Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
X-Request-Id
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Xss-Protection
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Request-ID
X-Check
X-AspNetMvc-Version
Status
X-Cache-Status
X-Adblock-Key
Timing-Allow-Origin
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
X-Template
Content-Encoding
X-Language
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
Keep-Alive
X-Buckets
Xkey
X-Backend
X-Cache-Group
WPE-Backend
X-AH-Environment
Access-Control-Max-Age
X-Pass-Why
P3p
X-Age
CF-Ray
X-POWERED-BY
X-Server
Upgrade
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Pingback
X-Drupal-Dynamic-Cache
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Grace
X-Hacker
X-Amz-Id-2
X-Amz-Request-Id
X-UA-Device
Ali-Swift-Global-Savetime
X-Robots-Tag
Cf-Railgun
X-LiteSpeed-Cache
X-Envoy-Upstream-Service-Time
X-Proxy-Cache
X-Ua-Compatible
X-Page-Speed
Request-Context
Content-Location
X-Device
X-Ac
X-Node
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cnection
X-Host
X-Cache-Lookup
X-Amz-Version-Id
Surrogate-Control
X-Server-Id
X-WebKit-CSP
X-Backend-Server
X-Rack-Cache
X-Rq
X-Response-Time
X-Application-Context
X-Readtime
X-CST
X-Dns-Prefetch-Control
EagleEye-TraceId
Pinterest-Generated-By
X-Url
Server-Timing
X-Cloud-Trace-Context
X-TTL
X-Instart-Request-ID
Request-Id
X-Px
X-OneAgent-JS-Injection
X-Country
Report-To
X-ORACLE-DMS-ECID
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Edge-Control
Rating
Feature-Policy
Allow
X-Country-Code
Charset
X-DynaTrace-JS-Agent
X-DataDome
X-ESI
X-Server-Name
X-Powered-CMS
X-FTR-Request-ID
X-Vname
X-PC
X-TtlSet
X-Origin-Cache
X-DynaTrace
NEL
X-MS-InvokeApp
X-Goog-Hash
X-Recruiting
X-Varnish-TTL
X-VARITI-CCR
X-Cached
X-ORACLE-DMS-RID
X-Vhost
Content-MD5
X-GitHub-Request-Id
RTSS
X-Version
X-F-Cache
X-Cdn-Fetch
X-Exp-Variant
X-Kinja
X-Kinja-Revision
X-Kinja-Server
X-GoogleNews-Bot
X-Kinja-Build
X-Geo-Segment
X-Exp-Id
X-Powered-By-Plesk
Public-Key-Pins
PB-RID
PB-PID
X-Pinterest-Rid
X-Upstream-Env
Pinterest-Version
X-Mod-Pagespeed
X-CF-Powered-By
Arc-Version
X-Mobile-Rewrite
Accept-CH
Verso
X-D2id
SPRequestGuid
X-Client-IP
MS-Author-Via
X-SRCache-Store-Status
X-Abt-Application-Version
X-SRCache-Fetch-Status
X-N
AR-ATIME
AR-PoweredBy
X-Dispatcher
X-SharePointHealthScore
X-Do-Not-Hack
X-HeyJason
Permitted-Cross-Domain-Policies
AR-CACHE
X-Amz-Rid
X-Navigation-Version
X-T
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
DynaTrace
Nginx-Cache
Accept-CH-Lifetime
Paypal-Debug-Id
X-Dw-Request-Base-Id
X-Fastly-Request-ID
X-Trace
X-Grace
X-Upstream
Arr-Disable-Session-Affinity
X-Hits
X-Varnish-Age
TCN
X-FastCGI-Cache
X-Amz-Meta-S3cmd-Attrs
X-Origin-Upstream-Status
X-Forwarded-Proto
X-Id
X-Shield-Request-Id
X-DIS-Request-ID
X-Pad
SPIisLatency
SPRequestDuration
X-Content-Options
X-Cache-Hit
X-Logged-In
X-Content-Digest
Realpath
X-IPLB-Instance
Access-Control-Request-Method
X-Kinsta-Cache
Mrf-Cache-Status
X-Mrf-Item-Lastmod
MRF-Tech
X-Mrf-Section-Lastmod
X-B
X-NF-Request-ID
X-Acc-Meta-Resource-Type
AR-SID
X-Server-ID
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-XRDS-Location
X-Ruxit-JS-Agent
X-SS-Set-Cookie
X-Vcap-Request-Id
X-HW
S
X-Debug
X-MSEdge-Ref
X-Ser
Server-Name
Service-Worker-Allowed
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Balancer
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Backend
X-FTR-Realm
X-Frontend
X-PressLabs-Stats
Tracecode
X-Oneagent-Js-Injection
X-Cache-Key
X-FTR-Expires
Eomportal-Instance
Fastcgi-Cache
Rt-Fastcgi-Cache
AMP-Access-Control-Allow-Source-Origin
Alternate-Protocol
X-Wix-Server-Artifact-Id
X-NewRelic-App-Data
X-Forwarded-For
Surrogate-Key
Cleartype
X-Cache-Rule
X-NWS-LOG-UUID
X-GUploader-UploadID
X-Srv
Cache-Status
Backend-Timing
X-Analytics
X-HS-Hub-Id
X-HS-Content-Id
X-VCache
X-Oracle-Dms-Rid
Host
X-User-Agent
X-Revision
FilterID
TP-L2-Cache
Fastly-Restarts
X-Rid
TP-Cache
X-FTR-Cache-Host
X-Debug-Info
X-Whom
X-AOL-HN
Public-Key-Pins-Report-Only
X-Cache-2
X-Akam-SW-Version
X-Via-JSL
X-Varnish-Backend
ServerID
X-Content-Powered-By
X-Webkit-CSP
X-Request-Processing-Time
X-Request-Received
X-Cdn
X-Kinja-Server-Push
Viewport
Accept-Charset
X-RateLimit-Remaining
X-Zen-Fury
X-Ttl
Front-End-Https
X-Mobile
X-Accel-Buffering
X-XRDS-LOCATION
X-WPE-Loopback-Upstream-Addr
X-Cached-By
Liferay-Portal
X-Node-Name
X-App-Environment
X-LB-Cache
X-Cluster
X-Varnish-Hostname
X-Magnolia-Registration
X-Tumblr-User
X-Page-Id
X-Tumblr-Pixel-0
X-Content-Security-Policy-Report-Only
Host-Header
X-Tumblr-Pixel
X-B3-Sampled
Cache-Tag
X-Framework
X-Cache-Control
X-Akamai-Edgescape
X-Request-Guid
X-TT
X-Device-Type
Upgrade-Insecure-Requests
X-Handled-By
X-B-Cache
X-Signature
DC
X-FB-Debug
X-Instance
X-Cache-Server
X-Hostname
X-BCube-Filmed-By
X-Platform-Server
X-B3-Traceid
Server-Node
X-Origin-Server
X-TT-TIMESTAMP
X-TA-CDN-Provider
X-Correlation-Id
Source
Retry-After
MicrosoftSharePointTeamServices
X-Contextid
X-WA-Info
X-Servedby
X-Accel-Expires
Server-Info
HitInfo
X-Amzn-Trace-Id
HitType
X-Cache-Action
X-Varnish-Server
X-Cache-Operation
X-Daa-Tunnel
Display
X-Middleton-Display
X-Sol
X-Distil-CS
X-Port
X-Generated-By
X-Edge-Location
AsisCache
Content-Script-Type
X-Geo-Country
Content-Style-Type
X-Hyper-Cache
X-Amz-Replication-Status
X-GeoIP
X-TX-ID
X-Tumblr-Pixel-2
X-S
X-APP-VERSION
X-Tumblr-Pixel-1
X-WebKit-CSP-Report-Only
GEO-INFO
X-Status
Actual-Object-TTL
ServedBy
X-Locale
X-Varnish-Hits
X-Jobs
X-RequestSource
X-Region
X-Response-Served-From
Healthy
X-Edge-Cache-Key
X-Edge-Cache
X-FW-Static
X-Seen-By
X-UUID
X-Wix-Request-Id
User-Agent
X-Adobe-Loc
X-FW-Type
X-FW-Server
X-DataStream-Cache-Status
X-FW-Hash
X-FW-Serve
X-Adobe-Content
Webserver
X-Drupal-Cache-Tags
SRV
X-Varnish-Grace
Filters
S-Cnection
X-Newrelic-App-Data
X-Amz-Server-Side-Encryption
X-Fastcgi-Cache
NGB
Refresh
X-Cache-Age
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Proxied
X-Esi
X-Cache-TTL-Remaining
IBM-Web2-Location
AR-Request-ID
X-Middleton-Response
Response
X-Az
X-App-Server
X-Activity-Id
X-AppVersion
X-Pc-Hit
X-Pc-Appver
X-Pc-Key
X-Content-Type
X-CDN-Forward
X-Cache-NE
X-Cache-Remote
Cache
X-Ruxit-Js-Agent
Payment
X-Cacheable-TTL
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-UA
X-Cache-TTL
X-ATG-Version
Datacenter
X-Correlation-ID
X-Unique-ID
Country
X-Akamai-Transformed
X-Mode
Served-By
Edge-Cache-Tag
X-HS-Cache-Config
Machine
Meta-Geo
X-Detected-As
X-Is-Bot
Load-Balancing
X-Sucuri-ID
X-RN-RSRV
X-Vg-Webcache
X-Rendered-As
X-RemovedCookies
X-ProcessESI
HostName
X-ProxyCache-Status
User-Cache-Control
X-ProxyCache-Key
X-Rocket-Nginx-Bypass
X-BYPASS-REASON
X-FC-Vary-Parameters
X-Proxy
X-Source
X-PERF
X-Pubstack
X-ServerID
X-PCL
DB-Nickname
X-Backend-Name
X-BB-IP
X-Cache-Config
X-EIG-Tracking-Id
X-ApacheServer
Now
Cache-Name
X-Varnish-IP
X-Hosted-By
Backend
X-OCL
X-Viewer-Country
X-L-Path
L5d-Success-Class
X-JoinUs
X-Loop
Mn-Server-Ip
X-Hit
X-Routing-Service
Cache-Key
X-Zipkin-Id
X-OVcl
X-Original-Request
X-Origin
X-OVcl-Cache
Access-Control-Allow-Method
X-Grey
Access-Control-Request-Headers
X-Via-Fastly
X-Human
X-CCM
X-Cache-Category-Id
X-TNCMS
X-CDN-Cache
X-Environment-Context
X-Debug-Cache
X-Varnish-Cacheable
X-Site-Version
X-Amz-Meta-Surrogate-Control
X-Tb
ServerName
X-Generated
Selected-FE
S-Rt
X-NGENIX-Cache
X-NodeID
X-Ocache
Azure-InstanceId
Azure-Version
X-Agile-Id
X-Agile-Age
X-Agile
Azure-RegionName
Azure-SiteName
X-Rule
Azure-SlotName
X-Timing-Wait
X-Storage
X-Proxy-Build
X-TWH-CORRELATION-ID
X-Www-Served-By
X-Varnish-Cache-Hits
X-Upgrade-Enabled
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Connection-Speed
X-SplitTest
TWC-Locale-Group
TWC-Device-Class
Webcakes-App-Version
X-AWS-Id
X-VWS-Id
X-App-Name
Webcakes-Region
Webcakes-App-Name
X-IP
TWC-Privacy
Property-Id
X-URL
X-Origin-Hint
X-Origin-CC
X-LJ-Flow-ID
X-Xfnlog-Site
X-Cache-Var
X-Real-IP
X-Cache-Var-Map
X-Pc-Date
X-Format
X-HS-Combine-CSS
X-Access
X-Section
X-Pc-Host
X-Drupal-Cache-Contexts
X-Akamai-Request-ID
X-Upstream-HT
X-Upstream-CT
X-Vgn-Hpd-Reason
X-Time-Microsecs
X-Litespeed-Cache
OT-Force-Account-Verify
X-RateLimit-Limit
X-UA-Device-Type
X-Mrs-Cache-Hits
X-Mrs-Cache
X-NCache
X-Mrs-Age
X-PHP-Backend
X-Nginx-Cache
X-Mshield-Cache-Status
From-Origin
XServer
X-Microcachable
X-NC
X-Internal-Host
X-Feature
Fastcgi-Useragent
X-Release
X-Distributor
X-Forwarded-Host
Fastly-SSL
X-Amz-Apigw-Id
X-Amzn-RequestId
X-M-Log
X-M-Reqid
X-Qnm-Cache
Fastcgi-X-Cache
Fastcgi-X-Cache-Version
Ar-Sid
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Ms-Version
X-Ms-Blob-Type
X-Ms-Lease-Status
X-Ms-Request-Id
X-Birta-Served
X-Birta-Cache-Post
Powered-By-ChinaCache
Pagespeed
X-Cache-Backend
LB
X-Connection-Hash
X-Webkit-Csp
X-EdgeConnect-Cache-Status
X-Transaction
NtCoent-Length
Pagetype
X-Twitter-Response-Tags
X-Labrador-Cache-Channel
X-App-Version
X-Ah-Environment
X-B3-Spanid
X-V
X-Instance-Name
X-VG-TLSProxy
Frame-Options
X-GZip
X-Web-Node
MIME-Version
Time
X-SERVER-NAME
X-PAYTM-SRV-ID
X-Logtrace-Id
Server-Int
X-S-Cookie
Ajk
X-Block-Status
X-ARC
X-Cache-Bucket
X-BB-ID
X-Application
X-NU-AKA-ACS-Version
X-B-Cookie
X-A-Dam
X-Request-UUID
VivaBuild
X-No-Session
Web-Mar-Node
Viewtype
X-Request-URI
X-Redis-Cache
X-Region-Sid
V-Age
Www
X-A
X-A-Wwc
T-Server
X-Rojux
X-A-Dgt
X-UE-Client-Country
X-A-Ccd
X-A-Dcw
X-Rewrite-Enabled
X-Accel-Expires-Debug
X-CF-Lambda-Fn
X-WebServer
X-IN-APIGATEWAY
X-Server-By
IsBot
Ec-Rule-Version
X-SIPLIST1
X-Dispatcher-Server
X-DPWN-IS-SECURE
X-IN-WAF
X-IN-SSL-APIGATEWAY
Host-ID
Fly-Cache
X-Server-Time
X-Generation-Time
Fly-Request-Id
X-Via-Edge
X-Generated-In
X-Gen-Mode
X-From
X-G
X-Via-SSL
X-Hnp-Log
X-Died
X-Developer
Cache-Prefix
Xc-Version
X-ScT
X-SRCache-Key
BehaviorPad-Version
X-CF-Lambda-Version
AKAMAI
Rendered-Blocks
Arc-Country
X-Irp-Debug
X-Org
X-Via-CDN
X-Date
Meta-Geo-Continent
MD5-Digest
X-Destination
X-D
NGX
X-CS
X-VG-WebServer
X-CUA
X-Trv-Group
X-C
X-Varnish-Beresp-Ttl
X-NWS-UUID-VERIFY
X-HOST
Cneonction
X-Debug-Cookies
MI-Cache
MI-API
MI-Cache-Age
NodeID
On-Server
X-Origin-TTL
X-Debug-Log
X-Owner
X-Fastly-Cache
X-GeoIP-City
GMS-Ver
X-Hl-Ver
X-HTML-Minification-Powered-By
X-External-Request-Id
Origin-Cache-Control
Magicmarker
Kp-EeAlive
X-ElasticPress-Search
X-Crawler
Request-Time
X-Cache-CFC
X-Layer
X-Amz-Meta-Cache-Control
Server-Host
X-Node-Id
SN
X-MI-In-Market
Request-EU
Request-Country
X-NX-Host
X-Core-Value
True-Client-Country-4JS
X-Key
Pragrma
X-Cache-Enabled
Release
Proxy-Connection
Origin-Edge-Control
X-Phone
X-RateLimit-Remaining-Second
Mobile-Detection-Method
X-S-Maxage
Country-Code
Decoy-Debug-Key
Decoy-Debug-TTL
Decoy-Debug-Status
X-RCS-CacheZone
X-Sucuri-Cache
X-UnsetCookies
Cteonnt-Length
X-Var-Ttl
WZWS-RAY
X-Varnish-Action
X-Powered-By-ANYU
Esi-Enabled
X-RateLimit-Limit-Second
X-We-Are-Hiring
X-ServiceProvider
X-Sf
X-Webstats-RespID
X-FireWall-Port
X-Cache-Expires
PageSpeed
X-ShardId
X-Backend-TTL
X-Fetched-On
X-ShopId
X-Trace-Id
X-VCT
X-Fstrz
X-Location
X-Variation
X-Passed-To-PostProcessResponse
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-Nginx-Cache-Key
X-Actual-URL
X-VServer
X-FW-Version
X-Thinkindot-L3
X-Matched-Rule
X-Alternate-Cache-Key
X-Cache-Host
X-Sn-Servicetimems
X-Sorting-Hat-PodId
X-Skip-Cache
X-Oss-Hash-Crc64ecma
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Oss-Object-Type
X-Device-Os
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
X-Wikidot-Static-Cache
X-Croise-Owner
X-Cdn-Srv
X-Cdn-Origin
X-Cache-Srv
X-F5-Cache
X-Swa-Ws
X-Eu-Site
X-Stale
X-Ckpd-Fst-Backend
X-Returned-From-BeforeDispatch
X-CGP
X-Wikidot-Backend
X-Hash
X-Returned-From
CDCHOST
X-Platform
Odigeo-Trace-Id
X-Passed-To
Fastly-Backend-Name
PFcat
Cache-Tags
Apple-News-Services-Host
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Platform
Backend-Name
Is-Eu
X-Passed-To-BeforeDispatch
HA-Geolon
HA-Georegion
HA-Geolat
HA-Geocountry
HA-Cloudapp
HA-Geocity
Ha-Gx-Prefs
HA-Host
Heartbleed
X-Passed-To-DLL
HA-Urlpath
HA-Servedtime
HA-Ipaddr
Adler-Geo
Origin
RNT-Time
X-Reboot
X-Tumblr-Pixel-3
Thinkindot-Control
Thinkindot-CacheControl-Type
Server-ID
Thinkindot-CacheControl
RNT-Machine
Uber-Trace-Id
X-Response-By
X-GeoIP-Country-Code
Fastly-SWR
HTTPS
X-Rebelmouse-Surrogate-Control
X-Server-IP
X-Developers
X-Csrf-Token
X-Up
X-Store
X-Request-Time
X-MSEdge-Flight
X-Gannett-Site-Version
X-Epic-Correlation-Id
X-MSEdge-Features
X-Secret
X-Content-Age
X-Core-Mission
X-Iejgwucgyu
X-Clientip
X-Rebelmouse-Cache-Control
X-Backend-Host
X-Cache-URL
X-Backend-Url
X-Backend-State
Section-Io-Cache
Countrycode
Fastly-SIE
X-Worker
Content-Disposition
X-TT-LOGID
Resin-Trace
X-GEO
X-Servername
X-Planisys-CDN-Cache
X-Real-Ip
X-CACHE-AGE
Sid
X-Alicdn-Da-Ups-Status
ProcessTime
X-Planisys-CDN-TTL
X-Policy
X-Planisys-CDN-Rules
X-B3-TraceId
X-Ezoic-Cdn
REQUESTUUID
Powered
CDN
X-Ua
WP-Super-Cache
RequestId
Xserver
X-Cluster-Node
Warning
X-Atg-Version
X-Servedbyhost
X-Pf-Uncompressing
X-Proto
X-Cache-ASPX
X-Refresh
X-TIME
X-Dc
We-Hiring
Dnion-Transfer-Encoding
X-GoCache-CacheStatus
CF-IPCountry
Mail-Subject
X-Guploader-Uploadid
NODE
Cache-Cookie-Set-From
X-Pjax-Url
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
ViewerVersion
X-Req
X-DC
NnCoection
X-Endurance-Cache-Level
X-Varnish-Ttl
X-Newrelic-Synthetics
X-Page-Type
X-Origin-Expires
X-Surge-Debug
X-Origin-Date
X-CLOUD-TRACE-CONTEXT
X-Nc
X-HCF
X-Server-W
X-Varnish-HitMiss
X-COUNTRY
X-Cache-Control-Set-By
X-Edge-IP
X-Time
Hostname
GeoIp-Country-Code
X-Aed
Geoip-Latitude
X-Oracle-Dms-Ecid
X-Ms-Lease-State
Pramga
SD-X-WS
WWW-Authenticate
X-Server-Group
X-Varnish-Beresp-TTL
X-Cdn-Forward
TSSecure
X-Varnish-Url
Processtime
X-CSRF-Token
A
CACHE
Geoip-City
X-Wix-Route-ID
MS-CV
X-Datadome
X-GRACE
PICS-Label
X-Varnish-URL
X-Hello
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Flog
X-Wa
X-ABtesting
Cdn
X-Dynatrace-Js-Agent
X-Aicache-OS
X-WA
Dont-Set-Cookie
X-Gdpr
X-Edge-Server
Cdn-Request-Time
Node
Cdn-Host
X-Akamai-Request-ID2
X-From-Cache
X-Ratelimit-Limit
Mime-Version
Lb
Lfy
X-Auto-Login
X-Use-Magma
DataCenter
X-Nananana
PageType
FSS-Cache
FSS-Proxy
COMMERCE-SERVER-SOFTWARE
X-Geo
X-UPSTREAM-Address
X-Unique-Id
X-RTag
Ms-Operation-Id
Is-Session-Tracking
X-Fastly-Backend-Reqs
GeoIP-Country-Code
GeoIP-Latitude
X-EC-Security-Audit
GeoIP-City
X-Sentry-ID
X-Cache-HT
Get-Access-Time
X-SRV
X-Env
X-APP
X-Optimization
X-WR-MODIFICATION
X-Load-Cache
X-PAGE-TYPE
Rt-Proxy-Cache
Who
X-Gen-Id
X-CACHE-KEY
X-Via-NSCOPI
X-GDPR
X-Wix-Petri-Ex
X-Check-Cacheable
X-Served-From
X-Cache-FS-Status
X-Cookie
X-Cache-Id
X-Ibm-Trace
X-Meta-Tbi-Cache-Vertical
X-Thanos
X-Cache-Info
Ws
X-FORWARDED-FOR
X-Ver
Memcached
X-Bip
X-PJAX-URL
X-Proxy-Server
Httpd-Identifier
X-Swift-Error
Pics-Label
X-Be
X-NGINX-Cache
X-ServedByHost
X-B3-SpanId
X-SVT-ORM-RULES
Cf-Ipcountry
X-Cache-Ttl
X-Request-Start
Ohc-File-Size
X-SVT-ORM-VERSION
X-Fastly-Cache-Hits
Group
X-MP-GENERATED-AT
V-Cache
X-Ratelimit-Remaining
Memory
Powered-By
X-Fe
X-RateLimit-Reset
X-Path-Route
X-Shard
X-CDN-Pop-IP
URI
Version
X-Dw-Trace-Id
X-CDN-Pop
X-HS-Status
X-ID
Amp-Access-Control-Allow-Source-Origin
Requestid
NX-Cache
X-GZIP
GW-Server
UCS
X-SB
X-LiteSpeed-Cache-Control
X-VC
Xet-Cookie
X-P-T
X-Bug-Bounty
AGE-Hash
X-PF-Uncompressing
Serverid
X-Varnish-Info
Apicache-Store
N-Cache
X-StackifyID
Ohc-Response-Time
WebServer
Fastly-Soc-X-Request-Id
X-Akamai-ERRuleID
Apicache-Version
X-Akamai-ERPolicy
CDN-Cache-Hit
CDN-Cache
X-CacheKey
CDN-Node
X-VG-WebCache
If-Modified-Since
Https
SID
X-Litespeed-Cache-Control
Cache-Hits
X-User
X-Grace-Duration
X-RequestId
X-Cache-Handler
X-ServerName
X-Is-Crawler
X-Info
X-SD-PageType
X-Flags
X-Route-Name
X-Micro-Cache
X-Providence-Cookie