Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Accept-Ranges
Last-Modified
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Xss-Protection
X-AspNetMvc-Version
Status
Timing-Allow-Origin
X-Check
X-Cache-Status
X-Adblock-Key
X-Iinfo
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-Content-Security-Policy
Content-Encoding
X-Template
X-CDN
X-Language
X-Turbo-Charged-By
X-Request-ID
Keep-Alive
X-Buckets
X-Type
EagleId
Xkey
X-Via
X-Backend
X-AH-Environment
WPE-Backend
X-Age
X-Pass-Why
Access-Control-Max-Age
X-Server
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Cache-Group
X-Varnish-Cache
X-Pingback
Upgrade
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
Grace
X-Hacker
P3p
X-UA-Device
Cf-Railgun
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Ua-Compatible
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
Request-Context
X-CST
X-Node
X-Cache-Lookup
X-Device
X-Ac
Content-Location
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cnection
X-Host
X-Amz-Version-Id
Surrogate-Control
X-WebKit-CSP
X-Backend-Server
X-Rack-Cache
X-Response-Time
X-Rq
X-Px
X-Readtime
X-Server-Id
X-Application-Context
Pinterest-Generated-By
X-Dns-Prefetch-Control
Allow
X-Instart-Request-ID
X-OneAgent-JS-Injection
EagleEye-TraceId
X-Clacks-Overhead
X-Url
Server-Timing
Request-Id
Permitted-Cross-Domain-Policies
X-Country
X-Do-Not-Hack
X-HeyJason
X-Cloud-Trace-Context
Report-To
Rating
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country-Code
X-TTL
X-Varnish-TTL
Charset
Edge-Control
X-ESI
X-Powered-CMS
X-Vname
X-TtlSet
X-PC
X-Server-ID
X-FTR-Request-ID
X-Server-Name
X-CF-Powered-By
X-DataDome
Feature-Policy
X-MS-InvokeApp
X-Cached
X-Goog-Hash
X-DynaTrace-JS-Agent
X-Origin-Cache
NEL
X-Vhost
Public-Key-Pins
X-Recruiting
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Exp-Id
X-Kinja-Server
X-Exp-Variant
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-GoogleNews-Bot
X-Cdn-Fetch
X-Geo-Segment
X-VARITI-CCR
X-F-Cache
X-DynaTrace
X-Version
X-Powered-By-Plesk
X-Mod-Pagespeed
X-T
X-Upstream-Env
X-Pinterest-Rid
Pinterest-Version
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-D2id
X-Mobile-Rewrite
PB-RID
Arc-Version
PB-PID
Verso
Content-MD5
X-Client-IP
AR-ATIME
AR-PoweredBy
X-Abt-Application-Version
AR-CACHE
RTSS
X-Dispatcher
X-N
SPRequestGuid
X-Cdn
X-SharePointHealthScore
X-Amz-Rid
X-Forwarded-Proto
X-GitHub-Request-Id
X-Hits
Nginx-Cache
X-Navigation-Version
X-Dw-Request-Base-Id
X-Ruxit-JS-Agent
X-B
Paypal-Debug-Id
Realpath
X-Upstream
X-Grace
X-Pad
X-Content-Digest
X-Shield-Request-Id
X-Varnish-Age
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Id
X-Content-Options
X-Ttl
Arr-Disable-Session-Affinity
X-Cache-Hit
MS-Author-Via
SPIisLatency
SPRequestDuration
X-Kinsta-Cache
X-NWS-LOG-UUID
TCN
Access-Control-Request-Method
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Storage-Class
X-Logged-In
X-Acc-Meta-Resource-Type
S
Mrf-Cache-Status
MRF-Tech
DynaTrace
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-Trace
X-XRDS-Location
X-Origin-Upstream-Status
X-Vcap-Request-Id
X-VCache
X-MSEdge-Ref
X-FastCGI-Cache
X-HW
X-DIS-Request-ID
X-Zen-Fury
Cleartype
Eomportal-Instance
Front-End-Https
X-Country-Code-Real
Surrogate-Key
X-FTR-Backend
X-FTR-DC
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-Expires
X-FTR-Balancer
X-FTR-Backend-Server
X-HS-Content-Id
X-Cache-Rule
X-HS-Hub-Id
X-Frontend
X-PressLabs-Stats
X-Fastly-Request-ID
Service-Worker-Allowed
X-Via-JSL
Cache-Status
X-IPLB-Instance
X-NF-Request-ID
X-User-Agent
Server-Name
X-Forwarded-For
Tracecode
X-Request-Received
X-Request-Processing-Time
X-SS-Set-Cookie
X-Hostname
X-Varnish-Backend
Fastcgi-Cache
X-Analytics
Host
Backend-Timing
X-Cache-2
Alternate-Protocol
AR-SID
FilterID
X-Wix-Server-Artifact-Id
X-Middleton-Display
Display
X-Sol
X-AOL-HN
Rt-Fastcgi-Cache
Viewport
TP-Cache
X-Whom
TP-L2-Cache
Public-Key-Pins-Report-Only
X-FTR-Cache-Host
X-Oneagent-Js-Injection
X-Revision
Response
X-Middleton-Response
X-Rid
X-Proxied
X-Content-Powered-By
X-Activity-Id
X-AppVersion
X-Az
X-Srv
ServerID
X-Debug-Info
X-Debug
X-Ser
AMP-Access-Control-Allow-Source-Origin
X-Cache-Control
X-Contextid
X-Magnolia-Registration
X-Cached-By
X-Fastcgi-Cache
X-Daa-Tunnel
X-Akam-SW-Version
X-Mobile
MicrosoftSharePointTeamServices
X-Cache-Server
Refresh
X-B3-Traceid
HitInfo
Server-Info
X-Webkit-Csp
X-WPE-Loopback-Upstream-Addr
HitType
X-Instance
X-Page-Id
Accept-Charset
X-FB-Debug
Cache-Tag
X-Framework
X-Generated-By
X-Cache-Key
X-App-Server
X-XRDS-LOCATION
X-PHP-Backend
X-Geo-Country
X-LB-Cache
X-Content-Security-Policy-Report-Only
Retry-After
X-Cache-Age
X-Varnish-Hostname
X-URL
X-Varnish-Grace
X-Cache-Operation
Powered-By-ChinaCache
X-App-Environment
X-Request-Guid
X-BCube-Filmed-By
X-Signature
X-TT
Host-Header
X-RateLimit-Remaining
X-B-Cache
X-Handled-By
Source
X-Tumblr-Pixel-0
X-Tumblr-Pixel
Server-Node
X-Origin-Server
X-Tumblr-User
X-Device-Type
Upgrade-Insecure-Requests
X-Accel-Expires
X-Newrelic-App-Data
Ar-Sid
X-Hyper-Cache
X-Platform-Server
DC
X-WA-Info
X-NewRelic-App-Data
X-Akamai-Edgescape
X-APP-VERSION
X-CACHE-GROUP
X-TT-TIMESTAMP
X-GUploader-UploadID
Liferay-Portal
X-Amzn-Trace-Id
X-Amz-Meta-S3cmd-Attrs
X-Drupal-Cache-Tags
X-Cache-Action
X-ATG-Version
AR-Request-ID
X-Varnish-Server
Fastly-Restarts
Webserver
X-B3-Sampled
X-Cluster
X-Port
X-Edge-Location
X-Node-Name
NGB
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
X-Accel-Buffering
X-S
X-Cacheable-TTL
X-Ruxit-Js-Agent
X-Wix-Request-Id
X-Correlation-Id
X-WebKit-CSP-Report-Only
X-Wix-Petri-Ex
X-Seen-By
X-Locale
X-GeoIP
Filters
Actual-Object-TTL
X-Jobs
X-Source
ServedBy
X-FW-Type
X-FW-Static
X-FW-Server
X-FW-Hash
X-RequestSource
X-Tumblr-Pixel-1
Accept-CH
X-Varnish-Hits
X-Tumblr-Pixel-2
AsisCache
X-FW-Serve
X-Amz-Replication-Status
MS-CV
X-Region
X-Correlation-ID
GEO-INFO
X-RTag
S-Cnection
X-Distil-CS
HostName
X-UA
X-Cache-TTL-Remaining
Cache
X-Webkit-CSP
Served-By
X-Edge-Cache-Key
X-UA-Device-Type
X-Cache-Config
X-Edge-Cache
Country
X-TA-CDN-Provider
Content-Style-Type
X-Vg-Webcache
Content-Script-Type
X-Guploader-Uploadid
X-Adobe-Content
X-Cache-Remote
X-Adobe-Loc
X-Dynatrace-Js-Agent
X-Sucuri-ID
X-Ocache
Datacenter
Ohc-File-Size
X-Drupal-Cache-Contexts
X-PC-Key
X-PC-AppVer
X-HOST
X-PC-Hit
X-Microcachable
X-Esi
X-GZip
X-Varnish-IP
X-PC-Date
X-PC-Host
X-Internal-Host
X-RateLimit-Limit
X-UUID
X-Status
X-Akamai-Transformed
X-DataStream-Cache-Status
X-Amz-Server-Side-Encryption
X-Ezoic-Cdn
X-Unique-ID
X-TX-ID
IBM-Web2-Location
X-Servedby
Healthy
X-Vgn-Hpd-Reason
X-ProxyCache-Key
X-Detected-As
X-Rendered-As
X-JoinUs
X-RN-RSRV
X-Cache-Category-Id
X-Is-Bot
X-BYPASS-REASON
X-Web-Node
X-App-Name
X-Real-IP
X-IP
X-Generated
Meta-Geo
Load-Balancing
Machine
X-ProxyCache-Status
X-Grey
Access-Control-Allow-Method
X-Akamai-Request-ID
X-Agile-Id
X-Agile-Age
User-Cache-Control
X-Agile
X-Yottaa-Optimizations
X-ServerID
Mn-Server-Ip
X-Backend-Name
X-Xfnlog-Site
Selected-FE
X-CCM
X-Time
X-Mode
X-Yottaa-Metrics
X-Loop
X-Origin
X-Debug-Cache
X-Instance-Name
X-Proxy-Build
X-OVcl
X-OVcl-Cache
X-TNCMS
PageSpeed
X-Timing-Wait
X-CDN-Forward
S-Rt
X-Varnish-Cache-Hits
ServerName
X-FC-Vary-Parameters
X-Upgrade-Enabled
Payment
Now
X-Content-Type
X-Hosted-By
Pagespeed
X-Human
X-PCL
X-Tb
X-NodeID
Backend
X-BB-IP
X-Proxy
X-OCL
X-Varnish-Cacheable
Cache-Name
L5d-Success-Class
X-Time-Microsecs
DB-Nickname
X-Viewer-Country
X-Original-Request
X-Site-Version
Cache-Key
X-Path-Route
User-Agent
X-ProcessESI
X-ApacheServer
X-Via-Fastly
X-PERF
X-CDN-Cache
X-Distributor
X-NGENIX-Cache
X-EIG-Tracking-Id
X-RemovedCookies
X-NCache
Azure-Version
Xserver
Azure-InstanceId
Azure-RegionName
Azure-SlotName
Azure-SiteName
TWC-Connection-Speed
X-Access
X-Rocket-Nginx-Bypass
Property-Id
TWC-Device-Class
TWC-GeoIP-LatLong
Webcakes-Region
Webcakes-App-Version
TWC-Privacy
TWC-Locale-Group
X-Zipkin-Id
TWC-GeoIP-Country
X-VWS-Id
X-Routing-Service
X-Origin-Hint
Dont-Set-Cookie
X-LJ-Flow-ID
X-SplitTest
X-Section
X-Www-Served-By
X-AWS-Id
Webcakes-App-Name
X-TWH-CORRELATION-ID
X-Format
X-Pubstack
X-Origin-CC
X-Amz-Meta-Surrogate-Control
Access-Control-Request-Headers
X-Cache-Ttl
SRV
LB
X-Storage
X-Environment-Context
X-L-Path
X-Cache-Backend
WZWS-RAY
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Sucuri-Cache
Edge-Cache-Tag
Countrycode
X-Transaction
X-HS-Cache-Config
X-Twitter-Response-Tags
Cteonnt-Length
X-Connection-Hash
X-Webstats-RespID
Ms-Operation-Id
X-Proto
X-Generation-Time
X-Cache-HT
X-Optimization
X-Labrador-Cache-Channel
X-Amzn-RequestId
X-Amz-Apigw-Id
X-B3-Spanid
X-MP-GENERATED-AT
X-Ah-Environment
X-Nc
X-SERVER-NAME
X-ServedBy
X-M-Log
X-Qnm-Cache
X-M-Reqid
Cache-Hits
Apicache-Version
X-Hit
Apicache-Store
X-CLOUD-TRACE-CONTEXT
X-Meta-Tbi-Cache-Vertical
X-Newrelic-Synthetics
X-Real-Ip
X-Birta-Cache-Post
X-Birta-Served
X-Cache-NE
X-Tumblr-Pixel-3
Fastly-SSL
NnCoection
From-Origin
X-Varnish-Beresp-Grace
X-Release
X-V
NODE
X-Cache-Enabled
X-Dc
X-Varnish-Beresp-Status
Ec-Rule-Version
Ws
X-Upstream-CT
X-Upstream-HT
X-EdgeConnect-Cache-Status
X-SERVER
X-A
X-SVT-ORM-VERSION
Country-Code
Fly-Cache
Warning
Web-Mar-Node
Www
X-A-Dam
X-Via-Edge
X-Via-CDN
X-Trv-Group
X-VG-WebServer
X-UE-Client-Country
Fly-Request-Id
X-A-Ccd
X-TT-LOGID
Cneonction
X-Thinkindot-L3
X-We-Are-Hiring
X-Worker
Request-Country
Rendered-Blocks
Request-EU
Resin-Trace
Server-Host
MI-Cache-Age
Host-ID
Kp-EeAlive
MD5-Digest
Meta-Geo-Continent
MI-Cache
Server-ID
SN
Xc-Version
X-A-Dcw
Httpd-Identifier
VivaBuild
X-Wix-Route-ID
GMS-Ver
V-Age
T-Server
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
X-WebServer
X-Sorting-Hat-ShopId
X-Rewrite-Enabled
X-G
Cache-Prefix
X-Response-By
X-Region-Sid
X-From
X-Rojux
X-Rule
X-Dispatcher-Server
X-DPWN-IS-SECURE
X-Env
X-Fetched-On
X-Gen-Mode
X-RCS-CacheZone
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Org
X-PAYTM-SRV-ID
X-Origin-Expires
X-NU-AKA-ACS-Version
X-MI-In-Market
X-Hl-Ver
X-Generated-In
X-Planisys-CDN-TTL
X-Hnp-Log
X-Matched-Rule
X-Died
X-Developer
X-ShardId
X-Accel-Expires-Debug
X-Server-Time
X-Alternate-Cache-Key
X-Application
X-ShopId
X-Shopify-Stage
X-A-Wwc
X-A-Dgt
X-SRCache-Key
X-Origin-Date
X-Sorting-Hat-PodId
X-ARC
X-B-Cookie
X-Date
X-D
X-Destination
X-S-Maxage
X-S-Cookie
X-ScT
X-Server-By
X-Block-Status
X-BB-ID
X-Cache-URL
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-SVT-ORM-RULES
Viewtype
X-C
BehaviorPad-Version
X-Geo
XServer
X-Varnish-Beresp-Ttl
X-Alicdn-Da-Ups-Status
ProcessTime
X-Cache-Bucket
Platform
Release
X-Cache-CFC
Pragrma
Proxy-Connection
PFcat
Origin-Cache-Control
MI-API
Ajk
X-IN-SSL-APIGATEWAY
X-Cache-Host
NGX
X-IN-WAF
Odigeo-Trace-Id
Origin-Edge-Control
X-SIPLIST1
Uber-Trace-Id
True-Client-Country-4JS
X-Backend-State
X-Backend-Host
X-Request-URI
X-Amz-Meta-Cache-Control
X-Origin-TTL
X-Redis-Cache
X-Backend-Url
X-Node-Id
RNT-Machine
X-IN-APIGATEWAY
X-No-Session
RNT-Time
X-Sf
Server-Int
X-Server-IP
X-ServiceProvider
X-Logtrace-Id
Adler-Geo
X-VServer
X-Device-Os
X-Fstrz
Apple-News-Services-Handled
Apple-News-Services-Request-Url
X-CS
X-GeoIP-Country-Code
Fastly-Backend-Name
X-Edge-Server
Cdn-Host
CDCHOST
Cdn-Request-Time
Decoy-Debug-Key
Decoy-Debug-TTL
Decoy-Debug-Status
X-Crawler
X-GeoIP-City
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Clientip
Is-Eu
IsBot
X-Content-Age
X-Hash
X-ElasticPress-Search
NtCoent-Length
X-Eu-Site
X-Croise-Owner
X-NX-Host
X-Cache-Control-Set-By
X-FireWall-Port
X-Epic-Correlation-Id
X-Core-Value
X-Cache-Srv
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-Passed-To
X-F5-Cache
X-P-T
X-Actual-URL
X-Forwarded-Host
X-Cdn-Origin
X-Debug-Log
X-App-Version
X-Cache-FS-Status
X-Cache-Expires
X-CGP
X-Developers
X-Edge-IP
X-HCF
X-Backend-TTL
X-Cdn-Srv
X-Cache-ASPX
X-Core-Mission
X-Debug-Cookies
X-Ckpd-Fst-Backend
X-Returned-From-DLL
HA-Ipaddr
HA-Servedtime
HA-Host
Ha-Gx-Prefs
HA-Geolon
HA-Georegion
HA-Urlpath
Heartbleed
X-Wikidot-Static-Cache
X-UnsetCookies
X-Passed-To-PostProcessResponse
X-Up
HTTPS
HA-Geolat
HA-Geocountry
Fastly-SIE
Fastly-Soc-X-Request-Id
Esi-Enabled
X-Wikidot-Backend
Content-Disposition
Fastly-SWR
Backend-Name
HA-Cloudapp
HA-Geocity
X-Varnish-HitMiss
X-Ver
X-VG-TLSProxy
X-Trace-Id
AKAMAI
Cache-Tags
X-Reboot
X-Returned-From
X-Returned-From-BeforeDispatch
X-Returned-From-PostProcessResponse
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Phone
X-Platform
Who
Time
X-Server-Group
X-Fastly-Cache
X-Sn-Servicetimems
Powered-By
Request-Time
Origin
On-Server
X-Swa-Ws
X-Via-SSL
X-HS-Combine-CSS
X-Atg-Version
X-From-Cache
X-Info
X-Stale
X-Refresh
X-GoCache-CacheStatus
X-Nginx-Cache
X-Var-Ttl
X-Location
X-Skip-Cache
RequestId
X-Ms-Version
X-Ms-Blob-Type
X-Ms-Lease-Status
X-Ms-Request-Id
Dnion-Transfer-Encoding
Is-Session-Tracking
X-Powered-By-ANYU
WWW-Authenticate
Cartoon
Ohc-Response-Time
X-BBXSRF
X-Kong-Upstream-Latency
Frame-Options
X-Kong-Proxy-Latency
Get-Access-Time
X-Req
X-Cache-Time
X-Pjax-Url
X-MSEdge-Features
X-Key
X-MSEdge-Flight
X-Servername
X-Owner
X-Micro-Cache
X-Response-Served-From
Mime-Version
X-Cdn-Forward
X-B3-TraceId
Cdn
NodeID
X-CUA
X-Pf-Uncompressing
X-Csrf-Token
X-WR-MODIFICATION
X-Cache-TTL
X-GRACE
X-User
X-NC
Mail-Subject
X-Request-Time
We-Hiring
X-Litespeed-Cache
WP-Super-Cache
X-CCM-LastModified
Dynatrace
X-COUNTRY
X-Varnish-Url
CF-IPCountry
X-Page-Type
X-NWS-UUID-VERIFY
X-External-Request-Id
MIME-Version
PICS-Label
Section-Io-Cache
X-CSRF-Token
X-TIME
X-LiteSpeed-Cache-Control
UCS
GW-Server
X-Ua
PageType
X-Aicache-OS
X-DC
GeoIp-Country-Code
Geoip-Latitude
X-Pc-Appver
X-Pc-Hit
Geoip-City
X-GDPR
Magicmarker
X-Pc-Key
X-Cache-Handler
X-Varnish-Action
FastCGI-Cache
X-Servedbyhost
Version
X-Varnish-Beresp-TTL
X-Pc-Host
X-Pc-Date
X-Dynatrace
X-Request-UUID
X-Cache-Id
Rt-Proxy-Cache
X-Varnish-Id
Accept-CH-Lifetime
X-Nananana
X-Variation
CACHE
X-Fastly-Backend-Reqs
X-Bip
X-GEO
Memcached
X-Thanos
Memory
X-TId
X-Nf-Srv-Version
X-Server-W
CDN
X-Ibm-Trace
X-ServedByHost
Processtime
X-Irp-Debug
Pagetype
Sid
X-CACHE-KEY
Arc-Country
COMMERCE-SERVER-SOFTWARE
If-Modified-Since
X-Via-NSCOPI
X-StackifyID
X-Load-Cache
GeoIP-Country-Code
X-Shard
X-Wa
Node
X-Gdpr
GeoIP-City
X-BE
GeoIP-Latitude
X-HTML-Minification-Powered-By
X-Be
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Sentry-ID
Sta2Tusw
X-FW-Version
X-Layer
X-UPSTREAM-Address
X-Cluster-Node
X-Auto-Login
X-Ig-Deployment-Stage
X-RateLimit-Limit-Second
Pics-Label
X-Nginx-Cache-Key
X-Frame-Option
DataCenter
X-Proxy-Server
RATING
URI
X-Varnish-Ttl
X-Tid
X-RateLimit-Remaining-Second
X-Hail-Hydra
X-FORWARDED-FOR
X-Varnish-URL
X-PAGE-TYPE
X-Datadome
Cf-Ipcountry
X-NGINX-Cache
Srv
X-Fastly-Cache-Hits
X-SRV
X-Secret
X-EC-Security-Audit
X-Gannett-Site-Version
X-Akamai-Request-ID2
X-Ratelimit-Remaining
X-Gen-Id
X-PF-Uncompressing
Lb
X-ID
Pramga
X-Bug-Bounty
Cache-Provider
X-PJAX-URL
X-Ratelimit-Limit
X-GZIP
X-CacheKey
X-Dw-Trace-Id
V-Cache
X-Litespeed-Cache-Control
X-Cache-Var
X-Cache-Var-Map
X-Feature
Mobile-Detection-Method
SD-X-WS
X-Endurance-Cache-Level
X-Haproxy-Hostname
X-Haproxy-Ip
X-APP
X-B3-SpanId
X-Public
Group
X-Surge-Debug
X-Unique-Id
Hostname
X-ADI-VCache
X-Shield-Cache-Expires
Serverid
Xet-Cookie
X-Cache-Debug
Cache-Cookie-Set-Lfrom
X-WA
Cache-Cookie-Set-From
X-CDN-Pop-IP
OT-Force-Account-Verify
X-CDN-Pop
X-VCT
Cache-Cookie-Set-Idcheck
X-Store
X-Distil-Cs
X-Akamai-ERPolicy
X-Fe
X-RAMCache
X-ND-Cache
X-Akamai-ERRuleID
X-VG-WebCache
X-SD-PageType
X-Sorting-Hat-PrivacyLevel
X-SF
X-Check-Cacheable
X-Sorting-Hat-PodId-Cached
X-Varnish-ID
Requestid
X-Request-Start
X-Ms-Lease-State
X-Sorting-Hat-FeatureSet
X-Cookie
X-Sorting-Hat-ShopId-Cached
X-Grace-Duration
X-ServerName
X-RequestId
X-Sorting-Hat-Section