Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Xss-Protection
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Request-Id
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
X-Runtime
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Adblock-Key
X-Check
Alt-Svc
X-Cacheable
X-Generator
Content-Security-Policy-Report-Only
X-AspNetMvc-Version
X-Cache-Status
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-Iinfo
X-Template
X-Language
Status
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Buckets
X-Content-Security-Policy
Content-Encoding
X-Kinja-Server-Push
Xkey
X-Turbo-Charged-By
X-CDN
Upgrade
X-Type
Keep-Alive
Access-Control-Expose-Headers
WPE-Backend
X-Pass-Why
X-AH-Environment
X-Backend
Access-Control-Max-Age
X-Age
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Server
X-Proxy-Cache
X-Request-ID
X-Via
Grace
X-Pingback
X-Nginx-Cache-Status
X-Server-Powered-By
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Hacker
X-Varnish-Cache
X-UA-Device
X-Page-Speed
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
X-LiteSpeed-Cache
X-Ua-Compatible
X-CST
X-Swift-CacheTime
X-Swift-SaveTime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Ali-Swift-Global-Savetime
X-Device
X-Server-Id
X-Amz-Version-Id
X-WebKit-CSP
Server-Timing
X-Ac
Allow
X-Node
X-OneAgent-JS-Injection
X-Response-Time
Feature-Policy
X-Rq
X-Cnection
X-Iejgwucgyu
Content-Location
X-Backend-Server
X-Cache-Lookup
Report-To
EagleEye-TraceId
Surrogate-Control
X-Host
X-Readtime
X-Application-Context
Request-Id
P3p
X-ORACLE-DMS-ECID
X-Rack-Cache
X-Url
X-Origin-Cache
X-Clacks-Overhead
X-Country
NEL
X-FTR-Request-ID
Rating
X-Country-Code
X-Cloud-Trace-Context
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-DataDome
X-Cdn
X-Ruxit-JS-Agent
X-Px
X-Instart-Request-ID
X-Mod-Pagespeed
X-Vhost
Charset
X-VARITI-CCR
X-MS-InvokeApp
Pinterest-Generated-By
Accept-CH
Edge-Control
X-Goog-Hash
Verso
X-GitHub-Request-Id
X-Upstream-Env
X-PC
X-TtlSet
X-Vname
X-Server-Name
X-Mobile-Rewrite
Arc-Version
PB-PID
PB-RID
X-ESI
X-Version
X-Dns-Prefetch-Control
X-DynaTrace
X-Powered-By-Plesk
X-Origin-Upstream-Status
X-D2id
X-Cdn-Fetch
X-Use-Magma
X-Exp-Id
X-Exp-Variant
X-Kinja
X-Kinja-Server
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Build
X-Cached
X-Dispatcher
X-B3-TraceId
X-ORACLE-DMS-RID
X-TTL
SPRequestGuid
X-Recruiting
X-SharePointHealthScore
X-Varnish-TTL
MS-Author-Via
X-Abt-Application-Version
X-Powered-CMS
Accept-CH-Lifetime
X-Navigation-Version
RTSS
Content-MD5
AR-PoweredBy
AR-ATIME
AR-CACHE
X-Shield-Request-Id
X-T
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Trace
Public-Key-Pins
X-Forwarded-Proto
X-DynaTrace-JS-Agent
X-Client-IP
X-Amz-Rid
Arr-Disable-Session-Affinity
X-HW
X-Fastly-Request-ID
X-Wix-Server-Artifact-Id
X-Accel-Buffering
SPRequestDuration
SPIisLatency
Realpath
X-DIS-Request-ID
X-Oracle-Dms-Rid
Service-Worker-Allowed
AR-Request-ID
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Amz-Meta-S3cmd-Attrs
X-Ttl
Paypal-Debug-Id
Front-End-Https
X-Upstream
X-FTR-Realm
X-FTR-Balancer
X-FTR-Backend
X-FTR-DC
X-FTR-Cache-Status
X-Ser
X-FTR-Backend-Server
X-Country-Code-Real
X-B
X-FTR-Expires
Pinterest-Version
X-Pinterest-Rid
X-Id
X-Via-JSL
X-F-Cache
X-XRDS-Location
X-Vcap-Request-Id
X-Dw-Request-Base-Id
Ar-Sid
X-Debug
X-Server-ID
X-Goog-Storage-Class
X-Varnish-Age
X-Acc-Meta-Resource-Type
X-N
X-MSEdge-Ref
X-Kinsta-Cache
Nginx-Cache
X-Hits
X-DataStream-Cache-Status
X-NF-Request-ID
X-FTR-Cache-Host
S
X-NewRelic-App-Data
X-Logged-In
X-Akam-SW-Version
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Mrf-Item-Lastmod
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-Forwarded-For
X-Grace
Tracecode
Alternate-Protocol
X-FastCGI-Cache
X-Frontend
X-User-Agent
X-HS-Content-Id
X-PressLabs-Stats
X-HS-Hub-Id
X-Amzn-Trace-Id
X-CACHE-GROUP
TCN
AMP-Access-Control-Allow-Source-Origin
Server-Name
X-Content-Options
X-Content-Digest
Powered-By-ChinaCache
Refresh
Display
X-Middleton-Display
X-Sol
X-Content-Type
Access-Control-Request-Method
X-Pad
X-Cache-Key
MicrosoftSharePointTeamServices
X-Analytics
X-Page-Id
Backend-Timing
FilterID
X-LB-Cache
X-Zen-Fury
X-Middleton-Response
DynaTrace
Response
X-IPLB-Instance
X-Activity-Id
X-Az
X-Debug-Info
X-AppVersion
X-Rid
X-CF-Powered-By
Host
Accept-Charset
Fastcgi-Cache
X-VCache
ServerID
MS-CV
X-Hostname
X-Cache-Hit
Cache-Status
TP-L2-Cache
X-Magnolia-Registration
TP-Cache
X-GUploader-UploadID
X-Srv
X-Seen-By
X-RateLimit-Remaining
X-Content-Powered-By
X-ATG-Version
X-Mobile
X-Revision
X-Cached-By
X-Fastcgi-Cache
X-WA-Info
X-Varnish-Backend
Host-Header
X-Real-IP
X-Request-Received
X-Request-Processing-Time
X-Whom
Surrogate-Key
VIX-Pulpo-Upstream-Status
X-SS-Set-Cookie
Server-Info
X-B3-Sampled
VIX-Pulpo-Node
X-Instance
X-Cache-Action
X-Cluster
X-Drupal-Cache-Tags
X-Platform-Server
X-Handled-By
X-Content-Security-Policy-Report-Only
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
DC
Source
X-Request-Guid
X-Signature
X-Wix-Request-Id
X-B-Cache
Cleartype
X-PHP-Backend
ViewerVersion
X-Amzn-RequestId
X-Amz-Apigw-Id
X-TT
X-Framework
X-Akamai-Edgescape
X-Origin-Server
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Source
X-Cache-Age
X-App-Environment
X-Geo-Country
X-App-Server
X-FW-Server
X-FW-Serve
Rt-Fastcgi-Cache
X-FW-Hash
X-FW-Static
X-FW-Type
X-Generated-By
X-AOL-HN
X-Oneagent-Js-Injection
X-Varnish-Server
X-BCube-Filmed-By
X-Cache-Control
Server-Node
X-Edge-Location
X-XRDS-LOCATION
X-Ruxit-Js-Agent
X-Upstream-Proxy
X-NWS-LOG-UUID
X-Varnish-Hostname
X-Cache-Rule
Retry-After
Payment
X-Varnish-Grace
X-Amz-Server-Side-Encryption
X-TA-CDN-Provider
X-Correlation-Id
X-Amz-Replication-Status
Access-Control-Allow-Method
X-Cache-2
X-Ezoic-Cdn
X-FB-Debug
X-Rendered-As
X-Response-Served-From
X-TT-TIMESTAMP
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Cacheable-TTL
Actual-Object-TTL
X-UA-Device-Type
X-Varnish-Hits
Eomportal-Instance
ServedBy
X-Cache-Config
AsisCache
GEO-INFO
X-Jobs
X-Region
X-Drupal-Cache-Contexts
Filters
Ms-Operation-Id
Webserver
X-Contextid
NGB
Content-Style-Type
X-TX-ID
Healthy
X-UUID
X-RTag
X-WebKit-CSP-Report-Only
Content-Script-Type
X-Adobe-Content
X-Varnish-IP
Viewport
X-VG-WebCache
Upgrade-Insecure-Requests
X-Adobe-Loc
From-Origin
Cache-Tv-Group
HitType
X-Accel-Expires
X-Locale
X-RequestSource
X-Cache-TTL
Country
Fastcgi-Useragent
X-Cache-TTL-Remaining
X-FW-Dynamic
Pagespeed
X-BACKEND-TTL
X-Device-Type
X-Cache-Server
X-Content-Age
X-Kong-Upstream-Latency
X-Servedby
Edge-Cache-Tag
X-Kong-Proxy-Latency
X-WPE-Loopback-Upstream-Addr
Cache-Tags
X-APP-VERSION
X-Redis-Cache
X-Cache-Remote
X-Source
X-Upgrade-Enabled
Datacenter
X-DataStream-MidMile-RTT
X-Cache-Operation
X-DataStream-Origin-MEX-Latency
X-Esi
X-Hit
Cache
X-Storage
X-RateLimit-Limit
X-GeoIP
Fastly-Restarts
NtCoent-Length
X-Mode
Cache-Tag
X-Path-Route
X-NGENIX-Cache
X-Hl-Ver
X-Agile-Id
X-Detected-As
X-Agile-Age
X-RN-RSRV
X-Internal-Host
Machine
X-S
X-Pubstack
Load-Balancing
X-Agile
X-Origin-Response-Time
Served-By
Meta-Geo
X-Loop
X-Cache-Var-Map
X-Akamai-Request-ID
X-Labrador-Cache-Channel
X-Is-Bot
X-JoinUs
Vix-Hermes-Req-Id
X-Cache-Var
X-TNCMS
X-Time-Microsecs
X-Backend-Name
X-Hosted-By
X-L-Path
X-NCache
X-Status
X-Origin-Host
Origin-Cache-Control
Origin-Edge-Control
Now
S-Rt
Selected-FE
X-FC-Vary-Parameters
Cache-Key
X-Microcachable
X-Varnish-Cache-Hits
X-ProxyCache-Status
X-Birta-Cache-Post
X-Www-Served-By
X-Grey
X-Tb
X-Rule
X-ServerID
X-Birta-Served
X-BYPASS-REASON
X-Edge-IP
X-Environment-Context
X-CDN-Cache
X-IP
X-Generated
X-Cache-Category-Id
X-ProxyCache-Key
X-Timing-Wait
X-Proxy-Build
X-Proxy
X-ProcessESI
Webcakes-App-Name
Webcakes-App-Version
Property-Id
X-Cache-Enabled
TWC-GeoIP-Country
X-Web-Node
TWC-Privacy
Cache-Name
TWC-Locale-Group
X-Format
TWC-GeoIP-LatLong
X-RemovedCookies
X-Origin-Hint
X-ApacheServer
X-Viewer-Country
X-CACHE-KEY
TWC-Connection-Speed
SRV
Webcakes-Region
X-PERF
X-Varnish-Cacheable
X-Via-Fastly
TWC-Device-Class
X-VG-TLSProxy
Fastcgi-X-Cache-Version
X-Access
Public-Key-Pins-Report-Only
X-CCM
X-Human
X-OCL
X-MP-GENERATED-AT
X-Akamai-Transformed
CACHE
User-Agent
X-ES-SERVER
DB-Nickname
X-PCL
Access-Control-Request-Headers
X-Section
Azure-InstanceId
Azure-Version
Cache-Hits
Azure-SiteName
Azure-SlotName
Azure-RegionName
X-Xfnlog-Site
We-Hiring
X-Site-Version
X-Zipkin-Id
X-Debug-Cache
X-App-Name
X-Routing-Service
X-Proxied
Mail-Subject
X-GEO
Xserver
X-Daa-Tunnel
Liferay-Portal
X-EdgeConnect-Cache-Status
X-Node-Name
LB
X-FW-Version
X-App-Version
X-Protected-By
S-Cnection
X-Original-Request
X-Origin
X-Pc-Appver
X-Sucuri-ID
X-Pc-Hit
X-Pc-Key
X-Cache-NE
PageSpeed
X-Proto
X-Yottaa-Metrics
X-Ocache
X-Yottaa-Optimizations
X-Nginx-Cache
X-AWS-Id
X-Trace-Id
X-VWS-Id
X-LJ-Flow-ID
X-UA
Powered
User-Cache-Control
X-Varnish-Ttl
X-Forwarded-Host
X-Endurance-Cache-Level
X-Request-Time
X-Guploader-Uploadid
X-Cluster-Node
X-Cdn-Forward
L5d-Success-Class
X-Correlation-ID
Ohc-File-Size
X-Tumblr-Pixel-3
Section-Io-Cache
Frame-Options
X-Ua
X-Unique-ID
X-Webstats-RespID
X-FB-TRIP-ID
X-V
X-URL
X-EIG-Tracking-Id
X-Origin-CC
OT-Force-Account-Verify
X-Nc
X-GRACE
X-B3-Traceid
AR-SID
X-Webkit-Csp
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-OVcl
X-Time
X-OVcl-Cache
X-Origin-TTL
Nel
X-ElasticPress-Search
Decoy-Debug-Key
Decoy-Debug-Status
X-From
Decoy-Debug-TTL
X-Cache-Backend
X-Rojux
X-Cache-Info
X-Cache-Host
X-Twitter-Response-Tags
X-Cache-Id
Arc-Country
X-Cdn-Srv
X-Transaction
X-CF-Lambda-Version
X-Connection-Hash
X-CF-Lambda-Fn
X-Date
X-TT-LOGID
X-Trv-Group
X-Cache-URL
X-SRCache-Key
Memcached
Meta-Geo-Continent
VivaBuild
X-ScT
MD5-Digest
Www
X-Accel-Expires-Debug
X-Server-Group
X-Server-By
Mobile-Detection-Method
Viewtype
X-S-Cookie
Rendered-Blocks
SD-X-WS
Powered-By
X-S-Maxage
Node
On-Server
X-Rocket-Nginx-Bypass
X-Aed
X-ServiceProvider
Ec-Rule-Version
X-Destination
Fastly-SIE
X-BB-ID
Country-Code
X-Rewrite-Enabled
X-Cache-Grace
X-Cache-FS-Status
Cache-Prefix
Fastly-SWR
Fly-Cache
X-ARC
X-Application
X-Amz-Meta-Cache-Control
X-Auto-Login
X-B-Cookie
Fly-Request-Id
X-Backend-State
GMS-Ver
BehaviorPad-Version
X-UE-Client-Country
X-IN-APIGATEWAY
X-IN-WAF
X-Info
X-Region-Sid
X-Goog-Meta-Goog-Reserved-File-Mtime
X-PAYTM-SRV-ID
X-We-Are-Hiring
X-VG-WebServer
X-Origin-Expires
X-Reboot
X-R9-Blue-Green-Version
X-Node-Id
X-Rebelmouse-Cache-Control
X-NU-AKA-ACS-Version
X-Developer
X-Irp-Debug
X-Origin-Date
X-Rebelmouse-Surrogate-Control
X-Fetched-On
X-Generated-In
X-DPWN-IS-SECURE
X-External-Request-Id
X-Response-By
X-User
X-Distil-CS
X-Wikidot-Static-Cache
Xc-Version
X-Request-UUID
X-Wikidot-Backend
X-PHP-Host
Hostname
IBM-Web2-Location
X-TIME
X-Parent-Response-Time
X-NX-Host
True-Client-Country-4JS
X-Passed-To-PostProcessResponse
X-A-Wwc
Server-Host
X-A-Dgt
X-RateLimit-Remaining-Second
X-Micro-Cache
X-Nginx-Cache-Key
X-Proxy-Upstream
X-Alternate-Cache-Key
X-Actual-URL
X-A-Dcw
X-A
X-A-Ccd
X-RateLimit-Limit-Second
X-Passed-To
X-Matched-Rule
X-Passed-To-BeforeDispatch
X-A-Dam
X-Passed-To-DLL
Thinkindot-CacheControl
Who
Thinkindot-CacheControl-Type
X-Platform
Thinkindot-Control
X-Policy
X-Level-Front-Cache
X-G
X-Returned-From-BeforeDispatch
X-Core-Mission
X-Crawler
X-Gannett-Site-Version
X-Clientip
X-CGP
X-Returned-From-DLL
X-Gen-Mode
X-CUA
X-D
X-Distributor
X-Debug-Log
X-Dispatcher-Server
X-Epic-Correlation-Id
X-Eu-Site
X-Returned-From
X-Fastly-Cache
X-Debug-Cookies
X-Generated-On
X-GeoIP-Country-Code
X-Li-Pop
X-Bip
X-Li-Fabric
X-LI-Proto
X-LI-UUID
X-Backend-Host
X-Location
X-Backend-Url
X-Block-Status
X-C
X-Hash
X-Request-URI
X-Returned-From-PostProcessResponse
X-Hnp-Log
X-Cache-Expires
X-Cache-Bucket
X-LAGOON
X-Cache-Debug
X-Logtrace-Id
IsBot
HA-Ipaddr
CDCHOST
Ha-Gx-Prefs
Content-Disposition
X-Server-IP
X-Svr
Lfy
Backend
X-Dc
Is-Eu
X-Sf
Countrycode
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
Fastly-SSL
Fastly-Soc-X-Request-Id
X-SIPLIST1
X-Stale
X-ShardId
X-ShopId
X-Shopify-Stage
Magicmarker
Ajk
X-Varnish-Action
X-Variation
X-Var-Ttl
X-Thinkindot-L3
X-Proxy-Cache-Status
Request-Time
X-SERVER
SID
X-Vgn-Hpd-Reason
Fastly-Backend-Name
Proxy-Connection
X-Via-CDN
X-Secret
Adler-Geo
Mn-Server-Ip
Origin
Platform
X-Thanos
X-Swa-Ws
X-Varnish-Beresp-Ttl
Warning
X-HS-Cache-Config
X-Developers
X-UnsetCookies
X-Device-Os
SS
X-MSEdge-Flight
X-No-Session
X-Debug-Cache-Store
Server-Surrogate-Control
X-TrackingId
X-Debug-Cache-Expiry
Server-Cache-Control
X-Up
X-MSEdge-Features
X-Fstrz
X-Sucuri-Cache
GW-Server
X-Instart-Isnd
X-Varnish-Authentication
Release
X-SN
Server-Int
RNT-Machine
X-Qloud-Router
X-F5-Cache
Pramga
X-Debug-Cache-Fetch
X-Croise-Owner
Heartbleed
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-Cache-ASPX
X-Amz-Meta-Surrogate-Control
X-FireWall-Port
Cache-Cookie-Set-Lfrom
AKAMAI
Apple-News-Services-Request-Url
X-Owner
X-Core-Value
Resin-Trace
RNT-Time
Web-Mar-Node
NGX
X-Pc-Date
X-Pc-Host
X-Pc-Subdomain
X-Upstream-HT
X-Upstream-CT
X-Server-Time
Odigeo-Trace-Id
X-Key
Kp-EeAlive
X-Page-Type
Pagetype
REQUESTUUID
X-Be
X-Pjax-Url
X-IN-SSL-APIGATEWAY
X-Cache-Miss-From
Server-ID
X-Varnish-Url
X-Server-Cache
X-Sedo-Request-Id
X-Servername
X-CDN-Forward
X-Generation-Time
X-Refresh
X-Newrelic-App-Data
HTTPS
MIME-Version
X-NC
X-Oss-Hash-Crc64ecma
X-Via-NSCOPI
X-Died
Cdn-Request-Time
X-Edge-Server
Cdn-Host
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Storage-Class
Fastcgi-X-Cache
X-B3-SpanId
X-From-Cache
RequestId
Version
X-FPC
X-Servedbyhost
X-Edge-Cache-Key
X-Edge-Cache
PICS-Label
X-Req
X-Mobile-URL
HostName
ProcessTime
PFcat
Cteonnt-Length
FastCGI-Cache
Cdn
Time
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-NodeID
Cross-Origin-Window-Policy
X-VServer
X-CSRF-TOKEN
Mime-Version
CF-IPCountry
X-GZip
X-Litespeed-Cache
X-HS-Combine-CSS
X-Store
Esi-Enabled
Processtime
X-Webkit-CSP
X-Cache-CFC
X-Load-Cache
X-CLOUD-TRACE-CONTEXT
MI-Cache-Age
X-RCS-CacheZone
Memory
MI-Cache
MI-API
X-Layer
X-MI-In-Market
X-Dynatrace-Js-Agent
X-Skip-Cache
X-Hyper-Cache
X-Varnish-Beresp-TTL
X-Ratelimit-Remaining
CDN
HA-Geolon
HA-Georegion
HA-Geolat
X-Lb-Id
HA-Geocountry
HA-Geocity
HA-Host
HA-Cloudapp
HA-Urlpath
X-IPS-LoggedIn
Uber-Trace-Id
X-Wa
X-RequestId
HA-Servedtime
XServer
Ohc-Cache-HIT
X-Newrelic-Synthetics
X-Pf-Uncompressing
X-VC-Cache
X-Aicache-OS
X-HTML-Minification-Powered-By
X-DC
X-Geo
Cf-Ipcountry
X-Ratelimit-Limit
Backend-Name
X-Cms-Context
N-Cache
X-UCC
X-Gateway-Cache-Status
X-CMS-Context
X-WA
X-Atg-Version
X-Gateway-Skip-Cache
X-Fastly-Country-Code
X-Gateway-Cache-Key
X-B3-Spanid
X-Shard
X-Instart-Info
X-Real-Ip
X-WR-MODIFICATION
X-Tb-Optimization-Total-Bytes-Saved
X-PF-Uncompressing
X-Mrs-Age
X-Mrs-Cache
X-Mrs-Cache-Hits
X-Unique-Id-Primal
X-Mshield-Cache-Status
Amp-Access-Control-Allow-Source-Origin
X-Phone
X-Processor
X-Nananana
X-LB-ID
Ohc-Response-Time
Accept-Ch-Lifetime
X-WebServer
T-Server
X-Request-Start
GeoIP-Country-Code
X-Oracle-Dms-Ecid
X-Hp-Webp
URI
X-BBXSRF
X-Release
X-COUNTRY
X-MServer
GeoIP-Latitude
X-Server-W
Pics-Label
X-APP
X-SRV
X-CSRF-Token
X-Datadome
X-FORWARDED-FOR
X-Unique-Id
X-Worker
X-VCT
X-GeoIP-City
A
X-Geo-Header
X-ServedByHost
Host-ID
X-VHOST
X-Amzn-Remapped-Content-Length
X-LiteSpeed-Cache-Control
X-SERVER-NAME
X-Served-From
X-ND-Cache
X-GoCache-CacheStatus
UCS
DataCenter
Rt-Proxy-Cache
X-CACHE-AGE
X-HS-Status
X-NGINX-Cache
X-UPSTREAM-Address
X-Check-Cacheable
X-Requestid
X-GZIP
X-Fastly-Cache-Hits
X-Cache-HT
X-Optimization
Request-EU
Request-Country
FSS-Cache
X-Planisys-CDN-TTL
FSS-Proxy
Pragrma
Geoip-Latitude
X-Planisys-CDN-Cache
Dnion-Transfer-Encoding
X-Planisys-CDN-Rules
X-Fpc
X-ID
X-Vcache
X-BE
X-Backend-TTL
WZWS-RAY
X-Sn-Servicetimems
X-PAGE-TYPE
Requestid
X-Cdn-Origin
X-Csrf-Token
X-Git-Hash
X-Varnish-URL
Server-Id
GeoIp-Country-Code
X-Port
Cneonction
WP-Super-Cache
V-Age
X-Fastly-Backend-Reqs
X-Dw-Trace-Id
X-PJAX-URL
X-Org
X-ServerName
Serverid
X-Html-Edge-Cache
X-Via-SSL
X-Via-Edge
X-SVT-ORM-RULES
Cache-Provider
X-Gen-Id
Proxy-Firewall
X-SVT-ORM-VERSION
RequestUuid
X-HostName
X-NWS-UUID-VERIFY
Xxline
X-Request-Url
X-LiteSpeed-Tag
DSUID
X-Fe
X-CS
X-P-T
Get-Access-Time
178proxuri
225prxHost
286prxHost
352pxline
355prline
219prxHost
Inserted-Into-Cache-At
X-RAMCache
188prxHost
409pxxline
189phosttRef
Is-Session-Tracking