Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Request-Id
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
X-Runtime
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Adblock-Key
X-Check
Alt-Svc
X-Cacheable
X-Generator
Content-Security-Policy-Report-Only
X-AspNetMvc-Version
X-Cache-Status
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-Template
X-Iinfo
X-Language
Status
Timing-Allow-Origin
X-Buckets
X-FRAME-OPTIONS
X-Content-Security-Policy
Content-Encoding
X-Kinja-Server-Push
Xkey
X-CDN
X-Turbo-Charged-By
Upgrade
X-Type
Keep-Alive
Access-Control-Expose-Headers
WPE-Backend
X-Pass-Why
X-AH-Environment
X-Backend
Access-Control-Max-Age
X-Age
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Server
X-Proxy-Cache
X-Via
X-Request-ID
Grace
X-Pingback
X-Nginx-Cache-Status
X-Server-Powered-By
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Hacker
X-Varnish-Cache
X-UA-Device
X-Page-Speed
EagleId
Request-Context
X-LiteSpeed-Cache
X-Envoy-Upstream-Service-Time
Cf-Railgun
X-CST
X-Ua-Compatible
X-Swift-CacheTime
X-Swift-SaveTime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Ali-Swift-Global-Savetime
X-Server-Id
X-Device
X-Amz-Version-Id
X-WebKit-CSP
Server-Timing
X-Ac
X-Node
Allow
X-OneAgent-JS-Injection
X-Response-Time
Feature-Policy
X-Rq
X-Cnection
X-Iejgwucgyu
Content-Location
X-Backend-Server
X-Cache-Lookup
Report-To
EagleEye-TraceId
Surrogate-Control
X-Host
X-Readtime
X-Application-Context
Request-Id
X-ORACLE-DMS-ECID
P3p
X-Rack-Cache
X-Url
X-Origin-Cache
X-Clacks-Overhead
X-Country
NEL
X-FTR-Request-ID
Rating
X-Country-Code
X-Cloud-Trace-Context
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-DataDome
X-Ruxit-JS-Agent
X-Cdn
X-Px
X-Instart-Request-ID
X-Mod-Pagespeed
Charset
X-Vhost
X-VARITI-CCR
X-MS-InvokeApp
Accept-CH
Pinterest-Generated-By
Edge-Control
X-Goog-Hash
Verso
X-GitHub-Request-Id
X-Upstream-Env
X-Vname
X-PC
X-TtlSet
X-Server-Name
X-Mobile-Rewrite
Arc-Version
PB-PID
PB-RID
X-ESI
X-Version
X-DynaTrace
X-Origin-Upstream-Status
X-Dns-Prefetch-Control
X-B3-TraceId
X-Powered-By-Plesk
X-D2id
X-Kinja-Build
X-Exp-Id
X-Kinja
X-Cdn-Fetch
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-GoogleNews-Bot
X-Exp-Variant
X-Cached
X-ORACLE-DMS-RID
X-TTL
X-Dispatcher
SPRequestGuid
X-Recruiting
X-Varnish-TTL
X-SharePointHealthScore
MS-Author-Via
X-Abt-Application-Version
X-Powered-CMS
Accept-CH-Lifetime
X-Navigation-Version
RTSS
Content-MD5
AR-PoweredBy
AR-ATIME
AR-CACHE
X-Shield-Request-Id
X-T
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Public-Key-Pins
X-DynaTrace-JS-Agent
X-Trace
X-Forwarded-Proto
X-Client-IP
Arr-Disable-Session-Affinity
X-Fastly-Request-ID
X-Amz-Rid
X-HW
X-Wix-Server-Artifact-Id
X-Accel-Buffering
SPRequestDuration
SPIisLatency
Realpath
X-DIS-Request-ID
Service-Worker-Allowed
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Amz-Meta-S3cmd-Attrs
AR-Request-ID
Paypal-Debug-Id
X-Oracle-Dms-Rid
Front-End-Https
X-Upstream
X-Ser
X-B
X-FTR-Balancer
X-FTR-DC
X-Pinterest-Rid
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
Pinterest-Version
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-Expires
X-F-Cache
X-Ttl
X-Id
X-Via-JSL
X-Vcap-Request-Id
X-Dw-Request-Base-Id
Ar-Sid
X-Debug
X-Varnish-Age
X-XRDS-Location
X-Goog-Storage-Class
X-Acc-Meta-Resource-Type
X-MSEdge-Ref
X-Kinsta-Cache
X-Server-ID
X-N
Nginx-Cache
X-Hits
X-NF-Request-ID
X-DataStream-Cache-Status
X-FTR-Cache-Host
S
X-NewRelic-App-Data
X-TEC-API-ROOT
X-Logged-In
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Akam-SW-Version
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-Forwarded-For
Tracecode
Alternate-Protocol
X-Frontend
X-PressLabs-Stats
X-HS-Content-Id
X-HS-Hub-Id
X-User-Agent
X-Grace
X-Amzn-Trace-Id
X-FastCGI-Cache
AMP-Access-Control-Allow-Source-Origin
TCN
Server-Name
X-Content-Options
X-Content-Digest
X-CACHE-GROUP
Refresh
Powered-By-ChinaCache
X-Middleton-Display
Display
X-Sol
X-Content-Type
Access-Control-Request-Method
X-Pad
DynaTrace
Backend-Timing
X-Analytics
MicrosoftSharePointTeamServices
Accept-Charset
X-LB-Cache
X-CF-Powered-By
FilterID
X-IPLB-Instance
X-Az
X-AppVersion
X-Activity-Id
X-Rid
X-Debug-Info
X-Zen-Fury
Host
Response
X-Middleton-Response
Fastcgi-Cache
X-Page-Id
X-Cache-Key
X-VCache
ServerID
MS-CV
X-Hostname
X-Cache-Hit
Cache-Status
X-Magnolia-Registration
TP-Cache
X-RateLimit-Remaining
TP-L2-Cache
X-Srv
X-Content-Powered-By
X-Seen-By
X-GUploader-UploadID
X-ATG-Version
X-Mobile
X-Fastcgi-Cache
X-Revision
X-Cached-By
X-WA-Info
X-Varnish-Backend
X-Whom
Host-Header
X-Request-Processing-Time
X-Request-Received
Surrogate-Key
X-B3-Sampled
Server-Info
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Instance
X-SS-Set-Cookie
X-Cluster
X-Cache-Action
X-Request-Guid
X-Platform-Server
X-Tumblr-Pixel-0
X-Tumblr-User
X-Handled-By
X-Tumblr-Pixel
X-Drupal-Cache-Tags
X-Content-Security-Policy-Report-Only
DC
Source
ViewerVersion
X-Wix-Request-Id
X-Real-IP
X-PHP-Backend
X-B-Cache
Cleartype
X-Signature
X-Framework
X-Akamai-Edgescape
X-TT
X-Origin-Server
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Template-Id
Fusion-Source
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Cache-Age
X-App-Environment
X-XRDS-LOCATION
Rt-Fastcgi-Cache
X-Geo-Country
X-App-Server
X-FW-Hash
X-Generated-By
X-FW-Static
X-FW-Type
X-FW-Server
X-FW-Serve
X-Varnish-Server
X-AOL-HN
X-BCube-Filmed-By
X-Cache-Control
Server-Node
X-Edge-Location
X-Oneagent-Js-Injection
X-TA-CDN-Provider
X-Varnish-Hostname
X-NWS-LOG-UUID
X-Cache-Rule
X-Ruxit-Js-Agent
Retry-After
X-Upstream-Proxy
X-Correlation-Id
Payment
X-Varnish-Grace
X-Amz-Server-Side-Encryption
X-Cache-2
Access-Control-Allow-Method
X-Amz-Replication-Status
X-TT-TIMESTAMP
X-Response-Served-From
Eomportal-Instance
X-FB-Debug
X-Tumblr-Pixel-2
AsisCache
X-Ezoic-Cdn
X-Varnish-Hits
GEO-INFO
Actual-Object-TTL
X-Cache-Config
Webserver
X-Cacheable-TTL
ServedBy
X-Tumblr-Pixel-1
X-UUID
Filters
X-TX-ID
Healthy
NGB
X-UA-Device-Type
Content-Script-Type
Content-Style-Type
Ms-Operation-Id
X-WebKit-CSP-Report-Only
X-Drupal-Cache-Contexts
X-Contextid
X-RTag
X-Jobs
X-Region
X-Adobe-Loc
Upgrade-Insecure-Requests
Viewport
X-Adobe-Content
X-VG-WebCache
X-Varnish-IP
X-Cache-TTL
HitType
From-Origin
X-Locale
X-Rendered-As
Cache-Tv-Group
X-RequestSource
X-Accel-Expires
Country
X-Cache-TTL-Remaining
Fastcgi-Useragent
X-Device-Type
Pagespeed
X-BACKEND-TTL
X-FW-Dynamic
X-Cache-Server
X-Content-Age
X-Servedby
Edge-Cache-Tag
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-WPE-Loopback-Upstream-Addr
Cache-Tags
X-Cache-Remote
X-Redis-Cache
X-Upgrade-Enabled
X-Source
X-APP-VERSION
X-Cache-Operation
X-RateLimit-Limit
Datacenter
Cache
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Hit
X-Storage
X-Esi
X-CACHE-KEY
Fastly-Restarts
X-GeoIP
X-Mode
NtCoent-Length
Cache-Tag
Served-By
X-S
Load-Balancing
X-Agile-Id
X-Labrador-Cache-Channel
X-Origin-Response-Time
X-JoinUs
X-Is-Bot
X-Detected-As
X-TNCMS
X-Cache-Var
X-Cache-Var-Map
X-Loop
X-Path-Route
X-Internal-Host
X-Pubstack
X-Agile
X-Time-Microsecs
Vix-Hermes-Req-Id
Meta-Geo
X-Agile-Age
X-RN-RSRV
X-Hl-Ver
X-Backend-Name
X-Akamai-Request-ID
X-NGENIX-Cache
Machine
Origin-Edge-Control
X-Birta-Served
X-Edge-IP
X-Proxy
X-Proxy-Build
X-Origin-Host
X-Timing-Wait
X-Varnish-Cache-Hits
X-Www-Served-By
X-CDN-Cache
X-L-Path
X-Environment-Context
X-Birta-Cache-Post
X-Tb
Selected-FE
X-Varnish-Cacheable
Cache-Key
X-ServerID
X-Rule
X-Hosted-By
X-Generated
X-FC-Vary-Parameters
X-NCache
X-Status
Origin-Cache-Control
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
X-ApacheServer
X-BYPASS-REASON
Now
X-Cache-Enabled
X-Cache-Category-Id
TWC-Privacy
TWC-Locale-Group
TWC-Connection-Speed
SRV
Property-Id
TWC-Device-Class
Cache-Name
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Grey
X-Format
X-Viewer-Country
X-Via-Fastly
X-VG-TLSProxy
X-Web-Node
S-Rt
X-IP
X-Microcachable
X-RemovedCookies
X-ProxyCache-Status
X-Origin-Hint
X-ProcessESI
X-PERF
X-ProxyCache-Key
X-MP-GENERATED-AT
X-CCM
Public-Key-Pins-Report-Only
X-PCL
X-Access
X-Human
X-Section
X-OCL
Azure-InstanceId
Azure-SlotName
Access-Control-Request-Headers
Azure-RegionName
X-GEO
X-Akamai-Transformed
Azure-Version
Azure-SiteName
Fastcgi-X-Cache-Version
X-Zipkin-Id
X-App-Version
X-Proxied
Xserver
X-App-Name
Cache-Hits
X-Xfnlog-Site
X-Site-Version
X-Routing-Service
User-Agent
DB-Nickname
Liferay-Portal
Mail-Subject
X-Daa-Tunnel
X-Debug-Cache
We-Hiring
X-ES-SERVER
CACHE
X-Node-Name
X-EdgeConnect-Cache-Status
LB
S-Cnection
X-Protected-By
X-Original-Request
X-FW-Version
X-Origin
X-Pc-Hit
X-Pc-Key
X-Cache-NE
X-Nginx-Cache
X-Pc-Appver
X-Sucuri-ID
X-Guploader-Uploadid
X-Ocache
X-Proto
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Trace-Id
User-Cache-Control
PageSpeed
X-Request-Time
Powered
X-Cdn-Forward
X-VWS-Id
X-UA
X-Forwarded-Host
X-LJ-Flow-ID
X-Ua
X-AWS-Id
X-GRACE
X-Tumblr-Pixel-3
X-Varnish-Ttl
X-Endurance-Cache-Level
L5d-Success-Class
Ohc-File-Size
X-Cluster-Node
Section-Io-Cache
Frame-Options
X-Webstats-RespID
X-Unique-ID
X-Correlation-ID
X-FB-TRIP-ID
X-V
X-Nc
X-Time
X-Origin-CC
OT-Force-Account-Verify
X-EIG-Tracking-Id
X-URL
X-Varnish-Beresp-Grace
X-OVcl-Cache
X-Varnish-Beresp-Status
X-OVcl
X-Origin-TTL
X-Webkit-Csp
AR-SID
Nel
Decoy-Debug-Status
Decoy-Debug-TTL
Decoy-Debug-Key
X-ElasticPress-Search
X-From
X-Cache-Backend
X-R9-Blue-Green-Version
X-Rocket-Nginx-Bypass
X-Backend-State
X-BB-ID
X-Auto-Login
X-Aed
X-Amz-Meta-Cache-Control
X-ARC
X-Application
X-B-Cookie
Xc-Version
Node
Fastly-SWR
Fly-Cache
Fly-Request-Id
GMS-Ver
Fastly-SIE
Ec-Rule-Version
BehaviorPad-Version
Cache-Prefix
Country-Code
MD5-Digest
Memcached
Rendered-Blocks
SD-X-WS
Viewtype
VivaBuild
Powered-By
On-Server
Meta-Geo-Continent
Mobile-Detection-Method
X-Cache-FS-Status
X-Accel-Expires-Debug
X-Developer
X-NU-AKA-ACS-Version
X-Transaction
X-Origin-Date
X-Origin-Expires
X-PHP-Host
X-PAYTM-SRV-ID
X-Node-Id
X-LI-UUID
X-Irp-Debug
X-Info
X-Li-Fabric
X-Li-Pop
X-LI-Proto
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Rewrite-Enabled
X-Server-By
X-Rojux
X-ScT
X-S-Cookie
X-Server-Group
X-Response-By
X-Reboot
X-SRCache-Key
X-Region-Sid
X-Request-UUID
X-ServiceProvider
X-IN-WAF
X-IN-APIGATEWAY
X-Cache-URL
X-Cache-Info
X-Cdn-Srv
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Cache-Id
X-User
X-Cache-Grace
X-Wikidot-Backend
X-Cache-Host
X-We-Are-Hiring
X-VG-WebServer
X-Connection-Hash
X-Date
X-Generated-In
X-Fetched-On
X-Trv-Group
Arc-Country
X-Goog-Meta-Goog-Reserved-File-Mtime
X-TT-LOGID
X-Twitter-Response-Tags
X-UE-Client-Country
X-Destination
X-S-Maxage
X-Distil-CS
X-External-Request-Id
X-Wikidot-Static-Cache
Www
X-Parent-Response-Time
IBM-Web2-Location
X-Dc
X-GeoIP-Country-Code
X-Hash
X-Hnp-Log
Server-Host
X-Generated-On
Thinkindot-CacheControl-Type
X-G
X-Fastly-Cache
X-Gannett-Site-Version
X-Gen-Mode
X-LAGOON
Thinkindot-Control
Thinkindot-CacheControl
X-Location
X-Passed-To
Proxy-Connection
Platform
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-NX-Host
X-Nginx-Cache-Key
X-Logtrace-Id
Who
X-Matched-Rule
X-Micro-Cache
Request-Time
X-Level-Front-Cache
X-Eu-Site
X-D
X-Cache-Bucket
X-C
X-Block-Status
X-Backend-Url
X-Bip
X-CUA
X-Cache-Debug
X-Clientip
X-CGP
X-Core-Mission
X-Crawler
X-Cache-Expires
X-Backend-Host
X-Debug-Cookies
X-A-Dgt
X-A-Wwc
X-A-Dcw
X-A-Dam
X-A
X-A-Ccd
X-Epic-Correlation-Id
X-Actual-URL
X-Dispatcher-Server
X-Debug-Log
X-Distributor
X-Alternate-Cache-Key
X-DPWN-IS-SECURE
Origin
X-Passed-To-BeforeDispatch
X-Thanos
X-Swa-Ws
Fastly-SSL
Fastly-Soc-X-Request-Id
X-Thinkindot-L3
X-Svr
X-Stale
X-Shopify-Stage
X-ShopId
X-SIPLIST1
X-Platform
X-Sorting-Hat-ShopId
Fastly-Backend-Name
Countrycode
Backend
X-Varnish-Action
Ajk
X-Varnish-Beresp-Ttl
X-Vgn-Hpd-Reason
Adler-Geo
X-Variation
Content-Disposition
Mn-Server-Ip
CDCHOST
X-Via-CDN
X-Var-Ttl
X-ShardId
X-Sorting-Hat-PodId
IsBot
X-Returned-From-BeforeDispatch
X-RateLimit-Remaining-Second
X-Returned-From
Lfy
X-RateLimit-Limit-Second
X-Proxy-Upstream
Magicmarker
X-Returned-From-DLL
Is-Eu
X-Server-IP
X-Policy
X-Secret
X-Proxy-Cache-Status
Ha-Gx-Prefs
HA-Ipaddr
X-Returned-From-PostProcessResponse
X-HS-Cache-Config
X-Sucuri-Cache
X-TIME
Warning
X-Up
X-No-Session
X-Varnish-Authentication
X-Core-Value
X-Croise-Owner
SID
X-Qloud-Router
X-Developers
X-TrackingId
Hostname
X-Instart-Isnd
X-F5-Cache
X-Fstrz
X-FireWall-Port
X-Sf
X-MSEdge-Features
X-Debug-Cache-Fetch
X-Request-URI
X-UnsetCookies
X-Debug-Cache-Store
AKAMAI
X-Debug-Cache-Expiry
X-MSEdge-Flight
Apple-News-Services-Request-Url
Web-Mar-Node
Resin-Trace
Release
Cache-Cookie-Set-Idcheck
X-Amz-Meta-Surrogate-Control
Cache-Cookie-Set-Lfrom
Apple-News-Services-Parsed-Url
True-Client-Country-4JS
Apple-News-Services-Handled
Server-Cache-Control
Server-Int
Server-Surrogate-Control
SS
Apple-News-Services-Host
Pramga
Cache-Cookie-Set-From
Heartbleed
GW-Server
X-SERVER
X-Cache-ASPX
X-Pc-Date
X-Upstream-HT
X-Upstream-CT
X-Pc-Subdomain
X-Pc-Host
X-SN
RNT-Machine
NGX
X-Owner
Kp-EeAlive
REQUESTUUID
RNT-Time
X-Device-Os
Pagetype
X-Key
X-Server-Time
X-Be
X-Page-Type
X-Cache-Miss-From
X-IN-SSL-APIGATEWAY
Server-ID
X-Pjax-Url
X-Servername
Odigeo-Trace-Id
X-Varnish-Url
X-Sedo-Request-Id
X-Server-Cache
X-B3-Traceid
X-Generation-Time
X-CDN-Forward
X-Died
X-Newrelic-App-Data
HTTPS
X-Via-NSCOPI
X-Refresh
Fastcgi-X-Cache
RequestId
X-NC
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
Cdn-Host
MIME-Version
X-Edge-Server
Cdn-Request-Time
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-B3-SpanId
X-Edge-Cache-Key
X-Edge-Cache
X-Servedbyhost
X-From-Cache
Version
HostName
ProcessTime
PFcat
X-FPC
Cteonnt-Length
Time
X-Req
PICS-Label
Mime-Version
Cdn
X-Mobile-URL
FastCGI-Cache
Cross-Origin-Window-Policy
X-NodeID
X-Cache-CFC
X-Store
X-Amzn-Remapped-Date
Esi-Enabled
X-Amzn-Remapped-Connection
X-CSRF-TOKEN
X-GZip
X-Load-Cache
CF-IPCountry
X-Hyper-Cache
X-Webkit-CSP
X-VServer
X-Layer
X-HS-Combine-CSS
Processtime
X-MI-In-Market
MI-API
MI-Cache-Age
Memory
MI-Cache
X-RCS-CacheZone
X-CLOUD-TRACE-CONTEXT
X-Skip-Cache
HA-Host
HA-Georegion
X-Wa
HA-Cloudapp
HA-Geocountry
HA-Geolon
HA-Geocity
HA-Geolat
X-RequestId
X-Dynatrace-Js-Agent
X-IPS-LoggedIn
HA-Servedtime
HA-Urlpath
X-Ratelimit-Remaining
X-Varnish-Beresp-TTL
X-Lb-Id
Cf-Ipcountry
X-HTML-Minification-Powered-By
Uber-Trace-Id
CDN
Ohc-Cache-HIT
X-Aicache-OS
X-Newrelic-Synthetics
XServer
Backend-Name
X-Geo
X-Pf-Uncompressing
X-VC-Cache
X-DC
X-Ratelimit-Limit
X-Fastly-Country-Code
X-Cms-Context
X-Real-Ip
X-B3-Spanid
X-CMS-Context
X-Gateway-Cache-Key
X-Gateway-Cache-Status
X-Gateway-Skip-Cache
X-Instart-Info
X-Mrs-Age
X-WA
X-WR-MODIFICATION
X-Unique-Id-Primal
X-UCC
X-Mrs-Cache-Hits
X-Mrs-Cache
N-Cache
X-Mshield-Cache-Status
X-Tb-Optimization-Total-Bytes-Saved
X-Atg-Version
X-PF-Uncompressing
X-WebServer
X-Phone
Ohc-Response-Time
X-Shard
Amp-Access-Control-Allow-Source-Origin
URI
X-LB-ID
Accept-Ch-Lifetime
T-Server
GeoIP-Country-Code
X-Processor
X-Release
X-Request-Start
X-Nananana
Pics-Label
X-Hp-Webp
X-BBXSRF
X-Server-W
X-Oracle-Dms-Ecid
GeoIP-Latitude
X-MServer
X-COUNTRY
X-CSRF-Token
X-APP
X-Unique-Id
X-Worker
X-Datadome
X-FORWARDED-FOR
X-SRV
X-VCT
X-Served-From
X-GeoIP-City
A
X-VHOST
X-ServedByHost
Rt-Proxy-Cache
X-LiteSpeed-Cache-Control
X-Geo-Header
Host-ID
X-GoCache-CacheStatus
X-Amzn-Remapped-Content-Length
X-ND-Cache
X-SERVER-NAME
X-HS-Status
X-CACHE-AGE
X-Check-Cacheable
DataCenter
UCS
X-Requestid
X-GZIP
Request-Country
X-Cache-HT
X-UPSTREAM-Address
X-Fastly-Cache-Hits
X-Optimization
Request-EU
X-NGINX-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
Pragrma
Geoip-Latitude
X-ID
Cneonction
FSS-Proxy
Dnion-Transfer-Encoding
FSS-Cache
X-Sn-Servicetimems
X-Varnish-URL
X-Cdn-Origin
V-Age
X-PAGE-TYPE
X-Fpc
X-BE
X-Vcache
X-Backend-TTL
X-Git-Hash
X-Fastly-Backend-Reqs
WZWS-RAY
X-Csrf-Token
X-SVT-ORM-RULES
Proxy-Firewall
X-Dw-Trace-Id
Requestid
X-Org
X-Port
GeoIp-Country-Code
X-SVT-ORM-VERSION
X-PJAX-URL
WP-Super-Cache
X-ServerName
Serverid
X-P-T
X-LiteSpeed-Tag
X-Via-Edge
X-Html-Edge-Cache
Cache-Provider
RequestUuid
Get-Access-Time
Server-Id
X-Gen-Id
X-HostName
Is-Session-Tracking
X-Via-SSL
X-NWS-UUID-VERIFY
X-StackifyID
188prxHost
189phosttRef
219prxHost
178proxuri
X-Fe
ServerName
DSUID
225prxHost
286prxHost
X-Request-Url
X-CS
X-RAMCache
Xxline
409pxxline
352pxline
355prline
Inserted-Into-Cache-At