Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Timer
X-Xss-Protection
CF-Cache-Status
X-Request-Id
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Request-ID
X-Check
X-AspNetMvc-Version
Status
X-Cache-Status
X-Adblock-Key
Timing-Allow-Origin
X-Iinfo
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-Template
Content-Encoding
X-Language
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
Keep-Alive
Xkey
X-Buckets
X-Backend
X-AH-Environment
WPE-Backend
Access-Control-Max-Age
X-Pass-Why
X-Age
X-Cache-Group
X-Server
CF-Ray
Upgrade
X-POWERED-BY
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Pingback
X-Drupal-Dynamic-Cache
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Grace
X-Hacker
X-Amz-Id-2
X-Amz-Request-Id
X-UA-Device
Ali-Swift-Global-Savetime
X-Robots-Tag
Cf-Railgun
P3p
X-LiteSpeed-Cache
X-Envoy-Upstream-Service-Time
X-Proxy-Cache
X-Page-Speed
X-Ua-Compatible
Request-Context
Content-Location
X-Device
X-Ac
X-Node
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cnection
X-Host
X-Cache-Lookup
Surrogate-Control
X-Amz-Version-Id
X-Server-Id
X-WebKit-CSP
X-Backend-Server
X-Rack-Cache
X-Response-Time
X-Rq
X-Application-Context
X-Readtime
X-CST
EagleEye-TraceId
X-Dns-Prefetch-Control
Server-Timing
Pinterest-Generated-By
X-Cloud-Trace-Context
X-TTL
X-Url
X-Instart-Request-ID
X-OneAgent-JS-Injection
X-Px
Request-Id
Report-To
X-Country
X-ORACLE-DMS-ECID
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Feature-Policy
Rating
Edge-Control
Allow
X-Country-Code
X-DynaTrace-JS-Agent
Charset
X-DataDome
X-ESI
X-Server-Name
X-Powered-CMS
X-FTR-Request-ID
X-PC
X-Vname
X-TtlSet
X-Origin-Cache
X-DynaTrace
NEL
X-MS-InvokeApp
X-ORACLE-DMS-RID
X-Goog-Hash
X-Recruiting
X-Cached
X-VARITI-CCR
X-Varnish-TTL
X-Vhost
Content-MD5
X-GitHub-Request-Id
RTSS
X-Version
X-F-Cache
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Kinja
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Geo-Segment
X-Powered-By-Plesk
Public-Key-Pins
X-CF-Powered-By
Pinterest-Version
X-Upstream-Env
X-Pinterest-Rid
PB-PID
PB-RID
Arc-Version
X-Mod-Pagespeed
X-Mobile-Rewrite
Verso
X-Client-IP
SPRequestGuid
X-D2id
X-Abt-Application-Version
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Accept-CH
MS-Author-Via
X-N
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
X-HeyJason
AR-PoweredBy
AR-ATIME
X-Dispatcher
X-SharePointHealthScore
AR-CACHE
X-Amz-Rid
X-Navigation-Version
X-T
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
DynaTrace
Nginx-Cache
Paypal-Debug-Id
X-Dw-Request-Base-Id
X-Trace
X-Upstream
X-Fastly-Request-ID
Arr-Disable-Session-Affinity
Accept-CH-Lifetime
X-Varnish-Age
X-Hits
TCN
X-Grace
X-Shield-Request-Id
X-Amz-Meta-S3cmd-Attrs
X-Id
X-Forwarded-Proto
X-Origin-Upstream-Status
X-DIS-Request-ID
X-Pad
X-FastCGI-Cache
X-XRDS-Location
SPIisLatency
SPRequestDuration
X-Cache-Hit
X-Content-Options
X-Content-Digest
X-Logged-In
X-Ruxit-JS-Agent
Realpath
X-IPLB-Instance
X-Kinsta-Cache
Access-Control-Request-Method
MRF-Tech
Mrf-Cache-Status
X-B
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-Acc-Meta-Resource-Type
X-NF-Request-ID
AR-SID
X-Server-ID
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-SS-Set-Cookie
X-Vcap-Request-Id
X-HW
S
X-MSEdge-Ref
X-Debug
Service-Worker-Allowed
X-Ser
Server-Name
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-DC
X-FTR-Balancer
X-FTR-Realm
X-FTR-Backend-Server
X-Country-Code-Real
X-PressLabs-Stats
X-Frontend
Tracecode
X-FTR-Expires
X-Cache-Key
X-Wix-Server-Artifact-Id
Fastcgi-Cache
Eomportal-Instance
Rt-Fastcgi-Cache
X-GUploader-UploadID
AMP-Access-Control-Allow-Source-Origin
X-Webkit-CSP
Alternate-Protocol
X-Forwarded-For
Surrogate-Key
X-Oneagent-Js-Injection
Cleartype
X-Cache-Rule
X-NewRelic-App-Data
Cache-Status
X-NWS-LOG-UUID
X-HS-Hub-Id
X-HS-Content-Id
X-Analytics
Backend-Timing
X-VCache
X-Srv
Host
X-Revision
X-User-Agent
TP-L2-Cache
TP-Cache
FilterID
X-Rid
X-FTR-Cache-Host
X-Whom
X-Debug-Info
Fastly-Restarts
Public-Key-Pins-Report-Only
X-Via-JSL
X-AOL-HN
X-Akam-SW-Version
X-Cache-2
X-Varnish-Backend
X-Content-Powered-By
X-RateLimit-Remaining
ServerID
X-Request-Processing-Time
X-Request-Received
X-Zen-Fury
Viewport
Accept-Charset
X-Cdn
X-Accel-Buffering
X-Kinja-Server-Push
X-Mobile
Front-End-Https
X-WPE-Loopback-Upstream-Addr
X-Oracle-Dms-Rid
X-Ttl
Liferay-Portal
X-Cached-By
X-Node-Name
X-App-Environment
X-LB-Cache
X-Hostname
X-Tumblr-User
X-Tumblr-Pixel
Host-Header
X-Content-Security-Policy-Report-Only
X-Magnolia-Registration
X-Varnish-Hostname
X-Tumblr-Pixel-0
X-Cluster
X-Page-Id
X-Cache-Control
X-B3-Sampled
X-TT
X-Handled-By
X-Akamai-Edgescape
X-Device-Type
X-Request-Guid
X-Framework
Cache-Tag
X-FB-Debug
X-BCube-Filmed-By
X-B-Cache
X-Instance
Upgrade-Insecure-Requests
X-Signature
X-Platform-Server
DC
X-B3-Traceid
X-Cache-Server
X-Origin-Server
Server-Node
X-TT-TIMESTAMP
X-TA-CDN-Provider
X-XRDS-LOCATION
Source
Retry-After
MicrosoftSharePointTeamServices
X-Accel-Expires
X-WA-Info
X-Contextid
X-Servedby
Server-Info
HitInfo
HitType
X-Cache-Action
X-Amzn-Trace-Id
X-Varnish-Server
X-Cache-Operation
X-Middleton-Display
Display
X-Sol
X-Correlation-Id
X-Port
X-URL
X-Daa-Tunnel
X-Distil-CS
X-Geo-Country
X-Edge-Location
X-Generated-By
X-APP-VERSION
X-Hyper-Cache
AsisCache
X-Amz-Replication-Status
X-GeoIP
Webserver
Content-Script-Type
Content-Style-Type
X-Newrelic-App-Data
GEO-INFO
X-RequestSource
X-WebKit-CSP-Report-Only
X-Tumblr-Pixel-1
X-Fastcgi-Cache
X-S
X-Tumblr-Pixel-2
ServedBy
Actual-Object-TTL
X-Locale
X-Seen-By
X-Wix-Request-Id
X-TX-ID
X-Region
X-Status
X-FW-Serve
X-FW-Server
X-FW-Hash
X-Edge-Cache-Key
X-Edge-Cache
X-FW-Type
X-FW-Static
X-UUID
X-Jobs
X-Varnish-Hits
X-Adobe-Loc
X-Drupal-Cache-Tags
Healthy
X-Adobe-Content
X-Varnish-Grace
X-DataStream-Cache-Status
X-Response-Served-From
User-Agent
SRV
Filters
Refresh
X-Proxied
S-Cnection
X-Amz-Server-Side-Encryption
NGB
Response
X-Middleton-Response
X-Yottaa-Optimizations
X-Cache-TTL-Remaining
Cache
X-Yottaa-Metrics
IBM-Web2-Location
X-Correlation-ID
AR-Request-ID
X-AppVersion
X-App-Server
X-Az
X-Activity-Id
X-Cache-Age
X-Esi
X-Pc-Key
X-Pc-Appver
X-CDN-Forward
X-Pc-Hit
X-Cache-Remote
X-Content-Type
X-Cache-NE
X-Cacheable-TTL
Payment
X-Unique-ID
X-Ruxit-Js-Agent
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Cache-TTL
Datacenter
X-UA
Country
X-Vg-Webcache
X-ATG-Version
X-Akamai-Transformed
Served-By
X-Mode
X-HS-Cache-Config
Edge-Cache-Tag
X-Real-IP
HostName
Machine
Meta-Geo
X-RemovedCookies
X-Is-Bot
Load-Balancing
X-Sucuri-ID
X-Rendered-As
X-RN-RSRV
X-Source
X-ProcessESI
X-Detected-As
X-OCL
X-ProxyCache-Key
X-Rocket-Nginx-Bypass
X-PCL
X-FC-Vary-Parameters
X-Proxy
User-Cache-Control
X-BYPASS-REASON
X-ProxyCache-Status
X-PERF
Access-Control-Allow-Method
Backend
Cache-Key
Cache-Name
L5d-Success-Class
X-Amz-Meta-Surrogate-Control
X-Varnish-IP
X-Viewer-Country
X-BB-IP
X-Varnish-Cacheable
X-Tb
X-Backend-Name
X-Origin
X-Cache-Category-Id
X-Cache-Config
X-Debug-Cache
X-EIG-Tracking-Id
X-Grey
X-Human
X-Hosted-By
X-ServerID
X-Pubstack
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-Connection-Speed
Now
Property-Id
TWC-Locale-Group
TWC-Privacy
X-ApacheServer
X-Origin-Hint
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
Mn-Server-Ip
DB-Nickname
X-Via-Fastly
Azure-InstanceId
Azure-RegionName
Access-Control-Request-Headers
X-Environment-Context
X-Varnish-Cache-Hits
S-Rt
X-Format
Azure-SiteName
Azure-SlotName
X-Routing-Service
X-Access
ServerName
X-Zipkin-Id
X-CCM
Azure-Version
X-CDN-Cache
X-Hit
X-Generated
X-OVcl
X-Original-Request
X-TNCMS
X-Site-Version
X-Section
X-NodeID
X-OVcl-Cache
X-Upgrade-Enabled
X-L-Path
X-Loop
X-JoinUs
X-App-Name
X-AWS-Id
X-SplitTest
X-Agile
Selected-FE
X-Proxy-Build
X-Agile-Age
X-Www-Served-By
X-TWH-CORRELATION-ID
X-Ocache
X-VWS-Id
X-IP
X-LJ-Flow-ID
X-NGENIX-Cache
X-Timing-Wait
X-Xfnlog-Site
X-Agile-Id
X-Storage
X-Rule
X-Pc-Date
X-Drupal-Cache-Contexts
X-Pc-Host
X-Origin-CC
X-Akamai-Request-ID
X-HS-Combine-CSS
X-RateLimit-Limit
X-Vgn-Hpd-Reason
X-Cache-Var
X-Cache-Var-Map
X-Upstream-HT
X-Time-Microsecs
X-Upstream-CT
X-NC
X-PHP-Backend
From-Origin
XServer
X-UA-Device-Type
X-NCache
OT-Force-Account-Verify
X-Litespeed-Cache
X-Internal-Host
X-Microcachable
X-Nginx-Cache
X-Release
X-Mrs-Age
X-Mrs-Cache-Hits
X-Distributor
X-Mrs-Cache
X-Mshield-Cache-Status
Ar-Sid
X-Forwarded-Host
Fastcgi-Useragent
Fastcgi-X-Cache-Version
Fastcgi-X-Cache
X-Qnm-Cache
X-Feature
Fastly-SSL
X-M-Reqid
LB
X-M-Log
X-Amz-Apigw-Id
X-Amzn-RequestId
Pagetype
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Cache-Backend
X-Ms-Blob-Type
X-Ms-Lease-Status
X-Ms-Request-Id
X-Ms-Version
Powered-By-ChinaCache
X-Birta-Served
X-Birta-Cache-Post
X-Twitter-Response-Tags
X-Connection-Hash
X-Transaction
NtCoent-Length
MIME-Version
X-Labrador-Cache-Channel
PageSpeed
X-EdgeConnect-Cache-Status
X-Instance-Name
X-V
Frame-Options
X-VG-TLSProxy
X-App-Version
X-Webkit-Csp
X-Varnish-Beresp-Ttl
X-Ah-Environment
X-Web-Node
X-B3-Spanid
X-C
Pagespeed
X-GZip
Time
T-Server
Server-Int
Rendered-Blocks
IsBot
Host-ID
NGX
Meta-Geo-Continent
MD5-Digest
Fly-Request-Id
Fly-Cache
Arc-Country
AKAMAI
BehaviorPad-Version
Cache-Prefix
Ec-Rule-Version
Ajk
X-BB-ID
X-PAYTM-SRV-ID
X-Org
X-Redis-Cache
X-Region-Sid
X-Request-UUID
X-Request-URI
X-NU-AKA-ACS-Version
X-No-Session
X-IN-APIGATEWAY
X-Hnp-Log
X-IN-SSL-APIGATEWAY
X-IN-WAF
X-Logtrace-Id
X-Irp-Debug
X-Rewrite-Enabled
X-Rojux
X-Via-CDN
X-VG-WebServer
X-Via-Edge
X-Via-SSL
Xc-Version
X-WebServer
X-UE-Client-Country
X-Trv-Group
X-ScT
X-S-Cookie
X-Server-By
X-Server-Time
X-SRCache-Key
X-SIPLIST1
X-Generation-Time
X-Generated-In
X-Accel-Expires-Debug
X-A-Wwc
X-Application
X-ARC
X-Block-Status
X-B-Cookie
X-A-Dgt
X-A-Dcw
Web-Mar-Node
VivaBuild
Www
X-A
X-A-Dam
X-A-Ccd
X-Cache-Bucket
X-CF-Lambda-Fn
X-Dispatcher-Server
X-Died
X-DPWN-IS-SECURE
X-From
X-Gen-Mode
X-G
X-Developer
X-Destination
X-CS
X-CF-Lambda-Version
X-CUA
X-D
X-Date
Viewtype
V-Age
X-SERVER-NAME
Cneonction
X-FireWall-Port
X-Amz-Meta-Cache-Control
True-Client-Country-4JS
SN
X-Cache-CFC
Server-Host
X-CGP
X-Debug-Cookies
X-Debug-Log
X-Csrf-Token
X-Crawler
X-Core-Value
Request-Time
Request-EU
NodeID
On-Server
MI-Cache-Age
MI-Cache
Magicmarker
MI-API
Origin-Cache-Control
Origin-Edge-Control
X-CACHE-GROUP
Request-Country
Release
Proxy-Connection
Pragrma
X-Wikidot-Static-Cache
X-ElasticPress-Search
X-UnsetCookies
X-Phone
X-Owner
X-Origin-TTL
X-Node-Id
X-NX-Host
X-Platform
X-RateLimit-Limit-Second
X-ServiceProvider
X-Sf
X-S-Maxage
X-RCS-CacheZone
X-RateLimit-Remaining-Second
X-Var-Ttl
X-Varnish-Action
X-F5-Cache
X-Fastly-Cache
X-External-Request-Id
X-Eu-Site
Kp-EeAlive
X-We-Are-Hiring
X-GeoIP-City
X-Hl-Ver
X-Layer
X-MI-In-Market
X-Key
X-HTML-Minification-Powered-By
X-VServer
X-Wikidot-Backend
X-Cache-Enabled
HA-Geolat
HA-Servedtime
HA-Geocountry
HA-Geocity
HA-Ipaddr
HA-Host
HA-Georegion
GMS-Ver
Backend-Name
HA-Geolon
HA-Urlpath
WZWS-RAY
Decoy-Debug-Status
Decoy-Debug-TTL
Esi-Enabled
X-Sucuri-Cache
Decoy-Debug-Key
Country-Code
HA-Cloudapp
Cache-Tags
CDCHOST
X-Powered-By-ANYU
Ha-Gx-Prefs
X-Oss-Request-Id
X-NWS-UUID-VERIFY
X-Oss-Hash-Crc64ecma
Cteonnt-Length
X-Oss-Server-Time
X-HOST
X-Webstats-RespID
X-Oss-Object-Type
X-Oss-Storage-Class
X-Developers
X-Device-Os
Fastly-Backend-Name
X-Returned-From-BeforeDispatch
X-Passed-To-PostProcessResponse
Is-Eu
X-Passed-To-BeforeDispatch
X-Response-By
X-Passed-To-DLL
X-Returned-From
X-Returned-From-DLL
X-Croise-Owner
X-Worker
X-Cache-Srv
X-Cache-Host
X-Cache-Expires
X-Stale
X-Cache-URL
X-Cdn-Origin
X-Returned-From-PostProcessResponse
X-Content-Age
X-Clientip
X-Ckpd-Fst-Backend
Countrycode
X-Epic-Correlation-Id
Apple-News-Services-Host
X-Nginx-Cache-Key
Apple-News-Services-Handled
X-Tumblr-Pixel-3
X-Up
X-MSEdge-Flight
X-MSEdge-Features
Apple-News-Services-Request-Url
X-Location
Apple-News-Services-Parsed-Url
X-Variation
Adler-Geo
X-Hash
X-TT-LOGID
X-Fetched-On
X-Trace-Id
X-Passed-To
X-Request-Time
X-Fstrz
X-GeoIP-Country-Code
X-Reboot
X-Gannett-Site-Version
X-FW-Version
X-Matched-Rule
X-Cdn-Srv
X-Alternate-Cache-Key
Thinkindot-CacheControl-Type
Thinkindot-Control
Odigeo-Trace-Id
X-Secret
PFcat
Thinkindot-CacheControl
Heartbleed
Uber-Trace-Id
X-Skip-Cache
X-Sn-Servicetimems
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Server-IP
X-Actual-URL
X-ShopId
X-ShardId
Origin
X-Thinkindot-L3
X-Shopify-Stage
Mobile-Detection-Method
X-Swa-Ws
Platform
X-Backend-TTL
X-Backend-Url
RNT-Time
Section-Io-Cache
Server-ID
X-Backend-State
RNT-Machine
X-Backend-Host
X-CACHE-AGE
Content-Disposition
Sid
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
Resin-Trace
X-Servername
HTTPS
Fastly-SWR
X-Core-Mission
Fastly-SIE
X-VCT
X-Atg-Version
X-Varnish-Ttl
X-Ua
X-Store
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Ezoic-Cdn
X-Alicdn-Da-Ups-Status
X-Iejgwucgyu
ProcessTime
RequestId
X-Servedbyhost
CDN
WP-Super-Cache
X-Pf-Uncompressing
X-Policy
X-GEO
Warning
X-B3-TraceId
CF-IPCountry
Xserver
X-Proto
X-Cache-ASPX
REQUESTUUID
Powered
X-Cluster-Node
Dnion-Transfer-Encoding
NODE
Mail-Subject
X-GoCache-CacheStatus
X-Refresh
X-TIME
We-Hiring
X-DC
X-Real-Ip
X-Pjax-Url
X-Dc
X-Req
Cache-Cookie-Set-Idcheck
ViewerVersion
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
NnCoection
X-Page-Type
X-Origin-Date
X-Origin-Expires
X-Endurance-Cache-Level
X-Time
X-Cache-Control-Set-By
X-Surge-Debug
X-Newrelic-Synthetics
X-Edge-IP
X-Server-W
X-HCF
X-Varnish-HitMiss
X-GRACE
X-CLOUD-TRACE-CONTEXT
X-COUNTRY
GeoIp-Country-Code
Geoip-Latitude
X-Nc
Hostname
X-Guploader-Uploadid
X-Aed
X-Server-Group
WWW-Authenticate
X-Oracle-Dms-Ecid
Processtime
Geoip-City
SD-X-WS
Pramga
X-Ms-Lease-State
X-Cdn-Forward
MS-CV
X-Varnish-Url
X-Wix-Route-ID
X-Wa
PICS-Label
TSSecure
A
X-CSRF-Token
X-Aicache-OS
X-Varnish-URL
X-Varnish-Beresp-TTL
Dont-Set-Cookie
X-Datadome
X-DataStream-MidMile-RTT
X-Akamai-Request-ID2
X-ABtesting
Cdn-Request-Time
X-From-Cache
X-Gdpr
X-Edge-Server
X-Flog
X-DataStream-Origin-MEX-Latency
Cdn-Host
Cdn
X-Hello
X-Geo
CACHE
Node
X-WA
X-SRV
X-Nananana
X-Auto-Login
Lfy
Ms-Operation-Id
Lb
X-RTag
X-Use-Magma
DataCenter
Mime-Version
Is-Session-Tracking
X-UPSTREAM-Address
COMMERCE-SERVER-SOFTWARE
FSS-Proxy
FSS-Cache
Get-Access-Time
X-Cache-HT
X-Env
GeoIP-Country-Code
GeoIP-Latitude
X-Optimization
X-Ratelimit-Limit
X-Load-Cache
X-Sentry-ID
X-APP
GeoIP-City
Who
PageType
X-EC-Security-Audit
X-Fastly-Backend-Reqs
X-Wix-Petri-Ex
X-WR-MODIFICATION
X-PAGE-TYPE
X-Gen-Id
X-Via-NSCOPI
X-CACHE-KEY
Rt-Proxy-Cache
X-Unique-Id
X-Cache-FS-Status
Ws
X-Cookie
X-Check-Cacheable
X-Ver
X-Meta-Tbi-Cache-Vertical
X-Served-From
X-GDPR
X-Ibm-Trace
X-Cache-Id
X-Dynatrace-Js-Agent
Memcached
X-Cache-Info
X-FORWARDED-FOR
Httpd-Identifier
X-Bip
X-MP-GENERATED-AT
X-NGINX-Cache
X-Thanos
Ohc-File-Size
X-B3-SpanId
Powered-By
X-Swift-Error
X-SVT-ORM-RULES
Pics-Label
X-Be
X-Proxy-Server
X-PJAX-URL
X-Path-Route
X-SVT-ORM-VERSION
Serverid
Memory
X-HS-Status
X-Request-Start
Version
V-Cache
X-Fastly-Cache-Hits
Group
X-Fe
X-RateLimit-Reset
X-Dw-Trace-Id
URI
X-Cache-Ttl
X-ServedByHost
X-CDN-Pop-IP
X-Shard
Cf-Ipcountry
X-P-T
X-LiteSpeed-Cache-Control
X-GZIP
X-CDN-Pop
X-ID
Apicache-Version
Apicache-Store
Amp-Access-Control-Allow-Source-Origin
Requestid
Fastly-Soc-X-Request-Id
X-Bug-Bounty
X-VC
Xet-Cookie
AGE-Hash
X-PF-Uncompressing
GW-Server
X-SB
Ohc-Response-Time
UCS
NX-Cache
X-Akamai-ERRuleID
If-Modified-Since
X-Akamai-ERPolicy
CDN-Node
X-Info
X-Ratelimit-Remaining
X-Varnish-Info
X-Micro-Cache
X-User
CDN-Cache
X-StackifyID
X-CacheKey
N-Cache
CDN-Cache-Hit
X-Distil-Cs
X-RAMCache
X-Litespeed-Cache-Control
X-SD-PageType
X-Route-Name
X-Providence-Cookie
X-Is-Crawler
X-Flags
X-ServerName
X-Cache-Handler
X-Grace-Duration
Https
X-RequestId
X-BBXSRF