Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
X-Request-Id
Access-Control-Allow-Methods
X-Xss-Protection
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
X-Request-ID
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-AspNetMvc-Version
Status
X-Cache-Status
X-Adblock-Key
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-Template
Content-Encoding
X-Language
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
Keep-Alive
X-Buckets
Xkey
X-AH-Environment
X-Backend
X-Cache-Group
Access-Control-Max-Age
WPE-Backend
X-Pass-Why
X-Age
CF-Ray
X-POWERED-BY
X-Server
Upgrade
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Pingback
X-Drupal-Dynamic-Cache
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Grace
X-Hacker
X-Amz-Id-2
X-Amz-Request-Id
X-UA-Device
Ali-Swift-Global-Savetime
X-Robots-Tag
P3p
Cf-Railgun
X-LiteSpeed-Cache
X-Envoy-Upstream-Service-Time
X-Proxy-Cache
X-Ua-Compatible
X-Page-Speed
Request-Context
Content-Location
X-Device
X-Ac
X-Node
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cnection
X-Host
X-Server-Id
X-Cache-Lookup
X-Amz-Version-Id
Surrogate-Control
X-WebKit-CSP
X-Backend-Server
X-Rack-Cache
X-Rq
X-Response-Time
X-Application-Context
X-Readtime
X-CST
EagleEye-TraceId
Server-Timing
Pinterest-Generated-By
X-Url
X-Cloud-Trace-Context
X-OneAgent-JS-Injection
X-Instart-Request-ID
Request-Id
X-Dns-Prefetch-Control
Report-To
X-TTL
X-Px
X-Country
X-ORACLE-DMS-ECID
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Feature-Policy
Rating
Edge-Control
X-Country-Code
Allow
X-DynaTrace-JS-Agent
Charset
X-DataDome
X-ESI
X-Powered-CMS
X-Server-Name
X-FTR-Request-ID
X-TtlSet
X-PC
X-Vname
X-Origin-Cache
X-DynaTrace
NEL
X-MS-InvokeApp
X-ORACLE-DMS-RID
X-Goog-Hash
X-Recruiting
X-Varnish-TTL
X-Cached
X-Vhost
X-VARITI-CCR
X-GitHub-Request-Id
Content-MD5
RTSS
X-Version
X-F-Cache
X-Kinja-Server
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Revision
X-Geo-Segment
X-Exp-Variant
X-Kinja
X-Kinja-Build
X-Cdn-Fetch
X-Powered-By-Plesk
Public-Key-Pins
PB-RID
PB-PID
Accept-CH
Arc-Version
X-Mobile-Rewrite
X-Pinterest-Rid
X-Upstream-Env
Pinterest-Version
X-Mod-Pagespeed
X-D2id
Verso
X-Client-IP
SPRequestGuid
X-CF-Powered-By
X-Abt-Application-Version
MS-Author-Via
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-N
X-Dispatcher
X-SharePointHealthScore
AR-ATIME
AR-PoweredBy
X-Amz-Rid
AR-CACHE
X-Navigation-Version
Accept-CH-Lifetime
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-T
X-HeyJason
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
DynaTrace
Nginx-Cache
X-Trace
X-Dw-Request-Base-Id
Paypal-Debug-Id
X-Fastly-Request-ID
X-Upstream
X-Hits
Arr-Disable-Session-Affinity
X-Varnish-Age
TCN
X-Forwarded-Proto
X-Amz-Meta-S3cmd-Attrs
X-Id
X-Grace
X-DIS-Request-ID
X-Origin-Upstream-Status
X-Shield-Request-Id
X-Pad
SPRequestDuration
SPIisLatency
X-FastCGI-Cache
X-Content-Options
X-Cache-Hit
AR-SID
X-Content-Digest
X-Ruxit-JS-Agent
X-Logged-In
Realpath
X-IPLB-Instance
X-NF-Request-ID
Access-Control-Request-Method
X-Kinsta-Cache
MRF-Tech
X-Mrf-Section-Lastmod
X-Acc-Meta-Resource-Type
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-B
X-Goog-Generation
X-XRDS-Location
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Storage-Class
X-SS-Set-Cookie
X-HW
X-Vcap-Request-Id
S
X-Debug
X-MSEdge-Ref
X-Ser
Service-Worker-Allowed
Server-Name
X-NewRelic-App-Data
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Realm
X-PressLabs-Stats
X-FTR-Balancer
X-FTR-DC
X-FTR-Backend
X-FTR-Backend-Server
X-Frontend
X-Wix-Server-Artifact-Id
X-Server-ID
Tracecode
X-FTR-Expires
X-Oneagent-Js-Injection
AMP-Access-Control-Allow-Source-Origin
Rt-Fastcgi-Cache
Fastcgi-Cache
Eomportal-Instance
X-Forwarded-For
X-Cache-Key
Alternate-Protocol
Surrogate-Key
Cleartype
X-Cache-Rule
Cache-Status
X-GUploader-UploadID
X-Srv
X-Ttl
X-Analytics
Backend-Timing
X-HS-Hub-Id
X-NWS-LOG-UUID
X-HS-Content-Id
X-VCache
Host
TP-Cache
X-Revision
TP-L2-Cache
X-User-Agent
X-Rid
FilterID
Fastly-Restarts
X-FTR-Cache-Host
X-Debug-Info
X-Whom
Public-Key-Pins-Report-Only
X-Akam-SW-Version
X-AOL-HN
ServerID
X-Cache-2
X-RateLimit-Remaining
X-Via-JSL
X-Varnish-Backend
X-Content-Powered-By
X-Accel-Buffering
X-Webkit-CSP
X-Cdn
X-Request-Received
X-Request-Processing-Time
X-Kinja-Server-Push
Accept-Charset
Front-End-Https
X-Zen-Fury
Viewport
X-Mobile
X-Oracle-Dms-Rid
X-XRDS-LOCATION
X-Cached-By
X-Node-Name
X-WPE-Loopback-Upstream-Addr
Liferay-Portal
X-App-Environment
X-LB-Cache
Host-Header
X-Varnish-Hostname
X-Tumblr-User
X-Tumblr-Pixel-0
X-Content-Security-Policy-Report-Only
X-Tumblr-Pixel
X-Cache-Control
X-Page-Id
X-Cluster
X-Magnolia-Registration
X-Correlation-Id
X-Handled-By
X-Framework
Cache-Tag
X-Device-Type
X-Request-Guid
X-B3-Sampled
X-TT
X-Akamai-Edgescape
Upgrade-Insecure-Requests
X-Hostname
X-BCube-Filmed-By
X-Instance
X-Platform-Server
X-B-Cache
X-Signature
X-FB-Debug
DC
X-Cache-Server
X-B3-Traceid
X-Origin-Server
Server-Node
X-TT-TIMESTAMP
X-TA-CDN-Provider
MicrosoftSharePointTeamServices
Source
Retry-After
X-Amzn-Trace-Id
X-Accel-Expires
X-Servedby
X-WA-Info
X-Contextid
Server-Info
HitInfo
HitType
X-Cache-Action
X-Varnish-Server
X-Cache-Operation
X-Sol
X-Distil-CS
X-Middleton-Display
Display
X-Port
X-Daa-Tunnel
X-Fastcgi-Cache
X-Amz-Replication-Status
AsisCache
Content-Style-Type
Content-Script-Type
X-Generated-By
X-Edge-Location
X-GeoIP
X-Geo-Country
X-Seen-By
X-APP-VERSION
X-Wix-Request-Id
GEO-INFO
Webserver
X-WebKit-CSP-Report-Only
X-Tumblr-Pixel-2
X-RequestSource
X-S
X-TX-ID
X-Tumblr-Pixel-1
ServedBy
X-Locale
Healthy
Actual-Object-TTL
X-Hyper-Cache
X-Status
X-Jobs
User-Agent
X-Response-Served-From
X-Region
X-Edge-Cache
X-Edge-Cache-Key
X-FW-Server
X-FW-Hash
X-FW-Serve
X-Varnish-Hits
X-FW-Static
X-FW-Type
X-UUID
X-Drupal-Cache-Tags
X-Adobe-Content
X-Adobe-Loc
X-DataStream-Cache-Status
SRV
X-Varnish-Grace
S-Cnection
Refresh
Filters
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Amz-Server-Side-Encryption
X-Cache-Age
IBM-Web2-Location
NGB
X-Esi
X-URL
X-Cache-TTL-Remaining
X-Proxied
Response
X-Cache-NE
X-Middleton-Response
X-Activity-Id
X-AppVersion
X-Az
X-Content-Type
AR-Request-ID
X-Pc-Key
X-Pc-Appver
X-Pc-Hit
X-Newrelic-App-Data
X-ATG-Version
Payment
X-App-Server
X-Cache-Remote
X-Ruxit-Js-Agent
X-CDN-Forward
X-Cacheable-TTL
Datacenter
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Unique-ID
X-Cache-TTL
Cache
X-Vg-Webcache
Country
Served-By
Edge-Cache-Tag
X-UA
X-HS-Cache-Config
X-Akamai-Transformed
X-Mode
X-Sucuri-ID
Machine
Load-Balancing
X-Is-Bot
X-RN-RSRV
X-RemovedCookies
X-ProcessESI
X-Varnish-IP
X-Rendered-As
Meta-Geo
X-Detected-As
X-FC-Vary-Parameters
X-OCL
User-Cache-Control
X-Real-IP
X-PCL
X-ProxyCache-Status
X-ProxyCache-Key
X-Proxy
X-Rocket-Nginx-Bypass
X-BYPASS-REASON
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Privacy
Webcakes-App-Version
Access-Control-Allow-Method
X-BB-IP
TWC-GeoIP-Country
X-EIG-Tracking-Id
X-Varnish-Cacheable
X-Viewer-Country
X-Hosted-By
Webcakes-Region
X-Pubstack
X-PERF
Webcakes-App-Name
X-Origin
Backend
X-Origin-Hint
X-ServerID
Mn-Server-Ip
Now
X-Amz-Meta-Surrogate-Control
X-Tb
X-Cache-Config
L5d-Success-Class
X-Cache-Category-Id
Property-Id
Cache-Name
TWC-Device-Class
TWC-Connection-Speed
X-Grey
X-ApacheServer
DB-Nickname
X-Debug-Cache
Cache-Key
X-CDN-Cache
X-CCM
X-Backend-Name
X-Environment-Context
X-Format
X-JoinUs
X-Human
X-Access
ServerName
Azure-RegionName
Azure-InstanceId
Azure-SiteName
Azure-SlotName
S-Rt
Azure-Version
X-L-Path
X-Loop
X-Via-Fastly
X-Varnish-Cache-Hits
X-Zipkin-Id
X-Cache-Var
X-Rule
X-Cache-Var-Map
X-Upgrade-Enabled
X-TNCMS
X-Correlation-ID
X-NodeID
X-Original-Request
X-OVcl
X-Section
X-Routing-Service
Access-Control-Request-Headers
X-OVcl-Cache
X-Generated
X-Hit
X-IP
X-LJ-Flow-ID
X-AWS-Id
X-App-Name
X-Agile
X-Agile-Age
X-Agile-Id
X-NGENIX-Cache
X-Ocache
X-VWS-Id
X-Www-Served-By
X-Xfnlog-Site
X-TWH-CORRELATION-ID
X-Timing-Wait
X-Proxy-Build
X-Site-Version
X-SplitTest
Selected-FE
X-HS-Combine-CSS
X-Source
X-Origin-CC
X-Storage
X-Drupal-Cache-Contexts
HostName
X-Akamai-Request-ID
X-Pc-Host
X-Pc-Date
X-Upstream-CT
X-Upstream-HT
OT-Force-Account-Verify
X-Nginx-Cache
X-Vgn-Hpd-Reason
X-RateLimit-Limit
X-Mshield-Cache-Status
X-Time-Microsecs
X-Mrs-Cache-Hits
X-Mrs-Age
X-Mrs-Cache
X-Litespeed-Cache
Fastcgi-Useragent
Fastcgi-X-Cache
Fastcgi-X-Cache-Version
From-Origin
X-NCache
X-NC
X-UA-Device-Type
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Internal-Host
XServer
X-Feature
Powered-By-ChinaCache
X-Forwarded-Host
X-Microcachable
X-Iejgwucgyu
Fastly-SSL
X-Release
X-Distributor
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-PHP-Backend
X-Qnm-Cache
X-M-Reqid
X-M-Log
X-Ms-Version
X-Ms-Request-Id
X-Ms-Blob-Type
X-Ms-Lease-Status
Pagespeed
X-Birta-Served
X-Birta-Cache-Post
Pagetype
LB
X-Cache-Backend
NtCoent-Length
X-Labrador-Cache-Channel
X-EdgeConnect-Cache-Status
X-App-Version
X-Webkit-Csp
X-Twitter-Response-Tags
X-VG-TLSProxy
X-Transaction
X-Connection-Hash
X-B3-Spanid
X-Instance-Name
X-V
Frame-Options
Time
MIME-Version
X-SERVER-NAME
X-GZip
X-Web-Node
X-C
Cneonction
X-Hnp-Log
X-From
X-DPWN-IS-SECURE
V-Age
X-SIPLIST1
X-Org
Viewtype
IsBot
X-Dispatcher-Server
X-Died
X-Trv-Group
X-A-Dam
X-Via-CDN
X-CS
Host-ID
X-A-Ccd
X-A-Dcw
X-VG-WebServer
X-PAYTM-SRV-ID
VivaBuild
X-IN-APIGATEWAY
AKAMAI
Ajk
Mobile-Detection-Method
NGX
X-Logtrace-Id
Cache-Prefix
Arc-Country
MD5-Digest
Meta-Geo-Continent
X-Irp-Debug
Server-Int
X-CF-Lambda-Fn
X-IN-SSL-APIGATEWAY
Web-Mar-Node
X-NU-AKA-ACS-Version
X-A
X-No-Session
Www
X-SRCache-Key
X-IN-WAF
BehaviorPad-Version
Ec-Rule-Version
Fly-Cache
X-Varnish-Beresp-Ttl
X-BB-ID
Fly-Request-Id
X-Generated-In
Rendered-Blocks
X-A-Wwc
X-S-Cookie
X-UE-Client-Country
X-Generation-Time
X-Rojux
X-Rewrite-Enabled
X-Region-Sid
X-Request-URI
X-Request-UUID
X-Gen-Mode
X-ARC
X-A-Dgt
X-Destination
X-Block-Status
X-WebServer
X-Developer
X-G
X-D
X-Application
X-Via-SSL
X-B-Cookie
X-Server-Time
X-Via-Edge
X-CF-Lambda-Version
X-Date
X-CUA
X-Accel-Expires-Debug
T-Server
Xc-Version
X-ScT
X-Server-By
X-NWS-UUID-VERIFY
X-Powered-By-ANYU
X-Sucuri-Cache
WZWS-RAY
X-HOST
X-FireWall-Port
HA-Geolat
HA-Georegion
HA-Servedtime
Magicmarker
HA-Host
Kp-EeAlive
HA-Ipaddr
HA-Geolon
X-Fastly-Cache
HA-Urlpath
Ha-Gx-Prefs
X-Crawler
Release
Request-Country
X-CGP
X-Amz-Meta-Cache-Control
Proxy-Connection
SN
Request-EU
Request-Time
Server-Host
X-Cache-Enabled
HA-Geocountry
X-Debug-Cookies
X-Debug-Log
Pragrma
True-Client-Country-4JS
NodeID
X-External-Request-Id
MI-Cache-Age
MI-Cache
MI-API
X-Eu-Site
On-Server
X-ElasticPress-Search
X-Cache-CFC
Origin-Edge-Control
Origin-Cache-Control
X-Core-Value
X-F5-Cache
X-Platform
X-Owner
X-Varnish-Action
X-Phone
X-Cache-Bucket
X-VServer
X-NX-Host
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-We-Are-Hiring
X-Node-Id
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-UnsetCookies
X-S-Maxage
X-ServiceProvider
X-Sf
Ar-Sid
HA-Geocity
X-RCS-CacheZone
X-Redis-Cache
X-Var-Ttl
X-MI-In-Market
X-Origin-TTL
Decoy-Debug-Status
GMS-Ver
Decoy-Debug-Key
Decoy-Debug-TTL
Esi-Enabled
X-GeoIP-City
X-Hl-Ver
X-VCT
HA-Cloudapp
Country-Code
CDCHOST
Cache-Tags
X-Key
X-Layer
X-HTML-Minification-Powered-By
Backend-Name
X-Webstats-RespID
X-Trace-Id
X-Sorting-Hat-PodId
X-Thinkindot-L3
X-Stale
X-Ckpd-Fst-Backend
X-Clientip
X-TT-LOGID
X-Content-Age
X-Sorting-Hat-ShopId
X-Swa-Ws
X-Variation
X-Cdn-Origin
X-Cdn-Srv
X-Cache-URL
X-Sn-Servicetimems
X-Cache-Host
X-Cache-Expires
X-Worker
X-Store
X-Up
X-Cache-Srv
X-Hash
X-Tumblr-Pixel-3
X-Request-Time
X-Nginx-Cache-Key
X-MSEdge-Flight
X-Epic-Correlation-Id
X-Passed-To
X-Passed-To-DLL
X-Passed-To-BeforeDispatch
X-MSEdge-Features
X-Matched-Rule
X-GeoIP-Country-Code
X-Gannett-Site-Version
X-FW-Version
X-Fstrz
X-Location
X-Fetched-On
X-Passed-To-PostProcessResponse
X-Reboot
X-Server-IP
X-Secret
X-Croise-Owner
X-ShardId
X-Shopify-Stage
X-ShopId
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-Developers
X-Device-Os
X-Response-By
X-Returned-From
X-Returned-From-BeforeDispatch
X-Skip-Cache
Thinkindot-CacheControl-Type
Countrycode
Server-ID
Section-Io-Cache
Thinkindot-CacheControl
Thinkindot-Control
Origin
Uber-Trace-Id
Fastly-Backend-Name
RNT-Time
Odigeo-Trace-Id
PFcat
Is-Eu
Platform
RNT-Machine
Heartbleed
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Apple-News-Services-Host
X-Alternate-Cache-Key
X-Backend-State
X-Backend-TTL
X-Backend-Url
PageSpeed
X-Backend-Host
Apple-News-Services-Handled
X-Actual-URL
Adler-Geo
X-Ua
HTTPS
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
Cteonnt-Length
X-Csrf-Token
Fastly-SWR
X-Servername
Content-Disposition
Fastly-SIE
X-Policy
Resin-Trace
X-Alicdn-Da-Ups-Status
Sid
X-Core-Mission
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Request-Id
REQUESTUUID
ProcessTime
X-Cluster-Node
X-CACHE-AGE
WP-Super-Cache
Powered
X-GEO
Xserver
X-Servedbyhost
X-Planisys-CDN-Rules
X-Ezoic-Cdn
X-Refresh
X-Planisys-CDN-TTL
RequestId
X-Dc
X-Planisys-CDN-Cache
ViewerVersion
X-B3-TraceId
Warning
CDN
X-Pf-Uncompressing
X-Proto
X-TIME
X-Real-Ip
We-Hiring
X-Endurance-Cache-Level
CF-IPCountry
X-Cache-ASPX
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Mail-Subject
X-Guploader-Uploadid
X-Newrelic-Synthetics
Dnion-Transfer-Encoding
X-Req
X-Pjax-Url
X-Atg-Version
X-GoCache-CacheStatus
NODE
X-Surge-Debug
Hostname
X-Varnish-Ttl
X-Nc
CACHE
X-CLOUD-TRACE-CONTEXT
X-GRACE
NnCoection
X-Page-Type
X-DC
X-Aed
X-Origin-Date
X-Time
X-Edge-IP
X-Origin-Expires
X-COUNTRY
X-Cache-Control-Set-By
X-HCF
X-Server-W
Pramga
X-Ms-Lease-State
X-Varnish-HitMiss
GeoIp-Country-Code
Geoip-Latitude
X-CSRF-Token
X-Oracle-Dms-Ecid
SD-X-WS
TSSecure
X-Varnish-Beresp-TTL
X-Cdn-Forward
X-Server-Group
WWW-Authenticate
X-Aicache-OS
X-Varnish-Url
A
Processtime
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
MS-CV
X-ABtesting
X-Datadome
Geoip-City
X-Flog
X-Hello
X-Amz-Cf-Pop
X-Wix-Route-ID
X-Wa
X-WA
PICS-Label
X-Varnish-URL
Cdn
X-Ratelimit-Limit
X-Auto-Login
Mime-Version
Lfy
X-Geo
X-From-Cache
Node
X-CACHE-KEY
Lb
X-UPSTREAM-Address
Dont-Set-Cookie
X-Edge-Server
X-Gdpr
X-Akamai-Request-ID2
Cdn-Request-Time
Cdn-Host
X-Use-Magma
X-EC-Security-Audit
GeoIP-Country-Code
GeoIP-Latitude
FSS-Cache
X-Gen-Id
X-Sentry-ID
FSS-Proxy
X-Nananana
PageType
COMMERCE-SERVER-SOFTWARE
X-SRV
Ms-Operation-Id
X-PAGE-TYPE
X-Via-NSCOPI
X-Check-Cacheable
Rt-Proxy-Cache
X-APP
X-RTag
GeoIP-City
DataCenter
X-WR-MODIFICATION
X-Cookie
X-Cache-Id
X-Served-From
X-Unique-Id
X-Optimization
X-Fastly-Backend-Reqs
X-Cache-HT
Get-Access-Time
X-Env
Is-Session-Tracking
X-Load-Cache
X-Thanos
X-Bip
X-Cache-Info
Memcached
X-GDPR
Who
X-Proxy-Server
X-Dynatrace-Js-Agent
X-Cache-FS-Status
X-FORWARDED-FOR
X-Be
Pics-Label
X-PJAX-URL
Ws
X-Fastly-Cache-Hits
X-Swift-Error
X-Ibm-Trace
X-Request-Start
Memory
X-MP-GENERATED-AT
X-Wix-Petri-Ex
X-Ver
X-Meta-Tbi-Cache-Vertical
X-HS-Status
Cf-Ipcountry
X-RateLimit-Reset
X-Cache-Ttl
Httpd-Identifier
X-B3-SpanId
Group
X-Fe
V-Cache
X-CDN-Pop
X-NGINX-Cache
X-CDN-Pop-IP
X-PF-Uncompressing
GW-Server
UCS
X-SVT-ORM-VERSION
URI
Powered-By
X-ServedByHost
X-Shard
X-Dw-Trace-Id
X-SVT-ORM-RULES
X-ID
Ohc-File-Size
Amp-Access-Control-Allow-Source-Origin
X-User
Requestid
X-GZIP
NX-Cache
X-VC
AGE-Hash
X-Bug-Bounty
X-SB
Version
X-Path-Route
Serverid
Xet-Cookie
X-Varnish-Info
X-StackifyID
Cache-Hits
X-P-T
X-LiteSpeed-Cache-Control
X-CacheKey
X-Ratelimit-Remaining
N-Cache
CDN-Cache-Hit
CDN-Cache
CDN-Node
X-Route-Name
Apicache-Store
Apicache-Version
X-SD-PageType
X-Akamai-ERRuleID
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Providence-Cookie
X-Akamai-ERPolicy
X-App
Ohc-Response-Time
X-Grace-Duration
X-ServerName
X-Litespeed-Cache-Control
X-Cache-Handler
X-Flags
Fastly-Soc-X-Request-Id
X-RequestId
X-Is-Crawler
Https