Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Timer
X-Xss-Protection
CF-Cache-Status
X-FRAME-OPTIONS
X-Request-Id
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Request-ID
X-Check
X-AspNetMvc-Version
Status
X-Cache-Status
X-Adblock-Key
Timing-Allow-Origin
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
X-Template
Content-Encoding
X-Language
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
Keep-Alive
Xkey
X-Buckets
X-Backend
X-Cache-Group
X-AH-Environment
WPE-Backend
Access-Control-Max-Age
X-Pass-Why
X-Age
CF-Ray
X-POWERED-BY
X-Server
Upgrade
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Pingback
X-Drupal-Dynamic-Cache
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Hacker
Grace
X-Amz-Id-2
X-Amz-Request-Id
X-UA-Device
Ali-Swift-Global-Savetime
X-Robots-Tag
P3p
Cf-Railgun
X-LiteSpeed-Cache
X-Envoy-Upstream-Service-Time
X-Proxy-Cache
X-Ua-Compatible
X-Page-Speed
Request-Context
Content-Location
X-Device
X-Ac
X-Node
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cnection
X-Host
X-Server-Id
X-Cache-Lookup
X-Amz-Version-Id
Surrogate-Control
X-WebKit-CSP
X-Backend-Server
X-Rack-Cache
X-Rq
X-Response-Time
X-Application-Context
X-Readtime
X-CST
X-Dns-Prefetch-Control
EagleEye-TraceId
Pinterest-Generated-By
Server-Timing
X-Url
X-Cloud-Trace-Context
X-Instart-Request-ID
Request-Id
X-OneAgent-JS-Injection
X-Px
X-TTL
Report-To
X-Country
X-ORACLE-DMS-ECID
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Rating
Feature-Policy
Allow
Edge-Control
X-Country-Code
X-DynaTrace-JS-Agent
Charset
X-DataDome
X-ESI
X-Server-Name
X-FTR-Request-ID
X-Powered-CMS
X-Vname
X-TtlSet
X-PC
X-Origin-Cache
X-DynaTrace
NEL
X-MS-InvokeApp
X-Recruiting
X-Goog-Hash
X-Varnish-TTL
X-Cached
X-VARITI-CCR
X-ORACLE-DMS-RID
X-Vhost
Content-MD5
X-GitHub-Request-Id
RTSS
X-F-Cache
X-Version
X-Exp-Id
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Geo-Segment
X-GoogleNews-Bot
X-Exp-Variant
X-Cdn-Fetch
X-Powered-By-Plesk
Public-Key-Pins
X-Upstream-Env
X-Pinterest-Rid
Pinterest-Version
X-CF-Powered-By
PB-RID
PB-PID
X-Mobile-Rewrite
Arc-Version
X-Mod-Pagespeed
Accept-CH
X-Client-IP
SPRequestGuid
Verso
X-D2id
X-Abt-Application-Version
MS-Author-Via
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-N
X-Dispatcher
X-SharePointHealthScore
AR-PoweredBy
AR-ATIME
X-HeyJason
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
AR-CACHE
X-Amz-Rid
X-Navigation-Version
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-T
Nginx-Cache
DynaTrace
Accept-CH-Lifetime
X-Dw-Request-Base-Id
Paypal-Debug-Id
X-Trace
X-Fastly-Request-ID
X-Upstream
X-Grace
X-Varnish-Age
Arr-Disable-Session-Affinity
X-Hits
TCN
X-Amz-Meta-S3cmd-Attrs
X-Origin-Upstream-Status
X-Forwarded-Proto
X-Id
X-Shield-Request-Id
X-Pad
X-DIS-Request-ID
X-FastCGI-Cache
SPIisLatency
SPRequestDuration
X-Cache-Hit
X-Content-Options
X-Cdn
X-Logged-In
X-Content-Digest
Realpath
X-IPLB-Instance
Mrf-Cache-Status
MRF-Tech
X-Acc-Meta-Resource-Type
X-Mrf-Item-Lastmod
Access-Control-Request-Method
X-Mrf-Section-Lastmod
X-B
X-Kinsta-Cache
AR-SID
X-NF-Request-ID
X-Ruxit-JS-Agent
X-XRDS-Location
X-SS-Set-Cookie
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-HW
X-Vcap-Request-Id
S
X-Debug
X-MSEdge-Ref
Service-Worker-Allowed
X-Ser
Server-Name
X-FTR-Balancer
X-FTR-Realm
X-FTR-DC
X-FTR-Backend
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Backend-Server
X-PressLabs-Stats
X-Frontend
X-Server-ID
X-Oneagent-Js-Injection
X-Cache-Key
X-Wix-Server-Artifact-Id
X-FTR-Expires
Tracecode
Rt-Fastcgi-Cache
Fastcgi-Cache
Eomportal-Instance
AMP-Access-Control-Allow-Source-Origin
Alternate-Protocol
X-NewRelic-App-Data
X-Forwarded-For
Surrogate-Key
Cleartype
X-Cache-Rule
Cache-Status
X-NWS-LOG-UUID
X-Srv
X-GUploader-UploadID
X-HS-Content-Id
X-HS-Hub-Id
Backend-Timing
X-Analytics
X-VCache
X-Ttl
X-Oracle-Dms-Rid
Host
TP-Cache
X-Rid
FilterID
TP-L2-Cache
X-User-Agent
X-Debug-Info
X-Revision
X-FTR-Cache-Host
Fastly-Restarts
Public-Key-Pins-Report-Only
X-Whom
X-Cache-2
X-Akam-SW-Version
X-Via-JSL
X-AOL-HN
X-Varnish-Backend
ServerID
X-Content-Powered-By
X-RateLimit-Remaining
X-Webkit-CSP
X-Request-Processing-Time
X-Request-Received
X-Kinja-Server-Push
Accept-Charset
X-Zen-Fury
Viewport
X-Accel-Buffering
Front-End-Https
X-Mobile
X-XRDS-LOCATION
X-Cached-By
X-WPE-Loopback-Upstream-Addr
Liferay-Portal
X-Node-Name
X-App-Environment
X-LB-Cache
X-Cache-Control
X-Cluster
X-Hostname
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Page-Id
X-Tumblr-User
Host-Header
X-B3-Traceid
X-B3-Sampled
X-Magnolia-Registration
X-Varnish-Hostname
X-Device-Type
X-Content-Security-Policy-Report-Only
X-Handled-By
X-Request-Guid
X-Akamai-Edgescape
Cache-Tag
X-B-Cache
X-BCube-Filmed-By
X-Signature
X-Platform-Server
X-Instance
X-FB-Debug
DC
X-Framework
X-TT
X-Cache-Server
X-Origin-Server
Upgrade-Insecure-Requests
Server-Node
X-TT-TIMESTAMP
X-TA-CDN-Provider
X-Correlation-Id
Retry-After
MicrosoftSharePointTeamServices
Source
X-WA-Info
X-Contextid
X-Servedby
X-Amzn-Trace-Id
X-Accel-Expires
Server-Info
HitInfo
HitType
X-Varnish-Server
X-Cache-Operation
X-Cache-Action
X-Distil-CS
X-Port
X-Sol
Display
X-APP-VERSION
X-Daa-Tunnel
X-Middleton-Display
X-Generated-By
X-Edge-Location
X-Fastcgi-Cache
X-Geo-Country
AsisCache
Content-Script-Type
Content-Style-Type
X-Amz-Replication-Status
X-GeoIP
X-Hyper-Cache
X-Tumblr-Pixel-1
Webserver
X-Tumblr-Pixel-2
GEO-INFO
X-WebKit-CSP-Report-Only
X-S
X-RequestSource
X-Locale
X-Seen-By
X-TX-ID
X-Wix-Request-Id
Actual-Object-TTL
Healthy
ServedBy
X-Varnish-Hits
X-Response-Served-From
X-Edge-Cache
X-Edge-Cache-Key
X-Region
X-Status
User-Agent
X-Jobs
X-FW-Type
X-FW-Serve
X-FW-Static
X-FW-Hash
X-FW-Server
X-DataStream-Cache-Status
X-UUID
X-Drupal-Cache-Tags
X-Varnish-Grace
Filters
X-Newrelic-App-Data
X-Adobe-Loc
X-Adobe-Content
S-Cnection
NGB
Refresh
X-Amz-Server-Side-Encryption
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Proxied
SRV
X-Esi
IBM-Web2-Location
X-Cache-Age
X-Cache-TTL-Remaining
Response
X-Middleton-Response
X-Activity-Id
AR-Request-ID
X-Az
X-AppVersion
X-App-Server
X-Pc-Appver
X-Pc-Key
X-Pc-Hit
X-Cache-NE
X-CDN-Forward
X-Content-Type
Cache
X-Cache-Remote
X-Ruxit-Js-Agent
X-Cacheable-TTL
Payment
X-Cache-TTL
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-UA
X-ATG-Version
Datacenter
X-Correlation-ID
X-Unique-ID
Served-By
Country
X-Vg-Webcache
X-HS-Cache-Config
Edge-Cache-Tag
X-Mode
X-Akamai-Transformed
X-Detected-As
X-Is-Bot
Meta-Geo
X-RemovedCookies
Load-Balancing
X-ProcessESI
X-Rendered-As
Machine
X-RN-RSRV
X-ProxyCache-Key
X-OCL
X-FC-Vary-Parameters
HostName
User-Cache-Control
X-Proxy
X-PCL
X-Source
X-BYPASS-REASON
X-Sucuri-ID
X-Rocket-Nginx-Bypass
X-ProxyCache-Status
X-Grey
X-Cache-Category-Id
X-Amz-Meta-Surrogate-Control
X-Backend-Name
X-Pubstack
X-BB-IP
X-Debug-Cache
TWC-Connection-Speed
X-Cache-Config
X-EIG-Tracking-Id
Access-Control-Allow-Method
X-Origin-Hint
Backend
TWC-GeoIP-LatLong
Cache-Name
X-Human
X-Viewer-Country
TWC-GeoIP-Country
TWC-Device-Class
X-Varnish-Cacheable
L5d-Success-Class
X-Varnish-IP
TWC-Locale-Group
X-Hosted-By
Property-Id
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
DB-Nickname
TWC-Privacy
Now
X-Site-Version
X-ApacheServer
X-Access
X-Routing-Service
X-Section
X-ServerID
X-Format
X-NodeID
Mn-Server-Ip
X-Tb
X-Origin
X-Loop
X-JoinUs
X-Upgrade-Enabled
X-Varnish-Cache-Hits
Cache-Key
X-Via-Fastly
X-Zipkin-Id
X-Original-Request
S-Rt
X-Generated
X-TNCMS
X-CCM
X-PERF
X-OVcl
X-OVcl-Cache
X-CDN-Cache
Access-Control-Request-Headers
Selected-FE
ServerName
X-Www-Served-By
X-Timing-Wait
X-VWS-Id
X-IP
X-L-Path
X-LJ-Flow-ID
X-Ocache
X-NGENIX-Cache
X-SplitTest
X-Xfnlog-Site
X-Agile-Id
X-Agile-Age
X-AWS-Id
X-Environment-Context
X-Hit
X-Rule
X-Agile
X-Proxy-Build
Azure-RegionName
Azure-SlotName
Azure-SiteName
Azure-Version
Azure-InstanceId
X-Storage
X-URL
X-Origin-CC
X-HS-Combine-CSS
X-Pc-Date
X-Drupal-Cache-Contexts
X-Pc-Host
X-Real-IP
X-Cache-Var
X-Cache-Var-Map
X-App-Name
X-TWH-CORRELATION-ID
X-Akamai-Request-ID
X-Vgn-Hpd-Reason
X-Upstream-HT
X-Upstream-CT
X-Time-Microsecs
OT-Force-Account-Verify
X-Litespeed-Cache
X-Nginx-Cache
From-Origin
X-RateLimit-Limit
X-UA-Device-Type
X-Mrs-Cache
X-PHP-Backend
X-Mrs-Age
X-NCache
X-Mrs-Cache-Hits
X-Mshield-Cache-Status
X-Microcachable
X-Internal-Host
X-NC
XServer
X-Feature
Fastcgi-X-Cache-Version
Fastcgi-X-Cache
Fastcgi-Useragent
X-Release
X-Forwarded-Host
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Distributor
Fastly-SSL
LB
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Ms-Request-Id
X-Ms-Version
X-Ms-Blob-Type
X-Ms-Lease-Status
X-Birta-Served
Ar-Sid
Pagespeed
X-Birta-Cache-Post
X-Qnm-Cache
X-M-Reqid
X-M-Log
Powered-By-ChinaCache
Pagetype
X-Connection-Hash
X-EdgeConnect-Cache-Status
X-Twitter-Response-Tags
X-Webkit-Csp
X-Cache-Backend
NtCoent-Length
X-Transaction
X-Labrador-Cache-Channel
X-Ah-Environment
X-Instance-Name
X-B3-Spanid
X-V
X-VG-TLSProxy
Frame-Options
MIME-Version
X-GZip
X-C
X-SERVER-NAME
Time
MD5-Digest
X-A-Wwc
Meta-Geo-Continent
X-A-Ccd
X-Accel-Expires-Debug
X-Request-UUID
X-CF-Lambda-Fn
NGX
IsBot
Www
X-Server-Time
X-Rojux
X-Org
X-A-Dam
X-Rewrite-Enabled
VivaBuild
X-Logtrace-Id
Web-Mar-Node
X-A-Dcw
X-A-Dgt
X-Request-URI
Ec-Rule-Version
AKAMAI
Ajk
X-Irp-Debug
Arc-Country
BehaviorPad-Version
X-BB-ID
X-Block-Status
X-Cache-Bucket
Cache-Prefix
X-B-Cookie
Fly-Cache
X-NU-AKA-ACS-Version
X-Region-Sid
Host-ID
Rendered-Blocks
X-Application
X-Redis-Cache
X-IN-WAF
Fly-Request-Id
X-ARC
X-PAYTM-SRV-ID
X-A
X-CF-Lambda-Version
X-Date
Viewtype
X-Hnp-Log
V-Age
X-CUA
X-DPWN-IS-SECURE
Xc-Version
X-SIPLIST1
X-Trv-Group
X-CS
X-Destination
X-ScT
X-Died
T-Server
X-From
X-UE-Client-Country
X-No-Session
X-Dispatcher-Server
X-G
X-Developer
X-VG-WebServer
Server-Int
X-Gen-Mode
X-D
X-Generation-Time
X-IN-APIGATEWAY
X-Via-SSL
X-Via-Edge
X-Via-CDN
X-Web-Node
X-SRCache-Key
X-S-Cookie
X-WebServer
X-Generated-In
X-Server-By
X-IN-SSL-APIGATEWAY
X-HOST
X-App-Version
Cneonction
X-FireWall-Port
X-NWS-UUID-VERIFY
X-Varnish-Beresp-Ttl
On-Server
HA-Geocity
HA-Geocountry
SN
Pragrma
GMS-Ver
Origin-Cache-Control
Cteonnt-Length
Origin-Edge-Control
X-Amz-Meta-Cache-Control
X-HTML-Minification-Powered-By
HA-Cloudapp
HA-Host
X-NX-Host
MI-Cache
X-External-Request-Id
MI-API
Proxy-Connection
X-Origin-TTL
Kp-EeAlive
X-Owner
X-F5-Cache
MI-Cache-Age
Ha-Gx-Prefs
HA-Georegion
HA-Geolon
HA-Ipaddr
HA-Servedtime
X-ElasticPress-Search
HA-Urlpath
HA-Geolat
Cache-Tags
X-Crawler
Mobile-Detection-Method
X-S-Maxage
Server-Host
X-Eu-Site
Request-Time
X-RCS-CacheZone
X-Debug-Cookies
Request-EU
X-Node-Id
X-Wikidot-Static-Cache
X-VServer
X-ServiceProvider
True-Client-Country-4JS
X-GeoIP-City
X-We-Are-Hiring
X-Wikidot-Backend
X-CGP
X-MI-In-Market
X-Sf
Release
WZWS-RAY
X-UnsetCookies
X-Layer
X-Platform
CDCHOST
Country-Code
Decoy-Debug-Key
Esi-Enabled
Decoy-Debug-TTL
Decoy-Debug-Status
X-Var-Ttl
Backend-Name
X-Powered-By-ANYU
X-Varnish-Action
X-Debug-Log
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Cache-Enabled
Request-Country
X-Key
X-Sucuri-Cache
X-Webstats-RespID
Uber-Trace-Id
X-Cdn-Origin
X-Hl-Ver
X-Core-Value
X-GeoIP-Country-Code
X-Content-Age
X-FW-Version
X-Developers
X-Epic-Correlation-Id
X-Fastly-Cache
X-Fetched-On
X-Device-Os
X-Clientip
X-Ckpd-Fst-Backend
X-Backend-State
X-Backend-Host
X-Alternate-Cache-Key
X-Location
X-Backend-TTL
X-Backend-Url
X-Cdn-Srv
X-Cache-URL
X-Cache-Srv
X-Cache-CFC
X-Actual-URL
Apple-News-Services-Request-Url
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-Worker
X-VCT
X-Variation
PageSpeed
X-Returned-From-BeforeDispatch
X-Returned-From
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
Adler-Geo
X-Response-By
X-Reboot
X-Hash
X-Tumblr-Pixel-3
X-Skip-Cache
X-Sn-Servicetimems
X-Shopify-Stage
X-ShopId
X-Server-IP
X-ShardId
X-Sorting-Hat-PodId
X-Oss-Storage-Class
X-Sorting-Hat-ShopId
X-Stale
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Request-Id
Countrycode
X-Request-Time
RNT-Time
RNT-Machine
Heartbleed
X-Passed-To-DLL
X-Passed-To-BeforeDispatch
Magicmarker
X-Passed-To
Fastly-Backend-Name
Is-Eu
Platform
NodeID
X-Passed-To-PostProcessResponse
Server-ID
PFcat
Odigeo-Trace-Id
X-Phone
Origin
X-Secret
X-MSEdge-Features
Thinkindot-CacheControl
X-Csrf-Token
X-Swa-Ws
Resin-Trace
X-Thinkindot-L3
X-TT-LOGID
X-Up
X-Trace-Id
X-MSEdge-Flight
X-Cache-Expires
X-Servername
X-Cache-Host
Fastly-SWR
Fastly-SIE
Content-Disposition
Section-Io-Cache
X-Gannett-Site-Version
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Matched-Rule
X-Store
X-Croise-Owner
X-Fstrz
HTTPS
Thinkindot-Control
X-Nginx-Cache-Key
Thinkindot-CacheControl-Type
X-Iejgwucgyu
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
Sid
ProcessTime
X-Alicdn-Da-Ups-Status
X-Real-Ip
X-Policy
X-Core-Mission
X-CACHE-AGE
X-Ezoic-Cdn
REQUESTUUID
X-Pf-Uncompressing
Powered
CDN
X-Ua
WP-Super-Cache
Xserver
RequestId
X-Cluster-Node
X-GEO
X-Atg-Version
Warning
X-Cache-ASPX
X-Servedbyhost
X-Proto
X-Refresh
X-Dc
X-TIME
Dnion-Transfer-Encoding
We-Hiring
X-GoCache-CacheStatus
Mail-Subject
CF-IPCountry
NODE
X-Pjax-Url
ViewerVersion
X-B3-TraceId
X-Req
X-Guploader-Uploadid
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
X-Endurance-Cache-Level
X-DC
X-Varnish-Ttl
NnCoection
X-Nc
X-Origin-Date
X-Origin-Expires
X-Newrelic-Synthetics
X-Surge-Debug
X-CLOUD-TRACE-CONTEXT
X-HCF
X-Edge-IP
X-Cache-Control-Set-By
X-Time
GeoIp-Country-Code
X-COUNTRY
X-Varnish-HitMiss
Geoip-Latitude
X-Page-Type
X-Server-W
Hostname
X-Aed
X-CSRF-Token
X-Oracle-Dms-Ecid
Pramga
WWW-Authenticate
X-Server-Group
SD-X-WS
X-Ms-Lease-State
X-Varnish-Beresp-TTL
CACHE
Geoip-City
Processtime
TSSecure
X-Varnish-Url
A
X-GRACE
MS-CV
X-Wix-Route-ID
PICS-Label
X-Datadome
X-Cdn-Forward
X-Wa
X-DataStream-Origin-MEX-Latency
X-Varnish-URL
X-Hello
X-ABtesting
X-Flog
X-Aicache-OS
X-DataStream-MidMile-RTT
Cdn
X-WA
Dont-Set-Cookie
Node
Cdn-Host
X-Akamai-Request-ID2
Cdn-Request-Time
X-Gdpr
Mime-Version
X-Ratelimit-Limit
X-Edge-Server
X-From-Cache
X-Geo
Lfy
Lb
X-Auto-Login
X-Use-Magma
X-Nananana
PageType
DataCenter
FSS-Proxy
X-UPSTREAM-Address
FSS-Cache
COMMERCE-SERVER-SOFTWARE
X-Unique-Id
Ms-Operation-Id
X-RTag
X-APP
X-Cache-HT
X-SRV
GeoIP-Country-Code
GeoIP-Latitude
Is-Session-Tracking
X-EC-Security-Audit
X-Sentry-ID
X-Optimization
Get-Access-Time
X-Fastly-Backend-Reqs
GeoIP-City
X-Env
X-WR-MODIFICATION
X-Load-Cache
Rt-Proxy-Cache
X-Via-NSCOPI
Who
X-PAGE-TYPE
X-Gen-Id
X-CACHE-KEY
X-Cache-FS-Status
X-GDPR
X-Cookie
X-Served-From
X-Check-Cacheable
X-Wix-Petri-Ex
X-Dynatrace-Js-Agent
X-Cache-Id
X-Thanos
Memcached
X-Bip
Ws
X-Ver
X-Ibm-Trace
X-Cache-Info
X-Meta-Tbi-Cache-Vertical
X-FORWARDED-FOR
X-PJAX-URL
X-Proxy-Server
X-Swift-Error
X-MP-GENERATED-AT
Pics-Label
Httpd-Identifier
X-Be
X-NGINX-Cache
X-Fastly-Cache-Hits
X-ServedByHost
X-SVT-ORM-VERSION
Memory
X-Cache-Ttl
X-Fe
Powered-By
Ohc-File-Size
V-Cache
X-B3-SpanId
X-Request-Start
X-RateLimit-Reset
X-SVT-ORM-RULES
X-HS-Status
Group
X-Path-Route
URI
X-CDN-Pop-IP
X-Shard
X-CDN-Pop
Cf-Ipcountry
Version
X-Dw-Trace-Id
Amp-Access-Control-Allow-Source-Origin
X-ID
X-P-T
X-GZIP
UCS
NX-Cache
GW-Server
Requestid
X-Bug-Bounty
X-PF-Uncompressing
X-LiteSpeed-Cache-Control
Xet-Cookie
X-SB
X-VC
AGE-Hash
Serverid
Apicache-Version
CDN-Cache
Srv
X-CacheKey
Fastly-Soc-X-Request-Id
CDN-Cache-Hit
X-Akamai-ERPolicy
X-StackifyID
X-User
N-Cache
Ohc-Response-Time
X-Ratelimit-Remaining
X-Varnish-Info
CDN-Node
X-Akamai-ERRuleID
Apicache-Store
X-Cache-Handler
Cache-Hits
X-SD-PageType
X-RequestId
X-Flags
X-ServerName
X-Route-Name
X-Providence-Cookie
Https
If-Modified-Since
X-Micro-Cache
X-Is-Crawler
X-Litespeed-Cache-Control
X-Grace-Duration
X-Info