Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Accept-Ranges
Last-Modified
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Xss-Protection
X-AspNetMvc-Version
Status
Timing-Allow-Origin
X-Check
X-Cache-Status
X-Adblock-Key
X-Iinfo
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-Content-Security-Policy
Content-Encoding
X-CDN
X-Template
X-Language
X-Turbo-Charged-By
X-Request-ID
Keep-Alive
X-Buckets
X-Type
EagleId
Xkey
X-Via
X-Backend
X-AH-Environment
WPE-Backend
X-Age
X-Pass-Why
Access-Control-Max-Age
X-Server
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Cache-Group
X-Varnish-Cache
X-Pingback
Upgrade
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
Grace
P3p
X-Hacker
X-UA-Device
Cf-Railgun
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Ua-Compatible
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
Request-Context
X-CST
X-Node
X-Cache-Lookup
X-Device
X-Ac
Content-Location
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cnection
X-Host
X-Amz-Version-Id
Surrogate-Control
X-WebKit-CSP
X-Backend-Server
X-Rack-Cache
X-Response-Time
X-Rq
X-Server-Id
X-Px
X-Readtime
X-Application-Context
X-Dns-Prefetch-Control
Pinterest-Generated-By
Allow
X-Instart-Request-ID
X-OneAgent-JS-Injection
EagleEye-TraceId
X-Clacks-Overhead
X-Url
Request-Id
Server-Timing
X-Country
X-Do-Not-Hack
X-Cloud-Trace-Context
X-HeyJason
Permitted-Cross-Domain-Policies
Report-To
Rating
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country-Code
X-TTL
X-Varnish-TTL
Charset
Edge-Control
X-ESI
X-Powered-CMS
X-PC
X-Vname
X-TtlSet
X-FTR-Request-ID
X-Server-Name
X-CF-Powered-By
X-DataDome
Feature-Policy
X-MS-InvokeApp
X-Cached
X-Goog-Hash
X-DynaTrace-JS-Agent
NEL
X-Origin-Cache
X-Server-ID
X-Vhost
Public-Key-Pins
X-Recruiting
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-GoogleNews-Bot
X-Geo-Segment
X-Kinja-Server
X-Kinja-Build
X-Kinja-Revision
X-Kinja
X-VARITI-CCR
X-F-Cache
X-DynaTrace
X-Version
X-Powered-By-Plesk
X-Mod-Pagespeed
X-T
Pinterest-Version
X-Upstream-Env
X-Pinterest-Rid
X-D2id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Arc-Version
PB-PID
X-Mobile-Rewrite
PB-RID
Verso
AR-PoweredBy
AR-ATIME
X-Client-IP
X-Abt-Application-Version
Content-MD5
AR-CACHE
RTSS
X-Dispatcher
X-N
X-Cdn
SPRequestGuid
X-SharePointHealthScore
X-Amz-Rid
X-Forwarded-Proto
X-GitHub-Request-Id
X-Hits
Nginx-Cache
X-Navigation-Version
X-Dw-Request-Base-Id
X-Ruxit-JS-Agent
X-B
Paypal-Debug-Id
Realpath
X-Upstream
X-Grace
X-Pad
X-Content-Digest
X-Varnish-Age
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Shield-Request-Id
X-Id
X-Content-Options
X-Ttl
Arr-Disable-Session-Affinity
MS-Author-Via
SPIisLatency
SPRequestDuration
X-Cache-Hit
X-Kinsta-Cache
TCN
X-NWS-LOG-UUID
X-Goog-Stored-Content-Length
Access-Control-Request-Method
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-Logged-In
X-Acc-Meta-Resource-Type
S
X-Mrf-Section-Lastmod
DynaTrace
MRF-Tech
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Trace
X-XRDS-Location
X-Origin-Upstream-Status
X-Vcap-Request-Id
X-VCache
X-MSEdge-Ref
X-FastCGI-Cache
X-HW
X-DIS-Request-ID
X-Zen-Fury
Cleartype
Eomportal-Instance
Front-End-Https
Surrogate-Key
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-DC
X-FTR-Expires
X-FTR-Backend
X-FTR-Realm
X-Frontend
X-Cache-Rule
X-HS-Hub-Id
X-HS-Content-Id
X-Fastly-Request-ID
X-PressLabs-Stats
Service-Worker-Allowed
Cache-Status
X-Via-JSL
X-NF-Request-ID
X-IPLB-Instance
X-User-Agent
Server-Name
X-Forwarded-For
Tracecode
X-SS-Set-Cookie
X-Request-Processing-Time
X-Request-Received
X-Hostname
X-Varnish-Backend
Fastcgi-Cache
Host
Backend-Timing
X-Analytics
Alternate-Protocol
FilterID
X-Cache-2
AR-SID
Viewport
X-Sol
Rt-Fastcgi-Cache
X-Middleton-Display
Display
X-AOL-HN
X-Whom
X-Wix-Server-Artifact-Id
X-FTR-Cache-Host
Public-Key-Pins-Report-Only
X-Oneagent-Js-Injection
TP-Cache
TP-L2-Cache
X-Revision
X-Proxied
X-Rid
Response
X-Middleton-Response
X-Content-Powered-By
X-AppVersion
X-Az
X-Activity-Id
X-Srv
ServerID
X-Debug-Info
X-Debug
X-Ser
AMP-Access-Control-Allow-Source-Origin
X-Contextid
X-Cache-Control
X-Magnolia-Registration
X-Cached-By
X-Fastcgi-Cache
X-Daa-Tunnel
X-Akam-SW-Version
X-Cache-Server
X-Mobile
MicrosoftSharePointTeamServices
Refresh
X-B3-Traceid
X-WPE-Loopback-Upstream-Addr
HitInfo
X-Webkit-Csp
HitType
Server-Info
Accept-Charset
X-Instance
X-Page-Id
X-FB-Debug
X-XRDS-LOCATION
Cache-Tag
X-Cache-Key
X-App-Server
X-Generated-By
X-Framework
X-PHP-Backend
X-Content-Security-Policy-Report-Only
Retry-After
X-LB-Cache
X-URL
X-Varnish-Grace
X-Varnish-Hostname
X-Geo-Country
X-Signature
X-TT
X-Request-Guid
X-App-Environment
X-BCube-Filmed-By
X-Cache-Age
X-RateLimit-Remaining
X-Cache-Operation
X-B-Cache
Host-Header
Powered-By-ChinaCache
Source
X-Origin-Server
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
Server-Node
X-Handled-By
X-Device-Type
Upgrade-Insecure-Requests
Ar-Sid
X-Accel-Expires
X-Newrelic-App-Data
X-Hyper-Cache
X-Platform-Server
DC
X-WA-Info
X-Akamai-Edgescape
X-APP-VERSION
X-NewRelic-App-Data
X-CACHE-GROUP
X-TT-TIMESTAMP
Liferay-Portal
X-GUploader-UploadID
X-Amzn-Trace-Id
X-Amz-Meta-S3cmd-Attrs
X-Drupal-Cache-Tags
X-Cache-Action
X-ATG-Version
AR-Request-ID
X-Varnish-Server
Fastly-Restarts
Webserver
X-B3-Sampled
X-Cluster
X-Port
X-Node-Name
X-Edge-Location
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
NGB
X-Ruxit-Js-Agent
X-S
X-Cacheable-TTL
X-WebKit-CSP-Report-Only
X-Accel-Buffering
X-Correlation-Id
X-Locale
Filters
X-GeoIP
ServedBy
X-Jobs
X-Wix-Request-Id
X-Wix-Petri-Ex
X-Source
X-Seen-By
Actual-Object-TTL
X-FW-Hash
X-Tumblr-Pixel-2
X-Varnish-Hits
Accept-CH
X-FW-Server
X-RequestSource
X-FW-Serve
X-FW-Type
X-Tumblr-Pixel-1
X-FW-Static
AsisCache
X-Amz-Replication-Status
MS-CV
X-Region
X-Correlation-ID
GEO-INFO
X-RTag
X-Distil-CS
HostName
X-UA
S-Cnection
X-Cache-TTL-Remaining
Cache
Served-By
X-Webkit-CSP
X-Cache-Config
X-Edge-Cache-Key
X-UA-Device-Type
X-Edge-Cache
Country
X-TA-CDN-Provider
X-Guploader-Uploadid
Content-Script-Type
X-Vg-Webcache
Content-Style-Type
X-Dynatrace-Js-Agent
X-Cache-Remote
X-Adobe-Content
X-Adobe-Loc
X-Ocache
X-Sucuri-ID
Datacenter
Ohc-File-Size
X-Drupal-Cache-Contexts
X-PC-Hit
X-PC-AppVer
X-PC-Key
X-HOST
X-GZip
X-Microcachable
X-Esi
X-Internal-Host
X-UUID
X-PC-Date
X-RateLimit-Limit
X-Unique-ID
X-PC-Host
X-Varnish-IP
X-Status
X-Ezoic-Cdn
X-Akamai-Transformed
X-Amz-Server-Side-Encryption
X-DataStream-Cache-Status
X-Servedby
X-TX-ID
IBM-Web2-Location
Xserver
X-Web-Node
Healthy
Meta-Geo
Machine
Load-Balancing
Access-Control-Allow-Method
X-Generated
X-Cache-Category-Id
X-ProxyCache-Key
X-BYPASS-REASON
X-Is-Bot
X-Detected-As
X-Grey
X-IP
X-JoinUs
X-Real-IP
X-ProxyCache-Status
X-Vgn-Hpd-Reason
X-Agile
User-Cache-Control
X-RN-RSRV
X-Agile-Age
X-Rendered-As
X-App-Name
X-Agile-Id
X-Akamai-Request-ID
X-Loop
X-ServerID
X-TNCMS
X-Proxy-Build
X-Origin
X-Mode
X-OVcl-Cache
X-OVcl
X-Timing-Wait
X-Instance-Name
Mn-Server-Ip
X-Backend-Name
Selected-FE
X-Debug-Cache
X-CDN-Forward
PageSpeed
X-Time-Microsecs
X-BB-IP
Now
X-Tb
X-NodeID
ServerName
Payment
X-Upgrade-Enabled
X-Varnish-Cache-Hits
DB-Nickname
L5d-Success-Class
X-FC-Vary-Parameters
X-Content-Type
Cache-Name
X-Varnish-Cacheable
X-Human
S-Rt
X-Hosted-By
Backend
X-Yottaa-Optimizations
Pagespeed
X-Proxy
X-Yottaa-Metrics
X-ProcessESI
X-PERF
X-PCL
Cache-Key
X-RemovedCookies
Azure-SlotName
Azure-Version
X-ApacheServer
X-Original-Request
X-NCache
X-EIG-Tracking-Id
X-OCL
X-CDN-Cache
User-Agent
Azure-SiteName
X-Distributor
X-Path-Route
X-Viewer-Country
Azure-RegionName
X-Site-Version
X-NGENIX-Cache
Azure-InstanceId
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Rocket-Nginx-Bypass
Property-Id
TWC-Connection-Speed
TWC-Device-Class
Webcakes-App-Name
X-Access
X-Time
X-AWS-Id
X-CCM
Webcakes-Region
TWC-Privacy
Webcakes-App-Version
TWC-Locale-Group
X-LJ-Flow-ID
Dont-Set-Cookie
X-VWS-Id
X-TWH-CORRELATION-ID
X-SplitTest
X-Section
X-Routing-Service
X-Origin-Hint
X-Via-Fastly
X-Xfnlog-Site
X-Www-Served-By
X-Zipkin-Id
X-Pubstack
X-Format
X-Origin-CC
X-Amz-Meta-Surrogate-Control
Access-Control-Request-Headers
LB
SRV
X-Cache-Ttl
X-Storage
X-L-Path
X-Cache-Backend
X-Environment-Context
WZWS-RAY
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
X-Connection-Hash
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-HS-Cache-Config
Cteonnt-Length
X-Webstats-RespID
Ms-Operation-Id
X-Transaction
Edge-Cache-Tag
X-Sucuri-Cache
X-Twitter-Response-Tags
Countrycode
X-Generation-Time
X-Optimization
X-Proto
X-Cache-HT
X-Labrador-Cache-Channel
X-Amzn-RequestId
X-Amz-Apigw-Id
X-B3-Spanid
X-ServedBy
X-SERVER-NAME
X-MP-GENERATED-AT
X-Nc
X-Ah-Environment
X-M-Reqid
X-M-Log
X-Qnm-Cache
Cache-Hits
Apicache-Version
Apicache-Store
X-Hit
X-Meta-Tbi-Cache-Vertical
X-Birta-Served
X-Birta-Cache-Post
X-Real-Ip
X-Newrelic-Synthetics
X-CLOUD-TRACE-CONTEXT
X-Tumblr-Pixel-3
X-Cache-NE
Fastly-SSL
NnCoection
From-Origin
X-Release
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Cache-Enabled
X-V
NODE
X-Dc
X-SERVER
X-Upstream-HT
X-Upstream-CT
Ec-Rule-Version
X-EdgeConnect-Cache-Status
Ws
Request-EU
X-CF-Lambda-Version
Resin-Trace
X-NU-AKA-ACS-Version
Request-Country
X-MI-In-Market
V-Age
X-Cache-URL
Rendered-Blocks
X-Wix-Route-ID
X-Via-CDN
SN
T-Server
Thinkindot-CacheControl
X-DPWN-IS-SECURE
Server-ID
Server-Host
X-WebServer
X-Org
X-CF-Lambda-Fn
X-Matched-Rule
Thinkindot-CacheControl-Type
X-Hnp-Log
X-Fetched-On
Fly-Cache
Host-ID
Httpd-Identifier
X-Date
X-From
Fly-Request-Id
X-Destination
X-VG-WebServer
X-Dispatcher-Server
X-Died
GMS-Ver
X-Developer
Country-Code
X-G
BehaviorPad-Version
MI-Cache
MI-Cache-Age
X-Hl-Ver
Viewtype
Meta-Geo-Continent
Cache-Prefix
X-Gen-Mode
Cneonction
MD5-Digest
X-D
X-Generated-In
X-C
Thinkindot-Control
X-Planisys-CDN-Rules
X-Thinkindot-L3
X-BB-ID
X-RCS-CacheZone
X-Rojux
X-Planisys-CDN-Cache
X-A-Dcw
X-A-Dgt
X-ScT
X-SVT-ORM-VERSION
X-S-Maxage
X-Planisys-CDN-TTL
X-B-Cookie
X-ARC
Xc-Version
X-Region-Sid
X-Rule
X-Accel-Expires-Debug
X-Rewrite-Enabled
X-S-Cookie
X-Trv-Group
X-Geo
X-We-Are-Hiring
X-Block-Status
Web-Mar-Node
Www
X-Via-Edge
X-Response-By
VivaBuild
X-Server-Time
Warning
X-A-Wwc
X-A
X-TT-LOGID
X-SVT-ORM-RULES
X-Application
X-Server-By
X-UE-Client-Country
X-A-Dam
X-PAYTM-SRV-ID
X-A-Ccd
X-SRCache-Key
X-Varnish-Beresp-Ttl
X-Alicdn-Da-Ups-Status
ProcessTime
X-Amz-Meta-Cache-Control
X-Device-Os
X-Cache-Bucket
X-Backend-Url
X-Cache-CFC
Is-Eu
X-Backend-Host
Kp-EeAlive
X-Backend-State
IsBot
PFcat
Release
Proxy-Connection
X-Clientip
RNT-Machine
RNT-Time
Uber-Trace-Id
True-Client-Country-4JS
Server-Int
Pragrma
Platform
NGX
MI-API
X-CS
Odigeo-Trace-Id
X-Crawler
X-Cache-Host
Origin-Edge-Control
Origin-Cache-Control
X-Alternate-Cache-Key
Cdn-Request-Time
X-Sorting-Hat-PodId
X-IN-WAF
X-Logtrace-Id
X-No-Session
X-IN-SSL-APIGATEWAY
X-IN-APIGATEWAY
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
Adler-Geo
X-Node-Id
X-Origin-Date
X-ServiceProvider
X-Sf
X-ShardId
X-ShopId
X-Server-IP
X-Origin-TTL
X-SIPLIST1
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Origin-Expires
Apple-News-Services-Request-Url
Ajk
Decoy-Debug-Key
X-Redis-Cache
Cdn-Host
Decoy-Debug-Status
Decoy-Debug-TTL
X-Request-URI
X-VServer
X-Env
X-Worker
X-GeoIP-Country-Code
CDCHOST
X-GeoIP-City
X-Hash
X-Edge-Server
X-ElasticPress-Search
NtCoent-Length
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-Passed-To-DLL
X-Cache-Srv
X-Cache-ASPX
X-Returned-From-BeforeDispatch
X-Cache-FS-Status
X-UnsetCookies
X-Platform
X-Phone
X-Varnish-HitMiss
X-Swa-Ws
X-Cache-Expires
X-Rebelmouse-Surrogate-Control
X-Reboot
X-Passed-To-PostProcessResponse
X-Up
X-Server-Group
X-Rebelmouse-Cache-Control
X-Trace-Id
X-Cache-Control-Set-By
X-Wikidot-Backend
X-Forwarded-Host
X-FireWall-Port
X-Debug-Cookies
X-Fstrz
X-HCF
X-Returned-From
X-Debug-Log
X-Fastly-Cache
X-Epic-Correlation-Id
X-Edge-IP
X-Eu-Site
X-Developers
X-F5-Cache
X-Croise-Owner
X-Core-Value
X-P-T
X-Cdn-Srv
X-Passed-To
X-VG-TLSProxy
X-Passed-To-BeforeDispatch
X-Ver
X-Sn-Servicetimems
X-Via-SSL
X-Content-Age
X-Core-Mission
X-Wikidot-Static-Cache
X-CGP
X-NX-Host
X-Cdn-Origin
HA-Georegion
HA-Host
Ha-Gx-Prefs
HA-Geolon
HA-Geolat
HA-Ipaddr
HA-Servedtime
On-Server
HTTPS
Heartbleed
HA-Urlpath
HA-Geocountry
HA-Geocity
Backend-Name
AKAMAI
X-App-Version
Time
Cache-Tags
Content-Disposition
HA-Cloudapp
Fastly-SWR
Fastly-SIE
Fastly-Backend-Name
Origin
Fastly-Soc-X-Request-Id
X-Backend-TTL
X-Actual-URL
Who
Powered-By
Request-Time
XServer
X-Atg-Version
X-HS-Combine-CSS
X-Refresh
X-Var-Ttl
X-Skip-Cache
X-From-Cache
Esi-Enabled
X-Stale
X-Nginx-Cache
X-Location
X-Info
X-GoCache-CacheStatus
RequestId
X-Ckpd-Fst-Backend
Dnion-Transfer-Encoding
X-Kong-Upstream-Latency
WWW-Authenticate
X-Kong-Proxy-Latency
Frame-Options
Cartoon
Ohc-Response-Time
Is-Session-Tracking
X-Req
Get-Access-Time
X-BBXSRF
X-Powered-By-ANYU
X-Ms-Lease-Status
X-Ms-Version
X-Ms-Blob-Type
X-Ms-Request-Id
X-MSEdge-Features
X-Owner
X-Servername
X-MSEdge-Flight
X-Key
X-Pjax-Url
X-Micro-Cache
X-Response-Served-From
X-Cache-Time
X-B3-TraceId
Mime-Version
X-Cdn-Forward
X-Pf-Uncompressing
Cdn
X-Csrf-Token
X-CUA
NodeID
X-Cache-TTL
X-GRACE
X-WR-MODIFICATION
We-Hiring
X-User
X-NC
X-Request-Time
Mail-Subject
Dynatrace
X-CCM-LastModified
X-Litespeed-Cache
WP-Super-Cache
X-Varnish-Url
X-Page-Type
CF-IPCountry
X-COUNTRY
X-TIME
X-NWS-UUID-VERIFY
X-CSRF-Token
Section-Io-Cache
MIME-Version
X-External-Request-Id
PICS-Label
X-Ua
PageType
X-LiteSpeed-Cache-Control
X-Aicache-OS
GW-Server
UCS
X-DC
X-Cache-Handler
Magicmarker
X-Pc-Appver
X-Varnish-Action
X-Pc-Hit
Geoip-City
X-Pc-Key
Geoip-Latitude
GeoIp-Country-Code
FastCGI-Cache
X-GDPR
X-Servedbyhost
Version
X-Varnish-Beresp-TTL
X-Pc-Host
X-Pc-Date
Rt-Proxy-Cache
X-Varnish-Id
X-Cache-Id
X-Request-UUID
X-Dynatrace
Accept-CH-Lifetime
X-Nananana
CACHE
X-GEO
X-Bip
X-Thanos
Memcached
X-Fastly-Backend-Reqs
X-Variation
X-Nf-Srv-Version
X-TId
X-Server-W
Processtime
CDN
Memory
X-Irp-Debug
Pagetype
X-ServedByHost
X-CACHE-KEY
X-Via-NSCOPI
COMMERCE-SERVER-SOFTWARE
Sid
X-StackifyID
X-Ibm-Trace
If-Modified-Since
Arc-Country
X-Load-Cache
GeoIP-Latitude
GeoIP-Country-Code
X-Wa
X-Be
X-Shard
GeoIP-City
Node
X-Gdpr
X-HTML-Minification-Powered-By
X-BE
X-Ig-Deployment-Stage
X-Layer
X-FW-Version
X-Sentry-ID
Sta2Tusw
X-DataStream-Origin-MEX-Latency
X-Auto-Login
X-DataStream-MidMile-RTT
X-Cluster-Node
X-UPSTREAM-Address
X-Proxy-Server
URI
X-Frame-Option
RATING
X-Tid
X-Varnish-Ttl
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
Pics-Label
X-Nginx-Cache-Key
DataCenter
X-FORWARDED-FOR
X-PAGE-TYPE
X-Varnish-URL
X-Hail-Hydra
X-Datadome
X-SRV
X-NGINX-Cache
X-Fastly-Cache-Hits
Cf-Ipcountry
Srv
X-Akamai-Request-ID2
X-Ratelimit-Remaining
X-EC-Security-Audit
X-Gen-Id
X-Gannett-Site-Version
X-Secret
X-PJAX-URL
Lb
X-ID
X-PF-Uncompressing
X-Bug-Bounty
Cache-Provider
Pramga
X-Ratelimit-Limit
X-GZIP
X-Public
X-Endurance-Cache-Level
X-Haproxy-Hostname
X-B3-SpanId
X-Cache-Var
X-Feature
V-Cache
X-CacheKey
X-Surge-Debug
X-Cache-Var-Map
Mobile-Detection-Method
X-Haproxy-Ip
X-APP
X-Dw-Trace-Id
Group
X-Litespeed-Cache-Control
SD-X-WS
X-ADI-VCache
Hostname
Serverid
Xet-Cookie
X-Shield-Cache-Expires
X-Distil-Cs
X-Akamai-ERRuleID
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-WA
X-Store
OT-Force-Account-Verify
X-Cache-Debug
Cache-Cookie-Set-Lfrom
X-CDN-Pop
X-Akamai-ERPolicy
X-RAMCache
X-Fe
X-CDN-Pop-IP
X-ND-Cache
X-Ms-Lease-State
X-SF
X-SD-PageType
X-Unique-Id
X-Varnish-ID
X-Sorting-Hat-ShopId-Cached
X-Check-Cacheable
X-VCT
X-Grace-Duration
X-RequestId
Requestid
X-Cookie
X-ServerName
X-Sorting-Hat-FeatureSet
X-Sorting-Hat-PodId-Cached
X-Request-Start
X-VG-WebCache
X-Sorting-Hat-PrivacyLevel
X-Sorting-Hat-Section