Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Accept-Ranges
Last-Modified
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Xss-Protection
X-AspNetMvc-Version
Status
Timing-Allow-Origin
X-Check
X-Cache-Status
X-Adblock-Key
X-Iinfo
X-DNS-Prefetch-Control
X-Content-Security-Policy
X-Permitted-Cross-Domain-Policies
X-Template
X-Language
X-CDN
Content-Encoding
X-Turbo-Charged-By
X-Request-ID
Keep-Alive
X-Buckets
X-Type
EagleId
Xkey
X-Via
X-Backend
X-AH-Environment
WPE-Backend
X-Age
Access-Control-Max-Age
X-Pass-Why
X-Server
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Cache-Group
X-Varnish-Cache
X-Pingback
Upgrade
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
Grace
Access-Control-Expose-Headers
X-Hacker
X-UA-Device
P3p
Cf-Railgun
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Ua-Compatible
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
Request-Context
X-CST
X-Node
X-Device
X-Cache-Lookup
X-Ac
Content-Location
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cnection
X-Host
X-Amz-Version-Id
Surrogate-Control
X-WebKit-CSP
X-Backend-Server
X-Rack-Cache
X-Response-Time
X-Rq
X-Px
X-Readtime
X-Server-Id
X-Application-Context
Allow
X-Instart-Request-ID
Pinterest-Generated-By
X-Dns-Prefetch-Control
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Clacks-Overhead
Server-Timing
Request-Id
X-Url
X-Country
X-Cloud-Trace-Context
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
X-HeyJason
Report-To
Rating
X-TTL
X-Country-Code
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Varnish-TTL
Charset
Edge-Control
X-ESI
X-Powered-CMS
X-PC
X-TtlSet
X-Vname
X-FTR-Request-ID
X-Server-Name
X-Server-ID
X-CF-Powered-By
X-DataDome
Feature-Policy
X-MS-InvokeApp
X-DynaTrace-JS-Agent
X-Cached
X-Goog-Hash
NEL
X-Origin-Cache
X-Vhost
Public-Key-Pins
X-Recruiting
X-Geo-Segment
X-Exp-Variant
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Server
X-Kinja-Revision
X-Cdn-Fetch
X-Kinja
X-F-Cache
X-VARITI-CCR
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Powered-By-Plesk
X-DynaTrace
X-Version
X-Mod-Pagespeed
X-T
X-D2id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Content-MD5
Verso
X-Abt-Application-Version
X-Client-IP
PB-PID
PB-RID
X-Mobile-Rewrite
Arc-Version
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Env
AR-ATIME
AR-PoweredBy
X-Dispatcher
AR-CACHE
RTSS
X-N
SPRequestGuid
X-SharePointHealthScore
X-Amz-Rid
X-Cdn
X-Forwarded-Proto
X-GitHub-Request-Id
X-Hits
X-Navigation-Version
X-Dw-Request-Base-Id
Nginx-Cache
X-B
Paypal-Debug-Id
Realpath
X-Ruxit-JS-Agent
X-Upstream
X-Pad
X-Shield-Request-Id
X-Content-Digest
X-TEC-API-ROOT
X-Varnish-Age
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Grace
X-Id
X-Content-Options
Arr-Disable-Session-Affinity
X-Ttl
MS-Author-Via
SPIisLatency
SPRequestDuration
X-Cache-Hit
X-Kinsta-Cache
TCN
X-NWS-LOG-UUID
Access-Control-Request-Method
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Logged-In
X-Acc-Meta-Resource-Type
S
X-XRDS-Location
DynaTrace
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
MRF-Tech
Mrf-Cache-Status
X-Trace
X-Vcap-Request-Id
X-Origin-Upstream-Status
X-VCache
X-MSEdge-Ref
X-HW
X-Zen-Fury
X-DIS-Request-ID
Cleartype
Eomportal-Instance
Front-End-Https
X-FTR-Realm
X-FTR-DC
X-FTR-Expires
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-FTR-Balancer
X-Frontend
X-HS-Hub-Id
Surrogate-Key
X-HS-Content-Id
X-Cache-Rule
X-PressLabs-Stats
X-Via-JSL
X-Fastly-Request-ID
Service-Worker-Allowed
X-Oneagent-Js-Injection
X-NF-Request-ID
Cache-Status
X-User-Agent
X-IPLB-Instance
X-FastCGI-Cache
X-Forwarded-For
Server-Name
Tracecode
X-Request-Processing-Time
X-Request-Received
X-SS-Set-Cookie
X-Hostname
Fastcgi-Cache
X-Varnish-Backend
Host
Backend-Timing
X-Analytics
X-Cache-2
X-Wix-Server-Artifact-Id
FilterID
Rt-Fastcgi-Cache
X-Fastcgi-Cache
X-AOL-HN
Viewport
Public-Key-Pins-Report-Only
X-Whom
X-Sol
X-Middleton-Display
Alternate-Protocol
Display
TP-L2-Cache
TP-Cache
X-FTR-Cache-Host
X-Revision
X-Az
X-AppVersion
X-Proxied
X-Activity-Id
X-Rid
X-Middleton-Response
Response
X-Content-Powered-By
X-Srv
ServerID
X-Ser
X-Debug
X-Debug-Info
AR-SID
AMP-Access-Control-Allow-Source-Origin
X-Contextid
X-URL
X-Cache-Control
X-Magnolia-Registration
X-Cached-By
MicrosoftSharePointTeamServices
X-Daa-Tunnel
X-Akam-SW-Version
X-Mobile
Refresh
X-Cache-Server
Ar-Sid
X-WPE-Loopback-Upstream-Addr
X-Page-Id
HitType
HitInfo
X-B3-Traceid
Server-Info
Accept-Charset
Cache-Tag
X-FB-Debug
X-Instance
X-Framework
X-App-Server
X-Generated-By
X-Cache-Age
X-LB-Cache
Retry-After
Powered-By-ChinaCache
X-Varnish-Hostname
X-Content-Security-Policy-Report-Only
X-Webkit-Csp
X-Geo-Country
X-RateLimit-Remaining
X-BCube-Filmed-By
X-Cache-Operation
X-TT
X-B-Cache
X-Varnish-Grace
Server-Node
X-PHP-Backend
X-Signature
Source
X-Request-Guid
X-Origin-Server
X-Newrelic-App-Data
X-Device-Type
Host-Header
X-Handled-By
X-Tumblr-Pixel-0
X-Tumblr-User
X-App-Environment
X-Tumblr-Pixel
X-Cache-Key
Upgrade-Insecure-Requests
X-XRDS-LOCATION
X-Accel-Expires
X-Hyper-Cache
X-Platform-Server
X-WA-Info
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Amzn-Trace-Id
DC
X-Akamai-Edgescape
X-TT-TIMESTAMP
X-APP-VERSION
X-Drupal-Cache-Tags
X-NewRelic-App-Data
X-CACHE-GROUP
Liferay-Portal
X-Cache-Action
X-Ruxit-Js-Agent
X-Amz-Meta-S3cmd-Attrs
X-GUploader-UploadID
X-ATG-Version
X-Varnish-Server
X-Cluster
X-Port
X-Node-Name
X-B3-Sampled
Webserver
Fastly-Restarts
X-Edge-Location
AR-Request-ID
NGB
X-Accel-Buffering
X-Cacheable-TTL
X-S
X-Seen-By
Filters
X-Wix-Petri-Ex
X-GeoIP
X-Wix-Request-Id
X-WebKit-CSP-Report-Only
X-Jobs
ServedBy
X-Source
X-Locale
X-RequestSource
X-FW-Hash
X-Varnish-Hits
X-FW-Serve
Actual-Object-TTL
X-FW-Server
X-FW-Static
X-Correlation-ID
X-FW-Type
AsisCache
MS-CV
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-RTag
Accept-CH
X-Correlation-Id
GEO-INFO
S-Cnection
X-Amz-Replication-Status
X-Cache-TTL-Remaining
X-Distil-CS
X-Region
HostName
Cache
Served-By
X-Guploader-Uploadid
X-Cache-Config
X-UA
X-Edge-Cache-Key
X-UA-Device-Type
X-Edge-Cache
X-Cache-Remote
Country
X-Vg-Webcache
Content-Script-Type
Content-Style-Type
X-Webkit-CSP
X-Adobe-Content
X-Adobe-Loc
X-TA-CDN-Provider
X-Ocache
X-Sucuri-ID
X-PC-Hit
Datacenter
Ohc-File-Size
X-Drupal-Cache-Contexts
X-PC-Key
X-PC-AppVer
X-Dynatrace-Js-Agent
X-PC-Host
X-UUID
X-PC-Date
X-Microcachable
X-GZip
X-Unique-ID
X-RateLimit-Limit
X-Varnish-IP
X-Akamai-Transformed
X-HOST
Pagespeed
X-Status
X-Esi
X-DataStream-Cache-Status
X-Real-IP
X-Internal-Host
X-Amz-Server-Side-Encryption
X-TX-ID
X-Ezoic-Cdn
IBM-Web2-Location
X-Akamai-Request-ID
X-Agile-Age
X-Agile-Id
X-App-Name
X-BYPASS-REASON
X-Is-Bot
X-Detected-As
X-JoinUs
Machine
X-Rendered-As
Access-Control-Allow-Method
Healthy
X-ProxyCache-Key
X-RN-RSRV
Load-Balancing
X-Agile
Meta-Geo
X-Cache-Category-Id
X-Grey
X-ProxyCache-Status
X-IP
User-Cache-Control
Selected-FE
X-CCM
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Xfnlog-Site
Mn-Server-Ip
X-TNCMS
X-Timing-Wait
X-Origin
X-Debug-Cache
X-Vgn-Hpd-Reason
X-Loop
Xserver
X-Generated
X-Proxy-Build
X-ServerID
X-Web-Node
S-Rt
ServerName
L5d-Success-Class
X-OVcl
X-OVcl-Cache
Cache-Name
X-NodeID
Payment
X-Varnish-Cacheable
X-BB-IP
X-Instance-Name
X-Content-Type
X-Backend-Name
X-Upgrade-Enabled
X-Time-Microsecs
X-Mode
X-Varnish-Cache-Hits
Backend
X-Hosted-By
X-Tb
X-FC-Vary-Parameters
DB-Nickname
X-EIG-Tracking-Id
X-Human
X-Servedby
X-Viewer-Country
LB
X-OCL
Now
X-CDN-Cache
Cache-Key
X-PCL
X-Original-Request
X-Path-Route
X-ProcessESI
X-RemovedCookies
Webcakes-App-Name
TWC-Privacy
X-SplitTest
TWC-Locale-Group
TWC-GeoIP-Country
Property-Id
TWC-Connection-Speed
TWC-Device-Class
Webcakes-App-Version
X-LJ-Flow-ID
X-TWH-CORRELATION-ID
X-AWS-Id
X-Site-Version
X-NGENIX-Cache
X-Distributor
X-Section
X-ApacheServer
X-Www-Served-By
X-Access
X-Via-Fastly
X-CDN-Forward
Webcakes-Region
TWC-GeoIP-LatLong
Azure-RegionName
X-Proxy
X-PERF
Azure-Version
Azure-SiteName
Azure-SlotName
X-VWS-Id
Azure-InstanceId
X-Origin-Hint
X-Pubstack
Dont-Set-Cookie
X-Routing-Service
X-Time
X-Origin-CC
X-Zipkin-Id
X-Format
X-NCache
X-Cache-Ttl
X-Rocket-Nginx-Bypass
User-Agent
X-Amz-Meta-Surrogate-Control
Access-Control-Request-Headers
SRV
X-Storage
PageSpeed
X-Cache-Backend
X-Environment-Context
X-L-Path
WZWS-RAY
X-Oss-Hash-Crc64ecma
X-ServedBy
X-HS-Cache-Config
Edge-Cache-Tag
X-Oss-Object-Type
Countrycode
X-Webstats-RespID
X-Oss-Server-Time
X-Oss-Request-Id
X-Sucuri-Cache
X-Oss-Storage-Class
X-Generation-Time
X-B3-Spanid
X-Transaction
X-Connection-Hash
X-Cache-HT
X-Labrador-Cache-Channel
X-Proto
X-Optimization
X-Twitter-Response-Tags
X-Nc
X-Amzn-RequestId
X-Amz-Apigw-Id
Ms-Operation-Id
Cteonnt-Length
X-MP-GENERATED-AT
X-M-Reqid
X-Qnm-Cache
X-M-Log
Cache-Hits
X-SERVER-NAME
X-Ah-Environment
Apicache-Version
Apicache-Store
X-Newrelic-Synthetics
X-Hit
X-Meta-Tbi-Cache-Vertical
X-Birta-Served
X-Cache-NE
X-Birta-Cache-Post
Fastly-SSL
X-CLOUD-TRACE-CONTEXT
X-Tumblr-Pixel-3
From-Origin
X-Real-Ip
NnCoection
X-Dc
X-V
Ws
X-Cache-Enabled
Ec-Rule-Version
X-Release
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Geo
Cartoon
X-Upstream-HT
X-Upstream-CT
X-EdgeConnect-Cache-Status
NODE
X-Developer
Resin-Trace
Request-EU
X-Destination
X-Date
Kp-EeAlive
X-SERVER
X-Dispatcher-Server
Server-Host
X-Fetched-On
X-From
GMS-Ver
Server-ID
X-DPWN-IS-SECURE
X-G
X-Generated-In
Xc-Version
X-Died
Fly-Cache
X-A-Dgt
Cache-Prefix
X-A-Wwc
X-Accel-Expires-Debug
X-Alternate-Cache-Key
BehaviorPad-Version
X-A-Dcw
X-A-Dam
VivaBuild
Warning
Cneonction
Www
X-A-Ccd
X-A
X-Application
X-ARC
X-CF-Lambda-Fn
X-C
X-CF-Lambda-Version
T-Server
Fly-Request-Id
X-Hl-Ver
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Viewtype
X-B-Cookie
V-Age
X-BB-ID
Thinkindot-Control
X-D
X-Matched-Rule
X-ShopId
X-ShardId
X-Shopify-Stage
Meta-Geo-Continent
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Sf
X-Server-Time
X-S-Maxage
X-S-Cookie
X-ScT
X-Varnish-Beresp-Ttl
Host-ID
X-Server-By
X-SRCache-Key
X-SVT-ORM-RULES
MD5-Digest
X-Via-Edge
X-We-Are-Hiring
X-WebServer
X-Wix-Route-ID
X-Alicdn-Da-Ups-Status
X-Via-CDN
X-VG-WebServer
X-Thinkindot-L3
X-SVT-ORM-VERSION
X-Trv-Group
X-TT-LOGID
X-UE-Client-Country
Request-Country
X-Rule
X-Org
X-Origin-Date
X-Rojux
MI-Cache-Age
X-NU-AKA-ACS-Version
X-MI-In-Market
Rendered-Blocks
ProcessTime
X-Worker
Country-Code
X-PAYTM-SRV-ID
X-Origin-Expires
X-RCS-CacheZone
MI-Cache
X-Response-By
X-Rewrite-Enabled
X-Planisys-CDN-TTL
X-Region-Sid
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-App-Version
Server-Int
RNT-Machine
SN
Release
Proxy-Connection
RNT-Time
NGX
Platform
True-Client-Country-4JS
MI-API
Pragrma
X-Gen-Mode
X-IN-WAF
X-Logtrace-Id
X-No-Session
X-IN-SSL-APIGATEWAY
X-IN-APIGATEWAY
X-Hash
X-Hnp-Log
X-Node-Id
X-Origin-TTL
X-VServer
X-Cache-URL
X-SIPLIST1
X-ServiceProvider
X-Request-URI
X-Server-IP
X-GeoIP-Country-Code
X-GeoIP-City
X-Cache-Bucket
X-Cache-Host
X-Clientip
X-Block-Status
X-Backend-Url
X-Backend-Host
X-Backend-State
X-Content-Age
X-Crawler
X-Fstrz
IsBot
X-Env
X-Edge-Server
X-CS
X-Device-Os
Web-Mar-Node
X-Cache-CFC
Decoy-Debug-Status
Decoy-Debug-Key
Apple-News-Services-Handled
Decoy-Debug-TTL
Adler-Geo
Is-Eu
XServer
Fastly-Backend-Name
Apple-News-Services-Host
Ajk
CDCHOST
Apple-News-Services-Parsed-Url
Httpd-Identifier
Cdn-Host
Apple-News-Services-Request-Url
Cdn-Request-Time
X-ElasticPress-Search
X-Core-Value
X-Core-Mission
X-Debug-Log
X-Croise-Owner
X-Debug-Cookies
X-CGP
Backend-Name
X-Developers
AKAMAI
X-Cache-ASPX
X-Amz-Meta-Cache-Control
X-Cache-Expires
X-Cache-Control-Set-By
X-Cdn-Origin
X-Eu-Site
X-Sn-Servicetimems
X-Swa-Ws
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-Returned-From
X-Returned-From-BeforeDispatch
X-Trace-Id
X-UnsetCookies
X-VG-TLSProxy
X-Redis-Cache
X-Ver
X-Varnish-HitMiss
X-Up
X-Reboot
X-Rebelmouse-Surrogate-Control
X-Forwarded-Host
X-HCF
X-FireWall-Port
X-Actual-URL
X-Epic-Correlation-Id
X-NX-Host
X-P-T
X-Platform
X-Rebelmouse-Cache-Control
X-Passed-To-DLL
X-Passed-To-BeforeDispatch
X-Passed-To
X-Edge-IP
X-Passed-To-PostProcessResponse
Origin-Cache-Control
HA-Cloudapp
HA-Geocity
HTTPS
Origin
Fastly-SWR
Fastly-Soc-X-Request-Id
Heartbleed
On-Server
Request-Time
HA-Geocountry
Ha-Gx-Prefs
HA-Georegion
HA-Geolon
HA-Host
HA-Geolat
PFcat
HA-Ipaddr
Powered-By
Odigeo-Trace-Id
Origin-Edge-Control
HA-Servedtime
Content-Disposition
Fastly-SIE
Cache-Tags
HA-Urlpath
Uber-Trace-Id
X-HS-Combine-CSS
X-GRACE
X-Server-Group
X-Fastly-Cache
RequestId
X-Via-SSL
Time
X-Backend-TTL
X-Phone
X-Location
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Info
Who
X-Refresh
X-Stale
X-GoCache-CacheStatus
X-From-Cache
X-F5-Cache
X-Ckpd-Fst-Backend
X-Nginx-Cache
X-Cdn-Srv
Esi-Enabled
X-Cache-Srv
X-Var-Ttl
X-B3-TraceId
NtCoent-Length
X-Atg-Version
X-Ms-Version
X-Req
X-Ms-Request-Id
X-Ms-Lease-Status
Ohc-Response-Time
X-BBXSRF
X-Cdn-Forward
X-Skip-Cache
X-Ms-Blob-Type
X-Cache-FS-Status
Dnion-Transfer-Encoding
Is-Session-Tracking
WWW-Authenticate
X-Response-Served-From
Frame-Options
X-Cache-Time
X-Servername
X-Kong-Upstream-Latency
X-Powered-By-ANYU
X-MSEdge-Features
X-MSEdge-Flight
X-Micro-Cache
Get-Access-Time
X-Pjax-Url
X-Kong-Proxy-Latency
Mime-Version
X-Csrf-Token
X-Owner
Cdn
X-WR-MODIFICATION
X-CUA
X-CCM-LastModified
NodeID
X-Pf-Uncompressing
X-Key
X-Request-Time
X-User
X-Cache-TTL
X-NC
WP-Super-Cache
X-Varnish-Url
Mail-Subject
X-Page-Type
We-Hiring
X-TIME
X-Ua
Dynatrace
X-Litespeed-Cache
X-External-Request-Id
CF-IPCountry
X-COUNTRY
X-NWS-UUID-VERIFY
MIME-Version
Section-Io-Cache
UCS
PICS-Label
GW-Server
X-CSRF-Token
PageType
X-Aicache-OS
X-Cache-Handler
X-LiteSpeed-Cache-Control
X-GDPR
X-DC
X-Servedbyhost
GeoIp-Country-Code
Geoip-City
X-Varnish-Action
Geoip-Latitude
FastCGI-Cache
X-Pc-Hit
X-Pc-Key
X-Pc-Appver
X-Nf-Srv-Version
Version
Magicmarker
X-Cache-Id
X-Varnish-Id
Rt-Proxy-Cache
X-Varnish-Beresp-TTL
X-Thanos
X-Pc-Host
X-Request-UUID
Memcached
X-Bip
X-Pc-Date
X-Dynatrace
X-CACHE-KEY
Accept-CH-Lifetime
X-Fastly-Backend-Reqs
X-GEO
Memory
X-Variation
CACHE
X-Nananana
If-Modified-Since
X-Ibm-Trace
X-Server-W
X-TId
X-Via-NSCOPI
X-ServedByHost
CDN
COMMERCE-SERVER-SOFTWARE
X-StackifyID
Node
X-Be
Processtime
Sid
X-Wa
Pagetype
X-Irp-Debug
Arc-Country
GeoIP-Latitude
GeoIP-Country-Code
GeoIP-City
X-Load-Cache
X-Cluster-Node
X-Auto-Login
X-DataStream-Origin-MEX-Latency
X-HTML-Minification-Powered-By
X-Gdpr
X-UPSTREAM-Address
Sta2Tusw
X-DataStream-MidMile-RTT
X-Shard
X-BE
X-Hail-Hydra
Pics-Label
X-Ig-Deployment-Stage
X-Frame-Option
X-Tid
X-Sentry-ID
X-Varnish-Ttl
RATING
URI
X-Proxy-Server
X-FW-Version
DataCenter
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Layer
X-PAGE-TYPE
X-Varnish-URL
X-FORWARDED-FOR
X-Nginx-Cache-Key
X-Datadome
X-EC-Security-Audit
Cf-Ipcountry
X-Gen-Id
X-Fastly-Cache-Hits
Srv
X-NGINX-Cache
X-SRV
Pramga
X-Bug-Bounty
X-Secret
X-Akamai-Request-ID2
X-Gannett-Site-Version
X-Ratelimit-Remaining
V-Cache
Group
X-Haproxy-Ip
X-Haproxy-Hostname
X-Surge-Debug
X-Public
X-PF-Uncompressing
X-PJAX-URL
Cache-Provider
X-Shield-Cache-Expires
X-ADI-VCache
X-ID
X-Endurance-Cache-Level
X-Ratelimit-Limit
X-GZIP
X-B3-SpanId
X-CacheKey
X-Litespeed-Cache-Control
X-APP
OT-Force-Account-Verify
X-Feature
Cache-Cookie-Set-Idcheck
SD-X-WS
X-ND-Cache
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
X-Cache-Var
X-Cache-Debug
X-Cache-Var-Map
X-Dw-Trace-Id
Mobile-Detection-Method
Hostname
Serverid
Xet-Cookie
X-Store
Lb
X-RequestId
X-Ms-Lease-State
X-Distil-Cs
X-Sorting-Hat-FeatureSet
X-Sorting-Hat-Section
X-Sorting-Hat-PodId-Cached
X-Sorting-Hat-ShopId-Cached
X-Fe
X-CDN-Pop
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-RAMCache
X-Sorting-Hat-PrivacyLevel
X-CDN-Pop-IP
X-VCT
X-WA
X-SD-PageType
X-Grace-Duration
GEO-REGION-INFO
X-Unique-Id
X-Cookie
REQUESTUUID
N-Cache
X-VG-WebCache
X-ServerName
Requestid
X-Varnish-ID
Accept-Ch
X-Request-Start