Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
X-Request-Id
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Xss-Protection
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Request-ID
X-Check
X-AspNetMvc-Version
Status
X-Cache-Status
X-Adblock-Key
Timing-Allow-Origin
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
X-Template
Content-Encoding
X-Language
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
Keep-Alive
X-Buckets
Xkey
X-Backend
X-Cache-Group
X-AH-Environment
WPE-Backend
Access-Control-Max-Age
X-Pass-Why
X-Age
CF-Ray
X-Server
X-POWERED-BY
Upgrade
EagleId
X-Ua-Compatible
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Pingback
X-Drupal-Dynamic-Cache
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Grace
X-Hacker
X-Amz-Id-2
X-Amz-Request-Id
X-UA-Device
Ali-Swift-Global-Savetime
X-Robots-Tag
P3p
Cf-Railgun
X-LiteSpeed-Cache
X-Envoy-Upstream-Service-Time
X-Proxy-Cache
X-Page-Speed
Request-Context
Content-Location
X-Device
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Node
X-Cnection
X-Host
X-Cache-Lookup
X-Amz-Version-Id
Surrogate-Control
X-Server-Id
X-WebKit-CSP
X-Backend-Server
X-Rack-Cache
X-Response-Time
X-Rq
X-Application-Context
X-Readtime
X-CST
X-Dns-Prefetch-Control
EagleEye-TraceId
Pinterest-Generated-By
Server-Timing
X-Url
X-Cloud-Trace-Context
X-TTL
X-Instart-Request-ID
Request-Id
X-Px
Report-To
X-Country
X-OneAgent-JS-Injection
X-ORACLE-DMS-ECID
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Feature-Policy
Rating
Edge-Control
Allow
X-Country-Code
X-DynaTrace-JS-Agent
Charset
X-DataDome
X-ESI
X-Server-Name
X-Powered-CMS
X-FTR-Request-ID
X-Vname
X-TtlSet
X-PC
X-Origin-Cache
X-DynaTrace
NEL
X-MS-InvokeApp
X-Recruiting
X-Goog-Hash
X-Varnish-TTL
X-Cached
X-VARITI-CCR
X-ORACLE-DMS-RID
X-Vhost
Content-MD5
X-GitHub-Request-Id
RTSS
X-Version
X-F-Cache
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja
X-Kinja-Revision
X-Exp-Id
X-Geo-Segment
X-Exp-Variant
X-Cdn-Fetch
X-Kinja-Server
X-Powered-By-Plesk
Public-Key-Pins
X-CF-Powered-By
PB-RID
X-Upstream-Env
Pinterest-Version
X-Pinterest-Rid
PB-PID
X-Mobile-Rewrite
Arc-Version
X-Mod-Pagespeed
Verso
X-Client-IP
Accept-CH
SPRequestGuid
X-D2id
X-Abt-Application-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
MS-Author-Via
X-N
X-Dispatcher
AR-ATIME
AR-PoweredBy
X-SharePointHealthScore
Permitted-Cross-Domain-Policies
X-Do-Not-Hack
X-HeyJason
AR-CACHE
X-Amz-Rid
X-Navigation-Version
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-T
Nginx-Cache
DynaTrace
Accept-CH-Lifetime
X-Dw-Request-Base-Id
Paypal-Debug-Id
X-Trace
X-Fastly-Request-ID
X-Upstream
X-Grace
Arr-Disable-Session-Affinity
X-Varnish-Age
X-Hits
TCN
X-Origin-Upstream-Status
X-Id
X-Forwarded-Proto
X-Amz-Meta-S3cmd-Attrs
X-DIS-Request-ID
X-Pad
X-Shield-Request-Id
X-FastCGI-Cache
SPRequestDuration
SPIisLatency
X-Cache-Hit
X-Content-Options
X-Logged-In
X-Content-Digest
Realpath
X-IPLB-Instance
Access-Control-Request-Method
X-Kinsta-Cache
X-Server-ID
X-NF-Request-ID
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-B
X-Acc-Meta-Resource-Type
MRF-Tech
Mrf-Cache-Status
AR-SID
X-Ruxit-JS-Agent
X-XRDS-Location
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-SS-Set-Cookie
X-Oneagent-Js-Injection
X-HW
X-Vcap-Request-Id
S
X-Debug
X-MSEdge-Ref
Service-Worker-Allowed
X-Ser
Server-Name
X-FTR-Backend
X-FTR-DC
X-FTR-Realm
X-PressLabs-Stats
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Cache-Status
X-Country-Code-Real
X-NewRelic-App-Data
X-Frontend
X-Webkit-CSP
Tracecode
X-Wix-Server-Artifact-Id
X-FTR-Expires
X-Cache-Key
Rt-Fastcgi-Cache
Fastcgi-Cache
Eomportal-Instance
AMP-Access-Control-Allow-Source-Origin
Alternate-Protocol
X-Forwarded-For
Surrogate-Key
X-GUploader-UploadID
Cleartype
X-Cache-Rule
Cache-Status
X-Srv
X-NWS-LOG-UUID
X-HS-Content-Id
X-HS-Hub-Id
X-Analytics
Backend-Timing
X-VCache
Host
TP-Cache
X-Revision
TP-L2-Cache
X-Oracle-Dms-Rid
X-User-Agent
X-Rid
FilterID
X-Whom
X-FTR-Cache-Host
Fastly-Restarts
X-Debug-Info
Public-Key-Pins-Report-Only
X-AOL-HN
X-Akam-SW-Version
X-Cache-2
X-Via-JSL
ServerID
X-Varnish-Backend
X-Content-Powered-By
X-RateLimit-Remaining
X-Request-Processing-Time
X-Cdn
X-Request-Received
X-Kinja-Server-Push
X-Zen-Fury
Viewport
Accept-Charset
X-Accel-Buffering
X-Ttl
X-Mobile
Front-End-Https
X-XRDS-LOCATION
X-WPE-Loopback-Upstream-Addr
X-Cached-By
X-Node-Name
Liferay-Portal
X-App-Environment
X-LB-Cache
X-Tumblr-Pixel-0
X-Page-Id
X-Magnolia-Registration
X-Cluster
Host-Header
X-Tumblr-Pixel
X-Cache-Control
X-B3-Traceid
X-Tumblr-User
X-Varnish-Hostname
X-Hostname
X-Content-Security-Policy-Report-Only
X-Framework
Cache-Tag
X-Handled-By
X-Device-Type
X-Akamai-Edgescape
X-B3-Sampled
X-TT
X-Request-Guid
X-B-Cache
X-Platform-Server
X-Instance
X-BCube-Filmed-By
Upgrade-Insecure-Requests
X-FB-Debug
X-Signature
DC
X-Cache-Server
X-Origin-Server
Server-Node
X-TT-TIMESTAMP
X-TA-CDN-Provider
X-Correlation-Id
Source
MicrosoftSharePointTeamServices
Retry-After
X-WA-Info
X-Accel-Expires
X-Contextid
X-Servedby
HitInfo
Server-Info
HitType
X-Cache-Action
X-Amzn-Trace-Id
X-Varnish-Server
X-Cache-Operation
X-APP-VERSION
X-Distil-CS
X-Port
Display
X-Middleton-Display
X-Daa-Tunnel
X-Sol
X-Fastcgi-Cache
X-Edge-Location
X-Geo-Country
X-Generated-By
Content-Style-Type
Content-Script-Type
X-Hyper-Cache
X-GeoIP
X-S
X-TX-ID
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-WebKit-CSP-Report-Only
Webserver
X-Wix-Request-Id
X-Seen-By
GEO-INFO
AsisCache
X-Amz-Replication-Status
X-RequestSource
Actual-Object-TTL
X-Locale
X-Status
ServedBy
X-FW-Serve
X-Edge-Cache
X-FW-Hash
X-FW-Server
X-Edge-Cache-Key
X-Jobs
X-Varnish-Hits
Healthy
X-UUID
X-Response-Served-From
X-FW-Type
X-FW-Static
X-Region
User-Agent
X-Adobe-Loc
X-DataStream-Cache-Status
X-Adobe-Content
X-Drupal-Cache-Tags
X-Varnish-Grace
Filters
S-Cnection
NGB
Refresh
X-Yottaa-Metrics
X-Amz-Server-Side-Encryption
X-Cache-Age
X-Yottaa-Optimizations
X-Proxied
X-Esi
IBM-Web2-Location
SRV
X-Cache-TTL-Remaining
AR-Request-ID
Response
X-CDN-Forward
X-Middleton-Response
X-Az
X-Activity-Id
X-AppVersion
X-App-Server
X-Pc-Key
X-Pc-Appver
X-Pc-Hit
X-Cache-Remote
X-Content-Type
X-Newrelic-App-Data
X-Cache-NE
X-Ruxit-Js-Agent
Cache
Payment
X-Cacheable-TTL
X-Kong-Upstream-Latency
X-UA
X-Kong-Proxy-Latency
X-Cache-TTL
X-ATG-Version
X-Correlation-ID
Datacenter
Country
Served-By
X-Vg-Webcache
X-Unique-ID
X-HS-Cache-Config
Edge-Cache-Tag
X-Mode
X-Akamai-Transformed
X-Is-Bot
X-Detected-As
Meta-Geo
Machine
Load-Balancing
X-RN-RSRV
X-RemovedCookies
X-Rendered-As
X-ProcessESI
X-Sucuri-ID
X-FC-Vary-Parameters
User-Cache-Control
X-PCL
HostName
X-Source
X-BYPASS-REASON
X-OCL
X-ProxyCache-Status
X-Rocket-Nginx-Bypass
X-Proxy
X-ProxyCache-Key
X-Debug-Cache
X-Backend-Name
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Device-Class
Webcakes-App-Name
X-Real-IP
Access-Control-Allow-Method
X-BB-IP
X-Human
X-Viewer-Country
X-Cache-Category-Id
X-Grey
X-EIG-Tracking-Id
TWC-Locale-Group
X-Hosted-By
X-Varnish-Cacheable
TWC-Privacy
X-Varnish-IP
X-Origin-Hint
X-ServerID
L5d-Success-Class
X-Origin
Property-Id
Mn-Server-Ip
Webcakes-App-Version
Webcakes-Region
Now
X-Tb
TWC-Connection-Speed
X-Amz-Meta-Surrogate-Control
DB-Nickname
Backend
Cache-Key
Cache-Name
X-CCM
Azure-SlotName
Azure-RegionName
X-Access
X-Cache-Config
Azure-Version
X-CDN-Cache
Access-Control-Request-Headers
Azure-SiteName
X-Zipkin-Id
X-ApacheServer
ServerName
S-Rt
Azure-InstanceId
X-Via-Fastly
X-Loop
X-OVcl
X-L-Path
X-JoinUs
X-Varnish-Cache-Hits
X-Upgrade-Enabled
X-TNCMS
X-NodeID
X-Original-Request
X-OVcl-Cache
X-Site-Version
X-PERF
X-Generated
X-Format
X-Hit
X-Pubstack
X-Environment-Context
X-Section
X-Routing-Service
X-Agile-Age
X-Timing-Wait
X-Agile
X-Proxy-Build
X-Agile-Id
X-Rule
Selected-FE
X-SplitTest
X-Ocache
X-IP
X-App-Name
X-Storage
X-Xfnlog-Site
X-AWS-Id
X-VWS-Id
X-Www-Served-By
X-NGENIX-Cache
X-LJ-Flow-ID
X-TWH-CORRELATION-ID
X-HS-Combine-CSS
X-Origin-CC
X-Drupal-Cache-Contexts
X-URL
X-Cache-Var-Map
X-Cache-Var
X-Akamai-Request-ID
X-Pc-Date
X-Pc-Host
X-Upstream-CT
X-Upstream-HT
X-Vgn-Hpd-Reason
X-Time-Microsecs
OT-Force-Account-Verify
X-Litespeed-Cache
From-Origin
X-RateLimit-Limit
X-Nginx-Cache
X-UA-Device-Type
X-PHP-Backend
X-NCache
X-Internal-Host
X-Microcachable
X-NC
X-Mrs-Age
X-Mrs-Cache
X-Mrs-Cache-Hits
X-Mshield-Cache-Status
XServer
Fastcgi-X-Cache-Version
Fastcgi-X-Cache
Fastcgi-Useragent
X-Feature
X-Distributor
X-Release
X-Forwarded-Host
Fastly-SSL
X-M-Reqid
X-Amzn-RequestId
X-M-Log
X-Amz-Apigw-Id
X-Qnm-Cache
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
LB
Ar-Sid
X-Ms-Blob-Type
X-Ms-Lease-Status
X-Ms-Version
X-Ms-Request-Id
X-Cache-Backend
Pagespeed
X-Birta-Cache-Post
X-Birta-Served
X-EdgeConnect-Cache-Status
X-Twitter-Response-Tags
X-Connection-Hash
Powered-By-ChinaCache
X-Transaction
NtCoent-Length
Pagetype
X-Webkit-Csp
X-Labrador-Cache-Channel
X-Ah-Environment
X-VG-TLSProxy
X-V
X-Instance-Name
X-B3-Spanid
Frame-Options
X-GZip
MIME-Version
X-Web-Node
X-C
Time
X-SERVER-NAME
X-S-Cookie
Xc-Version
X-A-Dam
X-Gen-Mode
X-Block-Status
X-Date
IsBot
X-Developer
X-Destination
X-Irp-Debug
X-Died
X-UE-Client-Country
Web-Mar-Node
AKAMAI
X-Server-By
X-D
BehaviorPad-Version
Ajk
X-BB-ID
X-Cache-Bucket
X-Via-SSL
X-Logtrace-Id
X-Generated-In
X-Org
X-WebServer
Meta-Geo-Continent
Cache-Prefix
MD5-Digest
X-ScT
X-A
X-CS
NGX
X-Via-CDN
X-Dispatcher-Server
X-A-Ccd
X-Server-Time
X-Via-Edge
X-SIPLIST1
X-CF-Lambda-Fn
X-CUA
X-IN-WAF
X-IN-APIGATEWAY
X-Redis-Cache
X-From
Fly-Cache
X-Accel-Expires-Debug
T-Server
Server-Int
X-Trv-Group
X-NU-AKA-ACS-Version
X-A-Wwc
X-Region-Sid
X-Hnp-Log
X-G
X-A-Dgt
X-Generation-Time
X-Request-UUID
VivaBuild
V-Age
Fly-Request-Id
Viewtype
X-PAYTM-SRV-ID
X-VG-WebServer
X-CF-Lambda-Version
X-Rewrite-Enabled
X-SRCache-Key
X-IN-SSL-APIGATEWAY
Ec-Rule-Version
X-Rojux
Rendered-Blocks
Www
Host-ID
X-Application
X-DPWN-IS-SECURE
X-A-Dcw
Arc-Country
X-ARC
X-No-Session
X-B-Cookie
X-App-Version
X-NWS-UUID-VERIFY
X-Varnish-Beresp-Ttl
Cneonction
X-FireWall-Port
X-HOST
HA-Ipaddr
HA-Host
HA-Cloudapp
HA-Servedtime
GMS-Ver
X-Node-Id
HA-Geocity
HA-Geocountry
HA-Georegion
HA-Geolon
HA-Geolat
Ha-Gx-Prefs
Origin-Edge-Control
Request-Country
Request-EU
Release
Proxy-Connection
Pragrma
Request-Time
X-Amz-Meta-Cache-Control
X-UnsetCookies
True-Client-Country-4JS
SN
Server-Host
X-NX-Host
Origin-Cache-Control
Kp-EeAlive
Magicmarker
X-MI-In-Market
X-Cache-Enabled
X-Varnish-Action
X-Cache-CFC
MI-API
X-Var-Ttl
NodeID
MI-Cache-Age
MI-Cache
HA-Urlpath
WZWS-RAY
X-F5-Cache
X-Crawler
X-Phone
X-We-Are-Hiring
X-GeoIP-City
X-Core-Value
X-Sucuri-Cache
X-Powered-By-ANYU
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Key
X-HTML-Minification-Powered-By
Mobile-Detection-Method
X-Debug-Log
X-Debug-Cookies
X-Layer
X-Origin-TTL
X-Owner
X-Sf
X-VServer
Decoy-Debug-Key
X-RateLimit-Remaining-Second
Country-Code
Decoy-Debug-Status
Decoy-Debug-TTL
X-S-Maxage
X-External-Request-Id
Esi-Enabled
X-Eu-Site
CDCHOST
X-Request-URI
Cteonnt-Length
X-Platform
X-RCS-CacheZone
X-Hl-Ver
Backend-Name
X-CGP
X-RateLimit-Limit-Second
X-Fastly-Cache
X-Webstats-RespID
X-Gannett-Site-Version
X-FW-Version
X-Sorting-Hat-PodId
X-Hash
X-GeoIP-Country-Code
X-Matched-Rule
X-Trace-Id
X-Alternate-Cache-Key
X-Fetched-On
X-TT-LOGID
X-Sn-Servicetimems
X-Fstrz
X-Sorting-Hat-ShopId
X-Actual-URL
X-Developers
X-Cache-Host
X-Content-Age
X-Thinkindot-L3
X-Cache-Expires
X-Clientip
X-Ckpd-Fst-Backend
X-Cache-Srv
X-Cache-URL
X-Cdn-Origin
X-Cdn-Srv
X-Croise-Owner
X-Skip-Cache
X-Device-Os
X-Shopify-Stage
X-Stale
X-ElasticPress-Search
X-Backend-Host
X-Backend-State
X-Swa-Ws
X-Backend-Url
X-Backend-TTL
X-Epic-Correlation-Id
Fastly-Backend-Name
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
PageSpeed
X-Returned-From-BeforeDispatch
Adler-Geo
Apple-News-Services-Request-Url
Cache-Tags
X-Location
X-Returned-From
Countrycode
X-Request-Time
X-Server-IP
X-Oss-Storage-Class
X-Oss-Server-Time
X-Secret
X-Returned-From-DLL
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Oss-Hash-Crc64ecma
X-Passed-To-BeforeDispatch
X-Oss-Object-Type
X-ShopId
X-ServiceProvider
X-Worker
X-Passed-To
X-Oss-Request-Id
X-Returned-From-PostProcessResponse
Heartbleed
Server-ID
X-Reboot
Section-Io-Cache
RNT-Time
RNT-Machine
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Tumblr-Pixel-3
X-ShardId
Uber-Trace-Id
Thinkindot-Control
X-Nginx-Cache-Key
X-Up
Odigeo-Trace-Id
X-VCT
X-MSEdge-Flight
X-Variation
X-Response-By
Is-Eu
Platform
On-Server
PFcat
X-MSEdge-Features
Origin
X-Servername
X-Rebelmouse-Cache-Control
X-Iejgwucgyu
X-Rebelmouse-Surrogate-Control
Content-Disposition
X-Store
Resin-Trace
X-Alicdn-Da-Ups-Status
Sid
HTTPS
Fastly-SWR
X-Core-Mission
Fastly-SIE
X-Csrf-Token
X-Policy
ProcessTime
X-Planisys-CDN-Cache
X-CACHE-AGE
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
WP-Super-Cache
X-Ezoic-Cdn
X-Pf-Uncompressing
X-Refresh
Powered
CDN
REQUESTUUID
X-Ua
Xserver
RequestId
Warning
X-GEO
X-Cluster-Node
X-Atg-Version
CF-IPCountry
X-Proto
X-Cache-ASPX
X-Servedbyhost
X-Dc
X-Real-Ip
X-TIME
Mail-Subject
Dnion-Transfer-Encoding
We-Hiring
X-GoCache-CacheStatus
NODE
ViewerVersion
X-Pjax-Url
X-B3-TraceId
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
X-Newrelic-Synthetics
X-Endurance-Cache-Level
X-Req
X-Nc
X-Varnish-Ttl
X-DC
NnCoection
X-Surge-Debug
X-Origin-Expires
X-Origin-Date
X-CLOUD-TRACE-CONTEXT
Geoip-Latitude
X-Varnish-HitMiss
X-Cache-Control-Set-By
X-COUNTRY
X-Edge-IP
GeoIp-Country-Code
X-Server-W
X-HCF
X-Page-Type
X-Time
X-Guploader-Uploadid
Hostname
X-Aed
X-Oracle-Dms-Ecid
X-CSRF-Token
X-Server-Group
WWW-Authenticate
X-Ms-Lease-State
Pramga
SD-X-WS
X-Varnish-Beresp-TTL
A
Geoip-City
TSSecure
Processtime
CACHE
MS-CV
X-GRACE
X-Wix-Route-ID
X-Varnish-Url
X-Datadome
PICS-Label
X-Cdn-Forward
X-WA
X-Varnish-URL
Cdn
X-Wa
X-ABtesting
X-Aicache-OS
X-DataStream-MidMile-RTT
X-Flog
X-DataStream-Origin-MEX-Latency
X-Hello
Dont-Set-Cookie
X-Ratelimit-Limit
X-From-Cache
X-Geo
Mime-Version
Cdn-Request-Time
Node
Cdn-Host
X-Edge-Server
X-Akamai-Request-ID2
X-Gdpr
Lb
X-Auto-Login
Lfy
DataCenter
X-Use-Magma
X-Nananana
PageType
FSS-Proxy
X-UPSTREAM-Address
COMMERCE-SERVER-SOFTWARE
X-Unique-Id
FSS-Cache
X-RTag
X-WR-MODIFICATION
Ms-Operation-Id
X-NODE
GeoIP-Latitude
X-EC-Security-Audit
GeoIP-Country-Code
X-Sentry-ID
GeoIP-City
X-PAGE-TYPE
X-SRV
X-Gen-Id
X-APP
X-Optimization
X-Cache-HT
Is-Session-Tracking
Get-Access-Time
X-Env
X-Fastly-Backend-Reqs
X-Load-Cache
Rt-Proxy-Cache
X-CACHE-KEY
X-Via-NSCOPI
Who
X-Cache-Id
X-Check-Cacheable
X-Cache-FS-Status
X-GDPR
X-Served-From
X-Wix-Petri-Ex
X-Cookie
X-Dynatrace-Js-Agent
Ws
Memcached
X-Ibm-Trace
X-Meta-Tbi-Cache-Vertical
X-FORWARDED-FOR
X-Cache-Info
X-Bip
X-Thanos
X-Ver
X-Swift-Error
X-Be
Pics-Label
X-PJAX-URL
Httpd-Identifier
X-MP-GENERATED-AT
X-Proxy-Server
X-NGINX-Cache
X-Cache-Ttl
X-Fe
X-Fastly-Cache-Hits
X-B3-SpanId
X-SVT-ORM-VERSION
X-ServedByHost
X-SVT-ORM-RULES
X-Request-Start
Powered-By
Memory
X-RateLimit-Reset
Ohc-File-Size
V-Cache
Group
X-HS-Status
X-Path-Route
URI
X-CDN-Pop
X-CDN-Pop-IP
X-Shard
Cf-Ipcountry
Version
X-Dw-Trace-Id
X-ID
Amp-Access-Control-Allow-Source-Origin
X-SB
X-LiteSpeed-Cache-Control
UCS
X-GZIP
X-VC
AGE-Hash
X-Bug-Bounty
Xet-Cookie
NX-Cache
Requestid
GW-Server
X-PF-Uncompressing
X-P-T
Serverid
Srv
X-Varnish-Info
X-User
CDN-Cache
X-Ratelimit-Remaining
X-Akamai-ERPolicy
X-Akamai-ERRuleID
Apicache-Store
N-Cache
X-StackifyID
Apicache-Version
Fastly-Soc-X-Request-Id
Ohc-Response-Time
CDN-Cache-Hit
X-CacheKey
CDN-Node
X-SD-PageType
X-ServerName
If-Modified-Since
Https
Cache-Hits
X-Grace-Duration
X-Route-Name
X-Micro-Cache
X-Info
X-Litespeed-Cache-Control
X-RequestId
X-Flags
X-Providence-Cookie
X-Is-Crawler
X-Cache-Handler