Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Accept-Ranges
Last-Modified
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Xss-Protection
X-AspNetMvc-Version
Status
Timing-Allow-Origin
X-Check
X-Cache-Status
X-Adblock-Key
X-Iinfo
X-DNS-Prefetch-Control
X-Content-Security-Policy
X-Permitted-Cross-Domain-Policies
Content-Encoding
X-Template
X-CDN
X-Language
X-Turbo-Charged-By
X-Request-ID
Keep-Alive
X-Type
X-Buckets
EagleId
Xkey
X-Backend
X-Via
X-AH-Environment
WPE-Backend
X-Age
X-Pass-Why
Access-Control-Max-Age
X-Server
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Cache-Group
X-Varnish-Cache
X-Pingback
Upgrade
X-Nginx-Cache-Status
X-Server-Powered-By
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Grace
X-Hacker
P3p
X-UA-Device
Cf-Railgun
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Ua-Compatible
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
Request-Context
X-CST
X-Node
X-Device
X-Host
X-Cache-Lookup
X-Ac
Content-Location
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cnection
Surrogate-Control
X-Amz-Version-Id
X-WebKit-CSP
X-Server-Id
X-Rack-Cache
X-Backend-Server
X-Response-Time
X-Rq
X-Px
X-Readtime
X-Application-Context
X-Dns-Prefetch-Control
Allow
X-Cloud-Trace-Context
X-OneAgent-JS-Injection
EagleEye-TraceId
X-Instart-Request-ID
Pinterest-Generated-By
X-Clacks-Overhead
Server-Timing
X-Do-Not-Hack
X-HeyJason
Permitted-Cross-Domain-Policies
Request-Id
X-Country
X-Url
Report-To
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Rating
X-Country-Code
Charset
X-Varnish-TTL
Edge-Control
X-ESI
X-TTL
X-Vname
X-TtlSet
X-PC
X-Powered-CMS
X-FTR-Request-ID
X-Server-Name
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-DataDome
X-CF-Powered-By
Feature-Policy
X-MS-InvokeApp
X-Origin-Cache
X-Cached
X-Goog-Hash
X-DynaTrace-JS-Agent
NEL
Public-Key-Pins
X-Vhost
X-Recruiting
X-DynaTrace
X-Cdn-Fetch
X-Exp-Id
X-Kinja
X-Kinja-Revision
X-Kinja-Server
X-GoogleNews-Bot
X-Kinja-Build
X-Geo-Segment
X-Exp-Variant
X-VARITI-CCR
X-F-Cache
X-Version
AR-PoweredBy
AR-ATIME
X-Powered-By-Plesk
X-Mod-Pagespeed
AR-CACHE
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-T
PB-RID
PB-PID
Arc-Version
X-Mobile-Rewrite
Content-MD5
X-D2id
X-Client-IP
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Env
Verso
X-Abt-Application-Version
RTSS
X-Dispatcher
X-N
X-Cdn
SPRequestGuid
X-Amz-Rid
X-Server-ID
X-SharePointHealthScore
X-GitHub-Request-Id
X-Ruxit-JS-Agent
X-Forwarded-Proto
X-Hits
Nginx-Cache
X-Navigation-Version
X-Ttl
X-Dw-Request-Base-Id
Paypal-Debug-Id
X-B
X-Upstream
Realpath
X-Pad
X-Varnish-Age
X-Shield-Request-Id
X-Content-Digest
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
Arr-Disable-Session-Affinity
X-Id
X-Grace
MS-Author-Via
X-Content-Options
X-Cache-Hit
X-FastCGI-Cache
X-XRDS-Location
TCN
X-Kinsta-Cache
X-NWS-LOG-UUID
X-Logged-In
Access-Control-Request-Method
X-Goog-Metageneration
X-Goog-Stored-Content-Length
SPIisLatency
SPRequestDuration
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
S
X-Goog-Generation
DynaTrace
X-Acc-Meta-Resource-Type
X-Trace
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-Mrf-Item-Lastmod
MRF-Tech
X-Origin-Upstream-Status
X-Vcap-Request-Id
X-VCache
X-MSEdge-Ref
X-DIS-Request-ID
X-HW
Cleartype
Eomportal-Instance
X-Zen-Fury
X-Via-JSL
X-FTR-Balancer
X-FTR-Backend-Server
X-Country-Code-Real
Cache-Status
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-Expires
X-FTR-Realm
X-FTR-DC
Surrogate-Key
X-Frontend
Service-Worker-Allowed
Front-End-Https
X-IPLB-Instance
X-HS-Content-Id
X-Fastly-Request-ID
X-Cache-Rule
X-HS-Hub-Id
X-PressLabs-Stats
X-NF-Request-ID
X-SS-Set-Cookie
X-User-Agent
Server-Name
X-Forwarded-For
Tracecode
X-Request-Received
X-Request-Processing-Time
X-Hostname
X-Varnish-Backend
AR-SID
Backend-Timing
X-Analytics
Host
X-Cache-2
Fastcgi-Cache
FilterID
X-Wix-Server-Artifact-Id
X-AOL-HN
Rt-Fastcgi-Cache
Viewport
X-Whom
Public-Key-Pins-Report-Only
X-FTR-Cache-Host
TP-L2-Cache
TP-Cache
X-Revision
X-Content-Powered-By
X-Srv
X-Rid
X-Proxied
X-Sol
Alternate-Protocol
X-Middleton-Display
Display
X-Az
X-Activity-Id
Response
X-AppVersion
X-Middleton-Response
X-Debug-Info
ServerID
AMP-Access-Control-Allow-Source-Origin
X-Debug
X-URL
X-Oneagent-Js-Injection
X-Ser
X-Daa-Tunnel
X-Contextid
X-Akam-SW-Version
X-Cached-By
X-Cache-Control
X-Magnolia-Registration
X-Cache-Server
X-WPE-Loopback-Upstream-Addr
X-Mobile
Ar-Sid
Server-Info
X-Webkit-Csp
HitType
HitInfo
X-Page-Id
Accept-Charset
Refresh
X-FB-Debug
X-RateLimit-Remaining
Cache-Tag
MicrosoftSharePointTeamServices
X-Cache-Age
X-Varnish-Grace
X-Framework
X-Geo-Country
X-Generated-By
X-LB-Cache
X-App-Server
Retry-After
X-Origin-Server
X-Varnish-Hostname
X-Content-Security-Policy-Report-Only
Upgrade-Insecure-Requests
X-Instance
X-Accel-Expires
X-PHP-Backend
X-Request-Guid
Source
X-B-Cache
X-Signature
X-Cache-Operation
X-BCube-Filmed-By
X-TT
Server-Node
X-App-Environment
X-Handled-By
Host-Header
X-Cache-Key
X-Device-Type
AR-Request-ID
X-Amz-Meta-S3cmd-Attrs
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Newrelic-App-Data
X-Tumblr-User
X-Platform-Server
X-Hyper-Cache
X-B3-Traceid
Powered-By-ChinaCache
X-NewRelic-App-Data
X-Akamai-Edgescape
X-WA-Info
Liferay-Portal
X-XRDS-LOCATION
X-TT-TIMESTAMP
Accept-CH
X-CACHE-GROUP
X-Correlation-Id
X-Fastcgi-Cache
DC
X-Cache-Action
X-Amzn-Trace-Id
X-Drupal-Cache-Tags
X-Node-Name
X-B3-Sampled
Fastly-Restarts
X-Port
X-APP-VERSION
X-ATG-Version
Webserver
X-Cluster
X-GUploader-UploadID
X-Varnish-Server
X-Edge-Location
NGB
X-Accel-Buffering
X-S
X-Cacheable-TTL
X-GeoIP
X-Locale
X-Wix-Request-Id
X-Seen-By
Filters
X-Jobs
ServedBy
X-WebKit-CSP-Report-Only
X-Source
X-RequestSource
X-FW-Server
X-FW-Type
X-FW-Serve
X-FW-Hash
X-FW-Static
X-Amz-Replication-Status
Actual-Object-TTL
X-Varnish-Hits
GEO-INFO
AsisCache
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Region
X-Guploader-Uploadid
MS-CV
X-Distil-CS
X-Cache-TTL-Remaining
X-RTag
X-Wix-Petri-Ex
X-UA-Device-Type
S-Cnection
X-Edge-Cache-Key
X-Edge-Cache
Cache
X-Webkit-CSP
X-UA
X-Adobe-Content
X-Adobe-Loc
X-Cache-Config
Content-Script-Type
Content-Style-Type
HostName
X-Servedby
X-Cache-Remote
Served-By
X-Dynatrace-Js-Agent
Country
X-TA-CDN-Provider
X-Vg-Webcache
Datacenter
X-Ocache
X-Sucuri-ID
X-Unique-ID
X-Ruxit-Js-Agent
X-Status
X-Drupal-Cache-Contexts
X-Esi
X-TX-ID
X-Varnish-IP
X-Correlation-ID
X-Amz-Server-Side-Encryption
X-Microcachable
X-RateLimit-Limit
PageSpeed
X-UUID
IBM-Web2-Location
X-GZip
X-DataStream-Cache-Status
X-Ezoic-Cdn
Xserver
X-Akamai-Transformed
Healthy
X-Internal-Host
Ohc-File-Size
X-Agile-Id
X-Agile
X-Mode
X-Agile-Age
Machine
Access-Control-Allow-Method
Load-Balancing
Meta-Geo
X-App-Name
X-Akamai-Request-ID
X-Generated
X-IP
X-Grey
X-ProxyCache-Key
X-Is-Bot
X-JoinUs
X-ProxyCache-Status
X-Rendered-As
X-RN-RSRV
X-Detected-As
X-Vgn-Hpd-Reason
X-CCM
X-Cache-Category-Id
X-BYPASS-REASON
X-TNCMS
X-NGENIX-Cache
X-ServerID
X-Origin
Mn-Server-Ip
User-Cache-Control
X-Xfnlog-Site
Selected-FE
X-Loop
X-Proxy-Build
X-Debug-Cache
X-Time-Microsecs
X-Instance-Name
X-Timing-Wait
L5d-Success-Class
X-Web-Node
Payment
X-OVcl-Cache
X-BB-IP
Cache-Key
Cache-Name
S-Rt
X-Varnish-Cache-Hits
X-Human
X-Content-Type
ServerName
X-Varnish-Cacheable
X-NodeID
X-Real-IP
X-Upgrade-Enabled
X-OVcl
X-Backend-Name
X-PERF
X-Viewer-Country
X-RemovedCookies
X-ProcessESI
X-Hosted-By
X-ApacheServer
User-Agent
X-Rocket-Nginx-Bypass
X-PCL
X-Original-Request
Now
X-FC-Vary-Parameters
X-EIG-Tracking-Id
X-Tb
DB-Nickname
X-OCL
X-Site-Version
X-CDN-Cache
Backend
X-PC-AppVer
X-PC-Key
X-PC-Hit
TWC-Device-Class
TWC-GeoIP-Country
TWC-Locale-Group
TWC-Connection-Speed
Property-Id
X-Www-Served-By
X-VWS-Id
X-Via-Fastly
TWC-Privacy
X-TWH-CORRELATION-ID
Webcakes-App-Version
X-AWS-Id
X-Origin-Hint
X-LJ-Flow-ID
X-Distributor
X-Section
X-SplitTest
X-Yottaa-Metrics
Webcakes-Region
X-Access
Webcakes-App-Name
TWC-GeoIP-LatLong
Access-Control-Request-Headers
Azure-SlotName
Azure-InstanceId
Azure-RegionName
X-Yottaa-Optimizations
Azure-SiteName
Azure-Version
X-Origin-CC
X-Pubstack
X-PC-Host
X-Oracle-Dms-Rid
X-Zipkin-Id
X-PC-Date
Dont-Set-Cookie
X-Routing-Service
X-Oracle-Dms-Ecid
X-NCache
X-Amz-Meta-Surrogate-Control
X-Format
X-CDN-Forward
X-Storage
X-Time
Ms-Operation-Id
X-Proxy
X-Cache-Backend
X-L-Path
X-Environment-Context
LB
X-Path-Route
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
SRV
WZWS-RAY
X-Connection-Hash
X-Transaction
Cteonnt-Length
X-Twitter-Response-Tags
Pagespeed
Countrycode
X-Qnm-Cache
Edge-Cache-Tag
X-Sucuri-Cache
X-Webstats-RespID
X-HS-Cache-Config
X-M-Reqid
X-M-Log
X-SERVER-NAME
X-Hit
X-Proto
X-Optimization
X-Labrador-Cache-Channel
X-Ah-Environment
X-Generation-Time
X-Cache-HT
X-Amzn-RequestId
X-Cache-Ttl
X-Amz-Apigw-Id
X-B3-Spanid
X-V
X-Real-Ip
X-Release
X-Varnish-Beresp-Status
X-MP-GENERATED-AT
X-Birta-Cache-Post
X-Birta-Served
X-Meta-Tbi-Cache-Vertical
X-Varnish-Beresp-Grace
NnCoection
X-Newrelic-Synthetics
Apicache-Version
Apicache-Store
X-Varnish-Beresp-Ttl
X-Cache-Enabled
Fastly-SSL
X-Nc
Cache-Hits
ProcessTime
X-Cache-NE
X-Tumblr-Pixel-3
X-C
From-Origin
X-SERVER
X-App-Version
MI-Cache
Decoy-Debug-TTL
Rendered-Blocks
Request-EU
Request-Country
Ec-Rule-Version
MI-Cache-Age
GMS-Ver
X-CF-Lambda-Fn
MD5-Digest
Kp-EeAlive
Httpd-Identifier
Host-ID
Fly-Request-Id
Resin-Trace
Meta-Geo-Continent
Fly-Cache
Thinkindot-CacheControl
Warning
X-A-Wwc
VivaBuild
X-Accel-Expires-Debug
Viewtype
Web-Mar-Node
X-A
X-A-Dgt
X-A-Dcw
X-A-Dam
X-A-Ccd
V-Age
X-Alternate-Cache-Key
T-Server
X-BB-ID
SN
Server-ID
Server-Host
X-B-Cookie
X-ARC
X-Application
True-Client-Country-4JS
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Cache-URL
X-Matched-Rule
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-SRCache-Key
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-ShopId
X-ShardId
X-ScT
X-S-Maxage
X-Server-By
X-Server-Time
X-Sf
X-ServiceProvider
X-Thinkindot-L3
X-Trv-Group
X-We-Are-Hiring
X-Via-SSL
X-WebServer
X-Wix-Route-ID
Xc-Version
X-Worker
X-Via-Edge
X-Via-CDN
X-UE-Client-Country
X-TT-LOGID
X-Upstream-CT
X-Upstream-HT
X-VG-WebServer
X-S-Cookie
X-Rojux
X-Env
X-Edge-Server
X-Fetched-On
X-From
X-Generated-In
X-G
X-DPWN-IS-SECURE
X-Dispatcher-Server
X-Date
X-D
X-Destination
X-Developer
X-Died
X-Hl-Ver
Decoy-Debug-Status
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-RCS-CacheZone
X-Region-Sid
X-Rewrite-Enabled
X-Response-By
X-Planisys-CDN-Cache
X-PAYTM-SRV-ID
X-NU-AKA-ACS-Version
X-MI-In-Market
X-Org
X-Origin-Date
X-Origin-Expires
X-CF-Lambda-Version
Www
X-EdgeConnect-Cache-Status
Cdn-Request-Time
Cache-Prefix
NODE
BehaviorPad-Version
Decoy-Debug-Key
Cdn-Host
Country-Code
X-Dc
Cneonction
X-Rule
X-ServedBy
X-Backend-State
X-Backend-Host
Frame-Options
X-Block-Status
X-Cache-Host
X-Cache-CFC
X-Kong-Proxy-Latency
X-Backend-Url
Uber-Trace-Id
RNT-Time
RNT-Machine
Apple-News-Services-Handled
Apple-News-Services-Host
Ajk
Adler-Geo
X-Request-URI
X-SIPLIST1
Server-Int
X-Kong-Upstream-Latency
X-Content-Age
X-IN-SSL-APIGATEWAY
X-IN-APIGATEWAY
X-Hnp-Log
X-Hash
X-IN-WAF
X-Logtrace-Id
X-Origin-TTL
X-Node-Id
X-No-Session
X-GeoIP-Country-Code
X-GeoIP-City
NtCoent-Length
X-Crawler
X-Server-IP
X-Clientip
Apple-News-Services-Parsed-Url
X-Device-Os
X-Gen-Mode
X-VServer
X-Fstrz
Ws
X-CS
MI-API
CDCHOST
Platform
Apple-News-Services-Request-Url
NGX
On-Server
Pragrma
Proxy-Connection
Fastly-Backend-Name
Release
IsBot
Is-Eu
X-ElasticPress-Search
X-GRACE
X-Epic-Correlation-Id
X-Eu-Site
Request-Time
Cache-Tags
Fastly-SIE
HA-Urlpath
HA-Servedtime
HA-Georegion
Ha-Gx-Prefs
HA-Host
HA-Ipaddr
Heartbleed
X-Developers
AKAMAI
X-Core-Mission
X-CGP
WWW-Authenticate
X-Cdn-Origin
X-Core-Value
X-Croise-Owner
Fastly-SWR
HTTPS
Get-Access-Time
Is-Session-Tracking
X-HCF
X-VG-TLSProxy
X-Returned-From
X-Returned-From-BeforeDispatch
X-Redis-Cache
X-Reboot
X-UnsetCookies
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
Content-Disposition
X-Swa-Ws
X-Trace-Id
XServer
X-Up
X-Platform
HA-Geocity
HA-Cloudapp
HA-Geocountry
HA-Geolat
HA-Geolon
X-Ver
X-Varnish-HitMiss
X-Passed-To-PostProcessResponse
X-Passed-To-DLL
X-Passed-To-BeforeDispatch
X-Passed-To
X-Debug-Cookies
X-FireWall-Port
X-Forwarded-Host
X-Alicdn-Da-Ups-Status
Backend-Name
X-Actual-URL
X-Cache-ASPX
Origin
X-NX-Host
X-Nginx-Cache
Origin-Edge-Control
Odigeo-Trace-Id
X-Powered-By-ANYU
PFcat
X-Amz-Meta-Cache-Control
X-Cache-Bucket
X-Sn-Servicetimems
Origin-Cache-Control
X-Response-Served-From
X-Cache-Expires
X-Rebelmouse-Surrogate-Control
X-Cache-Control-Set-By
X-Debug-Log
X-Rebelmouse-Cache-Control
X-HS-Combine-CSS
X-Atg-Version
X-B3-TraceId
Time
X-NC
X-Var-Ttl
X-Phone
Who
X-Cdn-Forward
X-Key
X-GoCache-CacheStatus
X-Refresh
X-Location
X-From-Cache
RequestId
X-Cache-FS-Status
X-Wikidot-Static-Cache
X-Skip-Cache
X-Server-Group
X-Cache-Srv
X-Stale
X-Cache-TTL
X-Backend-TTL
X-Fastly-Cache
Powered-By
X-Owner
X-Wikidot-Backend
X-F5-Cache
Esi-Enabled
X-Ckpd-Fst-Backend
X-Cdn-Srv
Dnion-Transfer-Encoding
X-Ms-Blob-Type
X-Ms-Lease-Status
X-Ms-Request-Id
X-Ms-Version
NodeID
X-CUA
X-P-T
Fastly-Soc-X-Request-Id
X-Geo
X-Edge-IP
X-Req
X-Csrf-Token
Accept-CH-Lifetime
X-Info
We-Hiring
Mail-Subject
X-Servername
Ohc-Response-Time
X-MSEdge-Features
X-Pjax-Url
X-MSEdge-Flight
X-Micro-Cache
MIME-Version
X-BBXSRF
X-NWS-UUID-VERIFY
X-Pc-Appver
X-Request-Time
X-Pc-Key
Section-Io-Cache
X-Cache-Time
X-Pc-Hit
X-Pf-Uncompressing
X-Page-Type
X-Varnish-Url
X-Ua
WP-Super-Cache
Dynatrace
X-Litespeed-Cache
X-WR-MODIFICATION
X-COUNTRY
Cdn
X-External-Request-Id
X-Pc-Host
X-Pc-Date
X-TIME
X-User
X-Varnish-Action
X-Servedbyhost
CF-IPCountry
X-Aicache-OS
Mime-Version
X-CSRF-Token
Magicmarker
PageType
PICS-Label
X-LiteSpeed-Cache-Control
X-DC
X-CCM-LastModified
X-Request-UUID
FastCGI-Cache
X-GEO
X-Cache-Handler
X-Variation
Geoip-Latitude
UCS
GeoIp-Country-Code
GW-Server
Geoip-City
X-CACHE-KEY
CDN
X-Dynatrace
X-Ibm-Trace
X-GDPR
X-Fastly-Backend-Reqs
X-Varnish-Beresp-TTL
Pagetype
Version
Sid
Arc-Country
X-Irp-Debug
CACHE
Rt-Proxy-Cache
X-TId
Cartoon
X-Varnish-Id
X-Server-W
X-Cache-Id
X-Gdpr
X-HTML-Minification-Powered-By
Node
Processtime
X-Bip
GeoIP-Country-Code
X-Nananana
GeoIP-City
GeoIP-Latitude
Memcached
X-Shard
X-Wa
X-Thanos
X-Load-Cache
X-Layer
COMMERCE-SERVER-SOFTWARE
X-FW-Version
X-StackifyID
Memory
X-BE
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
If-Modified-Since
X-Nginx-Cache-Key
X-UPSTREAM-Address
Pics-Label
X-Sentry-ID
X-ServedByHost
X-Ig-Deployment-Stage
X-Via-NSCOPI
RATING
DataCenter
X-Varnish-Ttl
Hostname
URI
X-Gen-Id
X-Varnish-URL
Sta2Tusw
X-Akamai-Request-ID2
X-Auto-Login
X-Proxy-Server
X-Be
X-FORWARDED-FOR
X-Secret
X-Gannett-Site-Version
X-Datadome
X-Fastly-Cache-Hits
X-Frame-Option
X-SRV
X-NGINX-Cache
X-PAGE-TYPE
Cf-Ipcountry
Lb
Srv
X-Cache-Var
X-Cache-Var-Map
X-Tid
X-DataStream-Origin-MEX-Latency
X-Cluster-Node
X-DataStream-MidMile-RTT
Mobile-Detection-Method
SD-X-WS
X-Nf-Srv-Version
X-Ratelimit-Remaining
OT-Force-Account-Verify
X-PJAX-URL
X-VCT
X-PF-Uncompressing
X-ID
X-Store
X-Ratelimit-Limit
X-GZIP
X-Dw-Trace-Id
X-CacheKey
Fastcgi-Useragent
Fastcgi-X-Cache
Fastcgi-X-Cache-Version
X-Litespeed-Cache-Control
X-APP
X-Feature
Cache-Provider
X-EC-Security-Audit
X-B3-SpanId
X-WA
Xet-Cookie
Serverid
X-VC
X-SB
X-Policy
X-Endurance-Cache-Level
X-Hail-Hydra
Pramga
X-CDN-Pop-IP
X-CDN-Pop
V-Cache
X-RAMCache
X-Akamai-ERPolicy
X-Distil-Cs
X-Bug-Bounty
Group
X-Akamai-ERRuleID
X-Fe
Powered
X-Surge-Debug
X-Mrs-Cache
X-Mshield-Cache-Status
X-Ratelimit-Reset
X-Mrs-Cache-Hits
X-Check-Cacheable
X-Mrs-Age
REQUESTUUID
X-Cookie
X-VG-WebCache
X-ServerName
X-Varnish-ID
Requestid
X-Grace-Duration
X-Unique-Id
X-Haproxy-Ip
X-Haproxy-Hostname
X-SD-PageType
X-Request-Start
X-Public