Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Request-Id
X-Xss-Protection
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
X-Runtime
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Adblock-Key
X-Check
Alt-Svc
X-Cacheable
X-Generator
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-AspNetMvc-Version
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-Template
X-Iinfo
X-Language
Status
Timing-Allow-Origin
X-Buckets
X-FRAME-OPTIONS
X-Content-Security-Policy
Content-Encoding
X-Kinja-Server-Push
Xkey
X-CDN
X-Turbo-Charged-By
Upgrade
X-Type
Keep-Alive
Access-Control-Expose-Headers
X-Request-ID
WPE-Backend
X-Pass-Why
X-AH-Environment
X-Backend
Access-Control-Max-Age
X-Age
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Server
X-Proxy-Cache
X-Via
Grace
X-Pingback
X-Nginx-Cache-Status
X-Server-Powered-By
X-Robots-Tag
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
X-Varnish-Cache
X-UA-Device
X-Page-Speed
EagleId
Request-Context
X-LiteSpeed-Cache
Cf-Railgun
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
X-CST
X-Swift-CacheTime
X-Swift-SaveTime
X-Server-Id
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Ali-Swift-Global-Savetime
X-Device
X-WebKit-CSP
X-Amz-Version-Id
Server-Timing
X-Ac
Allow
X-Node
X-Response-Time
X-OneAgent-JS-Injection
Feature-Policy
X-Rq
X-Cnection
X-Iejgwucgyu
Content-Location
X-Cache-Lookup
X-Backend-Server
Report-To
EagleEye-TraceId
Surrogate-Control
X-Readtime
X-Host
X-Application-Context
Request-Id
X-ORACLE-DMS-ECID
P3p
X-Rack-Cache
X-Url
X-Origin-Cache
X-Clacks-Overhead
X-Country
X-FTR-Request-ID
Rating
NEL
X-Country-Code
X-Cloud-Trace-Context
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-DataDome
X-Cdn
X-Ruxit-JS-Agent
X-Px
X-Instart-Request-ID
X-Mod-Pagespeed
X-Vhost
X-MS-InvokeApp
X-VARITI-CCR
Charset
Accept-CH
Edge-Control
X-Goog-Hash
Verso
X-TtlSet
X-PC
X-GitHub-Request-Id
X-Vname
X-TTL
Arc-Version
PB-PID
PB-RID
X-Mobile-Rewrite
X-ESI
X-Server-Name
X-Upstream-Env
X-Version
Pinterest-Generated-By
X-DynaTrace
X-B3-TraceId
X-D2id
X-Powered-By-Plesk
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Kinja
X-Kinja-Build
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Cdn-Fetch
X-Cached
X-Origin-Upstream-Status
X-Dispatcher
SPRequestGuid
X-Varnish-TTL
X-SharePointHealthScore
X-Abt-Application-Version
X-Recruiting
X-ORACLE-DMS-RID
MS-Author-Via
X-Powered-CMS
Accept-CH-Lifetime
X-Navigation-Version
RTSS
Content-MD5
X-T
AR-CACHE
AR-ATIME
AR-PoweredBy
X-Shield-Request-Id
Public-Key-Pins
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-DynaTrace-JS-Agent
X-Trace
X-Client-IP
Arr-Disable-Session-Affinity
X-HW
X-Forwarded-Proto
X-Wix-Server-Artifact-Id
X-Accel-Buffering
X-Fastly-Request-ID
X-Amz-Rid
Realpath
SPIisLatency
SPRequestDuration
X-Oracle-Dms-Rid
X-DIS-Request-ID
Service-Worker-Allowed
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Upstream
X-F-Cache
X-Amz-Meta-S3cmd-Attrs
Paypal-Debug-Id
X-B
X-Ser
AR-Request-ID
Front-End-Https
X-Pinterest-Rid
Pinterest-Version
X-FTR-Realm
X-Country-Code-Real
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Balancer
X-Via-JSL
X-FTR-Expires
X-Id
X-Dw-Request-Base-Id
X-Varnish-Age
X-Vcap-Request-Id
Ar-Sid
X-Dns-Prefetch-Control
X-Debug
X-XRDS-Location
X-MSEdge-Ref
X-Goog-Storage-Class
X-Acc-Meta-Resource-Type
X-N
X-Kinsta-Cache
X-Hits
X-Server-ID
Nginx-Cache
X-NF-Request-ID
X-FTR-Cache-Host
X-NewRelic-App-Data
S
X-TEC-API-ROOT
X-Logged-In
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-DataStream-Cache-Status
X-Ttl
Mrf-Cache-Status
X-Akam-SW-Version
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-Forwarded-For
Tracecode
Alternate-Protocol
X-Frontend
X-Grace
X-PressLabs-Stats
X-HS-Hub-Id
X-HS-Content-Id
X-User-Agent
X-Amzn-Trace-Id
AMP-Access-Control-Allow-Source-Origin
X-CACHE-GROUP
Server-Name
X-Content-Digest
TCN
X-Content-Options
X-FastCGI-Cache
Refresh
Powered-By-ChinaCache
X-Pad
X-Content-Type
Access-Control-Request-Method
DynaTrace
X-Analytics
Backend-Timing
X-Middleton-Display
X-Sol
MicrosoftSharePointTeamServices
Display
Fastcgi-Cache
Accept-Charset
X-LB-Cache
X-Rid
X-AppVersion
X-IPLB-Instance
X-Activity-Id
X-Az
X-Zen-Fury
X-Page-Id
X-Debug-Info
FilterID
Host
X-CF-Powered-By
X-Cache-Key
ServerID
MS-CV
Response
X-Middleton-Response
X-Fastcgi-Cache
X-Cache-Hit
Cache-Status
TP-L2-Cache
TP-Cache
X-RateLimit-Remaining
X-Hostname
X-Magnolia-Registration
X-VCache
X-Srv
X-Content-Powered-By
X-Seen-By
X-Oneagent-Js-Injection
X-Mobile
X-ATG-Version
X-WA-Info
X-Revision
X-Cached-By
X-Varnish-Backend
Surrogate-Key
X-Request-Received
X-Request-Processing-Time
X-SS-Set-Cookie
X-B3-Sampled
X-Whom
Host-Header
X-Cluster
X-Signature
X-B-Cache
X-GUploader-UploadID
X-Tumblr-Pixel
X-Platform-Server
X-Tumblr-Pixel-0
X-Tumblr-User
X-Instance
X-Drupal-Cache-Tags
X-Handled-By
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
ViewerVersion
X-Wix-Request-Id
Server-Info
Cleartype
X-Request-Guid
DC
X-Origin-Server
X-Cache-Action
X-Content-Security-Policy-Report-Only
X-PHP-Backend
X-Akamai-Edgescape
Source
X-App-Environment
Rt-Fastcgi-Cache
X-Framework
X-TT
X-TA-CDN-Provider
X-Cache-Age
X-XRDS-LOCATION
X-Amzn-RequestId
X-Amz-Apigw-Id
Fusion-Source
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Id
Fusion-Content-Source
X-Geo-Country
X-Real-IP
X-App-Server
X-BCube-Filmed-By
X-FW-Static
X-FW-Serve
X-FW-Hash
X-Cache-Control
X-FW-Type
X-FW-Server
X-Varnish-Server
X-Generated-By
X-Edge-Location
X-AOL-HN
Server-Node
X-Cache-Rule
X-Varnish-Hostname
X-NWS-LOG-UUID
Retry-After
X-Ruxit-Js-Agent
X-Cache-2
X-Correlation-Id
Payment
X-Varnish-Grace
X-Amz-Server-Side-Encryption
X-FB-Debug
Access-Control-Allow-Method
Eomportal-Instance
X-Response-Served-From
Webserver
X-Amz-Replication-Status
X-Tumblr-Pixel-2
X-Cacheable-TTL
X-Varnish-Hits
Actual-Object-TTL
X-Tumblr-Pixel-1
NGB
X-Drupal-Cache-Contexts
X-TX-ID
Content-Script-Type
X-UA-Device-Type
Filters
Healthy
GEO-INFO
Ms-Operation-Id
Content-Style-Type
X-Jobs
X-Upstream-Proxy
X-RTag
X-TT-TIMESTAMP
X-Cache-Config
Viewport
ServedBy
X-WebKit-CSP-Report-Only
X-Region
X-Varnish-IP
AsisCache
X-UUID
Upgrade-Insecure-Requests
Country
Cache-Tv-Group
From-Origin
X-Rendered-As
X-RequestSource
X-VG-WebCache
X-Locale
X-Contextid
X-Ezoic-Cdn
X-Cache-TTL
X-Accel-Expires
HitType
X-Device-Type
X-Adobe-Loc
X-Adobe-Content
X-BACKEND-TTL
Fastcgi-Useragent
X-FW-Dynamic
X-Cache-TTL-Remaining
X-Cache-Server
X-Servedby
X-WPE-Loopback-Upstream-Addr
Edge-Cache-Tag
Pagespeed
X-Content-Age
X-Cache-Remote
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Cache
Cache-Tags
X-Upgrade-Enabled
X-Cache-Operation
X-Redis-Cache
X-APP-VERSION
X-Hit
X-Source
X-RateLimit-Limit
Fastly-Restarts
X-CACHE-KEY
Datacenter
X-Esi
X-Storage
X-GeoIP
X-Mode
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
Cache-Tag
Served-By
X-S
X-JoinUs
X-Internal-Host
X-RN-RSRV
X-Is-Bot
X-NCache
Machine
X-Path-Route
X-Time-Microsecs
Meta-Geo
X-Detected-As
Load-Balancing
X-Backend-Name
X-NGENIX-Cache
X-Cache-Var-Map
X-Cache-Var
X-Edge-IP
X-Varnish-Cacheable
X-Timing-Wait
X-Tb
X-Www-Served-By
X-Agile
X-Agile-Id
X-Agile-Age
X-Varnish-Cache-Hits
X-ServerID
X-Proxy-Build
X-Proxy
X-ProxyCache-Key
X-ProxyCache-Status
X-Rule
X-Pubstack
X-Loop
X-TNCMS
X-Akamai-Request-ID
X-BYPASS-REASON
X-Cache-Category-Id
Vix-Hermes-Req-Id
SRV
Origin-Edge-Control
Selected-FE
X-CDN-Cache
X-FC-Vary-Parameters
X-Labrador-Cache-Channel
X-Origin-Response-Time
X-Hosted-By
X-Hl-Ver
X-Generated
X-Grey
Now
Origin-Cache-Control
Xserver
Webcakes-App-Version
Webcakes-App-Name
Cache-Name
Cache-Key
Webcakes-Region
TWC-Connection-Speed
TWC-Privacy
X-RemovedCookies
S-Rt
X-ProcessESI
TWC-Device-Class
TWC-GeoIP-Country
Property-Id
TWC-Locale-Group
TWC-GeoIP-LatLong
X-Via-Fastly
X-Status
X-Origin-Hint
X-Origin-Host
X-Birta-Served
X-Environment-Context
X-Format
X-IP
X-L-Path
X-Birta-Cache-Post
X-Daa-Tunnel
X-Human
X-Web-Node
X-OCL
X-Viewer-Country
X-PCL
X-MP-GENERATED-AT
Public-Key-Pins-Report-Only
X-App-Version
X-PERF
X-ApacheServer
NtCoent-Length
X-Access
X-VG-TLSProxy
X-CCM
Azure-SlotName
Azure-Version
Azure-SiteName
Azure-RegionName
Access-Control-Request-Headers
Azure-InstanceId
X-Guploader-Uploadid
X-Cache-Enabled
Fastcgi-X-Cache-Version
X-Section
DB-Nickname
X-App-Name
We-Hiring
X-Debug-Cache
X-Proxied
X-Site-Version
X-Routing-Service
X-Xfnlog-Site
X-Zipkin-Id
X-Microcachable
Mail-Subject
X-GEO
User-Agent
X-Akamai-Transformed
Liferay-Portal
X-Pc-Hit
X-Pc-Appver
Cache-Hits
S-Cnection
X-Origin
X-EdgeConnect-Cache-Status
X-Cache-NE
X-Pc-Key
Nel
X-Protected-By
X-Original-Request
X-Node-Name
X-ES-SERVER
X-Nginx-Cache
X-FW-Version
LB
X-Sucuri-ID
CACHE
X-Ocache
User-Cache-Control
X-Request-Time
X-Proto
X-Cdn-Forward
X-Yottaa-Optimizations
X-Yottaa-Metrics
Powered
X-Ua
X-Trace-Id
X-GRACE
PageSpeed
X-UA
X-Nc
X-Varnish-Ttl
X-Tumblr-Pixel-3
X-Webstats-RespID
X-Endurance-Cache-Level
X-Forwarded-Host
Ohc-File-Size
X-AWS-Id
X-VWS-Id
X-LJ-Flow-ID
L5d-Success-Class
X-FB-TRIP-ID
X-Correlation-ID
Frame-Options
X-Origin-CC
Section-Io-Cache
X-Unique-ID
X-V
X-Time
X-Cluster-Node
X-Varnish-Beresp-Grace
X-URL
X-Varnish-Beresp-Status
OT-Force-Account-Verify
X-OVcl-Cache
X-OVcl
AR-SID
X-Origin-TTL
X-Webkit-Csp
X-EIG-Tracking-Id
X-Rocket-Nginx-Bypass
X-R9-Blue-Green-Version
IBM-Web2-Location
Decoy-Debug-Key
Decoy-Debug-TTL
Decoy-Debug-Status
X-Li-Pop
X-Destination
X-LI-Proto
BehaviorPad-Version
Mobile-Detection-Method
Xc-Version
Country-Code
X-Date
X-SRCache-Key
X-LI-UUID
X-Wikidot-Static-Cache
X-NU-AKA-ACS-Version
X-Cache-FS-Status
X-Node-Id
X-Cache-Grace
GMS-Ver
X-From
X-Micro-Cache
X-ElasticPress-Search
Powered-By
X-Aed
X-IN-APIGATEWAY
X-Server-By
Cache-Prefix
X-Cache-URL
X-Rewrite-Enabled
Fly-Cache
MD5-Digest
Meta-Geo-Continent
X-IN-WAF
X-Request-UUID
X-Generated-In
X-Li-Fabric
X-CF-Lambda-Fn
X-Irp-Debug
X-Cdn-Srv
X-Info
Fly-Request-Id
Node
X-Developer
X-S-Maxage
X-B-Cookie
X-Auto-Login
X-Distil-CS
Rendered-Blocks
X-Twitter-Response-Tags
X-BB-ID
X-DPWN-IS-SECURE
X-ARC
X-Connection-Hash
Www
Arc-Country
X-Accel-Expires-Debug
X-Region-Sid
X-Reboot
X-Transaction
X-Application
X-Trv-Group
X-Amz-Meta-Cache-Control
X-Wikidot-Backend
Memcached
X-VG-WebServer
X-Cache-Backend
X-Rojux
Ec-Rule-Version
X-We-Are-Hiring
X-Parent-Response-Time
X-Fetched-On
X-External-Request-Id
X-Server-Group
Viewtype
X-S-Cookie
X-User
X-ScT
X-UE-Client-Country
X-PAYTM-SRV-ID
VivaBuild
X-CF-Lambda-Version
X-Varnish-Beresp-Ttl
X-Vgn-Hpd-Reason
X-Dc
X-Core-Mission
X-Clientip
X-CGP
X-C
X-A-Dam
X-Alternate-Cache-Key
X-A
Who
X-Crawler
X-A-Dcw
X-Actual-URL
X-A-Wwc
X-A-Dgt
X-Backend-Host
X-Backend-Url
Server-Host
X-Cache-Id
X-Cache-Info
X-Cache-Host
X-Cache-Debug
X-Bip
X-Block-Status
X-Cache-Bucket
Request-Time
X-Policy
X-Server-IP
X-Returned-From-PostProcessResponse
X-ServiceProvider
X-Sf
X-ShardId
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Returned-From
X-ShopId
X-Shopify-Stage
X-Varnish-Action
X-Variation
SD-X-WS
X-Backend-State
X-Response-By
X-TT-LOGID
X-Thanos
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Stale
X-Svr
X-Proxy-Upstream
X-Proxy-Cache-Status
X-GeoIP-Country-Code
X-Generated-On
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hash
X-Hnp-Log
X-Gen-Mode
X-G
X-D
X-Dispatcher-Server
X-Epic-Correlation-Id
X-Eu-Site
X-LAGOON
X-Level-Front-Cache
X-Passed-To-DLL
X-Passed-To-BeforeDispatch
X-Passed-To-PostProcessResponse
X-PHP-Host
X-Platform
X-Passed-To
X-Origin-Expires
X-Location
X-Logtrace-Id
X-Nginx-Cache-Key
X-Origin-Date
X-CUA
X-A-Ccd
Is-Eu
HA-Ipaddr
Adler-Geo
X-Upstream-HT
X-Upstream-CT
Magicmarker
Lfy
Fastly-SWR
Fastly-Soc-X-Request-Id
CDCHOST
Backend
Ajk
Content-Disposition
Countrycode
Fastly-SIE
Fastly-Backend-Name
On-Server
Ha-Gx-Prefs
Platform
Proxy-Connection
X-Via-CDN
X-HS-Cache-Config
Mn-Server-Ip
X-TIME
X-Pc-Date
X-Pc-Host
X-Pc-Subdomain
Pramga
X-Gannett-Site-Version
X-Var-Ttl
Resin-Trace
X-Instart-Isnd
Thinkindot-CacheControl-Type
X-Cache-Expires
GW-Server
X-Debug-Cache-Expiry
RNT-Time
RNT-Machine
X-Debug-Cache-Store
AKAMAI
Apple-News-Services-Handled
Apple-News-Services-Host
Release
X-F5-Cache
X-FireWall-Port
X-Fastly-Cache
X-Distributor
Apple-News-Services-Parsed-Url
X-Debug-Cookies
X-MSEdge-Features
X-Debug-Log
X-Developers
Apple-News-Services-Request-Url
X-Device-Os
X-Debug-Cache-Fetch
X-Matched-Rule
Web-Mar-Node
IsBot
X-Amz-Meta-Surrogate-Control
Server-Surrogate-Control
X-Secret
Fastly-SSL
Origin
SS
X-Qloud-Router
X-SIPLIST1
X-MSEdge-Flight
Thinkindot-CacheControl
X-Swa-Ws
X-Thinkindot-L3
X-NX-Host
Thinkindot-Control
Server-Cache-Control
X-No-Session
X-Cache-ASPX
True-Client-Country-4JS
X-SERVER
Heartbleed
X-TrackingId
X-Request-URI
X-Varnish-Authentication
X-UnsetCookies
Warning
X-Sucuri-Cache
Pagetype
X-Server-Time
Cache-Cookie-Set-Lfrom
Server-ID
Server-Int
X-Up
X-IN-SSL-APIGATEWAY
X-Server-Cache
X-Key
REQUESTUUID
X-Core-Value
Cache-Cookie-Set-From
SID
Cache-Cookie-Set-Idcheck
X-Croise-Owner
Kp-EeAlive
X-Fstrz
X-Be
X-Owner
X-SN
X-Servername
X-Generation-Time
X-Varnish-Url
X-Page-Type
X-Sedo-Request-Id
X-Pjax-Url
X-Cache-Miss-From
NGX
Fastcgi-X-Cache
X-Via-NSCOPI
Odigeo-Trace-Id
RequestId
X-Died
X-B3-Traceid
X-Edge-Cache
X-Edge-Cache-Key
Hostname
HostName
X-Newrelic-App-Data
X-Refresh
Version
X-From-Cache
HTTPS
X-CDN-Forward
Cteonnt-Length
X-Oss-Server-Time
MIME-Version
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Edge-Server
Cdn
Cdn-Request-Time
PFcat
X-Oss-Object-Type
Cdn-Host
X-Oss-Storage-Class
X-B3-SpanId
X-NC
Mime-Version
X-Servedbyhost
Time
X-FPC
ProcessTime
Esi-Enabled
X-Req
X-Cache-CFC
PICS-Label
X-Store
FastCGI-Cache
X-Mobile-URL
MI-API
X-CSRF-TOKEN
X-RCS-CacheZone
MI-Cache
X-MI-In-Market
X-Layer
MI-Cache-Age
X-GZip
X-Hyper-Cache
HA-Cloudapp
HA-Georegion
Cross-Origin-Window-Policy
X-IPS-LoggedIn
X-VServer
Processtime
X-RequestId
Memory
X-Amzn-Remapped-Date
HA-Geocountry
HA-Geolon
HA-Geolat
HA-Servedtime
X-Webkit-CSP
HA-Geocity
HA-Urlpath
X-Amzn-Remapped-Connection
HA-Host
X-CLOUD-TRACE-CONTEXT
X-Load-Cache
CF-IPCountry
X-NodeID
X-Wa
X-Dynatrace-Js-Agent
X-HS-Combine-CSS
X-Ratelimit-Remaining
X-Varnish-Beresp-TTL
X-Real-Ip
X-HTML-Minification-Powered-By
X-Lb-Id
Backend-Name
X-Skip-Cache
Cf-Ipcountry
X-Aicache-OS
CDN
X-DC
X-Ratelimit-Limit
X-CMS-Context
X-Geo
X-Pf-Uncompressing
X-Newrelic-Synthetics
Ohc-Cache-HIT
X-B3-Spanid
Uber-Trace-Id
X-Mrs-Cache
X-Mrs-Cache-Hits
X-Unique-Id-Primal
X-WR-MODIFICATION
X-Mrs-Age
X-Mshield-Cache-Status
X-Instart-Info
XServer
X-NODE
X-Cms-Context
X-PF-Uncompressing
X-WebServer
X-Phone
X-VC-Cache
X-Atg-Version
X-WA
Ohc-Response-Time
X-Gateway-Skip-Cache
X-Tb-Optimization-Total-Bytes-Saved
X-Fastly-Country-Code
N-Cache
X-Gateway-Cache-Key
X-Gateway-Cache-Status
X-Release
X-Request-Start
URI
GeoIP-Country-Code
Amp-Access-Control-Allow-Source-Origin
T-Server
Accept-Ch-Lifetime
X-Nananana
GeoIP-Latitude
X-FORWARDED-FOR
X-UCC
X-Oracle-Dms-Ecid
X-Processor
X-Server-W
X-LB-ID
Pics-Label
X-COUNTRY
X-Hp-Webp
X-Unique-Id
X-MServer
X-BBXSRF
X-CSRF-Token
X-APP
X-Shard
X-Datadome
X-GoCache-CacheStatus
Rt-Proxy-Cache
X-ServedByHost
X-ND-Cache
X-Worker
X-SRV
X-Served-From
A
X-VHOST
X-LiteSpeed-Cache-Control
X-SERVER-NAME
X-VCT
X-Fastly-Cache-Hits
X-CACHE-AGE
X-UPSTREAM-Address
DataCenter
X-HS-Status
X-GeoIP-City
X-Geo-Header
Host-ID
X-Amzn-Remapped-Content-Length
UCS
X-Cdn-Origin
X-GZIP
X-Check-Cacheable
X-Requestid
X-Cache-HT
X-Optimization
V-Age
X-Sn-Servicetimems
X-NGINX-Cache
Request-Country
Request-EU
X-SVT-ORM-RULES
Cneonction
Geoip-Latitude
X-SVT-ORM-VERSION
X-Vcache
Dnion-Transfer-Encoding
X-ID
X-BE
Proxy-Firewall
X-Backend-TTL
WZWS-RAY
Requestid
X-PAGE-TYPE
X-Varnish-URL
X-ServerName
FSS-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
Pragrma
FSS-Proxy
X-Fpc
X-Git-Hash
WP-Super-Cache
X-Port
GeoIp-Country-Code
X-Csrf-Token
X-PJAX-URL
Get-Access-Time
Is-Session-Tracking
X-P-T
X-NWS-UUID-VERIFY
Serverid
RequestUuid
X-HostName
Server-Id
Cache-Provider
X-Gen-Id
X-StackifyID
X-Fe
X-Org
ServerName
X-Dw-Trace-Id
X-Fastly-Backend-Reqs
X-LiteSpeed-Tag
DSUID
X-Html-Edge-Cache
X-Via-Edge
355prline
X-GDPR
X-Via-SSL
225prxHost
188prxHost
X-Request-Url
352pxline
X-CS
178proxuri
189phosttRef
219prxHost
Xxline
Inserted-Into-Cache-At
X-RCS-Backend
286prxHost
X-RAMCache
409pxxline