Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
X-Request-Id
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Xss-Protection
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Request-ID
X-Check
X-AspNetMvc-Version
Status
X-Cache-Status
X-Adblock-Key
Timing-Allow-Origin
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
X-Template
Content-Encoding
X-Language
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
Keep-Alive
X-Buckets
Xkey
X-Backend
X-Cache-Group
X-AH-Environment
WPE-Backend
Access-Control-Max-Age
X-Pass-Why
X-Age
CF-Ray
X-Server
X-POWERED-BY
Upgrade
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Pingback
X-Drupal-Dynamic-Cache
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Grace
X-Hacker
X-Amz-Request-Id
X-Amz-Id-2
X-UA-Device
Ali-Swift-Global-Savetime
X-Robots-Tag
P3p
Cf-Railgun
X-LiteSpeed-Cache
X-Envoy-Upstream-Service-Time
X-Proxy-Cache
X-Ua-Compatible
X-Page-Speed
Request-Context
Content-Location
X-Device
X-Ac
X-Node
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cnection
X-Host
X-Cache-Lookup
X-Server-Id
X-Amz-Version-Id
Surrogate-Control
X-WebKit-CSP
X-Backend-Server
X-Rack-Cache
X-Rq
X-Response-Time
X-Application-Context
X-Readtime
X-CST
X-Dns-Prefetch-Control
EagleEye-TraceId
Pinterest-Generated-By
Server-Timing
X-Url
X-Cloud-Trace-Context
X-TTL
X-Instart-Request-ID
Request-Id
X-OneAgent-JS-Injection
X-Px
Report-To
X-Country
X-ORACLE-DMS-ECID
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Feature-Policy
Edge-Control
Rating
Allow
X-Country-Code
Charset
X-DynaTrace-JS-Agent
X-DataDome
X-ESI
X-Server-Name
X-Powered-CMS
X-FTR-Request-ID
X-PC
X-TtlSet
X-Vname
X-Origin-Cache
X-DynaTrace
NEL
X-MS-InvokeApp
X-Goog-Hash
X-Recruiting
X-Varnish-TTL
X-Cached
X-VARITI-CCR
X-ORACLE-DMS-RID
X-Vhost
Content-MD5
X-GitHub-Request-Id
RTSS
X-Version
X-F-Cache
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Cdn-Fetch
X-Exp-Variant
X-GoogleNews-Bot
X-Geo-Segment
X-Exp-Id
X-Kinja
X-Powered-By-Plesk
Public-Key-Pins
X-CF-Powered-By
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Env
PB-RID
PB-PID
X-Mod-Pagespeed
X-Mobile-Rewrite
Arc-Version
Verso
Accept-CH
SPRequestGuid
X-Client-IP
X-D2id
X-Abt-Application-Version
X-SRCache-Store-Status
MS-Author-Via
X-SRCache-Fetch-Status
X-N
X-Dispatcher
AR-ATIME
AR-PoweredBy
X-SharePointHealthScore
Permitted-Cross-Domain-Policies
X-Do-Not-Hack
X-HeyJason
AR-CACHE
X-Amz-Rid
X-Navigation-Version
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-T
Nginx-Cache
DynaTrace
Accept-CH-Lifetime
Paypal-Debug-Id
X-Dw-Request-Base-Id
X-Trace
X-Fastly-Request-ID
X-Upstream
X-Grace
X-Varnish-Age
Arr-Disable-Session-Affinity
X-Hits
TCN
X-FastCGI-Cache
X-Amz-Meta-S3cmd-Attrs
X-Origin-Upstream-Status
X-Forwarded-Proto
X-Id
X-DIS-Request-ID
X-Shield-Request-Id
X-Pad
SPRequestDuration
SPIisLatency
X-Cache-Hit
X-Content-Options
X-Logged-In
X-Content-Digest
X-IPLB-Instance
Realpath
X-Kinsta-Cache
Access-Control-Request-Method
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-NF-Request-ID
Mrf-Cache-Status
X-Acc-Meta-Resource-Type
MRF-Tech
X-B
AR-SID
X-Ruxit-JS-Agent
X-Goog-Generation
X-XRDS-Location
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-SS-Set-Cookie
X-HW
X-Vcap-Request-Id
S
X-Debug
X-MSEdge-Ref
X-Ser
Service-Worker-Allowed
Server-Name
X-FTR-Backend
X-PressLabs-Stats
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Realm
X-Country-Code-Real
X-FTR-DC
X-Frontend
X-Server-ID
Tracecode
X-Oneagent-Js-Injection
X-FTR-Expires
X-Wix-Server-Artifact-Id
X-Cache-Key
Fastcgi-Cache
Rt-Fastcgi-Cache
AMP-Access-Control-Allow-Source-Origin
Eomportal-Instance
Alternate-Protocol
X-NewRelic-App-Data
Surrogate-Key
X-Forwarded-For
Cleartype
X-Cache-Rule
Cache-Status
X-Srv
X-NWS-LOG-UUID
X-GUploader-UploadID
X-HS-Content-Id
X-HS-Hub-Id
Backend-Timing
X-Analytics
X-VCache
Host
X-Oracle-Dms-Rid
X-User-Agent
X-Revision
TP-L2-Cache
TP-Cache
FilterID
X-Rid
X-Debug-Info
Fastly-Restarts
X-Whom
X-FTR-Cache-Host
Public-Key-Pins-Report-Only
X-AOL-HN
X-Akam-SW-Version
X-Cache-2
X-Via-JSL
X-Varnish-Backend
ServerID
X-Content-Powered-By
X-Webkit-CSP
X-Request-Received
X-Request-Processing-Time
X-Cdn
X-Kinja-Server-Push
Accept-Charset
X-Zen-Fury
Viewport
X-RateLimit-Remaining
X-Accel-Buffering
X-Ttl
Front-End-Https
X-Mobile
X-XRDS-LOCATION
X-WPE-Loopback-Upstream-Addr
X-Cached-By
X-Node-Name
Liferay-Portal
X-App-Environment
X-LB-Cache
X-Page-Id
X-Cluster
X-Hostname
X-Cache-Control
X-Tumblr-Pixel
X-Varnish-Hostname
Host-Header
X-Tumblr-User
X-Content-Security-Policy-Report-Only
X-Magnolia-Registration
X-Tumblr-Pixel-0
X-Framework
X-Device-Type
X-Handled-By
Cache-Tag
X-Request-Guid
X-Akamai-Edgescape
X-TT
Upgrade-Insecure-Requests
X-B-Cache
X-BCube-Filmed-By
X-FB-Debug
X-Signature
X-Instance
X-Platform-Server
X-B3-Sampled
DC
X-Cache-Server
Server-Node
X-TT-TIMESTAMP
X-Origin-Server
X-B3-Traceid
X-Correlation-Id
X-TA-CDN-Provider
Source
MicrosoftSharePointTeamServices
Retry-After
X-Contextid
X-WA-Info
X-Servedby
X-Accel-Expires
HitInfo
HitType
Server-Info
X-Amzn-Trace-Id
X-Cache-Action
X-Varnish-Server
X-Cache-Operation
X-Distil-CS
X-Port
Display
X-Sol
X-Middleton-Display
X-Daa-Tunnel
X-Generated-By
X-Geo-Country
X-Edge-Location
AsisCache
Content-Script-Type
Content-Style-Type
X-Amz-Replication-Status
X-GeoIP
X-Hyper-Cache
X-APP-VERSION
X-Tumblr-Pixel-2
X-RequestSource
X-S
X-Tumblr-Pixel-1
X-WebKit-CSP-Report-Only
X-TX-ID
GEO-INFO
ServedBy
X-Status
Actual-Object-TTL
X-Locale
X-Wix-Request-Id
X-Seen-By
X-Varnish-Hits
X-Region
Healthy
X-Edge-Cache-Key
X-Edge-Cache
X-Response-Served-From
X-UUID
X-Jobs
X-FW-Server
X-FW-Type
X-FW-Hash
X-FW-Static
X-FW-Serve
User-Agent
X-Adobe-Loc
X-DataStream-Cache-Status
X-Adobe-Content
X-Drupal-Cache-Tags
Webserver
SRV
X-Varnish-Grace
Filters
X-Newrelic-App-Data
S-Cnection
Refresh
NGB
X-Fastcgi-Cache
X-Amz-Server-Side-Encryption
X-Yottaa-Optimizations
X-Cache-Age
X-Yottaa-Metrics
X-Esi
IBM-Web2-Location
X-Cache-TTL-Remaining
Response
X-Middleton-Response
AR-Request-ID
X-Proxied
X-Activity-Id
X-App-Server
X-AppVersion
X-Az
X-Pc-Hit
X-Pc-Appver
X-Pc-Key
X-Content-Type
X-Cache-Remote
X-Cache-NE
X-CDN-Forward
Cache
X-Ruxit-Js-Agent
Payment
X-Cacheable-TTL
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-UA
X-Cache-TTL
X-ATG-Version
Datacenter
X-Correlation-ID
Country
X-Unique-ID
Served-By
Edge-Cache-Tag
X-HS-Cache-Config
X-Akamai-Transformed
X-Is-Bot
Meta-Geo
Machine
Load-Balancing
X-Rendered-As
X-Sucuri-ID
X-RemovedCookies
X-ProcessESI
X-Detected-As
X-Vg-Webcache
X-RN-RSRV
X-OCL
X-PCL
X-Proxy
X-Rocket-Nginx-Bypass
X-Source
X-Mode
X-BYPASS-REASON
User-Cache-Control
X-FC-Vary-Parameters
HostName
X-ProxyCache-Status
X-ProxyCache-Key
Cache-Key
DB-Nickname
Access-Control-Allow-Method
Backend
TWC-Device-Class
X-Cache-Config
X-Varnish-IP
X-Debug-Cache
X-Viewer-Country
X-Backend-Name
X-EIG-Tracking-Id
X-Varnish-Cacheable
X-Cache-Category-Id
X-PERF
X-Origin-Hint
X-Pubstack
X-BB-IP
X-Tb
X-ServerID
X-ApacheServer
X-Grey
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Connection-Speed
Property-Id
Mn-Server-Ip
Now
TWC-Locale-Group
TWC-Privacy
X-Human
X-Hosted-By
X-Origin
Webcakes-Region
Webcakes-App-Name
Webcakes-App-Version
L5d-Success-Class
Cache-Name
X-CCM
X-Amz-Meta-Surrogate-Control
X-CDN-Cache
X-Environment-Context
X-Format
X-Access
ServerName
Azure-RegionName
Azure-InstanceId
Azure-SiteName
Azure-SlotName
Azure-Version
X-Generated
X-Hit
X-TNCMS
X-Site-Version
X-Upgrade-Enabled
X-Varnish-Cache-Hits
X-Via-Fastly
X-Section
X-OVcl-Cache
X-L-Path
X-JoinUs
X-NodeID
X-Original-Request
X-OVcl
Access-Control-Request-Headers
X-Loop
X-Ocache
S-Rt
X-TWH-CORRELATION-ID
X-NGENIX-Cache
X-App-Name
X-SplitTest
X-Agile
X-AWS-Id
X-Timing-Wait
X-Rule
Selected-FE
X-LJ-Flow-ID
X-IP
X-VWS-Id
X-Agile-Age
X-Agile-Id
X-Storage
X-Xfnlog-Site
X-Www-Served-By
X-Proxy-Build
X-URL
X-Drupal-Cache-Contexts
X-Origin-CC
X-HS-Combine-CSS
X-Akamai-Request-ID
X-Real-IP
X-Routing-Service
X-Cache-Var-Map
X-Pc-Date
X-Pc-Host
X-Cache-Var
X-Zipkin-Id
X-Upstream-HT
X-Vgn-Hpd-Reason
X-Upstream-CT
X-Time-Microsecs
OT-Force-Account-Verify
X-Litespeed-Cache
X-RateLimit-Limit
X-UA-Device-Type
X-Nginx-Cache
From-Origin
X-NCache
X-PHP-Backend
X-Mrs-Cache
X-Mrs-Age
X-Mrs-Cache-Hits
X-Mshield-Cache-Status
X-Microcachable
XServer
X-Internal-Host
X-NC
Fastcgi-Useragent
Fastcgi-X-Cache-Version
Fastcgi-X-Cache
X-Feature
X-Release
X-Forwarded-Host
X-Distributor
X-Amzn-RequestId
X-Amz-Apigw-Id
Fastly-SSL
X-Qnm-Cache
X-M-Log
X-M-Reqid
X-Varnish-Beresp-Status
Ar-Sid
X-Varnish-Beresp-Grace
LB
X-Ms-Version
X-Ms-Lease-Status
X-Ms-Request-Id
X-Ms-Blob-Type
Powered-By-ChinaCache
Pagespeed
X-Birta-Cache-Post
X-Birta-Served
X-Cache-Backend
X-Twitter-Response-Tags
NtCoent-Length
X-Connection-Hash
X-Labrador-Cache-Channel
X-Transaction
X-EdgeConnect-Cache-Status
Pagetype
X-App-Version
X-Webkit-Csp
X-Ah-Environment
X-VG-TLSProxy
X-B3-Spanid
X-Instance-Name
Frame-Options
X-GZip
X-Web-Node
X-V
MIME-Version
Time
X-SERVER-NAME
X-C
X-Dispatcher-Server
X-Developer
X-Died
NGX
Viewtype
V-Age
X-Server-By
X-ScT
X-Server-Time
X-Destination
VivaBuild
X-SRCache-Key
X-SIPLIST1
X-DPWN-IS-SECURE
X-Trv-Group
X-BB-ID
X-B-Cookie
X-Block-Status
X-Cache-Bucket
AKAMAI
X-ARC
X-Application
Cache-Prefix
BehaviorPad-Version
X-A-Wwc
Arc-Country
Ajk
X-A-Dgt
X-CUA
X-CS
X-D
X-Date
Www
X-A
X-A-Ccd
X-A-Dcw
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-A-Dam
Web-Mar-Node
X-Rojux
X-IN-APIGATEWAY
X-UE-Client-Country
X-IN-SSL-APIGATEWAY
X-Via-Edge
X-IN-WAF
Server-Int
Rendered-Blocks
X-Generation-Time
X-VG-WebServer
X-PAYTM-SRV-ID
IsBot
X-Hnp-Log
X-Via-SSL
X-Org
MD5-Digest
X-WebServer
Fly-Cache
X-No-Session
Meta-Geo-Continent
X-Logtrace-Id
X-Irp-Debug
X-Accel-Expires-Debug
X-NU-AKA-ACS-Version
Xc-Version
Host-ID
X-Generated-In
X-Via-CDN
Fly-Request-Id
X-Request-UUID
T-Server
X-Region-Sid
X-Rewrite-Enabled
X-Redis-Cache
X-Request-URI
X-Gen-Mode
Ec-Rule-Version
X-S-Cookie
X-From
X-G
X-HOST
X-NWS-UUID-VERIFY
X-FireWall-Port
Cneonction
X-Varnish-Beresp-Ttl
Kp-EeAlive
MI-API
Request-Time
Server-Host
Magicmarker
Origin-Cache-Control
Pragrma
Proxy-Connection
SN
On-Server
MI-Cache-Age
MI-Cache
Request-EU
Release
Origin-Edge-Control
Request-Country
NodeID
X-GeoIP-City
X-RateLimit-Remaining-Second
X-RCS-CacheZone
X-S-Maxage
X-RateLimit-Limit-Second
X-Platform
X-Origin-TTL
X-Owner
X-Phone
X-ServiceProvider
X-Sf
X-Wikidot-Backend
X-Wikidot-Static-Cache
Mobile-Detection-Method
X-We-Are-Hiring
X-VServer
X-UnsetCookies
X-Var-Ttl
X-Varnish-Action
X-NX-Host
X-Node-Id
X-Debug-Cookies
X-Debug-Log
X-ElasticPress-Search
X-Crawler
X-Core-Value
X-Cache-CFC
X-Cache-Enabled
X-CGP
X-Eu-Site
X-External-Request-Id
X-Key
X-Layer
X-MI-In-Market
X-HTML-Minification-Powered-By
X-Hl-Ver
X-F5-Cache
X-Fastly-Cache
X-Amz-Meta-Cache-Control
True-Client-Country-4JS
HA-Geocountry
HA-Geocity
Cache-Tags
HA-Geolat
X-Powered-By-ANYU
CDCHOST
Decoy-Debug-Status
GMS-Ver
Country-Code
HA-Cloudapp
Decoy-Debug-Key
X-Sucuri-Cache
HA-Geolon
Decoy-Debug-TTL
HA-Urlpath
Cteonnt-Length
Esi-Enabled
Backend-Name
HA-Servedtime
WZWS-RAY
HA-Georegion
HA-Ipaddr
Ha-Gx-Prefs
HA-Host
X-Webstats-RespID
X-Ckpd-Fst-Backend
X-Cache-URL
X-Cdn-Srv
X-Cache-Srv
X-Cdn-Origin
Adler-Geo
X-Backend-Url
Apple-News-Services-Handled
X-Backend-TTL
X-Backend-State
X-Backend-Host
X-ShopId
X-ShardId
X-Cache-Host
X-Server-IP
X-Cache-Expires
X-Clientip
X-Secret
X-Returned-From
X-FW-Version
X-Gannett-Site-Version
X-Fstrz
X-Fetched-On
X-Passed-To-BeforeDispatch
X-Passed-To
X-Nginx-Cache-Key
X-MSEdge-Flight
X-Location
X-Hash
X-GeoIP-Country-Code
X-Matched-Rule
X-MSEdge-Features
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Returned-From-BeforeDispatch
Apple-News-Services-Host
X-Returned-From-DLL
X-Croise-Owner
X-Returned-From-PostProcessResponse
X-Response-By
X-Request-Time
PageSpeed
X-Epic-Correlation-Id
X-Device-Os
X-Developers
X-Reboot
X-Content-Age
X-Alternate-Cache-Key
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
PFcat
Thinkindot-Control
X-Up
X-Tumblr-Pixel-3
X-Oss-Request-Id
Uber-Trace-Id
Fastly-Backend-Name
X-Oss-Storage-Class
Apple-News-Services-Parsed-Url
Platform
X-Oss-Hash-Crc64ecma
Section-Io-Cache
X-Variation
X-Oss-Object-Type
Server-ID
Countrycode
X-TT-LOGID
X-Skip-Cache
X-Sn-Servicetimems
X-Actual-URL
X-Shopify-Stage
X-Oss-Server-Time
Apple-News-Services-Request-Url
Is-Eu
Heartbleed
X-Sorting-Hat-PodId
X-VCT
X-Thinkindot-L3
X-Trace-Id
X-Swa-Ws
X-Stale
Odigeo-Trace-Id
X-Sorting-Hat-ShopId
X-Worker
Origin
HTTPS
X-Rebelmouse-Cache-Control
X-Csrf-Token
X-Store
RNT-Time
Resin-Trace
Content-Disposition
RNT-Machine
Fastly-SIE
X-Rebelmouse-Surrogate-Control
Fastly-SWR
X-Core-Mission
X-Servername
X-GEO
X-Iejgwucgyu
X-Alicdn-Da-Ups-Status
X-Policy
Sid
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
ProcessTime
X-Planisys-CDN-Cache
X-Real-Ip
X-CACHE-AGE
X-B3-TraceId
X-Ezoic-Cdn
REQUESTUUID
CDN
X-Ua
Powered
X-Pf-Uncompressing
RequestId
WP-Super-Cache
Xserver
Warning
X-Cluster-Node
X-Atg-Version
X-Servedbyhost
X-Refresh
X-Proto
X-Cache-ASPX
X-TIME
X-Dc
We-Hiring
CF-IPCountry
Dnion-Transfer-Encoding
Mail-Subject
X-GoCache-CacheStatus
NODE
X-Guploader-Uploadid
Cache-Cookie-Set-From
X-Pjax-Url
Cache-Cookie-Set-Idcheck
ViewerVersion
Cache-Cookie-Set-Lfrom
X-Req
X-Newrelic-Synthetics
X-DC
X-Nc
NnCoection
X-Endurance-Cache-Level
X-Varnish-Ttl
X-Page-Type
X-Surge-Debug
X-Origin-Expires
X-Origin-Date
X-CLOUD-TRACE-CONTEXT
X-Time
X-Varnish-HitMiss
GeoIp-Country-Code
X-Cache-Control-Set-By
X-Edge-IP
Geoip-Latitude
X-Server-W
X-COUNTRY
X-HCF
Hostname
X-Aed
X-Oracle-Dms-Ecid
X-CSRF-Token
Pramga
SD-X-WS
X-Ms-Lease-State
X-Server-Group
WWW-Authenticate
X-Cdn-Forward
X-Varnish-Beresp-TTL
CACHE
Geoip-City
TSSecure
Processtime
A
X-Varnish-Url
X-GRACE
MS-CV
X-Datadome
PICS-Label
X-Wix-Route-ID
X-Dynatrace-Js-Agent
X-Hello
X-Wa
X-Varnish-URL
X-DataStream-MidMile-RTT
X-ABtesting
X-DataStream-Origin-MEX-Latency
Cdn
X-Flog
X-WA
X-Aicache-OS
X-Ratelimit-Limit
Dont-Set-Cookie
Cdn-Host
Mime-Version
Cdn-Request-Time
X-Akamai-Request-ID2
Node
X-From-Cache
X-Gdpr
X-Edge-Server
Lfy
X-Auto-Login
Lb
X-Nananana
PageType
DataCenter
X-Use-Magma
X-Geo
X-UPSTREAM-Address
FSS-Cache
X-Unique-Id
FSS-Proxy
COMMERCE-SERVER-SOFTWARE
Ms-Operation-Id
X-RTag
X-Optimization
X-EC-Security-Audit
Get-Access-Time
X-Env
GeoIP-Country-Code
GeoIP-City
X-Fastly-Backend-Reqs
X-SRV
X-APP
Is-Session-Tracking
GeoIP-Latitude
X-Cache-HT
X-Sentry-ID
X-Load-Cache
X-WR-MODIFICATION
X-CACHE-KEY
X-Gen-Id
X-PAGE-TYPE
Who
Rt-Proxy-Cache
X-Via-NSCOPI
X-Check-Cacheable
X-Cookie
X-Wix-Petri-Ex
X-Cache-FS-Status
X-Cache-Id
X-GDPR
X-Served-From
X-Thanos
X-Ibm-Trace
X-Bip
X-FORWARDED-FOR
X-Ver
X-Cache-Info
Ws
Memcached
X-Meta-Tbi-Cache-Vertical
Pics-Label
X-PJAX-URL
X-Be
X-Proxy-Server
X-Swift-Error
Httpd-Identifier
X-MP-GENERATED-AT
X-NGINX-Cache
X-Ratelimit-Remaining
Cf-Ipcountry
X-Request-Start
X-HS-Status
Memory
X-ServedByHost
X-Cache-Ttl
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
Powered-By
X-Fe
X-RateLimit-Reset
X-Fastly-Cache-Hits
Ohc-File-Size
X-B3-SpanId
V-Cache
Group
X-Path-Route
Version
X-CDN-Pop
X-CDN-Pop-IP
X-Shard
X-Dw-Trace-Id
URI
Amp-Access-Control-Allow-Source-Origin
X-ID
UCS
GW-Server
X-LiteSpeed-Cache-Control
Requestid
X-GZIP
NX-Cache
X-P-T
Xet-Cookie
X-PF-Uncompressing
X-Bug-Bounty
X-VC
AGE-Hash
X-SB
Serverid
WebServer
Apicache-Version
X-Varnish-Info
CDN-Node
CDN-Cache
X-User
N-Cache
X-CacheKey
X-Akamai-ERRuleID
CDN-Cache-Hit
Apicache-Store
X-StackifyID
X-Akamai-ERPolicy
X-VG-WebCache
Fastly-Soc-X-Request-Id
Ohc-Response-Time
X-SD-PageType
X-Litespeed-Cache-Control
X-ServerName
X-RequestId
SID
Cache-Hits
X-Route-Name
X-Info
X-Is-Crawler
X-Cache-Handler
X-Grace-Duration
If-Modified-Since
Https
X-Providence-Cookie
X-Micro-Cache
X-Flags