Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
X-Request-Id
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Xss-Protection
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Request-ID
X-Check
X-AspNetMvc-Version
Status
X-Cache-Status
X-Adblock-Key
Timing-Allow-Origin
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
X-Template
Content-Encoding
X-Language
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
Keep-Alive
X-Buckets
Xkey
X-Backend
X-Cache-Group
X-AH-Environment
WPE-Backend
Access-Control-Max-Age
X-Pass-Why
X-Age
CF-Ray
X-Server
X-POWERED-BY
Upgrade
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Pingback
X-Drupal-Dynamic-Cache
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Grace
X-Hacker
X-Amz-Request-Id
X-Amz-Id-2
X-UA-Device
Ali-Swift-Global-Savetime
X-Robots-Tag
P3p
Cf-Railgun
X-LiteSpeed-Cache
X-Envoy-Upstream-Service-Time
X-Proxy-Cache
X-Ua-Compatible
X-Page-Speed
Request-Context
Content-Location
X-Device
X-Ac
X-Node
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cnection
X-Host
X-Cache-Lookup
X-Server-Id
X-Amz-Version-Id
Surrogate-Control
X-WebKit-CSP
X-Backend-Server
X-Rack-Cache
X-Rq
X-Response-Time
X-Application-Context
X-Readtime
X-CST
X-Dns-Prefetch-Control
EagleEye-TraceId
Pinterest-Generated-By
Server-Timing
X-Url
X-Cloud-Trace-Context
X-Instart-Request-ID
Request-Id
X-OneAgent-JS-Injection
X-Px
X-TTL
Report-To
X-Country
X-ORACLE-DMS-ECID
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Feature-Policy
Rating
Edge-Control
Allow
X-Country-Code
Charset
X-DynaTrace-JS-Agent
X-DataDome
X-ESI
X-Server-Name
X-Powered-CMS
X-FTR-Request-ID
X-PC
X-TtlSet
X-Vname
X-Origin-Cache
X-DynaTrace
NEL
X-MS-InvokeApp
X-Goog-Hash
X-Recruiting
X-Varnish-TTL
X-Cached
X-VARITI-CCR
X-ORACLE-DMS-RID
X-Vhost
Content-MD5
X-GitHub-Request-Id
RTSS
X-F-Cache
X-Version
X-Exp-Id
X-Cdn-Fetch
X-Geo-Segment
X-Kinja-Revision
X-Kinja-Server
X-Exp-Variant
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja
X-Powered-By-Plesk
Public-Key-Pins
X-CF-Powered-By
X-Pinterest-Rid
X-Upstream-Env
PB-RID
PB-PID
Pinterest-Version
X-Mobile-Rewrite
Arc-Version
X-Mod-Pagespeed
Verso
Accept-CH
SPRequestGuid
X-Client-IP
X-D2id
X-Abt-Application-Version
MS-Author-Via
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-N
X-Dispatcher
AR-ATIME
X-SharePointHealthScore
AR-PoweredBy
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
X-HeyJason
X-Amz-Rid
AR-CACHE
X-Navigation-Version
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-T
Nginx-Cache
DynaTrace
Accept-CH-Lifetime
Paypal-Debug-Id
X-Dw-Request-Base-Id
X-Trace
X-Fastly-Request-ID
X-Upstream
X-Grace
Arr-Disable-Session-Affinity
X-Varnish-Age
X-Hits
X-FastCGI-Cache
TCN
X-Amz-Meta-S3cmd-Attrs
X-Origin-Upstream-Status
X-Forwarded-Proto
X-Id
X-DIS-Request-ID
X-Shield-Request-Id
X-Pad
SPIisLatency
SPRequestDuration
X-Cache-Hit
X-Content-Options
X-Logged-In
AR-SID
X-Content-Digest
Realpath
X-Aspnet-Version
X-Kinsta-Cache
X-IPLB-Instance
Access-Control-Request-Method
X-Acc-Meta-Resource-Type
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
MRF-Tech
X-NF-Request-ID
Mrf-Cache-Status
X-B
X-Ruxit-JS-Agent
X-XRDS-Location
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-SS-Set-Cookie
X-HW
X-Vcap-Request-Id
S
X-Debug
X-MSEdge-Ref
X-Ser
Service-Worker-Allowed
Server-Name
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
X-Country-Code-Real
X-FTR-DC
X-FTR-Realm
X-PressLabs-Stats
X-Frontend
X-Server-ID
X-Oneagent-Js-Injection
X-FTR-Expires
Tracecode
X-Cache-Key
X-Wix-Server-Artifact-Id
Rt-Fastcgi-Cache
Fastcgi-Cache
Eomportal-Instance
AMP-Access-Control-Allow-Source-Origin
Alternate-Protocol
X-NewRelic-App-Data
Surrogate-Key
X-Forwarded-For
Cleartype
X-Cache-Rule
Cache-Status
X-NWS-LOG-UUID
X-Srv
X-GUploader-UploadID
X-HS-Content-Id
X-HS-Hub-Id
X-Analytics
Backend-Timing
X-Ttl
X-VCache
Host
TP-Cache
X-Oracle-Dms-Rid
X-Revision
TP-L2-Cache
FilterID
X-Rid
X-User-Agent
X-Debug-Info
X-FTR-Cache-Host
X-Whom
Fastly-Restarts
Public-Key-Pins-Report-Only
X-AOL-HN
X-Akam-SW-Version
X-Via-JSL
X-Cache-2
X-Varnish-Backend
ServerID
X-Content-Powered-By
X-Webkit-CSP
X-Cdn
X-Request-Processing-Time
X-Request-Received
X-Kinja-Server-Push
X-RateLimit-Remaining
X-Zen-Fury
Viewport
Accept-Charset
X-Accel-Buffering
Front-End-Https
X-Mobile
X-XRDS-LOCATION
X-WPE-Loopback-Upstream-Addr
X-Cached-By
X-Node-Name
Liferay-Portal
X-App-Environment
X-LB-Cache
X-Content-Security-Policy-Report-Only
X-Page-Id
X-Magnolia-Registration
X-Cache-Control
X-Cluster
X-Varnish-Hostname
X-Hostname
X-B3-Traceid
X-Tumblr-Pixel
X-Tumblr-User
Host-Header
X-Tumblr-Pixel-0
Cache-Tag
X-Device-Type
X-Framework
X-B3-Sampled
X-Request-Guid
X-Handled-By
X-TT
X-Akamai-Edgescape
Upgrade-Insecure-Requests
X-BCube-Filmed-By
X-B-Cache
X-FB-Debug
X-Platform-Server
X-Signature
X-Instance
DC
X-Cache-Server
Server-Node
X-Origin-Server
X-TT-TIMESTAMP
X-TA-CDN-Provider
X-Correlation-Id
Source
MicrosoftSharePointTeamServices
Retry-After
X-Contextid
X-WA-Info
X-Servedby
X-Accel-Expires
HitType
Server-Info
HitInfo
X-Amzn-Trace-Id
X-Cache-Action
X-Varnish-Server
X-Cache-Operation
X-Distil-CS
X-Port
X-APP-VERSION
X-Middleton-Display
X-Daa-Tunnel
X-Sol
Display
X-Geo-Country
X-Edge-Location
X-Generated-By
Content-Style-Type
Content-Script-Type
AsisCache
X-Hyper-Cache
X-GeoIP
X-Amz-Replication-Status
X-WebKit-CSP-Report-Only
Webserver
X-Tumblr-Pixel-2
GEO-INFO
X-Tumblr-Pixel-1
X-RequestSource
X-S
X-TX-ID
ServedBy
X-Locale
X-Status
X-Seen-By
X-Wix-Request-Id
Actual-Object-TTL
X-Region
X-Response-Served-From
Healthy
X-Varnish-Hits
X-FW-Hash
X-FW-Static
X-FW-Server
X-FW-Serve
X-FW-Type
X-Jobs
X-Edge-Cache
X-Edge-Cache-Key
X-Adobe-Loc
X-UUID
X-DataStream-Cache-Status
X-Drupal-Cache-Tags
User-Agent
X-Adobe-Content
SRV
X-Varnish-Grace
Filters
X-Newrelic-App-Data
S-Cnection
X-Fastcgi-Cache
NGB
Refresh
X-Amz-Server-Side-Encryption
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cache-Age
X-Esi
X-Proxied
IBM-Web2-Location
X-Cache-TTL-Remaining
Response
X-Middleton-Response
X-Activity-Id
X-App-Server
X-Az
AR-Request-ID
X-AppVersion
X-Pc-Appver
X-Pc-Hit
X-Pc-Key
X-Cache-Remote
X-Content-Type
X-CDN-Forward
X-Cache-NE
Cache
Payment
X-Ruxit-Js-Agent
X-Cacheable-TTL
X-UA
X-Cache-TTL
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-ATG-Version
X-Correlation-ID
Datacenter
Country
X-Unique-ID
Served-By
X-Akamai-Transformed
X-Mode
X-HS-Cache-Config
Edge-Cache-Tag
Machine
Meta-Geo
X-Is-Bot
X-Vg-Webcache
X-Sucuri-ID
X-RN-RSRV
X-Rendered-As
X-ProcessESI
X-RemovedCookies
Load-Balancing
X-Detected-As
HostName
User-Cache-Control
X-BYPASS-REASON
X-ProxyCache-Status
X-Proxy
X-ProxyCache-Key
X-OCL
X-Rocket-Nginx-Bypass
X-PCL
X-FC-Vary-Parameters
X-Source
Cache-Key
Backend
L5d-Success-Class
Access-Control-Allow-Method
DB-Nickname
TWC-Locale-Group
X-Cache-Config
X-Varnish-IP
X-Viewer-Country
X-Debug-Cache
X-Backend-Name
X-EIG-Tracking-Id
X-Varnish-Cacheable
X-Cache-Category-Id
X-Origin-Hint
X-PERF
X-Pubstack
X-BB-IP
X-Tb
X-ServerID
X-ApacheServer
X-Grey
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-Connection-Speed
Now
Property-Id
TWC-Privacy
Webcakes-App-Name
X-Human
X-Hosted-By
X-Origin
X-Amz-Meta-Surrogate-Control
Webcakes-App-Version
Webcakes-Region
Mn-Server-Ip
Cache-Name
X-Generated
X-Hit
X-NodeID
X-Original-Request
X-OVcl
X-OVcl-Cache
X-Format
S-Rt
X-Loop
Azure-SlotName
Azure-Version
X-JoinUs
Azure-SiteName
Azure-RegionName
Access-Control-Request-Headers
Azure-InstanceId
X-Environment-Context
X-Routing-Service
X-Upgrade-Enabled
X-L-Path
X-Varnish-Cache-Hits
X-Via-Fastly
X-Zipkin-Id
ServerName
X-TNCMS
X-CDN-Cache
X-Section
X-Site-Version
X-CCM
X-Access
Selected-FE
X-Agile-Id
X-AWS-Id
X-IP
X-Agile-Age
X-Agile
X-NGENIX-Cache
X-TWH-CORRELATION-ID
X-Timing-Wait
X-VWS-Id
X-Www-Served-By
X-Rule
X-Xfnlog-Site
X-LJ-Flow-ID
X-SplitTest
X-Ocache
X-Storage
X-Proxy-Build
X-Origin-CC
X-Drupal-Cache-Contexts
X-HS-Combine-CSS
X-URL
X-Cache-Var
X-Real-IP
X-Akamai-Request-ID
X-Cache-Var-Map
X-Pc-Date
X-Pc-Host
X-App-Name
X-Upstream-CT
X-Upstream-HT
X-Vgn-Hpd-Reason
X-Time-Microsecs
OT-Force-Account-Verify
X-Litespeed-Cache
X-UA-Device-Type
X-Nginx-Cache
X-RateLimit-Limit
From-Origin
X-Mrs-Age
X-Mrs-Cache
X-Mrs-Cache-Hits
X-NCache
X-PHP-Backend
X-Mshield-Cache-Status
X-Internal-Host
X-Microcachable
X-NC
XServer
Fastcgi-X-Cache-Version
X-Feature
Fastcgi-Useragent
Fastcgi-X-Cache
X-Distributor
X-Release
X-Forwarded-Host
X-Amzn-RequestId
X-Amz-Apigw-Id
Fastly-SSL
X-M-Reqid
LB
X-M-Log
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Qnm-Cache
X-Ms-Version
X-Ms-Blob-Type
X-Ms-Request-Id
X-Ms-Lease-Status
Pagespeed
X-Birta-Served
Powered-By-ChinaCache
X-Birta-Cache-Post
X-Cache-Backend
NtCoent-Length
X-EdgeConnect-Cache-Status
X-Twitter-Response-Tags
X-Transaction
Pagetype
X-Webkit-Csp
X-Connection-Hash
X-Labrador-Cache-Channel
X-Ah-Environment
X-VG-TLSProxy
X-V
X-Instance-Name
X-B3-Spanid
Frame-Options
Ar-Sid
MIME-Version
X-Web-Node
X-GZip
X-C
Time
X-SERVER-NAME
X-Org
X-NU-AKA-ACS-Version
X-No-Session
X-IN-APIGATEWAY
Fly-Cache
X-Generated-In
X-Generation-Time
Ec-Rule-Version
X-Hnp-Log
X-IN-SSL-APIGATEWAY
Fly-Request-Id
X-Irp-Debug
X-Server-By
X-IN-WAF
Ajk
Cache-Prefix
BehaviorPad-Version
Arc-Country
AKAMAI
Meta-Geo-Continent
X-A
X-A-Ccd
X-A-Dam
X-CF-Lambda-Version
Www
Viewtype
VivaBuild
Web-Mar-Node
X-A-Dcw
X-A-Dgt
X-B-Cookie
X-Cache-Bucket
X-BB-ID
X-ARC
X-Application
X-A-Wwc
X-Accel-Expires-Debug
X-CF-Lambda-Fn
V-Age
X-CS
NGX
X-DPWN-IS-SECURE
X-Dispatcher-Server
MD5-Digest
IsBot
X-G
Host-ID
X-From
X-Died
Rendered-Blocks
Server-Int
X-CUA
T-Server
X-D
X-Date
X-Developer
X-Destination
X-Gen-Mode
X-Logtrace-Id
X-VG-WebServer
X-Via-CDN
X-SIPLIST1
X-Trv-Group
X-WebServer
X-Via-Edge
X-Redis-Cache
Xc-Version
X-Via-SSL
X-Request-URI
X-Request-UUID
X-Region-Sid
X-PAYTM-SRV-ID
X-Block-Status
X-UE-Client-Country
X-Server-Time
X-S-Cookie
X-ScT
X-Rojux
X-SRCache-Key
X-Rewrite-Enabled
X-FireWall-Port
Cneonction
X-Varnish-Beresp-Ttl
X-HOST
X-App-Version
X-NWS-UUID-VERIFY
MI-Cache-Age
HA-Geolon
NodeID
HA-Georegion
MI-Cache
MI-API
X-Eu-Site
Kp-EeAlive
X-RCS-CacheZone
HA-Urlpath
HA-Servedtime
HA-Ipaddr
X-Fastly-Cache
X-F5-Cache
HA-Host
Ha-Gx-Prefs
X-External-Request-Id
Magicmarker
Request-Country
True-Client-Country-4JS
X-Var-Ttl
X-Crawler
X-Varnish-Action
SN
X-ServiceProvider
X-CGP
X-Cache-Enabled
X-Amz-Meta-Cache-Control
X-S-Maxage
X-UnsetCookies
X-Sf
Server-Host
Pragrma
Proxy-Connection
Origin-Edge-Control
Origin-Cache-Control
On-Server
Release
HA-Geolat
X-Debug-Cookies
X-Debug-Log
Request-Time
Request-EU
X-ElasticPress-Search
X-RateLimit-Remaining-Second
CDCHOST
Backend-Name
Mobile-Detection-Method
X-Key
X-Wikidot-Static-Cache
X-Origin-TTL
X-Hl-Ver
X-Platform
X-HTML-Minification-Powered-By
X-Layer
Cteonnt-Length
X-MI-In-Market
X-Node-Id
X-Phone
WZWS-RAY
X-Powered-By-ANYU
X-NX-Host
HA-Geocountry
X-Sucuri-Cache
Country-Code
Cache-Tags
X-We-Are-Hiring
HA-Cloudapp
X-GeoIP-City
X-Owner
X-RateLimit-Limit-Second
X-VServer
GMS-Ver
HA-Geocity
X-Wikidot-Backend
Esi-Enabled
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
X-Webstats-RespID
X-Swa-Ws
X-Passed-To-BeforeDispatch
X-Skip-Cache
X-Server-IP
X-Sn-Servicetimems
X-Clientip
X-Up
X-Sorting-Hat-PodId
X-Returned-From-PostProcessResponse
X-Ckpd-Fst-Backend
X-Tumblr-Pixel-3
X-Cache-Srv
X-Cache-URL
X-Variation
X-Cache-Host
X-Secret
X-TT-LOGID
X-Cdn-Origin
X-Cdn-Srv
X-Sorting-Hat-ShopId
X-Passed-To
X-Cache-Expires
X-Passed-To-PostProcessResponse
X-Stale
X-Cache-CFC
X-Matched-Rule
X-Epic-Correlation-Id
X-Hash
X-Request-Time
X-Worker
X-Developers
X-Device-Os
X-GeoIP-Country-Code
X-Reboot
X-Gannett-Site-Version
X-FW-Version
X-Fstrz
X-Passed-To-DLL
X-Fetched-On
X-VCT
X-Trace-Id
X-MSEdge-Features
X-Returned-From-BeforeDispatch
X-Croise-Owner
X-MSEdge-Flight
X-Returned-From-DLL
X-Core-Value
X-Shopify-Stage
X-Returned-From
X-Location
X-ShardId
X-Thinkindot-L3
X-Response-By
X-ShopId
X-Content-Age
Uber-Trace-Id
Platform
PFcat
Origin
RNT-Machine
RNT-Time
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Section-Io-Cache
Adler-Geo
Apple-News-Services-Handled
Countrycode
Heartbleed
Fastly-Backend-Name
Apple-News-Services-Request-Url
Is-Eu
Odigeo-Trace-Id
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Thinkindot-Control
Server-ID
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Storage-Class
X-Alternate-Cache-Key
X-Backend-Host
X-Backend-Url
X-Backend-TTL
X-Backend-State
X-Actual-URL
X-Oss-Server-Time
PageSpeed
Content-Disposition
X-Servername
X-Rebelmouse-Cache-Control
HTTPS
X-Csrf-Token
Fastly-SIE
X-Iejgwucgyu
X-Store
Fastly-SWR
Resin-Trace
X-Rebelmouse-Surrogate-Control
X-Nginx-Cache-Key
X-GEO
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Real-Ip
X-Policy
X-Planisys-CDN-TTL
ProcessTime
X-CACHE-AGE
Sid
X-Core-Mission
X-Alicdn-Da-Ups-Status
WP-Super-Cache
X-Ezoic-Cdn
Xserver
X-Pf-Uncompressing
CDN
REQUESTUUID
X-Ua
RequestId
Powered
X-Cluster-Node
X-Atg-Version
Warning
X-Proto
X-Refresh
X-Cache-ASPX
X-Servedbyhost
X-TIME
X-Dc
X-GoCache-CacheStatus
Mail-Subject
Dnion-Transfer-Encoding
We-Hiring
CF-IPCountry
X-Guploader-Uploadid
NODE
ViewerVersion
X-Pjax-Url
X-B3-TraceId
Cache-Cookie-Set-Lfrom
X-Req
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-DC
X-Varnish-Ttl
X-Endurance-Cache-Level
NnCoection
X-Nc
X-Page-Type
X-Newrelic-Synthetics
X-Origin-Date
X-Surge-Debug
X-Origin-Expires
X-CLOUD-TRACE-CONTEXT
X-Cache-Control-Set-By
X-Time
X-Edge-IP
X-HCF
Geoip-Latitude
X-COUNTRY
X-Varnish-HitMiss
GeoIp-Country-Code
X-Server-W
Hostname
X-Aed
X-Oracle-Dms-Ecid
X-CSRF-Token
Pramga
X-Ms-Lease-State
X-Server-Group
SD-X-WS
WWW-Authenticate
X-Cdn-Forward
CACHE
X-Varnish-Beresp-TTL
TSSecure
X-Varnish-Url
Processtime
Geoip-City
A
X-Datadome
MS-CV
X-GRACE
PICS-Label
X-Wix-Route-ID
X-Dynatrace-Js-Agent
X-Wa
X-Aicache-OS
X-WA
X-ABtesting
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Flog
X-Hello
X-Varnish-URL
Cdn
Dont-Set-Cookie
X-Ratelimit-Limit
X-Gdpr
Cdn-Request-Time
Node
Cdn-Host
X-From-Cache
X-Edge-Server
X-Akamai-Request-ID2
Mime-Version
Lfy
Lb
X-Auto-Login
X-Use-Magma
DataCenter
PageType
X-Nananana
FSS-Cache
FSS-Proxy
X-UPSTREAM-Address
COMMERCE-SERVER-SOFTWARE
X-Unique-Id
X-Geo
Ms-Operation-Id
X-RTag
Get-Access-Time
X-Cache-HT
X-Sentry-ID
GeoIP-Latitude
X-EC-Security-Audit
GeoIP-Country-Code
Is-Session-Tracking
X-Fastly-Backend-Reqs
GeoIP-City
X-Env
X-APP
X-Optimization
X-SRV
X-Load-Cache
X-WR-MODIFICATION
X-CACHE-KEY
X-Gen-Id
Who
Rt-Proxy-Cache
X-Via-NSCOPI
X-PAGE-TYPE
X-Served-From
X-Cache-FS-Status
X-Check-Cacheable
X-Wix-Petri-Ex
X-GDPR
X-Cookie
X-Cache-Id
X-Ibm-Trace
Ws
X-FORWARDED-FOR
Memcached
X-Meta-Tbi-Cache-Vertical
X-Bip
X-Thanos
X-Cache-Info
X-Ver
Pics-Label
X-Swift-Error
X-PJAX-URL
X-Be
X-Proxy-Server
Httpd-Identifier
X-MP-GENERATED-AT
X-NGINX-Cache
X-Ratelimit-Remaining
X-B3-SpanId
X-ServedByHost
Ohc-File-Size
X-SVT-ORM-VERSION
Cf-Ipcountry
X-Cache-Ttl
X-HS-Status
X-Fastly-Cache-Hits
Memory
V-Cache
X-SVT-ORM-RULES
Group
X-Request-Start
X-Fe
X-RateLimit-Reset
Powered-By
X-Path-Route
URI
X-CDN-Pop-IP
X-Shard
X-CDN-Pop
Version
X-Dw-Trace-Id
Amp-Access-Control-Allow-Source-Origin
X-ID
X-GZIP
X-LiteSpeed-Cache-Control
GW-Server
NX-Cache
UCS
X-P-T
Xet-Cookie
X-SB
X-VC
X-Bug-Bounty
X-PF-Uncompressing
Requestid
AGE-Hash
Serverid
X-User
X-Varnish-Info
CDN-Node
Apicache-Store
Apicache-Version
CDN-Cache
Ohc-Response-Time
N-Cache
X-Akamai-ERRuleID
X-StackifyID
X-VG-WebCache
CDN-Cache-Hit
X-CacheKey
Fastly-Soc-X-Request-Id
X-Akamai-ERPolicy
X-Micro-Cache
If-Modified-Since
X-SD-PageType
SID
Cache-Hits
X-Grace-Duration
X-Cache-Handler
X-Route-Name
Https
X-Litespeed-Cache-Control
X-Flags
X-RequestId
X-Info
X-Providence-Cookie
X-Is-Crawler
X-ServerName