Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Accept-Ranges
Last-Modified
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Xss-Protection
X-AspNetMvc-Version
Status
Timing-Allow-Origin
X-Check
X-Cache-Status
X-Adblock-Key
X-Iinfo
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-Content-Security-Policy
Content-Encoding
X-CDN
X-Template
X-Language
X-Turbo-Charged-By
X-Request-ID
Keep-Alive
X-Type
X-Buckets
EagleId
Xkey
X-Via
X-Backend
X-AH-Environment
WPE-Backend
X-Age
X-Pass-Why
Access-Control-Max-Age
X-Server
X-Swift-CacheTime
X-Swift-SaveTime
X-Cache-Group
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-Pingback
Upgrade
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
Grace
X-Hacker
P3p
X-UA-Device
Cf-Railgun
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Ua-Compatible
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
Request-Context
X-CST
X-Node
X-Cache-Lookup
X-Device
X-Ac
Content-Location
X-Host
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cnection
X-Amz-Version-Id
Surrogate-Control
X-WebKit-CSP
X-Backend-Server
X-Rack-Cache
X-Server-Id
X-Response-Time
X-Rq
X-Px
X-Readtime
X-Application-Context
Pinterest-Generated-By
X-Dns-Prefetch-Control
Allow
X-Instart-Request-ID
EagleEye-TraceId
X-Cloud-Trace-Context
X-OneAgent-JS-Injection
X-Clacks-Overhead
X-Url
Server-Timing
Request-Id
Permitted-Cross-Domain-Policies
X-Do-Not-Hack
X-HeyJason
X-Country
Report-To
Rating
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country-Code
X-TTL
X-Varnish-TTL
Charset
Edge-Control
X-ESI
X-Powered-CMS
X-Vname
X-PC
X-TtlSet
X-FTR-Request-ID
X-Server-Name
X-CF-Powered-By
X-DataDome
Feature-Policy
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-MS-InvokeApp
X-Goog-Hash
X-Cached
X-Origin-Cache
X-DynaTrace-JS-Agent
NEL
Public-Key-Pins
X-Recruiting
X-Vhost
X-DynaTrace
X-Kinja
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja-Revision
X-Geo-Segment
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-VARITI-CCR
X-Kinja-Server
X-F-Cache
X-Version
X-Mod-Pagespeed
X-Powered-By-Plesk
X-Server-ID
X-Pinterest-Rid
X-Upstream-Env
Pinterest-Version
X-T
X-SRCache-Fetch-Status
X-SRCache-Store-Status
AR-ATIME
AR-PoweredBy
PB-RID
PB-PID
Arc-Version
X-Mobile-Rewrite
X-D2id
AR-CACHE
Content-MD5
Verso
X-Client-IP
X-Abt-Application-Version
RTSS
X-N
X-Dispatcher
X-Cdn
SPRequestGuid
X-Amz-Rid
X-SharePointHealthScore
X-GitHub-Request-Id
X-Forwarded-Proto
X-Hits
Nginx-Cache
X-Navigation-Version
X-Dw-Request-Base-Id
X-Ruxit-JS-Agent
X-B
Paypal-Debug-Id
Realpath
X-Upstream
X-Grace
X-Pad
X-Content-Digest
X-Varnish-Age
X-Shield-Request-Id
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Id
Arr-Disable-Session-Affinity
X-Ttl
X-Content-Options
MS-Author-Via
X-Cache-Hit
TCN
X-Kinsta-Cache
Access-Control-Request-Method
X-NWS-LOG-UUID
SPIisLatency
X-Goog-Metageneration
X-Goog-Generation
SPRequestDuration
X-Logged-In
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
S
DynaTrace
X-Acc-Meta-Resource-Type
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Mrf-Section-Lastmod
MRF-Tech
X-Trace
X-FastCGI-Cache
X-Origin-Upstream-Status
X-XRDS-Location
X-Vcap-Request-Id
X-VCache
X-MSEdge-Ref
X-DIS-Request-ID
X-HW
X-Zen-Fury
Cleartype
Eomportal-Instance
Surrogate-Key
X-FTR-Realm
X-FTR-DC
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Expires
X-Country-Code-Real
X-FTR-Backend
X-FTR-Cache-Status
X-Cache-Rule
Front-End-Https
X-Frontend
X-Fastly-Request-ID
X-HS-Hub-Id
X-HS-Content-Id
Service-Worker-Allowed
X-PressLabs-Stats
X-IPLB-Instance
Cache-Status
X-Via-JSL
X-NF-Request-ID
X-Oneagent-Js-Injection
X-User-Agent
Server-Name
X-Forwarded-For
X-SS-Set-Cookie
Tracecode
AR-SID
X-Request-Received
X-Request-Processing-Time
X-Hostname
X-Varnish-Backend
Fastcgi-Cache
X-Cache-2
Host
X-Analytics
Backend-Timing
Rt-Fastcgi-Cache
X-Wix-Server-Artifact-Id
FilterID
Alternate-Protocol
X-AOL-HN
Viewport
X-FTR-Cache-Host
Public-Key-Pins-Report-Only
X-Whom
TP-Cache
TP-L2-Cache
Display
X-Middleton-Display
X-Sol
X-Revision
X-Proxied
X-Rid
X-Content-Powered-By
X-Middleton-Response
Response
X-Srv
X-AppVersion
X-Activity-Id
X-Az
ServerID
X-Debug-Info
X-Debug
AMP-Access-Control-Allow-Source-Origin
X-Ser
X-Contextid
X-Cache-Control
X-Daa-Tunnel
X-Magnolia-Registration
X-Cached-By
X-Akam-SW-Version
X-Cache-Server
X-Mobile
X-WPE-Loopback-Upstream-Addr
Refresh
MicrosoftSharePointTeamServices
X-Webkit-Csp
Server-Info
HitType
HitInfo
Accept-Charset
X-Page-Id
X-B3-Traceid
X-Cache-Key
Cache-Tag
X-FB-Debug
X-Instance
X-XRDS-LOCATION
X-Varnish-Grace
X-Cache-Age
X-Framework
X-URL
X-PHP-Backend
X-LB-Cache
X-Fastcgi-Cache
X-Generated-By
X-Varnish-Hostname
X-Geo-Country
X-Content-Security-Policy-Report-Only
X-App-Server
Retry-After
X-RateLimit-Remaining
X-App-Environment
X-TT
X-B-Cache
X-Request-Guid
Host-Header
X-BCube-Filmed-By
X-Signature
X-Cache-Operation
X-Origin-Server
Upgrade-Insecure-Requests
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
Server-Node
Source
X-Handled-By
X-Device-Type
X-Accel-Expires
Ar-Sid
X-Newrelic-App-Data
Powered-By-ChinaCache
X-Hyper-Cache
X-Platform-Server
X-NewRelic-App-Data
DC
X-Akamai-Edgescape
X-Amz-Meta-S3cmd-Attrs
X-WA-Info
AR-Request-ID
Liferay-Portal
X-CACHE-GROUP
X-APP-VERSION
X-TT-TIMESTAMP
X-GUploader-UploadID
X-Amzn-Trace-Id
X-Cache-Action
X-Drupal-Cache-Tags
X-ATG-Version
Fastly-Restarts
X-Correlation-Id
X-B3-Sampled
X-Cluster
Webserver
Accept-CH
X-Node-Name
X-Port
X-Varnish-Server
X-Edge-Location
X-Accel-Buffering
NGB
X-Cacheable-TTL
X-S
X-Seen-By
X-Wix-Request-Id
Filters
X-WebKit-CSP-Report-Only
X-GeoIP
X-Locale
ServedBy
Actual-Object-TTL
X-Jobs
X-Source
AsisCache
X-FW-Server
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Varnish-Hits
X-FW-Type
X-RequestSource
X-FW-Hash
X-FW-Static
X-FW-Serve
X-Ruxit-Js-Agent
X-Amz-Replication-Status
X-Wix-Petri-Ex
X-Region
GEO-INFO
X-UA
X-RTag
X-Distil-CS
MS-CV
X-Cache-TTL-Remaining
S-Cnection
X-UA-Device-Type
Cache
X-Webkit-CSP
X-Edge-Cache
X-Edge-Cache-Key
Served-By
X-Cache-Config
X-Correlation-ID
X-Adobe-Content
Content-Script-Type
X-Adobe-Loc
Content-Style-Type
X-Guploader-Uploadid
Country
X-Vg-Webcache
X-Dynatrace-Js-Agent
X-Cache-Remote
X-TA-CDN-Provider
X-Oracle-Dms-Ecid
HostName
X-Oracle-Dms-Rid
Datacenter
X-Ocache
X-Sucuri-ID
X-Drupal-Cache-Contexts
X-Unique-ID
X-Servedby
X-Esi
X-Status
X-Varnish-IP
X-Microcachable
X-GZip
Ohc-File-Size
X-RateLimit-Limit
PageSpeed
X-Amz-Server-Side-Encryption
X-DataStream-Cache-Status
X-Internal-Host
X-UUID
X-Ezoic-Cdn
X-Akamai-Transformed
X-TX-ID
Healthy
X-PC-AppVer
X-PC-Key
X-PC-Hit
IBM-Web2-Location
X-Rendered-As
X-ProxyCache-Status
X-ProxyCache-Key
X-Agile-Age
Meta-Geo
User-Cache-Control
Machine
Load-Balancing
Access-Control-Allow-Method
X-Agile
X-Agile-Id
X-BYPASS-REASON
X-Mode
X-App-Name
X-Akamai-Request-ID
X-Cache-Category-Id
X-RN-RSRV
X-PC-Date
X-Vgn-Hpd-Reason
X-Generated
X-PC-Host
X-IP
X-JoinUs
X-Is-Bot
X-Detected-As
X-Grey
X-ServerID
Selected-FE
X-Web-Node
X-Timing-Wait
X-Origin
X-OVcl
X-Backend-Name
Mn-Server-Ip
X-Debug-Cache
X-OVcl-Cache
X-Real-IP
X-Instance-Name
X-Xfnlog-Site
X-CDN-Forward
X-Proxy-Build
X-CCM
X-TNCMS
X-Loop
X-NGENIX-Cache
ServerName
S-Rt
X-Viewer-Country
Cache-Name
Backend
User-Agent
DB-Nickname
L5d-Success-Class
Now
X-Time-Microsecs
X-Content-Type
Payment
X-Human
X-NodeID
X-Upgrade-Enabled
X-Varnish-Cache-Hits
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-PCL
X-OCL
X-BB-IP
X-FC-Vary-Parameters
X-Hosted-By
X-Tb
X-Varnish-Cacheable
X-Distributor
Azure-Version
Cache-Key
Azure-SlotName
Azure-RegionName
X-RemovedCookies
X-ApacheServer
Azure-SiteName
X-Via-Fastly
X-PERF
X-CDN-Cache
X-NCache
X-Site-Version
X-Rocket-Nginx-Bypass
X-ProcessESI
X-Original-Request
X-EIG-Tracking-Id
Azure-InstanceId
X-Proxy
Xserver
TWC-GeoIP-LatLong
X-AWS-Id
TWC-Connection-Speed
X-Zipkin-Id
X-Access
Webcakes-Region
TWC-Privacy
Property-Id
Webcakes-App-Name
Webcakes-App-Version
TWC-GeoIP-Country
X-LJ-Flow-ID
X-SplitTest
X-TWH-CORRELATION-ID
X-VWS-Id
X-Www-Served-By
X-Section
X-Routing-Service
TWC-Device-Class
X-Origin-Hint
Dont-Set-Cookie
TWC-Locale-Group
X-Format
X-Origin-CC
Access-Control-Request-Headers
X-Amz-Meta-Surrogate-Control
X-Pubstack
X-Path-Route
SRV
X-Storage
X-Environment-Context
X-L-Path
X-Cache-Backend
X-Time
Pagespeed
LB
Ms-Operation-Id
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
WZWS-RAY
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Request-Id
X-Connection-Hash
X-Transaction
X-Cache-Ttl
X-Twitter-Response-Tags
Cteonnt-Length
Edge-Cache-Tag
X-HS-Cache-Config
Countrycode
X-Sucuri-Cache
X-Webstats-RespID
X-Proto
X-Cache-HT
X-Generation-Time
X-Optimization
X-Labrador-Cache-Channel
X-B3-Spanid
X-SERVER-NAME
X-Ah-Environment
X-Amz-Apigw-Id
X-M-Reqid
X-Qnm-Cache
X-Amzn-RequestId
X-M-Log
X-Hit
X-MP-GENERATED-AT
Apicache-Version
X-Real-Ip
Apicache-Store
X-Birta-Cache-Post
Cache-Hits
X-Meta-Tbi-Cache-Vertical
X-Birta-Served
X-ServedBy
X-Tumblr-Pixel-3
X-Cache-NE
X-Newrelic-Synthetics
X-Varnish-Beresp-Status
X-V
X-Varnish-Beresp-Grace
X-Release
NnCoection
Fastly-SSL
NODE
From-Origin
X-Cache-Enabled
X-Nc
X-Dc
X-EdgeConnect-Cache-Status
X-SERVER
X-Rule
X-C
X-Upstream-HT
X-Upstream-CT
Ec-Rule-Version
Ws
Www
X-A
X-UE-Client-Country
X-TT-LOGID
Web-Mar-Node
Viewtype
V-Age
X-Trv-Group
VivaBuild
Warning
X-Sorting-Hat-ShopId
X-A-Ccd
X-A-Dgt
X-A-Dcw
X-ShardId
X-Sf
X-Accel-Expires-Debug
X-Via-CDN
X-ShopId
Thinkindot-Control
X-Shopify-Stage
X-A-Dam
X-VG-WebServer
X-Sorting-Hat-PodId
Thinkindot-CacheControl-Type
MD5-Digest
Kp-EeAlive
Meta-Geo-Continent
MI-Cache
MI-Cache-Age
Httpd-Identifier
Host-ID
Country-Code
Fly-Cache
Fly-Request-Id
GMS-Ver
Rendered-Blocks
Request-Country
T-Server
Thinkindot-CacheControl
X-Thinkindot-L3
X-SRCache-Key
SN
Server-ID
Request-EU
X-SVT-ORM-VERSION
Resin-Trace
Server-Host
X-Server-Time
X-ScT
X-Dispatcher-Server
X-Died
X-Origin-Expires
X-SVT-ORM-RULES
X-DPWN-IS-SECURE
X-Developer
X-Destination
X-WebServer
X-D
X-Wix-Route-ID
X-Date
X-Origin-Date
X-Org
X-Gen-Mode
X-Matched-Rule
X-Generated-In
X-Hl-Ver
Cneonction
X-MI-In-Market
X-G
X-Env
X-Fetched-On
X-NU-AKA-ACS-Version
X-From
X-Worker
X-CF-Lambda-Version
X-We-Are-Hiring
X-Rewrite-Enabled
X-Response-By
X-Region-Sid
X-RCS-CacheZone
X-Rojux
X-S-Cookie
X-Hnp-Log
X-Alternate-Cache-Key
X-Via-Edge
X-S-Maxage
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Cache-URL
X-CF-Lambda-Fn
X-PAYTM-SRV-ID
Xc-Version
X-Block-Status
X-BB-ID
X-Application
X-ARC
X-Planisys-CDN-Cache
X-B-Cookie
X-Server-By
X-A-Wwc
BehaviorPad-Version
XServer
Cache-Prefix
X-Varnish-Beresp-Ttl
ProcessTime
X-Cache-Host
Release
Ajk
X-IN-APIGATEWAY
RNT-Time
RNT-Machine
NGX
Adler-Geo
Pragrma
Origin-Cache-Control
Odigeo-Trace-Id
X-Alicdn-Da-Ups-Status
Origin-Edge-Control
PFcat
X-Cache-CFC
Platform
X-Hash
Proxy-Connection
X-SIPLIST1
X-Backend-Url
X-Redis-Cache
X-Request-URI
X-Backend-State
X-Backend-Host
X-Amz-Meta-Cache-Control
X-Origin-TTL
X-Node-Id
X-No-Session
CDCHOST
NtCoent-Length
Apple-News-Services-Handled
Server-Int
X-Server-IP
X-IN-SSL-APIGATEWAY
X-Logtrace-Id
X-IN-WAF
Uber-Trace-Id
X-Cache-Bucket
X-GeoIP-Country-Code
Cdn-Request-Time
Decoy-Debug-Key
Cdn-Host
X-Fstrz
X-Crawler
Apple-News-Services-Host
Decoy-Debug-Status
Decoy-Debug-TTL
X-ServiceProvider
X-Via-SSL
X-Edge-Server
X-Device-Os
True-Client-Country-4JS
Fastly-Backend-Name
X-Content-Age
X-CS
Apple-News-Services-Request-Url
IsBot
X-VServer
Apple-News-Services-Parsed-Url
MI-API
X-GeoIP-City
Is-Eu
X-Clientip
X-ElasticPress-Search
X-Core-Mission
X-Core-Value
X-Developers
X-Backend-TTL
X-Cdn-Origin
X-F5-Cache
X-Passed-To
X-Cache-Expires
X-Eu-Site
X-NX-Host
X-Cdn-Srv
X-Fastly-Cache
X-Debug-Cookies
X-Debug-Log
X-Forwarded-Host
X-App-Version
X-CGP
X-Cache-ASPX
X-Ckpd-Fst-Backend
X-Cache-Control-Set-By
X-FireWall-Port
X-Cache-Srv
X-Cache-FS-Status
X-HCF
X-Croise-Owner
X-Server-Group
HA-Servedtime
HA-Urlpath
HA-Ipaddr
HA-Host
Ha-Gx-Prefs
Heartbleed
X-Wikidot-Backend
Origin
X-Ver
X-VG-TLSProxy
Backend-Name
HTTPS
HA-Georegion
HA-Geolon
Fastly-SIE
Fastly-SWR
Esi-Enabled
Content-Disposition
Cache-Tags
On-Server
X-Wikidot-Static-Cache
HA-Geolat
HA-Geocountry
HA-Geocity
HA-Cloudapp
Powered-By
X-Varnish-HitMiss
Who
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Reboot
X-Returned-From
X-Platform
X-Phone
X-Actual-URL
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
Time
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-UnsetCookies
X-Up
Request-Time
AKAMAI
X-Trace-Id
X-Swa-Ws
X-Returned-From-PostProcessResponse
X-Geo
X-Epic-Correlation-Id
X-Passed-To-BeforeDispatch
X-Sn-Servicetimems
X-Atg-Version
X-HS-Combine-CSS
X-Nginx-Cache
X-Kong-Proxy-Latency
Frame-Options
X-Kong-Upstream-Latency
Get-Access-Time
X-Skip-Cache
Is-Session-Tracking
X-Location
X-P-T
WWW-Authenticate
X-Refresh
X-NC
RequestId
X-Var-Ttl
X-Stale
Fastly-Soc-X-Request-Id
X-Response-Served-From
X-GoCache-CacheStatus
X-Powered-By-ANYU
X-From-Cache
X-Edge-IP
Dnion-Transfer-Encoding
X-Key
X-Ms-Blob-Type
X-Owner
X-Ms-Lease-Status
X-Ms-Version
X-Ms-Request-Id
X-Info
X-Req
X-Servername
Ohc-Response-Time
X-Cache-TTL
X-MSEdge-Features
X-BBXSRF
X-MSEdge-Flight
X-Micro-Cache
X-Pjax-Url
X-CUA
NodeID
X-Cdn-Forward
X-B3-TraceId
Mail-Subject
X-Pf-Uncompressing
We-Hiring
X-Csrf-Token
MIME-Version
X-Cache-Time
X-GRACE
X-TIME
X-WR-MODIFICATION
X-Request-Time
X-NWS-UUID-VERIFY
Dynatrace
X-Litespeed-Cache
WP-Super-Cache
Section-Io-Cache
CF-IPCountry
Cdn
X-External-Request-Id
X-Page-Type
X-Varnish-Url
X-CSRF-Token
X-COUNTRY
X-User
Mime-Version
Accept-CH-Lifetime
X-Pc-Appver
X-Pc-Key
PICS-Label
X-CCM-LastModified
X-Pc-Hit
Cartoon
X-LiteSpeed-Cache-Control
X-Aicache-OS
X-Varnish-Action
Magicmarker
PageType
X-Ua
X-Servedbyhost
X-Pc-Host
X-Pc-Date
X-DC
Geoip-Latitude
GW-Server
X-Cache-Handler
GeoIp-Country-Code
UCS
Geoip-City
FastCGI-Cache
X-Varnish-Beresp-TTL
X-Request-UUID
CDN
X-GEO
Version
X-Variation
X-GDPR
X-HOST
X-Dynatrace
X-Fastly-Backend-Reqs
X-Irp-Debug
X-Ibm-Trace
Rt-Proxy-Cache
X-Cache-Id
X-Varnish-Id
CACHE
X-Nananana
Processtime
X-Server-W
Memcached
X-Gdpr
Sid
Arc-Country
X-TId
X-Thanos
X-Bip
Pagetype
COMMERCE-SERVER-SOFTWARE
X-Shard
X-HTML-Minification-Powered-By
Memory
X-CACHE-KEY
X-Load-Cache
X-StackifyID
Node
X-FW-Version
X-ServedByHost
X-Layer
If-Modified-Since
GeoIP-City
X-BE
X-CLOUD-TRACE-CONTEXT
X-Wa
GeoIP-Latitude
GeoIP-Country-Code
X-Via-NSCOPI
X-Nginx-Cache-Key
X-Ig-Deployment-Stage
X-Sentry-ID
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Be
X-Nf-Srv-Version
RATING
X-Proxy-Server
X-Auto-Login
X-Varnish-Ttl
X-UPSTREAM-Address
Sta2Tusw
Pics-Label
DataCenter
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Cluster-Node
Hostname
X-PAGE-TYPE
X-Frame-Option
URI
X-FORWARDED-FOR
X-Varnish-URL
X-Tid
X-Datadome
X-Gen-Id
Cf-Ipcountry
X-SRV
X-Fastly-Cache-Hits
X-NGINX-Cache
Srv
X-Gannett-Site-Version
X-Akamai-Request-ID2
Lb
X-Secret
X-Ratelimit-Remaining
X-Cache-Var-Map
X-Cache-Var
X-Hail-Hydra
X-ID
SD-X-WS
X-PF-Uncompressing
Cache-Provider
Mobile-Detection-Method
X-EC-Security-Audit
X-PJAX-URL
X-Ratelimit-Limit
X-GZIP
X-B3-SpanId
X-Litespeed-Cache-Control
X-Feature
X-APP
X-Dw-Trace-Id
X-VCT
X-Bug-Bounty
X-CacheKey
Pramga
X-WA
OT-Force-Account-Verify
X-Store
Serverid
Xet-Cookie
X-Endurance-Cache-Level
X-Distil-Cs
Group
X-Fe
X-Public
X-CDN-Pop
X-CDN-Pop-IP
X-Surge-Debug
X-Haproxy-Ip
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Haproxy-Hostname
X-RAMCache
V-Cache
Fastcgi-X-Cache
Fastcgi-Useragent
Fastcgi-X-Cache-Version
X-Policy
Powered
X-SD-PageType
X-Check-Cacheable
X-VC
X-SB
X-ND-Cache
X-Cache-Debug
X-Shield-Cache-Expires
X-ADI-VCache
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
X-Cookie
X-Unique-Id
Requestid
X-Request-Start
X-Varnish-ID
X-ServerName
X-VG-WebCache
X-Grace-Duration