Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Accept-Ranges
Last-Modified
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Xss-Protection
X-AspNetMvc-Version
Status
Timing-Allow-Origin
X-Check
X-Cache-Status
X-Adblock-Key
X-Iinfo
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-Content-Security-Policy
X-Template
X-CDN
Content-Encoding
X-Language
X-Turbo-Charged-By
X-Request-ID
Keep-Alive
X-Buckets
X-Type
EagleId
Xkey
X-Via
X-Backend
X-AH-Environment
WPE-Backend
X-Age
X-Pass-Why
Access-Control-Max-Age
X-Server
X-Swift-SaveTime
X-Swift-CacheTime
X-Cache-Group
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-Pingback
Upgrade
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
Grace
Access-Control-Expose-Headers
X-Hacker
X-UA-Device
P3p
Cf-Railgun
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Ua-Compatible
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
Request-Context
X-CST
X-Node
X-Device
X-Cache-Lookup
X-Ac
Content-Location
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cnection
X-Host
X-Amz-Version-Id
Surrogate-Control
X-WebKit-CSP
X-Backend-Server
X-Rack-Cache
X-Response-Time
X-Rq
X-Px
X-Readtime
X-Server-Id
X-Application-Context
Pinterest-Generated-By
Allow
X-Instart-Request-ID
X-Dns-Prefetch-Control
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Clacks-Overhead
Server-Timing
Request-Id
X-Url
X-Cloud-Trace-Context
X-HeyJason
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
X-Country
Report-To
Rating
X-TTL
X-Country-Code
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Varnish-TTL
Charset
Edge-Control
X-Powered-CMS
X-Vname
X-TtlSet
X-PC
X-ESI
X-FTR-Request-ID
X-Server-ID
X-DataDome
X-CF-Powered-By
X-Server-Name
Feature-Policy
X-MS-InvokeApp
X-Goog-Hash
X-Cached
NEL
X-Origin-Cache
X-Vhost
X-Recruiting
Public-Key-Pins
X-DynaTrace-JS-Agent
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Exp-Id
X-Cdn-Fetch
X-Geo-Segment
X-Kinja-Build
X-Kinja-Server
X-Kinja-Revision
X-Kinja
X-GoogleNews-Bot
X-Exp-Variant
X-VARITI-CCR
X-F-Cache
X-Powered-By-Plesk
X-Version
X-Mod-Pagespeed
X-T
X-DynaTrace
X-Upstream-Env
X-Pinterest-Rid
Pinterest-Version
X-D2id
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Content-MD5
X-Client-IP
Verso
PB-RID
Arc-Version
PB-PID
X-Mobile-Rewrite
X-Abt-Application-Version
AR-ATIME
AR-PoweredBy
X-Dispatcher
RTSS
X-N
AR-CACHE
SPRequestGuid
X-SharePointHealthScore
X-Amz-Rid
X-Cdn
X-Forwarded-Proto
X-GitHub-Request-Id
X-Hits
X-Navigation-Version
Nginx-Cache
X-Dw-Request-Base-Id
X-Ruxit-JS-Agent
X-B
Paypal-Debug-Id
Realpath
X-Upstream
X-Grace
X-Pad
X-Content-Digest
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Shield-Request-Id
X-Varnish-Age
X-Id
X-Content-Options
Arr-Disable-Session-Affinity
X-Ttl
SPRequestDuration
X-Kinsta-Cache
SPIisLatency
X-Cache-Hit
MS-Author-Via
TCN
Access-Control-Request-Method
X-NWS-LOG-UUID
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Metageneration
X-Logged-In
X-Acc-Meta-Resource-Type
X-XRDS-Location
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Mrf-Section-Lastmod
MRF-Tech
S
X-Trace
X-Origin-Upstream-Status
X-Vcap-Request-Id
DynaTrace
X-VCache
X-MSEdge-Ref
X-HW
X-DIS-Request-ID
X-Zen-Fury
Cleartype
Front-End-Https
X-FastCGI-Cache
X-FTR-Backend-Server
X-FTR-Expires
X-FTR-Realm
X-HS-Content-Id
X-HS-Hub-Id
X-FTR-DC
X-FTR-Cache-Status
Surrogate-Key
X-Country-Code-Real
X-FTR-Balancer
Eomportal-Instance
X-FTR-Backend
X-Frontend
X-Cache-Rule
X-PressLabs-Stats
X-Fastly-Request-ID
X-NF-Request-ID
X-Oneagent-Js-Injection
X-Via-JSL
Service-Worker-Allowed
Cache-Status
X-IPLB-Instance
X-User-Agent
X-Forwarded-For
Server-Name
Tracecode
X-Request-Received
X-Request-Processing-Time
X-Hostname
X-SS-Set-Cookie
Fastcgi-Cache
X-Varnish-Backend
Alternate-Protocol
X-Analytics
Backend-Timing
Host
FilterID
X-Wix-Server-Artifact-Id
X-Cache-2
Rt-Fastcgi-Cache
Display
X-Middleton-Display
Viewport
X-Sol
X-AOL-HN
TP-Cache
X-Whom
X-FTR-Cache-Host
Public-Key-Pins-Report-Only
TP-L2-Cache
X-Proxied
X-Rid
Response
X-Revision
X-Middleton-Response
X-Content-Powered-By
X-Az
X-Activity-Id
X-AppVersion
X-Srv
ServerID
X-Debug
X-URL
X-Debug-Info
X-Ser
X-Fastcgi-Cache
X-Contextid
X-Cache-Control
AMP-Access-Control-Allow-Source-Origin
AR-SID
X-Magnolia-Registration
X-Cached-By
MicrosoftSharePointTeamServices
X-Daa-Tunnel
X-B3-Traceid
X-Cache-Server
Refresh
X-Akam-SW-Version
X-Mobile
Ar-Sid
HitInfo
X-Instance
Server-Info
HitType
X-Page-Id
Accept-Charset
X-FB-Debug
X-WPE-Loopback-Upstream-Addr
Cache-Tag
X-Cache-Key
X-App-Server
X-Generated-By
X-Content-Security-Policy-Report-Only
X-Framework
Retry-After
X-Newrelic-App-Data
X-Cache-Age
X-Geo-Country
X-Varnish-Hostname
X-PHP-Backend
Powered-By-ChinaCache
X-RateLimit-Remaining
Host-Header
X-Request-Guid
X-Signature
X-LB-Cache
X-App-Environment
X-Cache-Operation
X-TT
X-BCube-Filmed-By
X-B-Cache
X-Varnish-Grace
X-Webkit-Csp
Server-Node
X-Handled-By
X-Origin-Server
X-Tumblr-Pixel
Source
X-Tumblr-User
X-Tumblr-Pixel-0
Upgrade-Insecure-Requests
X-Device-Type
X-Accel-Expires
X-XRDS-LOCATION
X-Hyper-Cache
X-Platform-Server
DC
X-APP-VERSION
X-GUploader-UploadID
X-WA-Info
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
X-Akamai-Edgescape
X-Amzn-Trace-Id
X-TT-TIMESTAMP
X-Drupal-Cache-Tags
Liferay-Portal
X-NewRelic-App-Data
X-Cache-Action
X-CACHE-GROUP
X-Amz-Meta-S3cmd-Attrs
X-Varnish-Server
X-ATG-Version
Fastly-Restarts
X-Edge-Location
X-Correlation-ID
X-B3-Sampled
AR-Request-ID
X-Node-Name
X-Port
X-Cluster
Webserver
NGB
X-Accel-Buffering
X-S
X-Ruxit-Js-Agent
X-Cacheable-TTL
X-Locale
Filters
X-Wix-Request-Id
X-Seen-By
X-Wix-Petri-Ex
X-GeoIP
X-WebKit-CSP-Report-Only
X-Source
ServedBy
Actual-Object-TTL
X-Jobs
AsisCache
X-RequestSource
X-FW-Static
X-FW-Type
X-Varnish-Hits
X-FW-Serve
X-FW-Server
X-FW-Hash
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Dynatrace-Js-Agent
MS-CV
X-Esi
X-UA
Accept-CH
X-Amz-Replication-Status
X-RTag
S-Cnection
GEO-INFO
X-Region
X-Cache-TTL-Remaining
X-Distil-CS
Served-By
HostName
Cache
X-Cache-Config
X-Edge-Cache-Key
X-UA-Device-Type
X-Edge-Cache
X-Cache-Remote
X-Correlation-Id
Content-Style-Type
Content-Script-Type
X-Vg-Webcache
Country
X-Webkit-CSP
X-Adobe-Content
X-Adobe-Loc
X-Sucuri-ID
X-Ocache
X-TA-CDN-Provider
Ohc-File-Size
X-PC-Hit
X-Guploader-Uploadid
X-PC-AppVer
X-PC-Key
X-Drupal-Cache-Contexts
X-GZip
X-PC-Host
X-PC-Date
X-UUID
X-Microcachable
Datacenter
X-Unique-ID
X-RateLimit-Limit
X-Internal-Host
X-Varnish-IP
X-DataStream-Cache-Status
X-Status
X-HOST
X-Akamai-Transformed
X-Real-IP
X-Amz-Server-Side-Encryption
X-Ezoic-Cdn
X-TX-ID
X-CDN-Forward
Pagespeed
Healthy
IBM-Web2-Location
X-Agile-Age
X-Akamai-Request-ID
X-Agile
X-Is-Bot
Load-Balancing
X-Rendered-As
Machine
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-RN-RSRV
X-JoinUs
User-Cache-Control
X-IP
X-Agile-Id
Meta-Geo
X-Web-Node
X-Generated
X-App-Name
X-Cache-Category-Id
X-Detected-As
X-Grey
X-BYPASS-REASON
X-CCM
Selected-FE
Access-Control-Allow-Method
Mn-Server-Ip
X-ProxyCache-Status
X-ProxyCache-Key
X-Mode
X-OVcl-Cache
X-TNCMS
X-Loop
X-Xfnlog-Site
X-Proxy-Build
X-Debug-Cache
X-Timing-Wait
X-OVcl
X-Instance-Name
X-Origin
X-NodeID
DB-Nickname
X-OCL
X-PCL
Backend
Cache-Name
X-SERVER-NAME
X-Servedby
X-Content-Type
X-Viewer-Country
X-Human
X-Varnish-Cacheable
X-Varnish-Cache-Hits
X-Time-Microsecs
X-FC-Vary-Parameters
X-Tb
X-Upgrade-Enabled
X-ServerID
X-Hosted-By
ServerName
S-Rt
Payment
X-Backend-Name
X-Proxy
X-Vgn-Hpd-Reason
L5d-Success-Class
User-Agent
X-Distributor
Now
X-BB-IP
Azure-RegionName
Azure-SiteName
X-ApacheServer
Cache-Key
Azure-Version
X-CDN-Cache
Azure-InstanceId
Azure-SlotName
X-NCache
X-PERF
X-Original-Request
X-Path-Route
X-ProcessESI
X-RemovedCookies
X-Via-Fastly
X-Site-Version
LB
Property-Id
X-Section
TWC-Privacy
X-EIG-Tracking-Id
X-AWS-Id
X-Zipkin-Id
X-Routing-Service
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
X-TWH-CORRELATION-ID
Webcakes-App-Name
X-SplitTest
PageSpeed
Dont-Set-Cookie
Webcakes-Region
Webcakes-App-Version
X-Access
X-VWS-Id
X-Origin-Hint
X-Www-Served-By
X-NGENIX-Cache
TWC-Locale-Group
X-LJ-Flow-ID
X-Pubstack
X-Format
X-Amz-Meta-Surrogate-Control
X-Origin-CC
SRV
X-Rocket-Nginx-Bypass
X-Cache-Ttl
Xserver
Access-Control-Request-Headers
X-Time
X-Storage
X-L-Path
X-Cache-Backend
X-Environment-Context
WZWS-RAY
X-ServedBy
X-Oss-Hash-Crc64ecma
X-B3-Spanid
X-Oss-Object-Type
X-Webstats-RespID
X-Sucuri-Cache
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Request-Id
Edge-Cache-Tag
Countrycode
X-HS-Cache-Config
X-Generation-Time
X-Twitter-Response-Tags
X-Labrador-Cache-Channel
X-Connection-Hash
X-Cache-HT
X-Transaction
X-Optimization
X-Amzn-RequestId
Cteonnt-Length
X-Amz-Apigw-Id
X-Proto
X-MP-GENERATED-AT
Ms-Operation-Id
Cache-Hits
X-Ah-Environment
Apicache-Version
X-M-Log
X-Nc
X-M-Reqid
X-Hit
Apicache-Store
X-Qnm-Cache
X-Newrelic-Synthetics
X-Cache-NE
X-Meta-Tbi-Cache-Vertical
X-Birta-Cache-Post
X-Birta-Served
X-Tumblr-Pixel-3
X-CLOUD-TRACE-CONTEXT
Fastly-SSL
X-Real-Ip
NnCoection
From-Origin
NODE
X-Varnish-Beresp-Status
X-EdgeConnect-Cache-Status
Ws
X-Release
X-V
Ec-Rule-Version
XServer
X-Varnish-Beresp-Grace
X-Cache-Enabled
X-Geo
X-Upstream-CT
Cartoon
X-Upstream-HT
X-Dc
Resin-Trace
GMS-Ver
Request-EU
Request-Country
Rendered-Blocks
Server-Host
Server-ID
Fly-Request-Id
X-CF-Lambda-Version
SN
X-D
X-Date
Host-ID
Httpd-Identifier
Kp-EeAlive
MI-Cache
X-COUNTRY
Meta-Geo-Continent
MD5-Digest
X-DPWN-IS-SECURE
X-Dispatcher-Server
X-Developer
X-Destination
MI-Cache-Age
X-SERVER
X-Died
X-CF-Lambda-Fn
Fly-Cache
Warning
Web-Mar-Node
VivaBuild
X-A-Wwc
Viewtype
X-A-Dgt
Cache-Prefix
X-A
Www
X-A-Ccd
X-A-Dam
X-A-Dcw
X-Accel-Expires-Debug
BehaviorPad-Version
Thinkindot-CacheControl-Type
X-Block-Status
Thinkindot-CacheControl
X-C
T-Server
X-BB-ID
Thinkindot-Control
X-Application
X-Alternate-Cache-Key
X-ARC
X-B-Cookie
V-Age
Cneonction
X-Env
X-Sf
X-Server-Time
X-Server-By
X-ShardId
X-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Varnish-Beresp-Ttl
X-ScT
X-Rewrite-Enabled
X-Response-By
X-Region-Sid
X-Rojux
X-Rule
X-S-Maxage
X-Fetched-On
X-Sorting-Hat-ShopId
X-SRCache-Key
X-WebServer
X-We-Are-Hiring
X-Via-Edge
X-Alicdn-Da-Ups-Status
X-Wix-Route-ID
Xc-Version
X-Worker
X-Via-CDN
X-VG-WebServer
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Thinkindot-L3
X-Trv-Group
X-UE-Client-Country
X-TT-LOGID
X-RCS-CacheZone
X-S-Cookie
X-MI-In-Market
X-NU-AKA-ACS-Version
X-Org
X-Origin-Date
X-Hnp-Log
X-Generated-In
X-From
X-G
X-Gen-Mode
X-Origin-Expires
X-Matched-Rule
X-PAYTM-SRV-ID
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
Proxy-Connection
Pragrma
Platform
Release
X-VServer
RNT-Time
RNT-Machine
X-GeoIP-City
PFcat
Origin-Cache-Control
X-Edge-Server
X-Backend-State
X-Cache-URL
MI-API
X-Fstrz
NGX
X-Device-Os
X-Edge-IP
X-Backend-Host
Odigeo-Trace-Id
Origin-Edge-Control
X-Hash
X-Crawler
X-CS
X-Cache-CFC
X-SIPLIST1
X-ServiceProvider
X-Content-Age
X-Origin-TTL
X-P-T
X-Clientip
X-Server-IP
Uber-Trace-Id
True-Client-Country-4JS
X-Request-URI
X-Hl-Ver
Server-Int
X-Cache-Host
X-Logtrace-Id
X-Backend-Url
X-Node-Id
X-No-Session
X-Amz-Meta-Cache-Control
X-GeoIP-Country-Code
X-Cache-Bucket
Cdn-Request-Time
Cdn-Host
Country-Code
Decoy-Debug-Status
Fastly-Backend-Name
Decoy-Debug-TTL
CDCHOST
Apple-News-Services-Request-Url
Ajk
Adler-Geo
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Atg-Version
Decoy-Debug-Key
IsBot
Is-Eu
ProcessTime
X-ElasticPress-Search
AKAMAI
X-Backend-TTL
X-IN-APIGATEWAY
X-IN-SSL-APIGATEWAY
X-Swa-Ws
HTTPS
X-Trace-Id
X-Rebelmouse-Cache-Control
Cache-Tags
X-Rebelmouse-Surrogate-Control
X-Actual-URL
Time
Backend-Name
X-IN-WAF
X-Sn-Servicetimems
X-Cdn-Srv
X-Cdn-Origin
X-Croise-Owner
X-Core-Value
X-Returned-From-DLL
X-Ckpd-Fst-Backend
X-Core-Mission
X-Cache-Srv
X-Returned-From-PostProcessResponse
X-Developers
X-Reboot
X-Cache-ASPX
X-Cache-Expires
X-Returned-From
X-Server-Group
Origin
On-Server
X-Wikidot-Static-Cache
X-Passed-To-DLL
X-F5-Cache
X-Wikidot-Backend
X-Epic-Correlation-Id
X-Passed-To-PostProcessResponse
X-Ver
X-Fastly-Cache
X-Passed-To-BeforeDispatch
X-Redis-Cache
Powered-By
X-Passed-To
X-Forwarded-Host
Request-Time
X-FireWall-Port
Fastly-SWR
X-VG-TLSProxy
X-Returned-From-BeforeDispatch
X-Up
Heartbleed
Content-Disposition
Who
X-UnsetCookies
Fastly-Soc-X-Request-Id
X-Phone
Esi-Enabled
Fastly-SIE
X-HS-Combine-CSS
X-NX-Host
X-Platform
X-From-Cache
X-GoCache-CacheStatus
X-App-Version
X-Eu-Site
X-HCF
X-Debug-Cookies
X-Refresh
X-Info
X-Location
X-Debug-Log
X-Stale
HA-Geolon
HA-Georegion
X-Nginx-Cache
X-Skip-Cache
HA-Geolat
HA-Geocountry
HA-Geocity
X-Varnish-HitMiss
X-Var-Ttl
RequestId
HA-Cloudapp
Ha-Gx-Prefs
HA-Host
HA-Servedtime
X-CGP
X-Via-SSL
HA-Ipaddr
X-Cache-Control-Set-By
HA-Urlpath
NtCoent-Length
Dynatrace
Ohc-Response-Time
X-Cache-FS-Status
X-Ms-Blob-Type
X-Ms-Version
X-Req
X-Ms-Request-Id
X-BBXSRF
X-Ms-Lease-Status
Dnion-Transfer-Encoding
Get-Access-Time
X-Cache-Time
X-Micro-Cache
X-Kong-Proxy-Latency
Is-Session-Tracking
X-MSEdge-Features
X-Powered-By-ANYU
X-Servername
X-MSEdge-Flight
X-Response-Served-From
X-Kong-Upstream-Latency
Frame-Options
X-Csrf-Token
X-WR-MODIFICATION
X-Pjax-Url
X-NC
WWW-Authenticate
X-Pf-Uncompressing
Mime-Version
X-Cdn-Forward
X-B3-TraceId
X-Key
X-User
X-Request-Time
X-TIME
X-Owner
X-CUA
Cdn
X-CCM-LastModified
X-GRACE
X-Varnish-Url
CF-IPCountry
NodeID
X-Dynatrace
WP-Super-Cache
X-Page-Type
X-Cache-TTL
MIME-Version
X-Litespeed-Cache
Mail-Subject
X-External-Request-Id
We-Hiring
PICS-Label
X-NWS-UUID-VERIFY
GW-Server
X-CSRF-Token
X-DC
Section-Io-Cache
UCS
X-LiteSpeed-Cache-Control
X-Cache-Handler
X-Ua
Geoip-Latitude
Geoip-City
PageType
X-Aicache-OS
GeoIp-Country-Code
X-Servedbyhost
X-Pc-Hit
X-GDPR
Magicmarker
X-Pc-Appver
X-Varnish-Action
X-Pc-Key
Version
FastCGI-Cache
X-Nf-Srv-Version
Rt-Proxy-Cache
X-Varnish-Id
X-Cache-Id
X-Varnish-Beresp-TTL
X-Bip
X-Pc-Host
X-Pc-Date
X-Request-UUID
Memcached
X-Thanos
CDN
Accept-CH-Lifetime
X-Variation
CACHE
X-Fastly-Backend-Reqs
Memory
Processtime
X-GEO
Pagetype
X-StackifyID
X-Nananana
If-Modified-Since
X-Via-NSCOPI
COMMERCE-SERVER-SOFTWARE
X-ServedByHost
X-Server-W
X-TId
X-Ibm-Trace
X-Be
X-CACHE-KEY
X-Irp-Debug
X-Wa
Arc-Country
X-Gdpr
Sid
X-UPSTREAM-Address
X-Cluster-Node
X-Load-Cache
X-BE
X-DataStream-Origin-MEX-Latency
GeoIP-Latitude
GeoIP-Country-Code
X-HTML-Minification-Powered-By
Sta2Tusw
X-DataStream-MidMile-RTT
X-Auto-Login
DataCenter
Node
GeoIP-City
X-Shard
X-Hail-Hydra
X-FW-Version
X-Layer
X-Tid
X-Frame-Option
X-Ig-Deployment-Stage
X-Sentry-ID
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Proxy-Server
RATING
Pics-Label
X-Varnish-Ttl
X-Nginx-Cache-Key
X-Fastly-Cache-Hits
X-Varnish-URL
X-PAGE-TYPE
X-FORWARDED-FOR
URI
X-Datadome
Srv
X-Gen-Id
X-SRV
Cf-Ipcountry
X-EC-Security-Audit
X-NGINX-Cache
X-PJAX-URL
X-Bug-Bounty
Pramga
X-Gannett-Site-Version
X-Akamai-Request-ID2
X-Ratelimit-Remaining
X-Secret
Group
V-Cache
X-Endurance-Cache-Level
Cache-Provider
X-ADI-VCache
X-Haproxy-Hostname
X-ID
X-Surge-Debug
X-Shield-Cache-Expires
X-PF-Uncompressing
X-Haproxy-Ip
X-Public
X-GZIP
X-Ratelimit-Limit
OT-Force-Account-Verify
X-CacheKey
Mobile-Detection-Method
SD-X-WS
X-APP
X-Litespeed-Cache-Control
X-Dw-Trace-Id
X-ND-Cache
X-Feature
X-B3-SpanId
X-Cache-Debug
X-Cache-Var-Map
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
X-Cache-Var
Xet-Cookie
Serverid
Hostname
X-Ms-Lease-State
X-Sorting-Hat-ShopId-Cached
Lb
X-Sorting-Hat-Section
X-Sorting-Hat-PrivacyLevel
X-Sorting-Hat-PodId-Cached
X-Sorting-Hat-FeatureSet
X-Distil-Cs
X-Akamai-ERPolicy
X-RAMCache
X-CDN-Pop
X-RequestId
X-Akamai-ERRuleID
X-Fe
X-VCT
X-Store
X-CDN-Pop-IP
N-Cache
X-WA
X-Cookie
X-SD-PageType
X-VG-WebCache
Requestid
X-Varnish-ID
X-ServerName
REQUESTUUID
X-Request-Start
Accept-Ch
GEO-REGION-INFO
X-Unique-Id
X-Grace-Duration