Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Timer
CF-Cache-Status
X-Request-Id
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Xss-Protection
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Request-ID
X-Check
X-AspNetMvc-Version
Status
X-Cache-Status
X-Adblock-Key
Timing-Allow-Origin
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-Template
Content-Encoding
X-Language
X-Content-Security-Policy
X-DNS-Prefetch-Control
X-Turbo-Charged-By
X-CDN
X-Type
Keep-Alive
X-Buckets
Xkey
X-Backend
X-Cache-Group
X-AH-Environment
WPE-Backend
Access-Control-Max-Age
X-Pass-Why
X-Age
X-Server
CF-Ray
Upgrade
X-POWERED-BY
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Pingback
X-Drupal-Dynamic-Cache
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Grace
X-Hacker
X-Amz-Request-Id
X-Amz-Id-2
X-UA-Device
Ali-Swift-Global-Savetime
X-Robots-Tag
Cf-Railgun
P3p
X-Envoy-Upstream-Service-Time
X-Proxy-Cache
X-LiteSpeed-Cache
X-Page-Speed
X-Ua-Compatible
Request-Context
Content-Location
X-Device
X-Ac
X-Node
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cnection
X-Host
X-Server-Id
X-Cache-Lookup
X-Amz-Version-Id
Surrogate-Control
X-WebKit-CSP
X-Dns-Prefetch-Control
X-Backend-Server
X-Rack-Cache
X-Rq
X-Response-Time
X-Application-Context
X-Readtime
X-CST
EagleEye-TraceId
Pinterest-Generated-By
Server-Timing
X-Url
X-Cloud-Trace-Context
X-TTL
X-OneAgent-JS-Injection
X-Instart-Request-ID
Request-Id
X-Px
Report-To
X-Country
X-ORACLE-DMS-ECID
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Feature-Policy
Rating
Edge-Control
X-Country-Code
Allow
X-DynaTrace-JS-Agent
Charset
X-DataDome
X-Powered-CMS
X-FTR-Request-ID
X-Vname
X-TtlSet
X-PC
X-ESI
X-Server-Name
X-DynaTrace
X-Origin-Cache
NEL
X-ORACLE-DMS-RID
X-MS-InvokeApp
X-Goog-Hash
X-Recruiting
X-Varnish-TTL
X-Cached
X-Vhost
X-VARITI-CCR
Content-MD5
X-GitHub-Request-Id
RTSS
X-Version
X-F-Cache
X-Geo-Segment
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Kinja
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Powered-By-Plesk
Public-Key-Pins
Pinterest-Version
PB-PID
X-Upstream-Env
PB-RID
X-Pinterest-Rid
X-Mobile-Rewrite
Arc-Version
X-Mod-Pagespeed
X-CF-Powered-By
Accept-CH
Verso
X-D2id
X-Client-IP
SPRequestGuid
X-Abt-Application-Version
MS-Author-Via
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-N
X-Dispatcher
X-SharePointHealthScore
AR-ATIME
AR-PoweredBy
X-Amz-Rid
AR-CACHE
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
X-HeyJason
X-Navigation-Version
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-T
Nginx-Cache
DynaTrace
Accept-CH-Lifetime
X-Dw-Request-Base-Id
Paypal-Debug-Id
X-Trace
X-Fastly-Request-ID
X-Upstream
X-Grace
X-Varnish-Age
Arr-Disable-Session-Affinity
X-Hits
TCN
X-FastCGI-Cache
X-Forwarded-Proto
X-Amz-Meta-S3cmd-Attrs
X-Id
X-DIS-Request-ID
X-Origin-Upstream-Status
X-Shield-Request-Id
X-Pad
SPRequestDuration
SPIisLatency
X-Content-Options
X-Cache-Hit
X-Ruxit-JS-Agent
X-Content-Digest
AR-SID
Realpath
X-Logged-In
Access-Control-Request-Method
X-Kinsta-Cache
X-Mrf-Item-Lastmod
X-Acc-Meta-Resource-Type
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-NF-Request-ID
X-IPLB-Instance
MRF-Tech
X-B
X-XRDS-Location
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-SS-Set-Cookie
X-HW
X-Vcap-Request-Id
S
X-Debug
X-MSEdge-Ref
Service-Worker-Allowed
Server-Name
X-Ser
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-Backend
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-DC
X-Frontend
X-PressLabs-Stats
X-Wix-Server-Artifact-Id
Tracecode
X-FTR-Expires
X-Cache-Key
X-NewRelic-App-Data
AMP-Access-Control-Allow-Source-Origin
Rt-Fastcgi-Cache
Fastcgi-Cache
X-Server-ID
Eomportal-Instance
X-GUploader-UploadID
Alternate-Protocol
X-Oneagent-Js-Injection
Surrogate-Key
Cleartype
X-Cache-Rule
X-Forwarded-For
Cache-Status
X-HS-Content-Id
X-HS-Hub-Id
X-NWS-LOG-UUID
X-Analytics
Backend-Timing
X-VCache
Host
TP-L2-Cache
TP-Cache
X-Srv
X-User-Agent
FilterID
X-Rid
X-Revision
X-FTR-Cache-Host
X-Debug-Info
X-Whom
Fastly-Restarts
Public-Key-Pins-Report-Only
X-AOL-HN
X-Akam-SW-Version
X-Cache-2
ServerID
X-Varnish-Backend
X-RateLimit-Remaining
X-Via-JSL
X-Content-Powered-By
X-Accel-Buffering
X-Request-Received
X-Request-Processing-Time
X-Zen-Fury
Accept-Charset
Front-End-Https
X-Webkit-CSP
Viewport
X-Mobile
X-Cdn
X-Kinja-Server-Push
X-Oracle-Dms-Rid
X-Ttl
X-WPE-Loopback-Upstream-Addr
Liferay-Portal
X-Node-Name
X-Cached-By
X-XRDS-LOCATION
X-B3-Traceid
X-App-Environment
X-Cluster
X-Cache-Control
X-Tumblr-Pixel-0
X-LB-Cache
Host-Header
X-Content-Security-Policy-Report-Only
X-Page-Id
X-Varnish-Hostname
X-Tumblr-Pixel
X-Tumblr-User
X-Magnolia-Registration
X-Handled-By
X-Hostname
X-Request-Guid
X-TT
X-Framework
X-B3-Sampled
X-Instance
X-Platform-Server
X-B-Cache
Cache-Tag
X-Signature
X-BCube-Filmed-By
X-Akamai-Edgescape
Upgrade-Insecure-Requests
X-Device-Type
X-FB-Debug
DC
X-Cache-Server
Server-Node
X-Origin-Server
X-TT-TIMESTAMP
Source
Retry-After
X-TA-CDN-Provider
X-Correlation-Id
MicrosoftSharePointTeamServices
X-Accel-Expires
X-Contextid
X-Servedby
X-WA-Info
X-Amzn-Trace-Id
HitInfo
Server-Info
HitType
X-Cache-Action
X-APP-VERSION
X-Middleton-Display
X-Cache-Operation
Display
X-Varnish-Server
X-Sol
X-Distil-CS
X-Port
X-Daa-Tunnel
X-Esi
X-Amz-Replication-Status
AsisCache
Content-Style-Type
X-Generated-By
Content-Script-Type
X-Edge-Location
X-Geo-Country
X-Seen-By
X-Wix-Request-Id
Webserver
X-Hyper-Cache
X-S
X-WebKit-CSP-Report-Only
X-TX-ID
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Status
ServedBy
Actual-Object-TTL
GEO-INFO
X-Locale
X-FW-Hash
X-FW-Static
X-FW-Type
X-UUID
X-Response-Served-From
X-Region
X-FW-Server
X-FW-Serve
X-RequestSource
X-Varnish-Hits
User-Agent
Healthy
X-GeoIP
X-Edge-Cache
X-Drupal-Cache-Tags
X-Adobe-Loc
X-Edge-Cache-Key
X-Jobs
X-Adobe-Content
X-DataStream-Cache-Status
X-Varnish-Grace
SRV
X-Litespeed-Cache
Refresh
Filters
X-Newrelic-App-Data
X-Yottaa-Optimizations
X-Amz-Server-Side-Encryption
S-Cnection
X-Yottaa-Metrics
NGB
IBM-Web2-Location
X-Proxied
X-Cache-TTL-Remaining
Response
X-Fastcgi-Cache
X-CDN-Forward
X-Middleton-Response
X-Cache-Age
AR-Request-ID
X-AppVersion
X-Az
X-Activity-Id
X-App-Server
X-Pc-Key
X-Content-Type
X-Cache-NE
X-Pc-Hit
X-Pc-Appver
X-Cache-Remote
Payment
X-Cacheable-TTL
X-Correlation-ID
X-Unique-ID
Cache
X-Cache-TTL
X-Kong-Upstream-Latency
X-Ruxit-Js-Agent
X-Kong-Proxy-Latency
Country
X-Vg-Webcache
X-UA
Datacenter
Served-By
X-ATG-Version
Edge-Cache-Tag
X-Mode
X-HS-Cache-Config
X-Akamai-Transformed
X-Sucuri-ID
X-Is-Bot
Machine
X-Detected-As
X-Varnish-IP
X-ProcessESI
Meta-Geo
Load-Balancing
X-RN-RSRV
X-RemovedCookies
X-Rendered-As
X-ProxyCache-Status
X-Proxy
X-ProxyCache-Key
X-OCL
X-FC-Vary-Parameters
X-PCL
User-Cache-Control
X-BYPASS-REASON
X-Rocket-Nginx-Bypass
X-Amz-Meta-Surrogate-Control
X-Viewer-Country
X-ApacheServer
Now
X-Source
X-BB-IP
X-Origin
X-Cache-Config
X-Tb
X-Hosted-By
X-Pubstack
X-ServerID
X-Human
X-Varnish-Cacheable
Backend
Cache-Key
DB-Nickname
L5d-Success-Class
X-Cache-Category-Id
X-PERF
Access-Control-Allow-Method
Cache-Name
X-Grey
Azure-SiteName
TWC-GeoIP-Country
Azure-InstanceId
Azure-RegionName
S-Rt
Property-Id
Mn-Server-Ip
Azure-Version
Azure-SlotName
TWC-Connection-Speed
ServerName
TWC-Device-Class
X-Origin-Hint
X-Site-Version
X-Section
X-TNCMS
X-Upgrade-Enabled
X-CCM
X-JoinUs
X-Routing-Service
Access-Control-Request-Headers
X-Debug-Cache
X-EIG-Tracking-Id
X-Format
X-CDN-Cache
X-Hit
X-Generated
X-L-Path
X-Loop
Webcakes-Region
X-Access
Webcakes-App-Version
Webcakes-App-Name
TWC-Locale-Group
TWC-Privacy
X-Zipkin-Id
X-OVcl-Cache
X-NodeID
X-Varnish-Cache-Hits
X-Via-Fastly
X-Environment-Context
X-Backend-Name
X-OVcl
TWC-GeoIP-LatLong
X-Original-Request
X-SplitTest
X-IP
X-Xfnlog-Site
X-AWS-Id
X-App-Name
X-Agile-Age
X-Agile-Id
X-Www-Served-By
X-LJ-Flow-ID
X-Real-IP
X-TWH-CORRELATION-ID
HostName
X-VWS-Id
X-NGENIX-Cache
X-Ocache
X-Agile
X-Rule
Selected-FE
X-HS-Combine-CSS
X-Storage
X-Origin-CC
X-Drupal-Cache-Contexts
X-Timing-Wait
X-Proxy-Build
X-Pc-Date
X-Cache-Var
X-Pc-Host
X-Cache-Var-Map
X-Akamai-Request-ID
X-URL
X-Upstream-CT
X-Upstream-HT
X-NC
X-Vgn-Hpd-Reason
X-Time-Microsecs
OT-Force-Account-Verify
From-Origin
X-Nginx-Cache
X-Mrs-Cache-Hits
X-Mshield-Cache-Status
X-Mrs-Cache
X-Mrs-Age
XServer
X-NCache
Fastcgi-X-Cache-Version
X-Microcachable
Fastcgi-X-Cache
X-UA-Device-Type
X-RateLimit-Limit
Fastcgi-Useragent
X-Internal-Host
X-Amz-Apigw-Id
Powered-By-ChinaCache
X-SERVER-NAME
X-Amzn-RequestId
X-PHP-Backend
X-Forwarded-Host
Pagespeed
X-Release
X-Distributor
Fastly-SSL
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Qnm-Cache
X-Feature
X-M-Reqid
X-M-Log
X-Iejgwucgyu
LB
X-Ms-Request-Id
X-Ms-Blob-Type
X-Ms-Version
X-Ms-Lease-Status
Pagetype
X-Birta-Served
X-Birta-Cache-Post
X-Cache-Backend
X-EdgeConnect-Cache-Status
X-Labrador-Cache-Channel
X-Connection-Hash
X-Transaction
NtCoent-Length
MIME-Version
X-Twitter-Response-Tags
X-VG-TLSProxy
X-Instance-Name
X-V
X-Webkit-Csp
X-B3-Spanid
X-Ah-Environment
Frame-Options
X-GZip
Time
X-Web-Node
Ar-Sid
X-Varnish-Beresp-Ttl
X-C
IsBot
X-VG-WebServer
Cache-Prefix
Ec-Rule-Version
X-Region-Sid
Host-ID
Fly-Request-Id
Fly-Cache
X-Request-UUID
X-Request-URI
BehaviorPad-Version
Ajk
X-PAYTM-SRV-ID
Cneonction
X-NU-AKA-ACS-Version
AKAMAI
Arc-Country
X-Org
X-Redis-Cache
X-No-Session
X-Rojux
X-Block-Status
X-BB-ID
X-Cache-Bucket
X-SIPLIST1
X-Generation-Time
X-ScT
X-B-Cookie
X-ARC
X-Accel-Expires-Debug
X-A-Wwc
X-Hnp-Log
X-Application
X-SRCache-Key
X-Server-By
X-CF-Lambda-Fn
X-Generated-In
X-DPWN-IS-SECURE
X-Gen-Mode
X-G
X-From
X-Died
X-Developer
X-D
X-CF-Lambda-Version
X-Date
X-Destination
X-Server-Time
X-Via-CDN
X-A-Dgt
T-Server
Server-Int
X-Rewrite-Enabled
Xc-Version
V-Age
Rendered-Blocks
X-Logtrace-Id
X-Via-SSL
X-Via-Edge
MD5-Digest
Meta-Geo-Continent
NGX
X-A-Dcw
Viewtype
X-A
X-IN-APIGATEWAY
X-Trv-Group
X-A-Ccd
X-A-Dam
X-S-Cookie
VivaBuild
X-UE-Client-Country
Web-Mar-Node
X-Irp-Debug
X-IN-WAF
X-IN-SSL-APIGATEWAY
Www
WZWS-RAY
X-Sucuri-Cache
X-Powered-By-ANYU
X-FireWall-Port
X-VServer
X-MI-In-Market
Magicmarker
X-CGP
MI-API
NodeID
X-We-Are-Hiring
MI-Cache-Age
MI-Cache
HA-Urlpath
HA-Servedtime
HA-Geolat
HA-Geocountry
HA-Geocity
HA-Cloudapp
HA-Geolon
HA-Georegion
HA-Ipaddr
HA-Host
Ha-Gx-Prefs
On-Server
Origin-Edge-Control
X-HTML-Minification-Powered-By
X-Hl-Ver
X-Amz-Meta-Cache-Control
SN
True-Client-Country-4JS
Mobile-Detection-Method
Cteonnt-Length
X-S-Maxage
X-Key
X-Wikidot-Static-Cache
X-Phone
Pragrma
X-WebServer
X-Cache-CFC
GMS-Ver
Proxy-Connection
X-Wikidot-Backend
X-Layer
Request-EU
Request-Country
Origin-Cache-Control
X-Varnish-Action
X-Owner
X-Dispatcher-Server
CDCHOST
Backend-Name
X-Origin-TTL
X-Debug-Log
Decoy-Debug-Key
X-Debug-Cookies
Country-Code
X-Sf
X-ElasticPress-Search
X-RCS-CacheZone
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Platform
X-Fastly-Cache
X-ServiceProvider
X-Eu-Site
X-External-Request-Id
X-F5-Cache
Decoy-Debug-Status
Cache-Tags
X-Node-Id
X-CS
X-Core-Value
X-CUA
Esi-Enabled
X-NX-Host
Decoy-Debug-TTL
X-NWS-UUID-VERIFY
X-App-Version
X-HOST
X-Trace-Id
X-FW-Version
X-Crawler
X-Stale
X-Croise-Owner
X-Backend-Host
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-Clientip
X-Actual-URL
X-Fstrz
X-Swa-Ws
X-Fetched-On
X-Thinkindot-L3
X-Content-Age
X-Ckpd-Fst-Backend
X-Epic-Correlation-Id
X-GeoIP-City
X-Cache-Enabled
X-Developers
X-GeoIP-Country-Code
X-Cdn-Srv
X-Cdn-Origin
X-Secret
X-Cache-Srv
X-Cache-URL
X-Server-IP
X-Shopify-Stage
X-Gannett-Site-Version
X-Backend-Url
X-Cache-Host
X-Backend-TTL
X-Sn-Servicetimems
X-TT-LOGID
X-ShopId
X-Skip-Cache
X-ShardId
X-Backend-State
RNT-Time
X-Up
Heartbleed
X-Variation
X-Returned-From-BeforeDispatch
Fastly-Backend-Name
X-Nginx-Cache-Key
X-Tumblr-Pixel-3
Kp-EeAlive
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-MSEdge-Features
Is-Eu
X-Returned-From
Countrycode
X-Passed-To-DLL
Apple-News-Services-Handled
X-Passed-To-PostProcessResponse
X-Reboot
Adler-Geo
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Passed-To-BeforeDispatch
X-Passed-To
X-Response-By
X-Request-Time
Apple-News-Services-Request-Url
Odigeo-Trace-Id
X-MSEdge-Flight
Thinkindot-Control
Section-Io-Cache
RNT-Machine
X-UnsetCookies
Uber-Trace-Id
Server-ID
X-Worker
Server-Host
X-Var-Ttl
Request-Time
PFcat
Origin
X-Matched-Rule
Platform
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Release
X-Location
X-Csrf-Token
X-CACHE-AGE
X-Webstats-RespID
X-Rebelmouse-Cache-Control
X-Servername
X-Alicdn-Da-Ups-Status
X-Rebelmouse-Surrogate-Control
X-VCT
PageSpeed
X-Store
X-Oss-Object-Type
Fastly-SWR
Fastly-SIE
X-Core-Mission
Resin-Trace
X-Hash
HTTPS
X-Oss-Storage-Class
Sid
X-Oss-Server-Time
X-Device-Os
X-Oss-Request-Id
Content-Disposition
X-Oss-Hash-Crc64ecma
X-Cache-Expires
X-Policy
CDN
WP-Super-Cache
X-Atg-Version
X-Ua
X-Ezoic-Cdn
X-Refresh
X-Cluster-Node
X-Planisys-CDN-TTL
X-Real-Ip
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Servedbyhost
ProcessTime
RequestId
REQUESTUUID
Powered
X-Pf-Uncompressing
Warning
X-Proto
X-TIME
ViewerVersion
CF-IPCountry
Xserver
X-GEO
Mail-Subject
X-Cache-ASPX
We-Hiring
X-Dc
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Dnion-Transfer-Encoding
X-Req
X-GoCache-CacheStatus
Cache-Cookie-Set-Lfrom
NODE
X-Endurance-Cache-Level
X-DC
X-Newrelic-Synthetics
X-B3-TraceId
X-Pjax-Url
X-Surge-Debug
X-Varnish-Ttl
Hostname
NnCoection
X-Page-Type
X-Server-W
X-Edge-IP
X-Origin-Expires
CACHE
X-Origin-Date
X-CLOUD-TRACE-CONTEXT
X-Aed
X-COUNTRY
X-Time
X-Varnish-HitMiss
Geoip-Latitude
X-Cache-Control-Set-By
X-HCF
GeoIp-Country-Code
X-Guploader-Uploadid
X-Nc
X-Ms-Lease-State
Pramga
X-Oracle-Dms-Ecid
X-CSRF-Token
WWW-Authenticate
X-Server-Group
X-Varnish-Beresp-TTL
Processtime
SD-X-WS
TSSecure
MS-CV
X-Ratelimit-Limit
X-Varnish-Url
A
Geoip-City
X-Aicache-OS
X-Flog
PICS-Label
X-Hello
X-ABtesting
X-Varnish-URL
X-Datadome
X-Geo
X-GRACE
X-DataStream-MidMile-RTT
X-Wa
X-DataStream-Origin-MEX-Latency
X-Wix-Route-ID
X-Cdn-Forward
X-WA
Dont-Set-Cookie
X-From-Cache
X-Auto-Login
Cdn
X-Edge-Server
X-Gdpr
Lfy
Cdn-Host
Cdn-Request-Time
Node
X-Akamai-Request-ID2
X-SRV
FSS-Proxy
FSS-Cache
Lb
Ms-Operation-Id
X-RTag
X-Use-Magma
Mime-Version
DataCenter
X-Gen-Id
X-APP
COMMERCE-SERVER-SOFTWARE
X-EC-Security-Audit
X-UPSTREAM-Address
X-Sentry-ID
X-WR-MODIFICATION
X-Nananana
X-Amz-Cf-Pop
GeoIP-Country-Code
GeoIP-City
X-PAGE-TYPE
GeoIP-Latitude
PageType
X-Check-Cacheable
X-Optimization
X-Cache-HT
Rt-Proxy-Cache
X-Via-NSCOPI
X-Env
X-Fastly-Backend-Reqs
Is-Session-Tracking
Get-Access-Time
X-FORWARDED-FOR
X-Load-Cache
X-Cache-Id
X-CACHE-KEY
X-Unique-Id
Who
X-Served-From
Memcached
X-Cookie
X-Cache-Info
X-GDPR
X-Proxy-Server
X-Wix-Petri-Ex
X-Thanos
X-Bip
X-Cache-FS-Status
X-Dynatrace-Js-Agent
X-PJAX-URL
Ws
X-Ver
X-Ibm-Trace
X-Meta-Tbi-Cache-Vertical
X-MP-GENERATED-AT
X-Request-Start
X-Be
Httpd-Identifier
X-Swift-Error
Pics-Label
Memory
X-NGINX-Cache
X-Cache-Ttl
X-SVT-ORM-VERSION
X-B3-SpanId
X-HS-Status
X-RateLimit-Reset
X-SVT-ORM-RULES
Group
Powered-By
V-Cache
X-Fe
Ohc-File-Size
X-Fastly-Cache-Hits
X-Path-Route
X-CDN-Pop-IP
URI
X-Shard
Version
GW-Server
X-CDN-Pop
UCS
X-ServedByHost
Cf-Ipcountry
X-Dw-Trace-Id
Amp-Access-Control-Allow-Source-Origin
X-ID
Xet-Cookie
NX-Cache
X-User
Requestid
X-VC
X-GZIP
X-LiteSpeed-Cache-Control
X-PF-Uncompressing
X-Bug-Bounty
X-P-T
AGE-Hash
X-SB
Serverid
X-Varnish-Info
Cache-Hits
X-StackifyID
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-CacheKey
X-Ratelimit-Remaining
Ohc-Response-Time
Apicache-Store
Apicache-Version
Fastly-Soc-X-Request-Id
CDN-Cache
N-Cache
CDN-Node
CDN-Cache-Hit
X-Route-Name
X-Micro-Cache
If-Modified-Since
X-ServerName
X-Goog-Meta-Goog-Reserved-File-Mtime
Https
X-Providence-Cookie
X-Info
X-Grace-Duration
X-RequestId
X-Cache-Handler
X-SD-PageType
X-Litespeed-Cache-Control
X-Flags
X-Is-Crawler