Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Accept-Ranges
Last-Modified
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Xss-Protection
X-AspNetMvc-Version
Status
Timing-Allow-Origin
X-Check
X-Cache-Status
X-Adblock-Key
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-Content-Security-Policy
X-DNS-Prefetch-Control
X-Template
X-CDN
Content-Encoding
X-Language
X-Turbo-Charged-By
X-Request-ID
Keep-Alive
X-Buckets
X-Type
EagleId
Xkey
X-Via
X-Backend
X-AH-Environment
WPE-Backend
X-Age
X-Pass-Why
Access-Control-Max-Age
X-Server
X-Swift-CacheTime
X-Swift-SaveTime
X-Cache-Group
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-Pingback
Upgrade
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
Grace
Access-Control-Expose-Headers
X-Hacker
X-UA-Device
P3p
Cf-Railgun
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Ua-Compatible
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
Request-Context
X-CST
X-Node
X-Device
X-Cache-Lookup
X-Ac
Content-Location
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cnection
X-Host
X-Amz-Version-Id
Surrogate-Control
X-WebKit-CSP
X-Backend-Server
X-Rack-Cache
X-Dns-Prefetch-Control
X-Response-Time
X-Rq
X-Px
X-Readtime
X-Server-Id
X-Application-Context
Pinterest-Generated-By
Allow
X-Instart-Request-ID
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Clacks-Overhead
X-Url
Server-Timing
Request-Id
X-Cloud-Trace-Context
X-HeyJason
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
X-Country
Report-To
Rating
X-TTL
X-Country-Code
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Varnish-TTL
Charset
Edge-Control
X-Powered-CMS
X-Vname
X-TtlSet
X-PC
X-ESI
X-FTR-Request-ID
X-Server-ID
X-DataDome
X-CF-Powered-By
X-Server-Name
Feature-Policy
X-MS-InvokeApp
X-DynaTrace-JS-Agent
X-Goog-Hash
X-Cached
NEL
X-Origin-Cache
X-Vhost
X-Recruiting
Public-Key-Pins
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Kinja-Build
X-Kinja-Revision
X-GoogleNews-Bot
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Server
X-Geo-Segment
X-Kinja
X-VARITI-CCR
X-F-Cache
X-DynaTrace
X-Powered-By-Plesk
X-Version
X-Mod-Pagespeed
X-T
X-Upstream-Env
Pinterest-Version
X-Pinterest-Rid
X-D2id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Client-IP
Content-MD5
Verso
X-Mobile-Rewrite
PB-RID
Arc-Version
PB-PID
X-Abt-Application-Version
AR-ATIME
AR-PoweredBy
X-Dispatcher
RTSS
X-N
AR-CACHE
SPRequestGuid
X-SharePointHealthScore
X-Amz-Rid
X-Cdn
X-Forwarded-Proto
X-GitHub-Request-Id
X-Hits
X-Navigation-Version
Nginx-Cache
X-Ruxit-JS-Agent
X-Dw-Request-Base-Id
X-B
Paypal-Debug-Id
Realpath
X-Upstream
X-Grace
X-Pad
X-Content-Digest
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Shield-Request-Id
X-TEC-API-ROOT
X-Varnish-Age
X-Id
X-Content-Options
Arr-Disable-Session-Affinity
SPIisLatency
SPRequestDuration
X-Ttl
X-Cache-Hit
X-Kinsta-Cache
MS-Author-Via
TCN
Access-Control-Request-Method
X-NWS-LOG-UUID
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Storage-Class
X-Logged-In
X-Acc-Meta-Resource-Type
X-XRDS-Location
S
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Mrf-Cache-Status
MRF-Tech
X-Trace
X-Origin-Upstream-Status
X-Vcap-Request-Id
DynaTrace
X-VCache
X-MSEdge-Ref
X-HW
X-DIS-Request-ID
X-Zen-Fury
Cleartype
Eomportal-Instance
Front-End-Https
X-FastCGI-Cache
X-FTR-Backend
X-FTR-Realm
X-HS-Content-Id
X-HS-Hub-Id
X-FTR-Expires
X-FTR-DC
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Cache-Status
Surrogate-Key
X-FTR-Balancer
X-Cache-Rule
X-Frontend
X-PressLabs-Stats
X-Fastly-Request-ID
Service-Worker-Allowed
X-NF-Request-ID
X-Via-JSL
X-Oneagent-Js-Injection
Cache-Status
X-IPLB-Instance
X-User-Agent
Server-Name
Tracecode
X-Request-Processing-Time
X-Request-Received
X-SS-Set-Cookie
X-Hostname
Fastcgi-Cache
X-Forwarded-For
X-Varnish-Backend
Alternate-Protocol
X-Analytics
Host
Backend-Timing
X-Cache-2
FilterID
X-Wix-Server-Artifact-Id
Rt-Fastcgi-Cache
X-AOL-HN
Display
X-Middleton-Display
Viewport
X-Sol
Public-Key-Pins-Report-Only
X-Whom
X-FTR-Cache-Host
TP-L2-Cache
TP-Cache
X-Revision
X-Rid
X-Proxied
X-Middleton-Response
Response
X-Content-Powered-By
X-Az
X-AppVersion
X-Activity-Id
ServerID
X-Ser
X-Debug
X-Debug-Info
X-Fastcgi-Cache
X-Contextid
X-Cache-Control
AMP-Access-Control-Allow-Source-Origin
AR-SID
X-Srv
X-Magnolia-Registration
X-Cached-By
MicrosoftSharePointTeamServices
X-B3-Traceid
X-Daa-Tunnel
X-Akam-SW-Version
X-Cache-Server
X-Mobile
Refresh
Ar-Sid
HitInfo
X-Instance
Server-Info
HitType
X-Page-Id
Accept-Charset
X-Cache-Key
X-FB-Debug
X-WPE-Loopback-Upstream-Addr
Cache-Tag
X-Generated-By
X-App-Server
X-Framework
X-Newrelic-App-Data
X-Varnish-Hostname
Powered-By-ChinaCache
X-Cache-Age
Retry-After
X-Geo-Country
X-LB-Cache
X-Content-Security-Policy-Report-Only
X-PHP-Backend
X-Webkit-Csp
X-Varnish-Grace
X-Cache-Operation
X-Request-Guid
X-Signature
X-TT
X-BCube-Filmed-By
X-RateLimit-Remaining
Host-Header
X-App-Environment
X-B-Cache
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
Source
X-Handled-By
X-Origin-Server
Server-Node
X-Device-Type
Upgrade-Insecure-Requests
X-URL
X-Accel-Expires
X-XRDS-LOCATION
X-Hyper-Cache
X-Platform-Server
DC
X-APP-VERSION
X-GUploader-UploadID
X-WA-Info
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Akamai-Edgescape
X-Amzn-Trace-Id
X-TT-TIMESTAMP
Liferay-Portal
X-Drupal-Cache-Tags
X-NewRelic-App-Data
X-Cache-Action
X-CACHE-GROUP
X-Amz-Meta-S3cmd-Attrs
X-Varnish-Server
X-Edge-Location
X-ATG-Version
Fastly-Restarts
X-Correlation-ID
X-Cluster
Webserver
X-Port
X-Node-Name
X-B3-Sampled
AR-Request-ID
X-Accel-Buffering
NGB
X-Cacheable-TTL
X-Ruxit-Js-Agent
X-S
Filters
X-Seen-By
X-Wix-Petri-Ex
X-WebKit-CSP-Report-Only
X-GeoIP
X-Locale
X-Wix-Request-Id
X-Source
Actual-Object-TTL
ServedBy
X-Jobs
X-RequestSource
X-FW-Hash
X-FW-Type
X-FW-Static
X-Varnish-Hits
AsisCache
X-Tumblr-Pixel-1
X-FW-Serve
X-Tumblr-Pixel-2
X-FW-Server
MS-CV
X-Esi
X-Amz-Replication-Status
X-RTag
X-UA
Accept-CH
X-Distil-CS
GEO-INFO
X-Region
S-Cnection
X-Cache-TTL-Remaining
HostName
Served-By
Cache
X-Cache-Config
X-UA-Device-Type
X-Edge-Cache
X-Edge-Cache-Key
X-Cache-Remote
X-Correlation-Id
X-Vg-Webcache
Content-Script-Type
Content-Style-Type
Country
X-Webkit-CSP
X-Adobe-Loc
X-Adobe-Content
X-TA-CDN-Provider
X-Ocache
Datacenter
X-Sucuri-ID
Ohc-File-Size
X-Drupal-Cache-Contexts
X-Guploader-Uploadid
X-PC-AppVer
X-PC-Key
X-PC-Hit
X-Dynatrace-Js-Agent
X-PC-Date
X-Microcachable
X-PC-Host
X-GZip
X-UUID
X-Unique-ID
X-RateLimit-Limit
X-Internal-Host
X-Varnish-IP
X-DataStream-Cache-Status
X-HOST
X-Akamai-Transformed
X-Status
X-Amz-Server-Side-Encryption
X-Real-IP
X-Ezoic-Cdn
X-TX-ID
Pagespeed
Healthy
IBM-Web2-Location
X-CDN-Forward
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-ProxyCache-Key
X-Agile
X-Agile-Age
X-RN-RSRV
User-Cache-Control
X-Generated
X-Agile-Id
X-Akamai-Request-ID
X-Is-Bot
X-IP
X-App-Name
X-JoinUs
X-Web-Node
X-BYPASS-REASON
Access-Control-Allow-Method
X-Grey
X-ProxyCache-Status
X-Rendered-As
Load-Balancing
X-Cache-Category-Id
Meta-Geo
Machine
X-Detected-As
X-CCM
X-Instance-Name
X-Debug-Cache
X-Loop
X-OVcl
X-OVcl-Cache
X-Proxy-Build
X-Origin
Mn-Server-Ip
X-Mode
Selected-FE
X-Backend-Name
X-Proxy
X-TNCMS
X-Xfnlog-Site
X-Timing-Wait
X-Vgn-Hpd-Reason
X-ServerID
L5d-Success-Class
X-SERVER-NAME
X-NodeID
Cache-Name
X-Varnish-Cache-Hits
Backend
Now
X-Varnish-Cacheable
X-OCL
S-Rt
X-Servedby
X-Human
X-BB-IP
X-Viewer-Country
X-Hosted-By
X-PCL
ServerName
X-Content-Type
Payment
DB-Nickname
X-FC-Vary-Parameters
X-Upgrade-Enabled
X-Tb
X-Time-Microsecs
Azure-SlotName
Azure-SiteName
Cache-Key
Azure-Version
X-RemovedCookies
X-PERF
X-NCache
X-Distributor
X-CDN-Cache
Azure-InstanceId
X-Via-Fastly
Azure-RegionName
LB
X-Original-Request
X-ProcessESI
X-Path-Route
X-Site-Version
X-EIG-Tracking-Id
User-Agent
X-ApacheServer
Webcakes-App-Name
TWC-GeoIP-LatLong
PageSpeed
X-Www-Served-By
TWC-Locale-Group
TWC-Connection-Speed
TWC-Device-Class
Property-Id
TWC-GeoIP-Country
Webcakes-App-Version
X-NGENIX-Cache
X-AWS-Id
X-Routing-Service
X-SplitTest
X-Origin-Hint
X-Zipkin-Id
X-VWS-Id
TWC-Privacy
Webcakes-Region
X-Section
X-LJ-Flow-ID
X-Access
X-TWH-CORRELATION-ID
Dont-Set-Cookie
X-Amz-Meta-Surrogate-Control
X-Pubstack
X-Rocket-Nginx-Bypass
X-Format
X-Origin-CC
X-Cache-Ttl
Xserver
SRV
X-Time
Access-Control-Request-Headers
X-Storage
X-Cache-Backend
X-L-Path
X-Environment-Context
WZWS-RAY
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Storage-Class
X-HS-Cache-Config
Edge-Cache-Tag
X-Oss-Object-Type
X-Webstats-RespID
X-ServedBy
X-Oss-Request-Id
X-Sucuri-Cache
Countrycode
X-B3-Spanid
X-Cache-HT
X-Generation-Time
X-Connection-Hash
X-Transaction
X-Optimization
X-Twitter-Response-Tags
X-Proto
X-Labrador-Cache-Channel
X-Amz-Apigw-Id
X-Amzn-RequestId
Cteonnt-Length
Ms-Operation-Id
X-MP-GENERATED-AT
X-M-Reqid
X-M-Log
X-Qnm-Cache
Cache-Hits
Apicache-Store
X-Hit
X-Ah-Environment
Apicache-Version
X-Nc
X-Meta-Tbi-Cache-Vertical
X-Birta-Served
X-Birta-Cache-Post
X-Newrelic-Synthetics
X-Cache-NE
X-Tumblr-Pixel-3
X-CLOUD-TRACE-CONTEXT
Fastly-SSL
X-Real-Ip
From-Origin
NnCoection
NODE
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
Ec-Rule-Version
XServer
X-Release
Ws
X-EdgeConnect-Cache-Status
X-Cache-Enabled
X-V
X-Dc
X-Geo
Cartoon
X-Upstream-HT
X-Upstream-CT
X-COUNTRY
X-From
X-Fetched-On
X-Env
MI-Cache-Age
X-Date
X-Generated-In
X-Gen-Mode
X-G
Request-Country
Request-EU
Resin-Trace
X-DPWN-IS-SECURE
X-SERVER
X-Died
X-D
X-Dispatcher-Server
X-Developer
X-Destination
X-C
Cneonction
X-A-Dam
X-A-Ccd
X-A-Dcw
X-A-Dgt
X-Accel-Expires-Debug
X-A-Wwc
Country-Code
X-A
Viewtype
V-Age
Fly-Cache
VivaBuild
Warning
Www
Web-Mar-Node
X-Alternate-Cache-Key
Cache-Prefix
T-Server
X-Block-Status
X-BB-ID
SN
X-CF-Lambda-Fn
Server-ID
X-CF-Lambda-Version
GMS-Ver
Thinkindot-CacheControl
X-Application
Thinkindot-Control
X-ARC
BehaviorPad-Version
Thinkindot-CacheControl-Type
X-B-Cookie
Server-Host
ProcessTime
X-Shopify-Stage
X-ShopId
Meta-Geo-Continent
X-Sorting-Hat-PodId
X-SRCache-Key
X-Sorting-Hat-ShopId
X-ShardId
X-Sf
X-S-Maxage
Rendered-Blocks
X-ScT
X-Varnish-Beresp-Ttl
X-Server-Time
X-Server-By
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Alicdn-Da-Ups-Status
X-WebServer
X-Wix-Route-ID
X-Worker
MI-Cache
Xc-Version
X-We-Are-Hiring
X-Via-Edge
X-Trv-Group
X-Thinkindot-L3
X-TT-LOGID
X-UE-Client-Country
X-Via-CDN
X-VG-WebServer
X-Rule
X-S-Cookie
X-NU-AKA-ACS-Version
X-MI-In-Market
X-Org
X-Origin-Date
Kp-EeAlive
X-Matched-Rule
Fly-Request-Id
X-Hl-Ver
X-Hnp-Log
Host-ID
Httpd-Identifier
X-PAYTM-SRV-ID
X-Origin-Expires
MD5-Digest
X-Response-By
X-Rewrite-Enabled
X-Rojux
X-RCS-CacheZone
X-Region-Sid
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
Release
Origin-Edge-Control
Proxy-Connection
True-Client-Country-4JS
RNT-Time
NGX
PFcat
Odigeo-Trace-Id
Platform
RNT-Machine
Server-Int
Origin-Cache-Control
Pragrma
X-Fstrz
X-No-Session
X-Node-Id
X-Logtrace-Id
X-IN-WAF
X-IN-APIGATEWAY
X-IN-SSL-APIGATEWAY
X-Origin-TTL
X-P-T
X-VServer
X-Cache-URL
X-SIPLIST1
X-ServiceProvider
X-Request-URI
X-Server-IP
X-Hash
X-GeoIP-Country-Code
X-Cache-Bucket
X-Cache-Host
X-Backend-Url
X-Backend-State
X-Amz-Meta-Cache-Control
X-Backend-Host
X-Clientip
X-Content-Age
X-Edge-Server
X-GeoIP-City
X-Edge-IP
X-Device-Os
X-Crawler
X-CS
Uber-Trace-Id
X-Cache-CFC
Cdn-Request-Time
Cdn-Host
CDCHOST
Decoy-Debug-Key
Decoy-Debug-Status
Fastly-Backend-Name
Decoy-Debug-TTL
Adler-Geo
Is-Eu
Ajk
MI-API
X-Atg-Version
Apple-News-Services-Handled
Apple-News-Services-Request-Url
IsBot
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-ElasticPress-Search
X-Cdn-Srv
X-Cdn-Origin
X-CGP
X-Core-Mission
X-Server-Group
X-Ckpd-Fst-Backend
X-Cache-Control-Set-By
X-Cache-ASPX
X-Swa-Ws
X-Core-Value
X-Backend-TTL
X-Sn-Servicetimems
X-Cache-Expires
X-Cache-Srv
X-Debug-Cookies
X-Forwarded-Host
X-Platform
X-FireWall-Port
Time
X-Fastly-Cache
X-Phone
X-Passed-To-PostProcessResponse
X-NX-Host
X-HCF
X-Passed-To
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-F5-Cache
X-Rebelmouse-Cache-Control
X-Returned-From-DLL
X-Developers
X-Debug-Log
Backend-Name
X-Returned-From-PostProcessResponse
X-Returned-From-BeforeDispatch
X-Returned-From
X-Eu-Site
X-Epic-Correlation-Id
X-Rebelmouse-Surrogate-Control
X-Reboot
X-Croise-Owner
AKAMAI
HA-Geolat
X-Redis-Cache
HA-Geolon
HA-Georegion
X-Trace-Id
HA-Geocountry
X-Wikidot-Backend
HA-Cloudapp
HA-Geocity
Ha-Gx-Prefs
Request-Time
On-Server
HTTPS
Powered-By
Origin
Heartbleed
HA-Urlpath
HA-Host
HA-Ipaddr
HA-Servedtime
Fastly-SWR
X-Wikidot-Static-Cache
X-Varnish-HitMiss
Content-Disposition
Fastly-Soc-X-Request-Id
Who
X-VG-TLSProxy
Esi-Enabled
Fastly-SIE
Cache-Tags
X-Actual-URL
X-Ver
X-UnsetCookies
X-Up
X-HS-Combine-CSS
X-Info
X-Refresh
X-GoCache-CacheStatus
X-Via-SSL
RequestId
X-Location
X-App-Version
X-Var-Ttl
X-From-Cache
X-Nginx-Cache
X-Stale
X-Cache-FS-Status
X-Skip-Cache
Dynatrace
NtCoent-Length
X-BBXSRF
Ohc-Response-Time
X-Req
X-Ms-Lease-Status
X-Ms-Blob-Type
X-Ms-Version
X-Ms-Request-Id
Dnion-Transfer-Encoding
X-MSEdge-Features
X-Powered-By-ANYU
X-MSEdge-Flight
X-Micro-Cache
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Servername
X-Cache-Time
X-Response-Served-From
WWW-Authenticate
Frame-Options
Get-Access-Time
Is-Session-Tracking
X-WR-MODIFICATION
X-Csrf-Token
X-Key
X-NC
X-Owner
X-Pf-Uncompressing
X-Pjax-Url
Mime-Version
X-B3-TraceId
X-Cdn-Forward
X-Request-Time
X-CUA
NodeID
X-CCM-LastModified
X-TIME
Cdn
X-User
X-GRACE
X-Page-Type
X-Cache-TTL
Mail-Subject
WP-Super-Cache
X-Varnish-Url
We-Hiring
CF-IPCountry
X-Litespeed-Cache
MIME-Version
X-External-Request-Id
PICS-Label
X-NWS-UUID-VERIFY
X-DC
UCS
Section-Io-Cache
X-CSRF-Token
GW-Server
X-Ua
Geoip-City
X-Aicache-OS
Geoip-Latitude
PageType
X-Cache-Handler
X-LiteSpeed-Cache-Control
X-Pc-Key
Version
X-Pc-Hit
X-GDPR
GeoIp-Country-Code
X-Varnish-Action
Magicmarker
X-Servedbyhost
X-Pc-Appver
FastCGI-Cache
X-Nf-Srv-Version
X-Varnish-Id
Rt-Proxy-Cache
X-Cache-Id
X-Varnish-Beresp-TTL
X-Request-UUID
Memcached
X-Bip
X-Dynatrace
X-Thanos
X-Pc-Date
X-Pc-Host
CDN
Accept-CH-Lifetime
X-Fastly-Backend-Reqs
X-Variation
CACHE
Memory
X-GEO
X-Nananana
X-StackifyID
Pagetype
X-Irp-Debug
X-Ibm-Trace
X-TId
If-Modified-Since
X-Via-NSCOPI
X-Server-W
COMMERCE-SERVER-SOFTWARE
X-ServedByHost
X-Be
Processtime
GeoIP-Country-Code
X-Wa
X-Gdpr
Sid
Arc-Country
X-UPSTREAM-Address
X-CACHE-KEY
X-Load-Cache
X-FORWARDED-FOR
X-Cluster-Node
Sta2Tusw
GeoIP-Latitude
X-Auto-Login
Node
X-DataStream-MidMile-RTT
GeoIP-City
X-BE
X-DataStream-Origin-MEX-Latency
X-HTML-Minification-Powered-By
X-Shard
X-Hail-Hydra
X-SRV
X-Sentry-ID
X-Frame-Option
X-Ig-Deployment-Stage
X-Layer
X-Tid
X-FW-Version
X-RateLimit-Remaining-Second
RATING
X-Proxy-Server
X-Varnish-Ttl
X-Nginx-Cache-Key
X-RateLimit-Limit-Second
Pics-Label
DataCenter
X-PAGE-TYPE
URI
X-Varnish-URL
X-Fastly-Cache-Hits
X-Datadome
Cf-Ipcountry
X-NGINX-Cache
Srv
X-Gen-Id
X-EC-Security-Audit
X-Ratelimit-Remaining
X-Secret
X-PJAX-URL
X-Akamai-Request-ID2
Pramga
X-Gannett-Site-Version
X-Bug-Bounty
Group
V-Cache
X-Endurance-Cache-Level
Cache-Provider
X-Haproxy-Hostname
X-PF-Uncompressing
X-ID
X-Public
X-Surge-Debug
X-Haproxy-Ip
X-ADI-VCache
X-Shield-Cache-Expires
X-GZIP
X-Ratelimit-Limit
X-ND-Cache
X-Cache-Var-Map
Cache-Cookie-Set-Lfrom
X-B3-SpanId
X-Cache-Debug
X-CacheKey
Cache-Cookie-Set-From
X-Litespeed-Cache-Control
X-Feature
OT-Force-Account-Verify
Cache-Cookie-Set-Idcheck
X-Dw-Trace-Id
X-Cache-Var
X-APP
Mobile-Detection-Method
SD-X-WS
Hostname
Xet-Cookie
Serverid
X-Sorting-Hat-PrivacyLevel
X-Sorting-Hat-Section
Lb
X-RequestId
X-VCT
X-Sorting-Hat-PodId-Cached
X-CDN-Pop
X-CDN-Pop-IP
X-Sorting-Hat-ShopId-Cached
X-Ms-Lease-State
X-Distil-Cs
X-Akamai-ERRuleID
X-Fe
X-Akamai-ERPolicy
X-RAMCache
X-Sorting-Hat-FeatureSet
X-Store
X-WA
X-Grace-Duration
X-SD-PageType
X-ServerName
X-Unique-Id
N-Cache
X-Cookie
REQUESTUUID
X-VG-WebCache
GEO-REGION-INFO
Requestid
X-Varnish-ID
Accept-Ch
X-Request-Start