X-Amz-Server-Side-Encryption
Payment
X-Varnish-Grace
Webserver
X-Amz-Replication-Status
X-FB-Debug
X-TT-TIMESTAMP
Actual-Object-TTL
X-Response-Served-From
X-Varnish-Hits
ServedBy
GEO-INFO
X-Tumblr-Pixel-1
X-Cacheable-TTL
Access-Control-Allow-Method
AsisCache
X-Tumblr-Pixel-2
Filters
Healthy
Content-Script-Type
Content-Style-Type
X-Cache-Config
X-UUID
X-Drupal-Cache-Contexts
X-WebKit-CSP-Report-Only
X-TX-ID
NGB
X-UA-Device-Type
X-Contextid
X-Region
X-RTag
X-Varnish-IP
X-Adobe-Loc
X-Adobe-Content
Upgrade-Insecure-Requests
Viewport
Ms-Operation-Id
X-Accel-Expires
X-RequestSource
Cache-Tv-Group
Country
X-Locale
X-Jobs
X-Servedby
From-Origin
X-Rendered-As
X-Ezoic-Cdn
X-Device-Type
HitType
X-VG-WebCache
X-WPE-Loopback-Upstream-Addr
X-Cache-TTL
X-BACKEND-TTL
X-Cache-TTL-Remaining
X-Upstream-Proxy
Fastcgi-Useragent
X-Cache-Server
X-FW-Dynamic
Edge-Cache-Tag
Cache
X-Aspnetmvc-Version
Pagespeed
X-Cache-Remote
X-Content-Age
X-Cache-Operation
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Cache-Tags
Fastly-Restarts
X-Webkit-Csp
X-Redis-Cache
X-RateLimit-Limit
X-APP-VERSION
X-Upgrade-Enabled
X-Source
X-Hit
X-Storage
X-Esi
X-CACHE-KEY
X-S
X-Mode
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
Served-By
Datacenter
Cache-Tag
X-GeoIP
X-NGENIX-Cache
X-Internal-Host
X-NCache
Load-Balancing
X-Path-Route
X-Cache-Var
X-Labrador-Cache-Channel
X-Rule
X-Daa-Tunnel
X-Tb
X-Is-Bot
X-Hl-Ver
Machine
Meta-Geo
Vix-Hermes-Req-Id
X-Time-Microsecs
X-Detected-As
X-Backend-Name
Origin-Edge-Control
X-Akamai-Request-ID
X-Cache-Var-Map
X-Origin-Response-Time
Origin-Cache-Control
X-RN-RSRV
X-CDN-Cache
X-Birta-Cache-Post
X-Agile-Id
X-Agile-Age
X-Agile
X-Varnish-Cache-Hits
X-Birta-Served
X-Cache-Category-Id
X-BYPASS-REASON
SRV
X-ProxyCache-Key
Cache-Key
X-Varnish-Cacheable
X-Web-Node
X-Origin-Host
X-Www-Served-By
Now
X-ProxyCache-Status
X-Grey
X-ServerID
X-L-Path
X-Timing-Wait
X-FC-Vary-Parameters
X-Akamai-Transformed
X-Hosted-By
X-Proxy-Build
X-Proxy
Selected-FE
X-JoinUs
X-App-Version
X-Pubstack
X-Environment-Context
X-Edge-IP
NtCoent-Length
X-Status
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-Privacy
TWC-Connection-Speed
S-Rt
TWC-GeoIP-Country
X-PCL
X-Viewer-Country
X-RemovedCookies
X-Format
X-Via-Fastly
X-TNCMS
X-IP
X-Human
X-Loop
X-ProcessESI
X-OCL
Webcakes-Region
Webcakes-App-Version
X-ApacheServer
X-Cache-Enabled
X-PERF
X-Origin-Hint
Webcakes-App-Name
Property-Id
Cache-Name
X-GEO
X-Section
X-Site-Version
X-Debug-Cache
X-Guploader-Uploadid
Azure-InstanceId
X-Pc-Appver
X-Pc-Hit
X-Pc-Key
X-MP-GENERATED-AT
Azure-RegionName
X-VG-TLSProxy
DB-Nickname
X-CCM
Fastcgi-X-Cache-Version
Azure-Version
Azure-SlotName
X-Access
X-Generated
Public-Key-Pins-Report-Only
Azure-SiteName
Xserver
X-Xfnlog-Site
X-Microcachable
Access-Control-Request-Headers
X-Zipkin-Id
X-App-Name
X-Routing-Service
X-Proxied
We-Hiring
Mail-Subject
X-Cache-NE
X-Original-Request
X-EdgeConnect-Cache-Status
X-Origin
Liferay-Portal
S-Cnection
X-Protected-By
User-Agent
User-Cache-Control
X-Ocache
X-Sucuri-ID
Cache-Hits
X-Node-Name
X-FW-Version
LB
X-Request-Time
X-ES-SERVER
X-Nginx-Cache
X-Cdn-Forward
X-Proto
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-UA
X-Ua
X-Trace-Id
PageSpeed
X-GRACE
X-Tumblr-Pixel-3
X-Webstats-RespID
Powered
X-Forwarded-Host
CACHE
Ohc-File-Size
X-Varnish-Ttl
X-Endurance-Cache-Level
X-Unique-ID
X-FB-TRIP-ID
X-Origin-CC
L5d-Success-Class
X-Correlation-ID
Section-Io-Cache
X-Nc
Frame-Options
X-Time
X-AWS-Id
X-LJ-Flow-ID
X-VWS-Id
X-Varnish-Beresp-Grace
X-V
X-Varnish-Beresp-Status
OT-Force-Account-Verify
X-Cluster-Node
X-OVcl-Cache
X-OVcl
AR-SID
X-B3-Traceid
X-Origin-TTL
X-Rocket-Nginx-Bypass
X-R9-Blue-Green-Version
X-Cache-Backend
X-Parent-Response-Time
IBM-Web2-Location
X-ElasticPress-Search
Nel
X-Varnish-Beresp-Ttl
X-Upstream-HT
X-Upstream-CT
X-ServiceProvider
Www
X-Accel-Expires-Debug
X-Aed
VivaBuild
Viewtype
X-Rebelmouse-Surrogate-Control
Powered-By
X-LI-Proto
Rendered-Blocks
X-Server-Group
X-Amz-Meta-Cache-Control
X-Li-Fabric
X-Application
X-Irp-Debug
X-Region-Sid
X-Li-Pop
X-Transaction
X-Server-By
X-ScT
X-Reboot
X-Rebelmouse-Cache-Control
Node
Fastly-SIE
Fastly-SWR
Fly-Cache
Fly-Request-Id
Ec-Rule-Version
Decoy-Debug-TTL
Cache-Prefix
Country-Code
Decoy-Debug-Key
Decoy-Debug-Status
GMS-Ver
MD5-Digest
Mobile-Detection-Method
X-NU-AKA-ACS-Version
X-Micro-Cache
X-ARC
X-Origin-Date
X-Origin-Expires
Memcached
Meta-Geo-Continent
X-PAYTM-SRV-ID
X-LI-UUID
X-B-Cookie
X-Distil-CS
X-Hnp-Log
X-DPWN-IS-SECURE
X-SRCache-Key
X-Trv-Group
X-IN-APIGATEWAY
X-Connection-Hash
X-Date
X-Destination
X-Developer
X-We-Are-Hiring
X-External-Request-Id
X-Request-UUID
X-From
X-Gen-Mode
X-TT-LOGID
X-Generated-In
BehaviorPad-Version
X-Rewrite-Enabled
X-Fetched-On
X-VG-WebServer
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-User
X-Cache-Bucket
X-Info
X-Cache-FS-Status
X-S-Cookie
X-Block-Status
X-Twitter-Response-Tags
X-S-Maxage
Xc-Version
X-Cache-Host
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Cdn-Srv
X-Rojux
X-IN-WAF
X-PHP-Host
X-UE-Client-Country
X-Cache-Id
X-Cache-Info
X-Cache-URL
X-Auto-Login
X-BB-ID
X-Pc-Subdomain
X-Pc-Host
X-EIG-Tracking-Id
X-Vgn-Hpd-Reason
Arc-Country
X-Pc-Date
X-FireWall-Port
X-Fastly-Cache
X-Crawler
X-Clientip
X-CGP
X-Server-IP
On-Server
X-CUA
X-D
X-Epic-Correlation-Id
X-Dispatcher-Server
X-Eu-Site
X-Node-Id
X-Debug-Cookies
X-Debug-Log
X-Distributor
X-Cache-Debug
X-A
X-A-Ccd
X-A-Dam
Who
Web-Mar-Node
Thinkindot-CacheControl-Type
Thinkindot-Control
True-Client-Country-4JS
X-A-Dcw
X-A-Dgt
X-Bip
X-C
X-G
X-Backend-Url
X-Backend-State
X-A-Wwc
X-Actual-URL
X-Backend-Host
X-Cache-Expires
X-Variation
X-Policy
X-Proxy-Cache-Status
X-Proxy-Upstream
X-Platform
X-Stale
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Returned-From-PostProcessResponse
X-Sf
X-Secret
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-SIPLIST1
X-Request-URI
X-Returned-From
X-Passed-To
X-Svr
X-Goog-Meta-Goog-Reserved-File-Mtime
X-LAGOON
X-Level-Front-Cache
X-Var-Ttl
X-GeoIP-Country-Code
X-Varnish-Action
Thinkindot-CacheControl
X-Generated-On
X-TrackingId
X-Location
X-Thanos
X-NX-Host
X-Swa-Ws
X-Nginx-Cache-Key
X-Thinkindot-L3
X-Logtrace-Id
X-Matched-Rule
X-Gannett-Site-Version
X-Cache-Grace
Request-Time
Fastly-Soc-X-Request-Id
Ajk
Origin
HA-Ipaddr
Ha-Gx-Prefs
Adler-Geo
Is-Eu
Platform
CDCHOST
Content-Disposition
Proxy-Connection
Resin-Trace
Fastly-Backend-Name
IsBot
SD-X-WS
Lfy
Magicmarker
Server-Host
Countrycode
Warning
X-HS-Cache-Config
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Debug-Cache-Store
Cache-Cookie-Set-Idcheck
X-Croise-Owner
X-Core-Value
X-Core-Mission
SS
X-Key
X-Fstrz
X-MSEdge-Features
Mn-Server-Ip
Heartbleed
X-IN-SSL-APIGATEWAY
X-UnsetCookies
X-ShardId
X-Via-CDN
X-F5-Cache
X-Up
X-Device-Os
Apple-News-Services-Request-Url
Cache-Cookie-Set-From
X-Hash
X-Varnish-Authentication
X-Instart-Isnd
X-Developers
X-Generation-Time
Cache-Cookie-Set-Lfrom
Apple-News-Services-Handled
RNT-Machine
RNT-Time
X-Alternate-Cache-Key
AKAMAI
X-Server-Cache
Pagetype
X-Qloud-Router
Server-Cache-Control
Server-Int
Server-Surrogate-Control
X-ShopId
X-Shopify-Stage
X-Sorting-Hat-PodId
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Sorting-Hat-ShopId
X-Amz-Meta-Surrogate-Control
Pramga
X-No-Session
X-Response-By
X-TIME
Backend
GW-Server
X-MSEdge-Flight
Release
Fastly-SSL
X-Cache-ASPX
X-Dc
X-SERVER
X-Sucuri-Cache
Kp-EeAlive
REQUESTUUID
Fastcgi-X-Cache
X-Server-Time
X-Page-Type
X-Varnish-Url
NGX
Server-ID
X-Be
HostName
X-Died
X-Edge-Cache
X-Pjax-Url
X-Cache-Miss-From
X-Sedo-Request-Id
X-Via-NSCOPI
SID
X-Edge-Cache-Key
RequestId
X-Servername
X-SN
X-Owner
X-CDN-Forward
Odigeo-Trace-Id
Version
X-Refresh
X-Newrelic-App-Data
X-NC
MIME-Version
X-From-Cache
PFcat
Hostname
X-URL
X-B3-SpanId
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Storage-Class
X-Servedbyhost
HTTPS
Time
Cteonnt-Length
X-Cache-CFC
Cdn-Host
X-Store
Esi-Enabled
Cdn-Request-Time
X-Edge-Server
X-FPC
X-CSRF-TOKEN
X-RCS-CacheZone
PICS-Label
Cdn
X-MI-In-Market
Mime-Version
MI-Cache
MI-API
MI-Cache-Age
X-Layer
FastCGI-Cache
X-IPS-LoggedIn
X-Hyper-Cache
HA-Urlpath
HA-Servedtime
HA-Georegion
HA-Host
HA-Geolon
X-Real-Ip
ProcessTime
X-Req
HA-Cloudapp
HA-Geocity
X-RequestId
HA-Geolat
HA-Geocountry
CF-IPCountry
X-Amzn-Remapped-Date
X-Webkit-CSP
X-Mobile-URL
X-Amzn-Remapped-Connection
Memory
Processtime
X-CLOUD-TRACE-CONTEXT
X-GZip
X-Wa
X-Dynatrace-Js-Agent
Cross-Origin-Window-Policy
X-NodeID
X-VServer
Backend-Name
X-Ratelimit-Remaining
CDN
X-Load-Cache
X-HS-Combine-CSS
X-Lb-Id
X-Mrs-Cache-Hits
X-Atg-Version
X-CMS-Context
X-DC
X-Unique-Id-Primal
X-Mrs-Cache
X-Mrs-Age
Cf-Ipcountry
X-Mshield-Cache-Status
XServer
X-B3-Spanid
X-Aicache-OS
X-HTML-Minification-Powered-By
X-Instart-Info
X-Pf-Uncompressing
X-Skip-Cache
X-Varnish-Beresp-TTL
X-Geo
X-Ratelimit-Limit
X-WR-MODIFICATION
Amp-Access-Control-Allow-Source-Origin
X-Newrelic-Synthetics
X-WebServer
Ohc-Response-Time
X-Phone
X-Fastly-Country-Code
Ohc-Cache-HIT
X-VC-Cache
X-Request-Start
URI
GeoIP-Country-Code
X-PF-Uncompressing
Uber-Trace-Id
GeoIP-Latitude
X-Tb-Optimization-Total-Bytes-Saved
X-Release
X-Cms-Context
X-WA
N-Cache
X-UCC
X-Gateway-Cache-Key
T-Server
X-Nananana
X-Server-W
X-Gateway-Skip-Cache
X-Gateway-Cache-Status
X-FORWARDED-FOR
Accept-Ch-Lifetime
X-Oracle-Dms-Ecid
Pics-Label
X-APP
X-Served-From
X-LB-ID
Rt-Proxy-Cache
X-Processor
X-ND-Cache
X-COUNTRY
X-GoCache-CacheStatus
X-MServer
DataCenter
X-Datadome
X-CSRF-Token
X-Unique-Id
X-Hp-Webp
X-SRV
X-Worker
X-BBXSRF
X-Shard
X-LiteSpeed-Cache-Control
X-ServedByHost
A
X-SERVER-NAME
V-Age
X-NGINX-Cache
X-Fastly-Cache-Hits
X-CACHE-AGE
X-Sn-Servicetimems
X-UPSTREAM-Address
X-Cdn-Origin
X-VCT
X-Requestid
X-HS-Status
Host-ID
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-GZIP
Proxy-Firewall
X-Check-Cacheable
X-Cache-HT
X-Optimization
X-Amzn-Remapped-Content-Length
X-Geo-Header
X-GeoIP-City
Is-Session-Tracking
X-Vcache
Dnion-Transfer-Encoding
Get-Access-Time
X-ID
Geoip-Latitude
UCS
Cneonction
X-Git-Hash
X-ServerName
X-P-T
X-BE
WP-Super-Cache
X-Backend-TTL
Requestid
X-Csrf-Token
ServerName
Request-Country
GeoIp-Country-Code
X-Port
X-Varnish-URL
X-PAGE-TYPE
X-PJAX-URL
Request-EU
Serverid
X-NWS-UUID-VERIFY
FSS-Cache
X-Fpc
RequestUuid
FSS-Proxy
Pragrma
Cache-Provider
X-Planisys-CDN-Cache
X-Gen-Id
X-RCS-Backend
X-Dw-Trace-Id
X-Planisys-CDN-Rules
Server-Id
X-GDPR
X-Fe
X-StackifyID
X-Fastly-Backend-Reqs
X-LiteSpeed-Tag
X-Planisys-CDN-TTL
X-HostName
X-Vg-Webcache
286prxHost
225prxHost
219prxHost
X-Html-Edge-Cache
352pxline
X-Org
355prline
Xxline
189phosttRef
X-Request-Url
Inserted-Into-Cache-At
409pxxline
WZWS-RAY
X-CS
DSUID
188prxHost
178proxuri
X-RAMCache