Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Timer
CF-Cache-Status
X-Request-Id
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Xss-Protection
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Request-ID
X-Check
X-AspNetMvc-Version
Status
X-Cache-Status
X-Adblock-Key
Timing-Allow-Origin
X-Iinfo
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-Template
Content-Encoding
X-Language
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
Keep-Alive
Xkey
X-Buckets
X-Backend
X-AH-Environment
WPE-Backend
Access-Control-Max-Age
X-Pass-Why
X-Age
X-Cache-Group
X-Server
CF-Ray
Upgrade
X-POWERED-BY
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Pingback
X-Drupal-Dynamic-Cache
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Grace
X-Hacker
X-Amz-Request-Id
X-Amz-Id-2
X-UA-Device
Ali-Swift-Global-Savetime
X-Robots-Tag
Cf-Railgun
P3p
X-LiteSpeed-Cache
X-Envoy-Upstream-Service-Time
X-Proxy-Cache
X-Page-Speed
X-Ua-Compatible
Request-Context
Content-Location
X-Device
X-Ac
X-Node
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cnection
X-Host
X-Cache-Lookup
Surrogate-Control
X-Amz-Version-Id
X-Server-Id
X-WebKit-CSP
X-Backend-Server
X-Rack-Cache
X-Response-Time
X-Rq
X-Application-Context
X-CST
X-Readtime
EagleEye-TraceId
X-Dns-Prefetch-Control
Server-Timing
Pinterest-Generated-By
X-Cloud-Trace-Context
X-TTL
X-Url
X-Instart-Request-ID
X-OneAgent-JS-Injection
X-Px
Request-Id
Report-To
X-Country
X-ORACLE-DMS-ECID
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Feature-Policy
Rating
Edge-Control
Allow
X-Country-Code
X-DynaTrace-JS-Agent
Charset
X-DataDome
X-ESI
X-Server-Name
X-Powered-CMS
X-FTR-Request-ID
X-Vname
X-TtlSet
X-PC
X-Origin-Cache
X-DynaTrace
NEL
X-MS-InvokeApp
X-ORACLE-DMS-RID
X-Goog-Hash
X-Recruiting
X-Cached
X-VARITI-CCR
X-Varnish-TTL
X-Vhost
Content-MD5
X-GitHub-Request-Id
RTSS
X-Version
X-F-Cache
X-Cdn-Fetch
X-Geo-Segment
X-Exp-Id
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Server
X-Kinja-Build
X-Kinja
X-Powered-By-Plesk
Public-Key-Pins
X-CF-Powered-By
X-Pinterest-Rid
X-Upstream-Env
Pinterest-Version
PB-PID
PB-RID
X-Mod-Pagespeed
Arc-Version
X-Mobile-Rewrite
Verso
X-Client-IP
SPRequestGuid
X-D2id
X-Abt-Application-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Accept-CH
MS-Author-Via
X-N
Permitted-Cross-Domain-Policies
X-Do-Not-Hack
X-HeyJason
AR-PoweredBy
AR-ATIME
X-Dispatcher
X-SharePointHealthScore
AR-CACHE
X-Amz-Rid
X-Navigation-Version
X-T
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
DynaTrace
Nginx-Cache
Paypal-Debug-Id
X-Dw-Request-Base-Id
X-Trace
X-Upstream
X-Fastly-Request-ID
Arr-Disable-Session-Affinity
Accept-CH-Lifetime
X-Varnish-Age
X-Hits
TCN
X-Grace
X-Shield-Request-Id
X-Id
X-Forwarded-Proto
X-Amz-Meta-S3cmd-Attrs
X-DIS-Request-ID
X-Origin-Upstream-Status
X-FastCGI-Cache
X-Pad
X-XRDS-Location
SPIisLatency
SPRequestDuration
X-Cache-Hit
X-Content-Options
X-Cdn
X-Logged-In
X-Content-Digest
X-Ruxit-JS-Agent
Realpath
X-IPLB-Instance
X-Kinsta-Cache
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
MRF-Tech
X-Acc-Meta-Resource-Type
Access-Control-Request-Method
X-B
X-NF-Request-ID
AR-SID
X-Goog-Generation
X-Server-ID
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-SS-Set-Cookie
X-Vcap-Request-Id
X-HW
S
X-MSEdge-Ref
X-Debug
Service-Worker-Allowed
Server-Name
X-Ser
X-Country-Code-Real
X-PressLabs-Stats
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-DC
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-Balancer
X-Frontend
X-FTR-Expires
Fastcgi-Cache
Tracecode
X-Wix-Server-Artifact-Id
X-Cache-Key
Rt-Fastcgi-Cache
Eomportal-Instance
AMP-Access-Control-Allow-Source-Origin
X-GUploader-UploadID
Surrogate-Key
X-Webkit-CSP
Alternate-Protocol
X-Forwarded-For
X-Oneagent-Js-Injection
Cleartype
X-Cache-Rule
X-NewRelic-App-Data
Cache-Status
X-NWS-LOG-UUID
X-HS-Hub-Id
X-HS-Content-Id
Backend-Timing
X-Analytics
X-VCache
Host
X-Srv
X-User-Agent
X-Revision
TP-L2-Cache
TP-Cache
FilterID
X-Rid
X-FTR-Cache-Host
X-Whom
X-Debug-Info
Public-Key-Pins-Report-Only
Fastly-Restarts
X-Via-JSL
X-AOL-HN
X-Akam-SW-Version
X-Varnish-Backend
X-Cache-2
X-Content-Powered-By
X-RateLimit-Remaining
ServerID
X-Request-Processing-Time
X-Request-Received
X-Zen-Fury
Viewport
Accept-Charset
X-Accel-Buffering
X-Mobile
X-Kinja-Server-Push
Front-End-Https
X-WPE-Loopback-Upstream-Addr
X-Ttl
X-Oracle-Dms-Rid
Liferay-Portal
X-Node-Name
X-Cached-By
X-App-Environment
X-Hostname
X-LB-Cache
Host-Header
X-Page-Id
X-Cluster
X-Content-Security-Policy-Report-Only
X-Magnolia-Registration
X-Cache-Control
X-TT
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
X-Handled-By
X-Framework
X-B3-Sampled
X-Varnish-Hostname
X-Device-Type
Cache-Tag
X-Request-Guid
X-B-Cache
X-Signature
Upgrade-Insecure-Requests
X-Akamai-Edgescape
X-Platform-Server
X-Instance
X-BCube-Filmed-By
X-FB-Debug
DC
X-B3-Traceid
Server-Node
X-Origin-Server
X-Cache-Server
X-TT-TIMESTAMP
X-TA-CDN-Provider
Source
X-XRDS-LOCATION
Retry-After
MicrosoftSharePointTeamServices
X-Accel-Expires
X-WA-Info
X-Servedby
X-Contextid
HitType
HitInfo
Server-Info
X-Cache-Action
X-Varnish-Server
X-Cache-Operation
X-Amzn-Trace-Id
Display
X-Middleton-Display
X-Correlation-Id
X-Sol
X-URL
X-Port
X-Daa-Tunnel
X-Distil-CS
X-Geo-Country
X-Edge-Location
X-Generated-By
AsisCache
X-APP-VERSION
X-Hyper-Cache
Content-Style-Type
X-Amz-Replication-Status
Content-Script-Type
Webserver
GEO-INFO
X-S
X-GeoIP
X-RequestSource
X-WebKit-CSP-Report-Only
Actual-Object-TTL
X-Wix-Request-Id
ServedBy
X-Tumblr-Pixel-2
X-Seen-By
X-Tumblr-Pixel-1
X-TX-ID
X-Locale
X-Newrelic-App-Data
X-FW-Serve
X-Edge-Cache-Key
X-UUID
X-Edge-Cache
X-FW-Hash
X-Status
X-Varnish-Hits
X-FW-Type
X-FW-Static
X-Jobs
X-Fastcgi-Cache
X-FW-Server
X-Adobe-Loc
X-Region
Healthy
X-Adobe-Content
X-Drupal-Cache-Tags
X-Response-Served-From
X-Varnish-Grace
User-Agent
X-DataStream-Cache-Status
SRV
Filters
Refresh
NGB
X-Amz-Server-Side-Encryption
X-Proxied
S-Cnection
Response
X-Middleton-Response
X-Cache-TTL-Remaining
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Correlation-ID
AR-Request-ID
Cache
IBM-Web2-Location
X-AppVersion
X-App-Server
X-Activity-Id
X-Cache-Age
X-Az
X-Esi
X-CDN-Forward
X-Pc-Key
X-Pc-Appver
X-Pc-Hit
X-Cache-Remote
X-Content-Type
Payment
X-Cacheable-TTL
X-Cache-NE
X-Unique-ID
X-Kong-Upstream-Latency
X-Ruxit-Js-Agent
X-Kong-Proxy-Latency
Datacenter
X-Cache-TTL
X-UA
X-Vg-Webcache
Country
X-ATG-Version
X-Akamai-Transformed
Served-By
X-Mode
X-HS-Cache-Config
Edge-Cache-Tag
HostName
X-Real-IP
X-Rendered-As
X-RemovedCookies
X-Detected-As
Machine
X-Is-Bot
X-RN-RSRV
Load-Balancing
Meta-Geo
X-Source
X-Sucuri-ID
X-ProcessESI
X-Rocket-Nginx-Bypass
X-OCL
X-FC-Vary-Parameters
User-Cache-Control
X-BYPASS-REASON
X-ProxyCache-Key
X-PCL
X-ProxyCache-Status
X-Proxy
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
X-Amz-Meta-Surrogate-Control
X-ApacheServer
Mn-Server-Ip
X-Pubstack
L5d-Success-Class
Cache-Name
Cache-Key
Access-Control-Allow-Method
Backend
Now
Property-Id
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
TWC-Privacy
X-Cache-Category-Id
X-Viewer-Country
X-Debug-Cache
X-Varnish-IP
X-Backend-Name
X-EIG-Tracking-Id
X-Origin
X-PERF
X-Hosted-By
X-Origin-Hint
X-Varnish-Cacheable
X-Tb
X-Grey
X-ServerID
X-BB-IP
X-Human
X-Cache-Config
Azure-SiteName
X-Generated
X-NodeID
X-L-Path
X-Format
X-Loop
Azure-Version
X-JoinUs
X-Hit
Azure-RegionName
Azure-SlotName
S-Rt
X-Upgrade-Enabled
X-Varnish-Cache-Hits
X-CCM
X-TNCMS
X-Routing-Service
X-Site-Version
Azure-InstanceId
X-Via-Fastly
X-OVcl-Cache
X-OVcl
X-Environment-Context
X-Zipkin-Id
ServerName
X-Original-Request
DB-Nickname
Access-Control-Request-Headers
X-App-Name
X-AWS-Id
X-Xfnlog-Site
X-Agile-Id
X-Www-Served-By
X-Agile-Age
X-Storage
X-Access
X-Agile
X-IP
X-VWS-Id
X-Timing-Wait
X-SplitTest
X-Section
X-Proxy-Build
X-TWH-CORRELATION-ID
X-LJ-Flow-ID
X-NGENIX-Cache
X-Ocache
Selected-FE
X-CDN-Cache
X-Origin-CC
X-Rule
X-Drupal-Cache-Contexts
X-Pc-Date
X-Pc-Host
X-Akamai-Request-ID
X-HS-Combine-CSS
X-Cache-Var
X-Vgn-Hpd-Reason
X-Cache-Var-Map
X-NC
X-RateLimit-Limit
X-Upstream-CT
X-Time-Microsecs
X-Upstream-HT
X-PHP-Backend
XServer
From-Origin
X-UA-Device-Type
X-NCache
OT-Force-Account-Verify
X-Litespeed-Cache
X-Microcachable
X-Internal-Host
X-Nginx-Cache
X-Release
X-Mshield-Cache-Status
X-Mrs-Age
X-Mrs-Cache
X-Mrs-Cache-Hits
X-Distributor
X-Forwarded-Host
Ar-Sid
X-M-Log
X-Feature
X-M-Reqid
X-Qnm-Cache
Fastly-SSL
LB
Fastcgi-X-Cache
Fastcgi-X-Cache-Version
Fastcgi-Useragent
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Varnish-Beresp-Status
Pagetype
X-Varnish-Beresp-Grace
X-Ms-Lease-Status
X-Ms-Request-Id
X-Ms-Blob-Type
X-Ms-Version
X-Cache-Backend
Powered-By-ChinaCache
X-Birta-Served
X-Birta-Cache-Post
X-Twitter-Response-Tags
X-Connection-Hash
X-Transaction
NtCoent-Length
PageSpeed
MIME-Version
X-Labrador-Cache-Channel
X-EdgeConnect-Cache-Status
X-V
X-Webkit-Csp
X-App-Version
Frame-Options
X-VG-TLSProxy
X-Varnish-Beresp-Ttl
X-Instance-Name
X-Web-Node
X-Ah-Environment
X-B3-Spanid
X-C
X-GZip
Pagespeed
Time
V-Age
Viewtype
Ajk
VivaBuild
Web-Mar-Node
Host-ID
Ec-Rule-Version
AKAMAI
NGX
BehaviorPad-Version
IsBot
Cache-Prefix
Server-Int
Arc-Country
Fly-Cache
Fly-Request-Id
Meta-Geo-Continent
T-Server
MD5-Digest
X-CUA
X-Redis-Cache
X-PAYTM-SRV-ID
X-Region-Sid
X-Request-URI
X-Rewrite-Enabled
X-Request-UUID
X-Org
X-NU-AKA-ACS-Version
X-IN-WAF
X-IN-SSL-APIGATEWAY
X-Irp-Debug
X-Logtrace-Id
X-No-Session
X-Rojux
X-S-Cookie
X-Via-Edge
X-Via-CDN
X-Via-SSL
X-WebServer
Xc-Version
X-VG-WebServer
X-UE-Client-Country
X-Server-Time
X-Server-By
X-SIPLIST1
X-SRCache-Key
X-Trv-Group
X-IN-APIGATEWAY
X-Hnp-Log
X-B-Cookie
X-ARC
X-BB-ID
X-Block-Status
X-CF-Lambda-Fn
X-Cache-Bucket
X-Application
X-Accel-Expires-Debug
X-A-Ccd
X-A
X-A-Dam
X-A-Dgt
X-A-Wwc
X-CF-Lambda-Version
X-CS
X-G
X-From
X-Gen-Mode
X-Generated-In
X-Generation-Time
X-DPWN-IS-SECURE
X-Dispatcher-Server
X-Date
X-D
X-Destination
X-Developer
X-Died
Www
X-A-Dcw
X-SERVER-NAME
X-FireWall-Port
Cneonction
Request-Time
Server-Host
True-Client-Country-4JS
SN
X-Amz-Meta-Cache-Control
X-Cache-CFC
X-Wikidot-Backend
X-Debug-Cookies
X-Crawler
X-Core-Value
X-Wikidot-Static-Cache
X-CGP
Request-EU
Request-Country
MI-Cache-Age
NodeID
MI-Cache
MI-API
Magicmarker
X-CACHE-GROUP
On-Server
Origin-Cache-Control
Release
Rendered-Blocks
Proxy-Connection
Pragrma
Origin-Edge-Control
X-Debug-Log
X-Eu-Site
X-Phone
X-Platform
X-Owner
X-Origin-TTL
X-Node-Id
X-NX-Host
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-ServiceProvider
X-Sf
X-ScT
X-S-Maxage
X-RCS-CacheZone
X-Var-Ttl
X-MI-In-Market
X-Fastly-Cache
X-VServer
X-F5-Cache
X-External-Request-Id
Kp-EeAlive
X-Csrf-Token
X-GeoIP-City
X-Layer
X-Varnish-Action
X-Key
X-HTML-Minification-Powered-By
X-Hl-Ver
X-We-Are-Hiring
X-Cache-Enabled
HA-Geocity
HA-Cloudapp
GMS-Ver
HA-Geocountry
HA-Geolat
HA-Geolon
Backend-Name
Cache-Tags
CDCHOST
Decoy-Debug-Status
WZWS-RAY
Decoy-Debug-Key
Decoy-Debug-TTL
X-Powered-By-ANYU
Esi-Enabled
Country-Code
HA-Georegion
X-Sucuri-Cache
HA-Ipaddr
HA-Urlpath
HA-Host
HA-Servedtime
Ha-Gx-Prefs
X-Oss-Hash-Crc64ecma
X-NWS-UUID-VERIFY
X-Oss-Server-Time
X-Webstats-RespID
X-HOST
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Object-Type
Cteonnt-Length
X-Reboot
X-TT-LOGID
X-Request-Time
X-Worker
Apple-News-Services-Host
X-Backend-TTL
X-Croise-Owner
X-Swa-Ws
X-Cdn-Origin
X-Cache-URL
X-Cache-Srv
X-Cache-Host
X-Cdn-Srv
X-Cache-Expires
X-Clientip
X-Ckpd-Fst-Backend
Fastly-Backend-Name
X-Content-Age
X-FW-Version
X-Nginx-Cache-Key
X-MSEdge-Flight
Adler-Geo
X-Up
X-UnsetCookies
X-MSEdge-Features
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Matched-Rule
X-Variation
Apple-News-Services-Handled
X-Hash
X-GeoIP-Country-Code
X-Fetched-On
X-Passed-To-PostProcessResponse
X-Epic-Correlation-Id
X-ElasticPress-Search
Countrycode
X-Passed-To-DLL
X-Fstrz
X-Passed-To
X-Passed-To-BeforeDispatch
X-Gannett-Site-Version
X-Backend-State
X-Device-Os
Mobile-Detection-Method
Origin
PFcat
X-ShardId
X-Sorting-Hat-ShopId
Odigeo-Trace-Id
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Sorting-Hat-PodId
Platform
X-Server-IP
RNT-Time
Section-Io-Cache
RNT-Machine
X-Skip-Cache
X-Sn-Servicetimems
X-Secret
Uber-Trace-Id
X-Returned-From-PostProcessResponse
X-Stale
X-Returned-From-DLL
X-ShopId
X-Trace-Id
X-Thinkindot-L3
Is-Eu
X-Alternate-Cache-Key
Server-ID
Heartbleed
X-Returned-From
X-Actual-URL
Thinkindot-CacheControl
X-Response-By
X-Returned-From-BeforeDispatch
X-Shopify-Stage
X-CACHE-AGE
Content-Disposition
Sid
X-Servername
X-Backend-Host
X-Core-Mission
Fastly-SWR
X-Rebelmouse-Surrogate-Control
X-VCT
X-Location
X-Backend-Url
Fastly-SIE
X-Rebelmouse-Cache-Control
X-Developers
Resin-Trace
X-Tumblr-Pixel-3
X-Ua
X-Atg-Version
X-Ezoic-Cdn
HTTPS
X-Planisys-CDN-TTL
X-Alicdn-Da-Ups-Status
X-Iejgwucgyu
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Store
X-Varnish-Ttl
X-Policy
WP-Super-Cache
CDN
ProcessTime
X-Pf-Uncompressing
X-Servedbyhost
X-GEO
Warning
X-Cache-ASPX
X-B3-TraceId
CF-IPCountry
X-Proto
Powered
Xserver
REQUESTUUID
RequestId
Dnion-Transfer-Encoding
X-Cluster-Node
We-Hiring
NODE
X-Refresh
X-GoCache-CacheStatus
X-TIME
Mail-Subject
X-Real-Ip
X-DC
X-Pjax-Url
ViewerVersion
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
X-Req
Cache-Cookie-Set-From
X-Dc
NnCoection
X-Origin-Expires
X-Origin-Date
X-Page-Type
X-Endurance-Cache-Level
X-Surge-Debug
X-Edge-IP
X-Time
X-Varnish-HitMiss
X-Server-W
X-Newrelic-Synthetics
X-HCF
X-Cache-Control-Set-By
X-GRACE
X-CLOUD-TRACE-CONTEXT
Geoip-Latitude
GeoIp-Country-Code
X-COUNTRY
X-Nc
Hostname
X-Guploader-Uploadid
X-Server-Group
WWW-Authenticate
X-Aed
X-Oracle-Dms-Ecid
Processtime
SD-X-WS
Pramga
X-Ms-Lease-State
Geoip-City
X-Cdn-Forward
MS-CV
X-Wa
PICS-Label
A
X-CSRF-Token
TSSecure
X-Varnish-Url
X-Wix-Route-ID
Dont-Set-Cookie
X-Varnish-Beresp-TTL
X-Aicache-OS
X-Datadome
X-Varnish-URL
Cdn-Host
X-From-Cache
X-Gdpr
X-DataStream-Origin-MEX-Latency
X-Hello
X-ABtesting
X-Akamai-Request-ID2
X-Flog
X-Edge-Server
X-DataStream-MidMile-RTT
Cdn-Request-Time
X-Geo
X-WA
Node
Cdn
X-Nananana
CACHE
X-SRV
Lb
X-Auto-Login
Ms-Operation-Id
Lfy
X-RTag
DataCenter
X-Use-Magma
Mime-Version
FSS-Cache
COMMERCE-SERVER-SOFTWARE
X-Cache-HT
X-Env
GeoIP-Latitude
GeoIP-Country-Code
X-UPSTREAM-Address
Get-Access-Time
X-Ratelimit-Limit
Is-Session-Tracking
FSS-Proxy
X-Optimization
X-Load-Cache
PageType
X-EC-Security-Audit
GeoIP-City
X-Sentry-ID
Who
X-APP
X-Wix-Petri-Ex
X-Fastly-Backend-Reqs
X-WR-MODIFICATION
X-Cache-FS-Status
Rt-Proxy-Cache
X-PAGE-TYPE
X-CACHE-KEY
X-Via-NSCOPI
X-Unique-Id
X-Gen-Id
X-Check-Cacheable
X-Cache-Id
X-Ibm-Trace
X-Meta-Tbi-Cache-Vertical
X-Cookie
Ws
X-Ver
X-GDPR
X-Served-From
X-Dynatrace-Js-Agent
Memcached
X-Cache-Info
X-FORWARDED-FOR
X-Thanos
Httpd-Identifier
X-NGINX-Cache
X-Bip
X-B3-SpanId
Ohc-File-Size
Pics-Label
X-Proxy-Server
X-SVT-ORM-VERSION
X-PJAX-URL
Powered-By
X-Path-Route
X-MP-GENERATED-AT
X-Swift-Error
X-SVT-ORM-RULES
X-Fe
X-HS-Status
X-RateLimit-Reset
V-Cache
Memory
X-Be
X-Fastly-Cache-Hits
X-Request-Start
X-Cache-Ttl
URI
Version
X-Dw-Trace-Id
Group
Serverid
X-Shard
X-LiteSpeed-Cache-Control
X-P-T
X-CDN-Pop-IP
X-ServedByHost
X-CDN-Pop
X-GZIP
Cf-Ipcountry
Apicache-Store
Apicache-Version
X-ID
Amp-Access-Control-Allow-Source-Origin
Xet-Cookie
Requestid
Fastly-Soc-X-Request-Id
X-PF-Uncompressing
UCS
X-VC
AGE-Hash
X-SB
NX-Cache
X-Bug-Bounty
Ohc-Response-Time
X-Akamai-ERPolicy
X-Info
X-Varnish-Info
X-Akamai-ERRuleID
X-User
N-Cache
CDN-Cache-Hit
CDN-Node
X-StackifyID
CDN-Cache
X-Ratelimit-Remaining
X-Micro-Cache
GW-Server
If-Modified-Since
X-CacheKey
X-Distil-Cs
X-RAMCache
X-Providence-Cookie
X-SD-PageType
X-Litespeed-Cache-Control
X-Cache-Handler
X-RequestId
X-Flags
X-Is-Crawler
X-Grace-Duration
Https
X-ServerName
X-Route-Name
X-BBXSRF