Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Accept-Ranges
Last-Modified
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Xss-Protection
X-AspNetMvc-Version
Status
Timing-Allow-Origin
X-Check
X-Cache-Status
X-Adblock-Key
X-Iinfo
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-Content-Security-Policy
Content-Encoding
X-CDN
X-Template
X-Language
X-Turbo-Charged-By
X-Request-ID
Keep-Alive
X-Type
X-Buckets
EagleId
Xkey
X-Via
X-Backend
X-AH-Environment
WPE-Backend
X-Age
X-Pass-Why
Access-Control-Max-Age
X-Server
X-Swift-CacheTime
X-Swift-SaveTime
X-Cache-Group
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-Pingback
Upgrade
X-Nginx-Cache-Status
X-Server-Powered-By
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Grace
X-Hacker
X-UA-Device
P3p
Cf-Railgun
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-LiteSpeed-Cache
X-Ua-Compatible
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
Request-Context
X-CST
X-Node
X-Device
X-Cache-Lookup
X-Ac
Content-Location
X-Host
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cnection
Surrogate-Control
X-Amz-Version-Id
X-WebKit-CSP
X-Backend-Server
X-Rack-Cache
X-Server-Id
X-Response-Time
X-Rq
X-Px
X-Readtime
X-Application-Context
Pinterest-Generated-By
Allow
X-Instart-Request-ID
EagleEye-TraceId
X-Dns-Prefetch-Control
X-Cloud-Trace-Context
X-Url
X-Clacks-Overhead
Server-Timing
X-OneAgent-JS-Injection
X-Do-Not-Hack
X-HeyJason
Permitted-Cross-Domain-Policies
Request-Id
X-Country
Report-To
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Rating
X-TTL
X-Country-Code
X-Varnish-TTL
Charset
X-ESI
Edge-Control
X-Powered-CMS
X-PC
X-TtlSet
X-Vname
X-Server-Name
X-FTR-Request-ID
X-DataDome
X-CF-Powered-By
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
Feature-Policy
X-MS-InvokeApp
X-Origin-Cache
X-Goog-Hash
X-DynaTrace-JS-Agent
X-Cached
NEL
Public-Key-Pins
X-Recruiting
X-Vhost
X-DynaTrace
X-Exp-Variant
X-Geo-Segment
X-Exp-Id
X-Kinja-Revision
X-Kinja
X-GoogleNews-Bot
X-Cdn-Fetch
X-Kinja-Build
X-Kinja-Server
X-VARITI-CCR
X-F-Cache
X-Version
X-Mod-Pagespeed
X-Powered-By-Plesk
AR-ATIME
AR-PoweredBy
X-Upstream-Env
X-Pinterest-Rid
Pinterest-Version
X-SRCache-Fetch-Status
X-T
X-SRCache-Store-Status
AR-CACHE
PB-PID
PB-RID
Arc-Version
X-Mobile-Rewrite
X-D2id
Content-MD5
X-Server-ID
Verso
X-Client-IP
X-Abt-Application-Version
RTSS
X-N
X-Dispatcher
SPRequestGuid
X-Amz-Rid
X-SharePointHealthScore
X-Cdn
X-GitHub-Request-Id
X-Forwarded-Proto
X-Hits
Nginx-Cache
X-Navigation-Version
X-Dw-Request-Base-Id
X-B
Paypal-Debug-Id
X-Ruxit-JS-Agent
X-Upstream
Realpath
X-Grace
X-Pad
X-Content-Digest
X-Varnish-Age
X-Shield-Request-Id
X-Id
Arr-Disable-Session-Affinity
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Content-Options
MS-Author-Via
X-Cache-Hit
X-Ttl
TCN
X-Kinsta-Cache
DynaTrace
Access-Control-Request-Method
X-NWS-LOG-UUID
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Storage-Class
X-Logged-In
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
SPRequestDuration
SPIisLatency
X-FastCGI-Cache
S
X-Acc-Meta-Resource-Type
X-Trace
X-Mrf-Item-Lastmod
Mrf-Cache-Status
MRF-Tech
X-Mrf-Section-Lastmod
X-Origin-Upstream-Status
X-Vcap-Request-Id
X-VCache
X-XRDS-Location
X-MSEdge-Ref
X-Oneagent-Js-Injection
X-DIS-Request-ID
X-HW
X-Zen-Fury
Cleartype
Eomportal-Instance
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Balancer
X-FTR-Backend-Server
Surrogate-Key
X-Country-Code-Real
X-FTR-Expires
X-FTR-Backend
X-Cache-Rule
X-Frontend
X-Fastly-Request-ID
X-IPLB-Instance
Cache-Status
Service-Worker-Allowed
Front-End-Https
X-HS-Hub-Id
X-PressLabs-Stats
X-HS-Content-Id
X-Via-JSL
X-NF-Request-ID
AR-SID
X-User-Agent
Server-Name
X-SS-Set-Cookie
X-Forwarded-For
Tracecode
X-Request-Processing-Time
X-Request-Received
X-Varnish-Backend
X-Hostname
Fastcgi-Cache
X-Cache-2
Host
Backend-Timing
X-Analytics
Rt-Fastcgi-Cache
X-Wix-Server-Artifact-Id
FilterID
Alternate-Protocol
X-AOL-HN
Viewport
TP-Cache
X-Whom
X-FTR-Cache-Host
Public-Key-Pins-Report-Only
TP-L2-Cache
X-Revision
X-Content-Powered-By
X-Middleton-Display
X-Proxied
X-Rid
X-Sol
Display
X-Srv
X-Middleton-Response
Response
X-AppVersion
ServerID
X-Debug-Info
X-Az
X-Activity-Id
AMP-Access-Control-Allow-Source-Origin
X-Debug
X-Ser
X-Daa-Tunnel
X-Cache-Control
X-Contextid
X-Cached-By
X-Magnolia-Registration
X-Akam-SW-Version
X-XRDS-LOCATION
X-WPE-Loopback-Upstream-Addr
X-Mobile
X-Cache-Server
X-Cache-Key
Refresh
X-B3-Traceid
HitInfo
MicrosoftSharePointTeamServices
Server-Info
HitType
Accept-Charset
X-Page-Id
Cache-Tag
X-FB-Debug
X-Cache-Age
X-Instance
X-Framework
X-Varnish-Grace
X-RateLimit-Remaining
Retry-After
X-NewRelic-App-Data
X-PHP-Backend
X-Varnish-Hostname
X-LB-Cache
X-Content-Security-Policy-Report-Only
X-Geo-Country
X-Request-Guid
Host-Header
X-Webkit-Csp
X-TT
X-Cache-Operation
X-B-Cache
X-Signature
X-BCube-Filmed-By
X-App-Server
X-App-Environment
X-Generated-By
X-Handled-By
Source
X-Tumblr-User
Upgrade-Insecure-Requests
Server-Node
X-Origin-Server
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Accel-Expires
X-Device-Type
X-Fastcgi-Cache
X-URL
X-Hyper-Cache
X-Platform-Server
AR-Request-ID
X-Amz-Meta-S3cmd-Attrs
DC
Powered-By-ChinaCache
X-Akamai-Edgescape
X-Newrelic-App-Data
Liferay-Portal
Ar-Sid
X-WA-Info
X-GUploader-UploadID
X-APP-VERSION
X-TT-TIMESTAMP
Accept-CH
X-Correlation-Id
X-Amzn-Trace-Id
X-Cache-Action
X-Drupal-Cache-Tags
X-ATG-Version
X-CACHE-GROUP
Fastly-Restarts
X-B3-Sampled
X-Node-Name
X-Cluster
X-Port
Webserver
X-Varnish-Server
X-Ruxit-Js-Agent
X-Edge-Location
X-Accel-Buffering
NGB
X-S
X-Cacheable-TTL
X-Wix-Request-Id
X-Locale
X-GeoIP
X-Seen-By
Filters
X-WebKit-CSP-Report-Only
Actual-Object-TTL
X-Jobs
ServedBy
X-FW-Server
X-FW-Serve
AsisCache
X-FW-Hash
X-FW-Static
X-FW-Type
X-Tumblr-Pixel-2
X-Varnish-Hits
X-Tumblr-Pixel-1
X-RequestSource
X-Source
X-Amz-Replication-Status
X-Region
GEO-INFO
X-UA
X-Distil-CS
X-Wix-Petri-Ex
X-Cache-TTL-Remaining
X-RTag
MS-CV
Cache
X-UA-Device-Type
X-Edge-Cache-Key
S-Cnection
X-Edge-Cache
X-Cache-Config
X-Adobe-Loc
Content-Script-Type
X-Adobe-Content
Content-Style-Type
Served-By
X-Cache-Remote
X-Webkit-CSP
Country
X-Vg-Webcache
Datacenter
X-Guploader-Uploadid
X-Correlation-ID
X-Ocache
X-Servedby
X-Unique-ID
X-Sucuri-ID
X-Dynatrace-Js-Agent
HostName
X-TA-CDN-Provider
X-Drupal-Cache-Contexts
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-DataStream-Cache-Status
X-Status
PageSpeed
X-Microcachable
X-Varnish-IP
X-Amz-Server-Side-Encryption
X-GZip
X-UUID
X-RateLimit-Limit
X-TX-ID
X-Internal-Host
X-Akamai-Transformed
X-Ezoic-Cdn
IBM-Web2-Location
Healthy
X-Esi
X-CDN-Forward
X-Real-IP
Ohc-File-Size
X-Mode
X-Vgn-Hpd-Reason
X-RN-RSRV
X-Cache-Category-Id
X-BYPASS-REASON
X-Is-Bot
X-ProxyCache-Key
X-Agile-Age
X-App-Name
X-Agile-Id
X-Agile
User-Cache-Control
X-ProxyCache-Status
X-Akamai-Request-ID
X-IP
X-Rendered-As
Access-Control-Allow-Method
X-Grey
X-JoinUs
X-Detected-As
Machine
Meta-Geo
X-Generated
Load-Balancing
X-OVcl-Cache
X-Xfnlog-Site
X-Instance-Name
X-Proxy-Build
X-OVcl
X-PC-Key
X-PC-Hit
X-Backend-Name
X-Debug-Cache
X-Timing-Wait
X-CCM
X-Origin
Selected-FE
X-ServerID
X-TNCMS
X-Loop
X-PC-AppVer
User-Agent
Mn-Server-Ip
L5d-Success-Class
DB-Nickname
S-Rt
X-Web-Node
Payment
ServerName
Now
X-BB-IP
X-NGENIX-Cache
X-Varnish-Cacheable
Backend
X-Hosted-By
X-Content-Type
X-OCL
Cache-Name
X-Upgrade-Enabled
X-Time-Microsecs
X-Varnish-Cache-Hits
X-Tb
X-Viewer-Country
X-Yottaa-Optimizations
X-PCL
X-FC-Vary-Parameters
X-Yottaa-Metrics
X-NodeID
X-Human
Azure-SiteName
Azure-SlotName
Azure-Version
Azure-RegionName
X-Distributor
X-Site-Version
X-NCache
X-RemovedCookies
X-ProcessESI
X-Original-Request
X-Rocket-Nginx-Bypass
X-PERF
X-EIG-Tracking-Id
X-Via-Fastly
Cache-Key
X-ApacheServer
X-CDN-Cache
Azure-InstanceId
X-PC-Host
X-Proxy
X-PC-Date
Webcakes-Region
X-AWS-Id
Webcakes-App-Version
X-Access
TWC-Privacy
TWC-GeoIP-Country
TWC-Connection-Speed
TWC-GeoIP-LatLong
TWC-Locale-Group
Property-Id
Webcakes-App-Name
X-LJ-Flow-ID
X-TWH-CORRELATION-ID
X-SplitTest
X-VWS-Id
X-Www-Served-By
X-Zipkin-Id
X-Section
X-Routing-Service
Dont-Set-Cookie
TWC-Device-Class
X-Origin-Hint
Access-Control-Request-Headers
X-Origin-CC
X-Amz-Meta-Surrogate-Control
X-Pubstack
X-Format
Xserver
X-Storage
SRV
X-L-Path
X-Path-Route
X-Cache-Backend
X-Environment-Context
Ms-Operation-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Request-Id
X-Time
WZWS-RAY
X-Twitter-Response-Tags
X-Transaction
Pagespeed
X-Connection-Hash
LB
Cteonnt-Length
X-Cache-Ttl
X-Webstats-RespID
X-Sucuri-Cache
X-HS-Cache-Config
Edge-Cache-Tag
Countrycode
X-Generation-Time
X-M-Log
X-B3-Spanid
X-Proto
X-Optimization
X-M-Reqid
X-Labrador-Cache-Channel
X-Qnm-Cache
X-Cache-HT
X-Hit
X-Amzn-RequestId
X-Amz-Apigw-Id
X-SERVER-NAME
X-Ah-Environment
X-Birta-Served
X-Meta-Tbi-Cache-Vertical
X-Birta-Cache-Post
X-MP-GENERATED-AT
X-Tumblr-Pixel-3
X-Varnish-Beresp-Status
Apicache-Version
Apicache-Store
X-Release
X-V
X-Varnish-Beresp-Grace
X-Real-Ip
Cache-Hits
X-Cache-NE
NnCoection
NODE
Fastly-SSL
X-Cache-Enabled
X-EdgeConnect-Cache-Status
XServer
X-ServedBy
X-Dc
From-Origin
X-C
X-Newrelic-Synthetics
X-Rule
Ws
X-Upstream-HT
X-Upstream-CT
Ec-Rule-Version
X-Nc
Rendered-Blocks
Server-Host
Request-Country
X-Application
Request-EU
Country-Code
MI-Cache
MI-Cache-Age
X-Accel-Expires-Debug
X-Alternate-Cache-Key
Fly-Cache
Fly-Request-Id
Thinkindot-CacheControl
V-Age
Httpd-Identifier
Thinkindot-Control
Resin-Trace
X-A
Www
VivaBuild
Warning
Viewtype
Web-Mar-Node
Thinkindot-CacheControl-Type
Kp-EeAlive
X-A-Dcw
T-Server
SN
X-A-Wwc
GMS-Ver
Meta-Geo-Continent
Host-ID
X-A-Ccd
X-A-Dam
MD5-Digest
Server-ID
X-Matched-Rule
X-Sf
X-Server-Time
X-ShardId
X-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Server-By
X-ScT
X-Response-By
X-Region-Sid
X-Rewrite-Enabled
X-Rojux
X-S-Maxage
X-S-Cookie
X-Sorting-Hat-ShopId
X-SRCache-Key
X-We-Are-Hiring
X-Via-Edge
X-WebServer
X-Wix-Route-ID
Xc-Version
X-Worker
X-Via-CDN
X-VG-WebServer
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Thinkindot-L3
X-Trv-Group
X-UE-Client-Country
X-TT-LOGID
X-RCS-CacheZone
X-Planisys-CDN-TTL
X-Developer
X-Destination
X-Died
X-Dispatcher-Server
X-Env
X-DPWN-IS-SECURE
X-Date
X-D
X-BB-ID
X-B-Cookie
X-Block-Status
X-Cache-URL
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Fetched-On
X-From
X-Origin-Date
X-Org
X-Origin-Expires
X-PAYTM-SRV-ID
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-NU-AKA-ACS-Version
X-MI-In-Market
X-Gen-Mode
X-G
X-Generated-In
X-Hl-Ver
Cneonction
X-Hnp-Log
X-ARC
X-A-Dgt
Cache-Prefix
BehaviorPad-Version
X-SERVER
NtCoent-Length
X-Amz-Meta-Cache-Control
Platform
Pragrma
Release
Proxy-Connection
X-Alicdn-Da-Ups-Status
X-Crawler
Origin-Edge-Control
NGX
Apple-News-Services-Handled
Apple-News-Services-Host
Odigeo-Trace-Id
X-Redis-Cache
Ajk
Origin-Cache-Control
PFcat
X-CS
X-IN-SSL-APIGATEWAY
Uber-Trace-Id
X-IN-WAF
X-IN-APIGATEWAY
X-Hash
X-Fstrz
X-GeoIP-City
X-GeoIP-Country-Code
X-Logtrace-Id
CDCHOST
RNT-Time
RNT-Machine
Apple-News-Services-Parsed-Url
X-Device-Os
X-Origin-TTL
X-No-Session
X-Node-Id
Server-Int
Adler-Geo
MI-API
Decoy-Debug-TTL
Fastly-Backend-Name
True-Client-Country-4JS
X-Edge-Server
X-Clientip
X-ServiceProvider
Decoy-Debug-Status
Decoy-Debug-Key
Cdn-Request-Time
X-Cache-Host
X-Cache-CFC
X-Cache-Bucket
X-VServer
Cdn-Host
X-Backend-Url
Is-Eu
X-Via-SSL
IsBot
Apple-News-Services-Request-Url
X-Request-URI
X-Content-Age
X-Backend-Host
X-Server-IP
X-SIPLIST1
X-Backend-State
X-ElasticPress-Search
X-Varnish-Beresp-Ttl
ProcessTime
X-Eu-Site
X-Cache-FS-Status
X-Debug-Log
X-Ckpd-Fst-Backend
X-CGP
X-Croise-Owner
X-Core-Mission
X-Core-Value
X-Cdn-Srv
X-Debug-Cookies
X-Developers
X-Cache-Srv
X-Cdn-Origin
X-F5-Cache
X-Epic-Correlation-Id
X-Platform
X-Trace-Id
X-UnsetCookies
X-NC
X-Swa-Ws
X-Server-Group
X-Sn-Servicetimems
X-Up
X-Varnish-HitMiss
X-Response-Served-From
On-Server
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Ver
X-VG-TLSProxy
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-Passed-To
X-NX-Host
X-Forwarded-Host
X-HCF
X-Passed-To-PostProcessResponse
X-Phone
X-Returned-From
X-Returned-From-BeforeDispatch
X-Reboot
X-Rebelmouse-Surrogate-Control
X-Cache-Expires
X-Rebelmouse-Cache-Control
X-Fastly-Cache
X-FireWall-Port
X-Kong-Proxy-Latency
HTTPS
Backend-Name
Content-Disposition
HA-Cloudapp
Who
X-Actual-URL
Time
Fastly-SWR
Esi-Enabled
Request-Time
AKAMAI
Powered-By
X-Nginx-Cache
Origin
Heartbleed
HA-Urlpath
HA-Georegion
HA-Geocountry
Frame-Options
X-Cache-ASPX
HA-Geolat
HA-Geolon
X-Cache-Control-Set-By
HA-Geocity
Ha-Gx-Prefs
X-Backend-TTL
X-Kong-Upstream-Latency
HA-Servedtime
HA-Ipaddr
Cache-Tags
Fastly-SIE
HA-Host
X-HS-Combine-CSS
X-App-Version
X-Location
X-GoCache-CacheStatus
X-From-Cache
X-Refresh
X-Var-Ttl
X-Geo
Is-Session-Tracking
WWW-Authenticate
X-Stale
X-Skip-Cache
Get-Access-Time
X-Powered-By-ANYU
RequestId
X-Atg-Version
Dnion-Transfer-Encoding
X-Owner
X-Key
X-Ms-Blob-Type
X-Ms-Lease-Status
X-Ms-Version
X-Req
X-P-T
Fastly-Soc-X-Request-Id
X-Ms-Request-Id
X-Edge-IP
X-Cache-TTL
X-CUA
X-MSEdge-Features
NodeID
X-Pjax-Url
X-Servername
X-MSEdge-Flight
X-Info
Accept-CH-Lifetime
MIME-Version
Mail-Subject
We-Hiring
Ohc-Response-Time
X-TIME
X-BBXSRF
X-Pf-Uncompressing
X-Micro-Cache
X-B3-TraceId
X-CSRF-Token
X-Cdn-Forward
X-Csrf-Token
X-Request-Time
X-Cache-Time
WP-Super-Cache
X-WR-MODIFICATION
X-GRACE
X-NWS-UUID-VERIFY
X-Pc-Hit
X-Pc-Appver
X-Pc-Key
X-External-Request-Id
CF-IPCountry
Section-Io-Cache
X-Litespeed-Cache
Dynatrace
X-Page-Type
Cdn
X-Varnish-Url
X-COUNTRY
X-User
PICS-Label
Mime-Version
X-Pc-Host
X-Pc-Date
X-Varnish-Action
Magicmarker
X-Aicache-OS
X-Servedbyhost
X-CCM-LastModified
Cartoon
X-Cache-Handler
X-LiteSpeed-Cache-Control
GeoIp-Country-Code
X-Varnish-Beresp-TTL
PageType
X-Ua
Geoip-Latitude
Geoip-City
X-DC
CDN
UCS
X-Request-UUID
GW-Server
FastCGI-Cache
X-Variation
X-Fastly-Backend-Reqs
X-GEO
X-Dynatrace
X-Ibm-Trace
Version
Processtime
X-Irp-Debug
X-GDPR
X-HOST
Pagetype
X-Cache-Id
Arc-Country
X-Varnish-Id
CACHE
X-Gdpr
Sid
Rt-Proxy-Cache
X-Nananana
X-TId
X-HTML-Minification-Powered-By
X-Thanos
Memcached
X-Server-W
X-Shard
X-Bip
COMMERCE-SERVER-SOFTWARE
X-Layer
X-FW-Version
X-CACHE-KEY
Memory
X-Load-Cache
GeoIP-Latitude
X-RateLimit-Limit-Second
X-StackifyID
GeoIP-Country-Code
Node
GeoIP-City
X-Wa
If-Modified-Since
X-BE
X-CLOUD-TRACE-CONTEXT
X-Nginx-Cache-Key
X-ServedByHost
X-Via-NSCOPI
X-RateLimit-Remaining-Second
Hostname
X-Sentry-ID
X-Ig-Deployment-Stage
X-Nf-Srv-Version
X-Be
X-Varnish-Ttl
RATING
X-Auto-Login
X-UPSTREAM-Address
Lb
DataCenter
Pics-Label
X-PAGE-TYPE
X-Proxy-Server
Sta2Tusw
X-Varnish-URL
X-Cluster-Node
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
URI
X-Gen-Id
X-FORWARDED-FOR
X-Frame-Option
X-Secret
X-Akamai-Request-ID2
X-Tid
X-Gannett-Site-Version
X-Datadome
X-Fastly-Cache-Hits
Cf-Ipcountry
X-SRV
Srv
X-NGINX-Cache
X-Cache-Var-Map
X-Cache-Var
Mobile-Detection-Method
SD-X-WS
X-Ratelimit-Remaining
X-Hail-Hydra
Cache-Provider
X-EC-Security-Audit
X-VCT
X-PF-Uncompressing
X-ID
X-PJAX-URL
OT-Force-Account-Verify
X-WA
X-Store
X-Ratelimit-Limit
X-GZIP
X-APP
X-Litespeed-Cache-Control
Fastcgi-X-Cache-Version
Pramga
X-Dw-Trace-Id
X-CacheKey
Fastcgi-X-Cache
Fastcgi-Useragent
X-Bug-Bounty
X-B3-SpanId
X-Feature
Serverid
Xet-Cookie
X-CDN-Pop
X-Surge-Debug
X-CDN-Pop-IP
X-Distil-Cs
Group
X-Endurance-Cache-Level
X-SB
X-Policy
X-Fe
X-Akamai-ERPolicy
V-Cache
Powered
X-VC
X-RAMCache
X-Akamai-ERRuleID
X-Haproxy-Ip
X-Haproxy-Hostname
X-Public
X-Check-Cacheable
X-SD-PageType
X-ND-Cache
X-Cache-Debug
X-Shield-Cache-Expires
X-ADI-VCache
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
X-Cookie
X-Unique-Id
Requestid
X-Request-Start
X-Varnish-ID
X-ServerName
X-VG-WebCache
X-Grace-Duration