Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Timer
CF-Cache-Status
X-Request-Id
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Xss-Protection
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Request-ID
X-Check
X-AspNetMvc-Version
Status
X-Cache-Status
X-Adblock-Key
Timing-Allow-Origin
X-Iinfo
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-Template
Content-Encoding
X-Language
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
Keep-Alive
X-Buckets
Xkey
X-Backend
X-Cache-Group
X-AH-Environment
WPE-Backend
Access-Control-Max-Age
X-Pass-Why
X-Age
X-Server
CF-Ray
Upgrade
X-POWERED-BY
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Pingback
X-Drupal-Dynamic-Cache
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Grace
X-Hacker
X-Amz-Request-Id
X-Amz-Id-2
X-UA-Device
Ali-Swift-Global-Savetime
X-Robots-Tag
Cf-Railgun
P3p
X-LiteSpeed-Cache
X-Envoy-Upstream-Service-Time
X-Proxy-Cache
X-Page-Speed
X-Ua-Compatible
Request-Context
Content-Location
X-Device
X-Ac
X-Node
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cnection
X-Host
X-Cache-Lookup
X-Amz-Version-Id
Surrogate-Control
X-Server-Id
X-WebKit-CSP
X-Backend-Server
X-Rack-Cache
X-Rq
X-Response-Time
X-Application-Context
X-Readtime
X-CST
EagleEye-TraceId
X-Dns-Prefetch-Control
Pinterest-Generated-By
Server-Timing
X-Url
X-Cloud-Trace-Context
X-TTL
X-OneAgent-JS-Injection
X-Instart-Request-ID
Request-Id
X-Px
Report-To
X-Country
X-ORACLE-DMS-ECID
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Feature-Policy
Rating
Edge-Control
X-Country-Code
Allow
X-DynaTrace-JS-Agent
Charset
X-Server-Name
X-Powered-CMS
X-FTR-Request-ID
X-DataDome
X-PC
X-Vname
X-TtlSet
X-ESI
X-Origin-Cache
X-DynaTrace
NEL
X-MS-InvokeApp
X-ORACLE-DMS-RID
X-Goog-Hash
X-Recruiting
X-Varnish-TTL
X-Cached
X-VARITI-CCR
X-Vhost
X-GitHub-Request-Id
Content-MD5
RTSS
X-Version
X-F-Cache
X-Kinja
X-Kinja-Revision
X-Exp-Variant
X-Geo-Segment
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Server
X-Kinja-Build
X-Powered-By-Plesk
Public-Key-Pins
PB-RID
PB-PID
Pinterest-Version
Arc-Version
X-Pinterest-Rid
X-Upstream-Env
X-Mobile-Rewrite
X-Mod-Pagespeed
X-CF-Powered-By
Verso
Accept-CH
X-D2id
X-Client-IP
SPRequestGuid
X-Abt-Application-Version
MS-Author-Via
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-N
X-Dispatcher
X-SharePointHealthScore
AR-ATIME
AR-PoweredBy
X-Amz-Rid
AR-CACHE
X-HeyJason
Permitted-Cross-Domain-Policies
X-Do-Not-Hack
X-Navigation-Version
X-T
X-TEC-API-VERSION
X-TEC-API-ORIGIN
Nginx-Cache
X-TEC-API-ROOT
DynaTrace
Accept-CH-Lifetime
X-Dw-Request-Base-Id
X-Trace
Paypal-Debug-Id
X-Fastly-Request-ID
X-Upstream
X-Grace
Arr-Disable-Session-Affinity
X-Varnish-Age
X-Hits
TCN
X-FastCGI-Cache
X-Forwarded-Proto
X-Amz-Meta-S3cmd-Attrs
X-Id
X-Shield-Request-Id
X-DIS-Request-ID
X-Origin-Upstream-Status
X-Pad
SPRequestDuration
SPIisLatency
X-Content-Options
X-Ruxit-JS-Agent
X-Cache-Hit
AR-SID
X-Content-Digest
X-Logged-In
Realpath
Access-Control-Request-Method
X-IPLB-Instance
X-Kinsta-Cache
X-Acc-Meta-Resource-Type
X-NF-Request-ID
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
MRF-Tech
X-B
X-XRDS-Location
X-Server-ID
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-SS-Set-Cookie
X-Vcap-Request-Id
X-HW
S
X-Debug
X-MSEdge-Ref
Service-Worker-Allowed
X-Ser
Server-Name
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Realm
X-PressLabs-Stats
X-FTR-Balancer
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Backend
X-Frontend
X-Wix-Server-Artifact-Id
Tracecode
X-FTR-Expires
X-Cache-Key
X-NewRelic-App-Data
AMP-Access-Control-Allow-Source-Origin
Rt-Fastcgi-Cache
Fastcgi-Cache
Eomportal-Instance
X-GUploader-UploadID
X-Forwarded-For
Alternate-Protocol
X-Oneagent-Js-Injection
Surrogate-Key
X-Cache-Rule
Cleartype
Cache-Status
X-Srv
X-HS-Hub-Id
X-HS-Content-Id
X-NWS-LOG-UUID
X-Analytics
Backend-Timing
X-VCache
Host
TP-Cache
X-Revision
TP-L2-Cache
X-User-Agent
FilterID
X-Rid
X-Whom
X-FTR-Cache-Host
Fastly-Restarts
X-Debug-Info
Public-Key-Pins-Report-Only
X-AOL-HN
X-Akam-SW-Version
ServerID
X-Cache-2
X-Varnish-Backend
X-Via-JSL
X-RateLimit-Remaining
X-Content-Powered-By
X-Accel-Buffering
X-Request-Processing-Time
X-Request-Received
Accept-Charset
X-Webkit-CSP
X-Zen-Fury
Front-End-Https
X-Cdn
X-Mobile
Viewport
X-Kinja-Server-Push
X-Oracle-Dms-Rid
X-Ttl
X-Cached-By
X-WPE-Loopback-Upstream-Addr
X-Node-Name
Liferay-Portal
X-XRDS-LOCATION
X-App-Environment
X-LB-Cache
X-B3-Traceid
X-Tumblr-Pixel
X-Varnish-Hostname
X-Tumblr-User
Host-Header
X-Tumblr-Pixel-0
X-Cluster
X-Cache-Control
X-Magnolia-Registration
X-Page-Id
X-Content-Security-Policy-Report-Only
X-Hostname
X-Handled-By
X-Request-Guid
X-Device-Type
X-Framework
X-TT
Cache-Tag
X-Akamai-Edgescape
X-B3-Sampled
X-B-Cache
X-FB-Debug
X-BCube-Filmed-By
X-Instance
X-Platform-Server
X-Signature
Upgrade-Insecure-Requests
DC
X-Cache-Server
X-Origin-Server
X-TT-TIMESTAMP
Server-Node
Source
X-Correlation-Id
Retry-After
X-TA-CDN-Provider
MicrosoftSharePointTeamServices
X-Amzn-Trace-Id
X-WA-Info
X-Accel-Expires
X-Contextid
X-Servedby
Server-Info
HitType
HitInfo
X-Cache-Action
X-APP-VERSION
X-Varnish-Server
X-Cache-Operation
X-Middleton-Display
Display
X-Sol
X-Distil-CS
X-Daa-Tunnel
X-Port
X-Amz-Replication-Status
X-Generated-By
AsisCache
X-Edge-Location
X-Esi
X-Geo-Country
X-Seen-By
X-GeoIP
X-Wix-Request-Id
X-Hyper-Cache
X-S
X-RequestSource
X-Tumblr-Pixel-1
GEO-INFO
Content-Script-Type
X-Tumblr-Pixel-2
Content-Style-Type
X-WebKit-CSP-Report-Only
X-TX-ID
Webserver
X-Locale
Actual-Object-TTL
ServedBy
X-Status
X-Varnish-Hits
X-Region
X-UUID
X-Response-Served-From
X-FW-Hash
X-Edge-Cache-Key
X-Jobs
Healthy
X-FW-Serve
X-Edge-Cache
X-FW-Type
X-FW-Static
X-FW-Server
User-Agent
X-Adobe-Content
X-Drupal-Cache-Tags
X-Adobe-Loc
SRV
X-Varnish-Grace
X-DataStream-Cache-Status
X-Newrelic-App-Data
Filters
S-Cnection
Refresh
X-Amz-Server-Side-Encryption
X-Yottaa-Metrics
X-Yottaa-Optimizations
NGB
IBM-Web2-Location
X-Proxied
X-Cache-TTL-Remaining
X-Fastcgi-Cache
X-Middleton-Response
Response
X-Cache-Age
AR-Request-ID
X-Activity-Id
X-AppVersion
X-Az
Cache
X-App-Server
X-Cache-NE
X-CDN-Forward
X-Content-Type
X-Cache-Remote
X-Pc-Hit
Payment
X-Pc-Key
X-Pc-Appver
X-Correlation-ID
X-Cacheable-TTL
X-Unique-ID
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Cache-TTL
X-ATG-Version
X-Ruxit-Js-Agent
Datacenter
Served-By
X-UA
X-Vg-Webcache
Country
X-Mode
X-Akamai-Transformed
Edge-Cache-Tag
X-HS-Cache-Config
X-Real-IP
X-Sucuri-ID
X-Detected-As
Meta-Geo
Machine
X-Is-Bot
Load-Balancing
X-RN-RSRV
X-Rendered-As
X-Varnish-IP
X-ProxyCache-Status
User-Cache-Control
X-Rocket-Nginx-Bypass
X-RemovedCookies
X-ProxyCache-Key
X-OCL
X-BYPASS-REASON
X-Proxy
X-PCL
X-FC-Vary-Parameters
X-ProcessESI
X-Amz-Meta-Surrogate-Control
X-Viewer-Country
Webcakes-App-Version
TWC-Locale-Group
X-Human
TWC-Privacy
X-BB-IP
Webcakes-App-Name
Backend
Webcakes-Region
Access-Control-Allow-Method
X-ApacheServer
TWC-GeoIP-Country
Now
Property-Id
TWC-Connection-Speed
X-Grey
X-Origin
X-EIG-Tracking-Id
X-Cache-Config
X-Origin-Hint
X-Debug-Cache
Mn-Server-Ip
X-Hosted-By
X-PERF
Cache-Key
TWC-GeoIP-LatLong
X-ServerID
X-Tb
X-Cache-Category-Id
Cache-Name
TWC-Device-Class
L5d-Success-Class
X-Pubstack
X-Varnish-Cacheable
DB-Nickname
X-Source
Azure-SiteName
Azure-SlotName
X-NodeID
X-Loop
Azure-Version
Azure-InstanceId
X-OVcl-Cache
X-OVcl
X-Original-Request
Access-Control-Request-Headers
X-L-Path
X-JoinUs
X-Backend-Name
S-Rt
ServerName
X-Access
X-CCM
X-CDN-Cache
X-Hit
X-Generated
X-Format
X-Environment-Context
X-Routing-Service
Azure-RegionName
X-Upgrade-Enabled
X-Via-Fastly
X-TNCMS
X-Varnish-Cache-Hits
X-Zipkin-Id
X-Site-Version
X-Section
X-NGENIX-Cache
HostName
X-App-Name
X-Xfnlog-Site
X-IP
X-Rule
Selected-FE
X-Agile-Id
X-Agile
X-Proxy-Build
X-Agile-Age
X-Timing-Wait
X-TWH-CORRELATION-ID
X-Ocache
X-HS-Combine-CSS
X-Origin-CC
X-Drupal-Cache-Contexts
X-Storage
X-Cache-Var
X-Cache-Var-Map
X-Akamai-Request-ID
X-AWS-Id
X-VWS-Id
X-SplitTest
X-Pc-Host
X-Pc-Date
X-LJ-Flow-ID
X-Www-Served-By
X-URL
X-Upstream-CT
X-Upstream-HT
X-RateLimit-Limit
X-NC
X-Vgn-Hpd-Reason
X-Time-Microsecs
OT-Force-Account-Verify
X-Nginx-Cache
From-Origin
X-Mrs-Cache
X-Mrs-Cache-Hits
X-UA-Device-Type
X-Mrs-Age
X-Mshield-Cache-Status
XServer
X-NCache
X-Litespeed-Cache
X-Internal-Host
Fastcgi-X-Cache-Version
Fastcgi-X-Cache
X-Microcachable
Fastcgi-Useragent
X-Amz-Apigw-Id
X-Amzn-RequestId
Powered-By-ChinaCache
X-Forwarded-Host
X-PHP-Backend
X-Distributor
Fastly-SSL
X-Release
X-M-Reqid
X-Feature
X-Qnm-Cache
X-Varnish-Beresp-Status
X-M-Log
X-Varnish-Beresp-Grace
X-Iejgwucgyu
LB
X-Ms-Lease-Status
X-Ms-Blob-Type
Pagetype
X-Ms-Version
X-Ms-Request-Id
X-Birta-Cache-Post
X-Birta-Served
X-Cache-Backend
Pagespeed
X-Labrador-Cache-Channel
X-EdgeConnect-Cache-Status
X-Connection-Hash
X-Twitter-Response-Tags
X-Transaction
NtCoent-Length
MIME-Version
X-VG-TLSProxy
X-Instance-Name
X-V
X-Webkit-Csp
X-Ah-Environment
Frame-Options
X-B3-Spanid
Time
X-Web-Node
X-GZip
Ar-Sid
X-Varnish-Beresp-Ttl
X-C
X-Hnp-Log
Fly-Cache
X-Generated-In
X-From
IsBot
X-G
Host-ID
X-Generation-Time
X-Gen-Mode
Fly-Request-Id
X-IN-APIGATEWAY
X-No-Session
Ajk
X-NU-AKA-ACS-Version
X-SIPLIST1
X-SRCache-Key
X-Org
AKAMAI
X-Logtrace-Id
X-IN-SSL-APIGATEWAY
MD5-Digest
X-Irp-Debug
Cache-Prefix
Arc-Country
BehaviorPad-Version
Ec-Rule-Version
X-DPWN-IS-SECURE
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-A-Dam
X-A-Ccd
Www
X-A
X-Accel-Expires-Debug
X-CF-Lambda-Version
X-BB-ID
X-Block-Status
X-Cache-Bucket
X-B-Cookie
X-ARC
X-CF-Lambda-Fn
X-Application
Web-Mar-Node
VivaBuild
X-Died
X-Developer
X-Destination
Rendered-Blocks
X-Dispatcher-Server
NGX
Cneonction
Server-Int
T-Server
V-Age
Viewtype
X-CS
X-CUA
X-Date
X-D
Meta-Geo-Continent
X-IN-WAF
X-Via-Edge
X-Via-CDN
X-VG-WebServer
X-Via-SSL
X-WebServer
Xc-Version
X-Server-By
X-ScT
X-Redis-Cache
X-Rewrite-Enabled
X-UE-Client-Country
X-Rojux
X-S-Cookie
X-Request-UUID
X-Region-Sid
X-Request-URI
X-Server-Time
X-Trv-Group
X-PAYTM-SRV-ID
X-Powered-By-ANYU
X-Sucuri-Cache
X-FireWall-Port
X-SERVER-NAME
WZWS-RAY
PageSpeed
X-VServer
X-External-Request-Id
NodeID
X-F5-Cache
X-Eu-Site
X-ElasticPress-Search
X-RCS-CacheZone
Origin-Edge-Control
Origin-Cache-Control
MI-Cache-Age
On-Server
X-Fastly-Cache
X-Wikidot-Static-Cache
HA-Urlpath
HA-Servedtime
HA-Ipaddr
X-Wikidot-Backend
Kp-EeAlive
X-We-Are-Hiring
Pragrma
Magicmarker
MI-API
X-NX-Host
X-Core-Value
X-Crawler
X-S-Maxage
True-Client-Country-4JS
Cteonnt-Length
X-Var-Ttl
X-Cache-Enabled
X-UnsetCookies
X-Amz-Meta-Cache-Control
X-CGP
X-Owner
X-Varnish-Action
Request-EU
Request-Country
HA-Host
Release
Request-Time
Server-Host
X-Origin-TTL
SN
X-Debug-Cookies
X-Debug-Log
Proxy-Connection
MI-Cache
Country-Code
X-ServiceProvider
X-RateLimit-Remaining-Second
X-HTML-Minification-Powered-By
Decoy-Debug-Key
Esi-Enabled
Decoy-Debug-TTL
Decoy-Debug-Status
X-Cache-CFC
X-RateLimit-Limit-Second
X-Layer
X-MI-In-Market
X-Platform
Backend-Name
X-Sf
X-Key
CDCHOST
Ha-Gx-Prefs
X-Hl-Ver
Cache-Tags
X-Node-Id
HA-Geocity
HA-Cloudapp
GMS-Ver
HA-Georegion
HA-Geolat
HA-Geolon
HA-Geocountry
Mobile-Detection-Method
X-Phone
X-Webstats-RespID
X-HOST
X-NWS-UUID-VERIFY
X-App-Version
X-Variation
X-MSEdge-Flight
X-Content-Age
X-Stale
X-Clientip
X-Returned-From
X-Response-By
X-Returned-From-BeforeDispatch
X-ShardId
X-Ckpd-Fst-Backend
X-Cdn-Origin
X-Cache-Expires
X-Cache-Host
X-ShopId
X-Passed-To
X-Passed-To-DLL
X-Shopify-Stage
X-Cache-Srv
X-Cache-URL
X-Up
X-Returned-From-DLL
X-Cdn-Srv
X-MSEdge-Features
X-Tumblr-Pixel-3
X-Returned-From-PostProcessResponse
X-Nginx-Cache-Key
X-TT-LOGID
X-Secret
X-Worker
X-Fetched-On
X-Passed-To-BeforeDispatch
X-Device-Os
X-Sn-Servicetimems
X-Skip-Cache
X-Epic-Correlation-Id
X-Trace-Id
X-Hash
X-Server-IP
X-VCT
X-GeoIP-City
X-Developers
X-Passed-To-PostProcessResponse
X-Request-Time
X-Location
X-GeoIP-Country-Code
X-Croise-Owner
X-Sorting-Hat-ShopId
X-Gannett-Site-Version
X-Swa-Ws
X-FW-Version
X-Fstrz
X-Reboot
X-Thinkindot-L3
X-Sorting-Hat-PodId
X-Matched-Rule
Uber-Trace-Id
Origin
PFcat
Odigeo-Trace-Id
Is-Eu
Heartbleed
Platform
Thinkindot-Control
Server-ID
Section-Io-Cache
RNT-Machine
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Fastly-Backend-Name
X-Actual-URL
Apple-News-Services-Handled
X-Backend-State
X-Backend-TTL
Adler-Geo
X-Backend-Url
RNT-Time
X-Backend-Host
Countrycode
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Alternate-Cache-Key
Apple-News-Services-Host
X-Csrf-Token
X-CACHE-AGE
X-Store
X-Core-Mission
Fastly-SIE
X-Oss-Request-Id
Fastly-SWR
X-Oss-Hash-Crc64ecma
Sid
X-Oss-Object-Type
X-Oss-Server-Time
X-Alicdn-Da-Ups-Status
X-Oss-Storage-Class
X-Servername
Content-Disposition
Resin-Trace
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Ua
CDN
WP-Super-Cache
X-Policy
HTTPS
X-Ezoic-Cdn
X-Cluster-Node
Powered
X-Pf-Uncompressing
X-Servedbyhost
X-Refresh
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
ProcessTime
X-Planisys-CDN-Cache
Warning
CF-IPCountry
REQUESTUUID
X-Proto
Xserver
ViewerVersion
RequestId
X-GEO
X-Atg-Version
Mail-Subject
X-Cache-ASPX
We-Hiring
X-Real-Ip
X-Dc
X-TIME
X-GoCache-CacheStatus
Dnion-Transfer-Encoding
X-Datadome
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-Endurance-Cache-Level
Cache-Cookie-Set-Lfrom
X-Req
X-Pjax-Url
NODE
X-B3-TraceId
X-Newrelic-Synthetics
X-DC
X-Surge-Debug
X-Varnish-Ttl
Hostname
X-Time
NnCoection
X-Origin-Expires
X-Server-W
X-Origin-Date
X-Page-Type
X-Edge-IP
X-CLOUD-TRACE-CONTEXT
GeoIp-Country-Code
X-Varnish-HitMiss
X-Aed
X-Cache-Control-Set-By
X-HCF
Geoip-Latitude
X-COUNTRY
X-Nc
X-Guploader-Uploadid
X-Ms-Lease-State
Pramga
X-CSRF-Token
X-Oracle-Dms-Ecid
X-Server-Group
TSSecure
SD-X-WS
X-Varnish-Beresp-TTL
Processtime
WWW-Authenticate
CACHE
MS-CV
X-Cdn-Forward
A
Geoip-City
X-Aicache-OS
X-Varnish-Url
X-Geo
X-Wix-Route-ID
X-ABtesting
X-Varnish-URL
X-Flog
X-Hello
PICS-Label
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-GRACE
X-Wa
X-Amz-Cf-Pop
X-WA
Dont-Set-Cookie
X-Ratelimit-Limit
Cdn-Host
Lfy
X-Edge-Server
X-Akamai-Request-ID2
X-Auto-Login
Cdn-Request-Time
Node
X-From-Cache
Cdn
X-Gdpr
Lb
FSS-Cache
FSS-Proxy
DataCenter
Ms-Operation-Id
X-Use-Magma
Mime-Version
X-RTag
X-Gen-Id
X-Sentry-ID
X-APP
GeoIP-Country-Code
GeoIP-Latitude
COMMERCE-SERVER-SOFTWARE
X-EC-Security-Audit
X-UPSTREAM-Address
X-WR-MODIFICATION
X-Nananana
X-Via-NSCOPI
X-PAGE-TYPE
X-SRV
X-Check-Cacheable
X-Cache-HT
Get-Access-Time
GeoIP-City
Is-Session-Tracking
X-Fastly-Backend-Reqs
X-Env
X-Optimization
Rt-Proxy-Cache
PageType
X-Load-Cache
X-Cookie
X-Served-From
X-Cache-Id
X-CACHE-KEY
Who
X-Unique-Id
X-Proxy-Server
X-Wix-Petri-Ex
X-GDPR
X-Bip
Memcached
X-Thanos
X-Cache-Info
X-Cache-FS-Status
X-Dynatrace-Js-Agent
X-Meta-Tbi-Cache-Vertical
X-Ver
X-FORWARDED-FOR
Ws
X-Ibm-Trace
X-MP-GENERATED-AT
X-Swift-Error
X-Request-Start
Memory
X-PJAX-URL
Httpd-Identifier
Pics-Label
X-Be
X-NGINX-Cache
Ohc-File-Size
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Cache-Ttl
Powered-By
X-HS-Status
X-B3-SpanId
X-Fe
X-Fastly-Cache-Hits
V-Cache
Group
X-RateLimit-Reset
X-Path-Route
UCS
Version
X-CDN-Pop
GW-Server
Requestid
X-CDN-Pop-IP
X-ServedByHost
X-Dw-Trace-Id
Cf-Ipcountry
URI
X-Shard
Amp-Access-Control-Allow-Source-Origin
X-ID
AGE-Hash
X-SB
X-VC
X-P-T
X-User
NX-Cache
X-GZIP
Xet-Cookie
X-LiteSpeed-Cache-Control
X-Bug-Bounty
X-PF-Uncompressing
Serverid
X-StackifyID
Apicache-Store
X-CacheKey
X-Ratelimit-Remaining
CDN-Cache-Hit
CDN-Node
Apicache-Version
Cache-Hits
CDN-Cache
X-Varnish-Info
Https
X-Akamai-ERPolicy
X-Akamai-ERRuleID
N-Cache
Ohc-Response-Time
Fastly-Soc-X-Request-Id
X-Grace-Duration
X-Goog-Meta-Goog-Reserved-File-Mtime
X-BE
X-RequestId
RequestUuid
X-Info
X-Flags
X-Providence-Cookie
X-ServerName
X-Cache-Handler
X-Litespeed-Cache-Control
X-Micro-Cache
X-SD-PageType
X-Is-Crawler
If-Modified-Since
X-Route-Name