Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Request-Id
X-Xss-Protection
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
X-Runtime
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Adblock-Key
X-Check
Alt-Svc
X-Cacheable
X-Generator
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Cache-Status
X-AspNetMvc-Version
X-Permitted-Cross-Domain-Policies
X-Template
X-Iinfo
X-Language
Status
Timing-Allow-Origin
X-Buckets
X-FRAME-OPTIONS
X-Content-Security-Policy
Content-Encoding
X-Kinja-Server-Push
Xkey
X-CDN
X-Turbo-Charged-By
Upgrade
X-Type
Keep-Alive
Access-Control-Expose-Headers
WPE-Backend
X-Pass-Why
X-AH-Environment
X-Backend
Access-Control-Max-Age
X-Age
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Server
X-Proxy-Cache
X-Via
X-Request-ID
Grace
X-Pingback
X-Nginx-Cache-Status
X-Server-Powered-By
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Hacker
X-Varnish-Cache
X-UA-Device
X-Page-Speed
EagleId
Request-Context
X-LiteSpeed-Cache
X-Envoy-Upstream-Service-Time
Cf-Railgun
X-Ua-Compatible
X-CST
X-Swift-SaveTime
X-Swift-CacheTime
X-Server-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Ali-Swift-Global-Savetime
X-Device
X-WebKit-CSP
X-Amz-Version-Id
Server-Timing
X-Ac
X-Node
Allow
X-OneAgent-JS-Injection
X-Response-Time
Feature-Policy
X-Rq
X-Cnection
X-Iejgwucgyu
Content-Location
X-Cache-Lookup
X-Backend-Server
Report-To
EagleEye-TraceId
Surrogate-Control
X-Readtime
X-Host
X-Application-Context
Request-Id
X-ORACLE-DMS-ECID
P3p
X-Rack-Cache
X-Url
X-Origin-Cache
X-Clacks-Overhead
X-Country
X-FTR-Request-ID
Rating
NEL
X-Cloud-Trace-Context
X-Country-Code
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-DataDome
X-Ruxit-JS-Agent
X-Cdn
X-Px
X-Instart-Request-ID
X-Mod-Pagespeed
Charset
X-Vhost
X-VARITI-CCR
X-MS-InvokeApp
Accept-CH
Edge-Control
X-Goog-Hash
X-GitHub-Request-Id
Verso
X-TtlSet
X-PC
X-Vname
X-Mobile-Rewrite
Arc-Version
PB-PID
PB-RID
X-Server-Name
X-ESI
X-Upstream-Env
X-Version
Pinterest-Generated-By
X-DynaTrace
X-TTL
X-Powered-By-Plesk
X-D2id
X-Cdn-Fetch
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Kinja
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Origin-Upstream-Status
X-Cached
X-B3-TraceId
X-Dispatcher
SPRequestGuid
X-Varnish-TTL
X-Recruiting
X-SharePointHealthScore
X-Abt-Application-Version
X-ORACLE-DMS-RID
MS-Author-Via
X-Powered-CMS
Accept-CH-Lifetime
RTSS
X-Navigation-Version
Content-MD5
X-T
X-Shield-Request-Id
AR-PoweredBy
AR-CACHE
AR-ATIME
Public-Key-Pins
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-DynaTrace-JS-Agent
X-Trace
X-Forwarded-Proto
X-Client-IP
X-Amz-Rid
Arr-Disable-Session-Affinity
X-HW
X-Fastly-Request-ID
X-Accel-Buffering
X-Wix-Server-Artifact-Id
Realpath
SPIisLatency
SPRequestDuration
X-Oracle-Dms-Rid
X-DIS-Request-ID
Service-Worker-Allowed
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Amz-Meta-S3cmd-Attrs
X-Upstream
X-F-Cache
X-B
AR-Request-ID
Paypal-Debug-Id
Front-End-Https
X-Ser
X-Pinterest-Rid
Pinterest-Version
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Backend
X-FTR-Realm
X-FTR-Balancer
X-FTR-Backend-Server
X-Via-JSL
X-FTR-Expires
X-Id
X-Dw-Request-Base-Id
X-Vcap-Request-Id
Ar-Sid
X-Varnish-Age
X-Dns-Prefetch-Control
X-Debug
X-Goog-Storage-Class
X-Ttl
X-XRDS-Location
X-Acc-Meta-Resource-Type
X-MSEdge-Ref
X-Kinsta-Cache
X-N
X-Hits
Nginx-Cache
X-NF-Request-ID
X-FTR-Cache-Host
X-NewRelic-App-Data
S
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Logged-In
X-DataStream-Cache-Status
X-Akam-SW-Version
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
MRF-Tech
Mrf-Cache-Status
X-Forwarded-For
Tracecode
Alternate-Protocol
X-Frontend
X-User-Agent
X-Grace
X-HS-Content-Id
X-HS-Hub-Id
X-PressLabs-Stats
X-Amzn-Trace-Id
X-Server-ID
AMP-Access-Control-Allow-Source-Origin
Server-Name
X-Content-Digest
X-CACHE-GROUP
X-Content-Options
TCN
Refresh
Powered-By-ChinaCache
X-Content-Type
X-Pad
DynaTrace
X-Fastcgi-Cache
Access-Control-Request-Method
X-Middleton-Display
Display
X-Sol
X-Analytics
MicrosoftSharePointTeamServices
Backend-Timing
Fastcgi-Cache
Accept-Charset
X-LB-Cache
X-IPLB-Instance
X-Debug-Info
X-Zen-Fury
X-Activity-Id
X-Rid
X-AppVersion
FilterID
X-Az
X-Page-Id
Host
X-FastCGI-Cache
X-CF-Powered-By
X-Cache-Key
X-Middleton-Response
Response
MS-CV
ServerID
Cache-Status
X-Cache-Hit
TP-L2-Cache
X-Magnolia-Registration
X-Hostname
TP-Cache
X-VCache
X-Srv
X-Content-Powered-By
X-Seen-By
X-RateLimit-Remaining
X-ATG-Version
X-Mobile
X-Revision
X-WA-Info
X-Cached-By
Surrogate-Key
X-Varnish-Backend
X-B3-Sampled
X-Request-Processing-Time
X-Request-Received
Host-Header
X-Whom
Server-Info
VIX-Pulpo-Upstream-Status
X-SS-Set-Cookie
VIX-Pulpo-Node
X-Signature
X-Cache-Action
X-Instance
X-B-Cache
X-Cluster
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Drupal-Cache-Tags
X-Platform-Server
X-Content-Security-Policy-Report-Only
X-Handled-By
Cleartype
X-Wix-Request-Id
Source
ViewerVersion
X-Akamai-Edgescape
X-PHP-Backend
X-Origin-Server
X-TT
X-Request-Guid
DC
X-Cache-Age
X-Framework
X-TA-CDN-Provider
Rt-Fastcgi-Cache
X-App-Environment
X-XRDS-LOCATION
X-Amzn-RequestId
X-GUploader-UploadID
X-Amz-Apigw-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
Fusion-Component-Id
Fusion-Content-Id
X-Real-IP
X-Geo-Country
X-App-Server
X-BCube-Filmed-By
X-Generated-By
X-FW-Server
X-FW-Static
X-FW-Type
X-Cache-Control
X-FW-Serve
X-FW-Hash
X-AOL-HN
X-Varnish-Server
X-Edge-Location
Server-Node
X-Oneagent-Js-Injection
X-Cache-Rule
X-Varnish-Hostname
X-NWS-LOG-UUID
Retry-After
X-Ruxit-Js-Agent
X-Correlation-Id
X-Amz-Server-Side-Encryption
X-Cache-2
X-Varnish-Grace
Payment
Eomportal-Instance
Access-Control-Allow-Method
X-Amz-Replication-Status
X-FB-Debug
X-Response-Served-From
Webserver
X-TT-TIMESTAMP
Actual-Object-TTL
X-Cacheable-TTL
GEO-INFO
X-Tumblr-Pixel-1
X-Cache-Config
X-Tumblr-Pixel-2
X-Varnish-Hits
AsisCache
ServedBy
X-WebKit-CSP-Report-Only
X-RTag
X-Jobs
Ms-Operation-Id
NGB
X-Upstream-Proxy
X-UUID
Content-Style-Type
Healthy
Filters
X-TX-ID
Content-Script-Type
X-Region
X-UA-Device-Type
X-Drupal-Cache-Contexts
X-VG-WebCache
X-Adobe-Content
X-Contextid
X-Varnish-IP
X-Adobe-Loc
Viewport
Upgrade-Insecure-Requests
From-Origin
X-RequestSource
X-Rendered-As
Cache-Tv-Group
X-Locale
HitType
X-Accel-Expires
Country
Pagespeed
X-Device-Type
X-Cache-TTL
X-Ezoic-Cdn
X-Cache-TTL-Remaining
X-BACKEND-TTL
Fastcgi-Useragent
Cache
X-Cache-Server
X-FW-Dynamic
X-Servedby
X-WPE-Loopback-Upstream-Addr
Edge-Cache-Tag
X-Content-Age
X-Cache-Remote
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Cache-Tags
X-Upgrade-Enabled
X-Cache-Operation
X-Redis-Cache
X-APP-VERSION
X-Hit
X-Source
Fastly-Restarts
Datacenter
X-Storage
X-CACHE-KEY
X-Guploader-Uploadid
X-RateLimit-Limit
X-Esi
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Mode
X-GeoIP
Cache-Tag
X-S
Served-By
Vix-Hermes-Req-Id
SRV
X-Detected-As
X-Time-Microsecs
X-Labrador-Cache-Channel
X-NCache
Load-Balancing
X-Tb
X-Hl-Ver
X-RN-RSRV
X-Internal-Host
X-Is-Bot
X-JoinUs
X-Akamai-Request-ID
Xserver
X-Pubstack
X-Cache-Var-Map
X-Cache-Var
X-Backend-Name
X-NGENIX-Cache
Meta-Geo
X-Path-Route
Machine
X-Origin-Response-Time
Cache-Key
Now
X-Grey
X-Www-Served-By
X-Varnish-Cacheable
X-Agile
X-Agile-Age
X-Loop
X-Agile-Id
X-Timing-Wait
X-ServerID
X-ProxyCache-Key
X-Proxy-Build
X-ProxyCache-Status
X-Proxy
X-Rule
X-TNCMS
X-Origin-Host
X-BYPASS-REASON
X-Cache-Category-Id
X-Birta-Served
X-Birta-Cache-Post
Selected-FE
X-CDN-Cache
X-Edge-IP
X-Hosted-By
X-L-Path
X-Generated
X-FC-Vary-Parameters
X-Environment-Context
Origin-Edge-Control
Origin-Cache-Control
X-Varnish-Cache-Hits
TWC-Locale-Group
TWC-Privacy
Property-Id
X-Status
Webcakes-Region
Webcakes-App-Version
TWC-GeoIP-Country
X-PERF
Webcakes-App-Name
X-IP
Cache-Name
X-RemovedCookies
X-Origin-Hint
X-ProcessESI
TWC-GeoIP-LatLong
X-ApacheServer
S-Rt
X-Format
X-Daa-Tunnel
TWC-Device-Class
X-Web-Node
X-VG-TLSProxy
X-Via-Fastly
X-Viewer-Country
X-Cache-Enabled
TWC-Connection-Speed
NtCoent-Length
X-PCL
X-MP-GENERATED-AT
Public-Key-Pins-Report-Only
X-OCL
X-App-Version
Azure-SlotName
X-Access
X-Section
X-Human
X-CCM
X-Microcachable
Fastcgi-X-Cache-Version
Access-Control-Request-Headers
DB-Nickname
Azure-InstanceId
Azure-Version
Azure-RegionName
Azure-SiteName
We-Hiring
X-Debug-Cache
X-App-Name
Mail-Subject
X-Routing-Service
X-Akamai-Transformed
X-Xfnlog-Site
X-Zipkin-Id
X-Proxied
X-Site-Version
User-Agent
Cache-Hits
X-GEO
Liferay-Portal
X-Pc-Hit
X-Pc-Key
S-Cnection
X-EdgeConnect-Cache-Status
X-Cache-NE
X-Original-Request
X-Pc-Appver
X-Origin
X-Protected-By
X-ES-SERVER
Nel
X-Node-Name
X-Sucuri-ID
X-Nginx-Cache
LB
X-Cdn-Forward
X-FW-Version
X-Ocache
X-Request-Time
X-Proto
User-Cache-Control
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Trace-Id
X-UA
X-Ua
Powered
X-GRACE
X-Nc
X-Forwarded-Host
X-Tumblr-Pixel-3
X-Varnish-Ttl
X-Endurance-Cache-Level
Ohc-File-Size
CACHE
X-Webstats-RespID
X-AWS-Id
X-LJ-Flow-ID
X-VWS-Id
L5d-Success-Class
Frame-Options
X-Correlation-ID
X-FB-TRIP-ID
Section-Io-Cache
X-Origin-CC
X-Time
X-Unique-ID
X-V
X-Cluster-Node
PageSpeed
X-URL
X-Varnish-Beresp-Status
OT-Force-Account-Verify
X-Varnish-Beresp-Grace
X-OVcl
X-OVcl-Cache
AR-SID
X-B3-Traceid
X-Origin-TTL
X-Webkit-Csp
X-EIG-Tracking-Id
X-Rocket-Nginx-Bypass
X-Cache-Backend
X-ElasticPress-Search
X-R9-Blue-Green-Version
Decoy-Debug-Status
Decoy-Debug-Key
Decoy-Debug-TTL
IBM-Web2-Location
X-Goog-Meta-Goog-Reserved-File-Mtime
VivaBuild
Www
X-Generated-In
X-LI-UUID
X-Micro-Cache
Arc-Country
Viewtype
BehaviorPad-Version
X-Li-Pop
X-Info
X-Li-Fabric
X-IN-WAF
X-IN-APIGATEWAY
X-Accel-Expires-Debug
X-LI-Proto
X-Irp-Debug
Country-Code
X-Cache-Id
X-Cache-Host
X-Auto-Login
X-Cache-Grace
X-Cache-Info
X-Cache-URL
X-CF-Lambda-Fn
X-ARC
X-Cdn-Srv
X-B-Cookie
Powered-By
Node
On-Server
X-BB-ID
Mobile-Detection-Method
Meta-Geo-Continent
MD5-Digest
Memcached
X-Cache-FS-Status
X-CF-Lambda-Version
X-Application
X-DPWN-IS-SECURE
Fastly-SIE
Fastly-SWR
Ec-Rule-Version
X-External-Request-Id
X-Aed
X-Fetched-On
Cache-Prefix
Fly-Cache
Fly-Request-Id
X-Destination
X-Date
X-Connection-Hash
GMS-Ver
Rendered-Blocks
X-Amz-Meta-Cache-Control
X-Distil-CS
X-Developer
X-From
X-NU-AKA-ACS-Version
Xc-Version
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Server-Group
X-Server-By
X-ScT
X-ServiceProvider
X-Request-UUID
X-Region-Sid
X-Rebelmouse-Cache-Control
X-Transaction
X-VG-WebServer
X-Rebelmouse-Surrogate-Control
X-Reboot
X-Rojux
X-We-Are-Hiring
X-User
X-Trv-Group
X-Twitter-Response-Tags
X-Node-Id
X-Parent-Response-Time
X-Origin-Expires
X-Origin-Date
X-UE-Client-Country
X-SRCache-Key
X-Rewrite-Enabled
X-PHP-Host
X-S-Cookie
X-S-Maxage
X-TT-LOGID
X-PAYTM-SRV-ID
X-Vgn-Hpd-Reason
X-Dc
X-Varnish-Beresp-Ttl
X-Clientip
X-CGP
X-Cache-Expires
X-Secret
X-Server-IP
X-Cache-Debug
X-Cache-Bucket
X-Thinkindot-L3
X-A-Dgt
X-A-Dcw
X-Actual-URL
X-Swa-Ws
X-Alternate-Cache-Key
X-A-Dam
X-A-Ccd
True-Client-Country-4JS
X-Svr
Who
X-A
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Backend-Url
X-Bip
X-Block-Status
X-Sf
X-Backend-Host
X-ShardId
X-SIPLIST1
X-Shopify-Stage
X-Thanos
X-ShopId
X-C
X-Var-Ttl
SD-X-WS
X-LAGOON
X-Level-Front-Cache
X-Policy
X-Proxy-Cache-Status
X-Proxy-Upstream
Thinkindot-Control
X-Hash
X-Hnp-Log
X-RateLimit-Limit-Second
X-Backend-State
X-Platform
X-Logtrace-Id
X-NX-Host
X-Matched-Rule
X-Stale
X-Passed-To
X-Location
X-Response-By
X-Passed-To-PostProcessResponse
X-Passed-To-DLL
X-Passed-To-BeforeDispatch
X-GeoIP-Country-Code
X-Generated-On
X-Nginx-Cache-Key
X-Dispatcher-Server
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Returned-From-PostProcessResponse
X-Debug-Log
X-Crawler
X-CUA
X-D
X-Debug-Cookies
X-Variation
X-Returned-From
X-G
X-Gannett-Site-Version
X-Gen-Mode
X-RateLimit-Remaining-Second
X-Varnish-Action
X-Fastly-Cache
X-Distributor
X-Request-URI
X-Epic-Correlation-Id
X-Eu-Site
X-Core-Mission
X-A-Wwc
Backend
Lfy
CDCHOST
Origin
Ajk
Proxy-Connection
Adler-Geo
IsBot
Content-Disposition
HA-Ipaddr
Ha-Gx-Prefs
Fastly-Soc-X-Request-Id
Fastly-Backend-Name
Countrycode
Is-Eu
Request-Time
Platform
Thinkindot-CacheControl-Type
Server-Host
X-Upstream-CT
X-Upstream-HT
Thinkindot-CacheControl
X-Pc-Date
X-Pc-Subdomain
X-TIME
X-Pc-Host
X-Via-CDN
Mn-Server-Ip
Warning
X-HS-Cache-Config
X-UnsetCookies
X-F5-Cache
X-TrackingId
X-Qloud-Router
X-SERVER
X-Developers
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Debug-Cache-Store
GW-Server
X-Device-Os
Cache-Cookie-Set-From
X-Varnish-Authentication
X-Up
X-Croise-Owner
X-Instart-Isnd
Fastly-SSL
X-MSEdge-Features
X-No-Session
AKAMAI
Apple-News-Services-Handled
X-Fstrz
X-FireWall-Port
X-MSEdge-Flight
Apple-News-Services-Request-Url
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Heartbleed
SS
X-Amz-Meta-Surrogate-Control
Web-Mar-Node
Release
Magicmarker
Server-Cache-Control
Pramga
X-Cache-ASPX
Server-Surrogate-Control
X-Core-Value
RNT-Machine
Resin-Trace
RNT-Time
Server-Int
X-Sucuri-Cache
X-Server-Time
SID
Server-ID
NGX
X-Page-Type
X-IN-SSL-APIGATEWAY
REQUESTUUID
X-Server-Cache
X-Key
X-Varnish-Url
Pagetype
Kp-EeAlive
X-Be
Hostname
X-Sedo-Request-Id
X-Pjax-Url
X-Generation-Time
X-Owner
X-Servername
X-SN
X-Cache-Miss-From
Fastcgi-X-Cache
X-Via-NSCOPI
RequestId
X-Died
Odigeo-Trace-Id
X-Edge-Cache-Key
X-Edge-Cache
X-Refresh
X-Newrelic-App-Data
HostName
X-From-Cache
Version
HTTPS
X-CDN-Forward
Cteonnt-Length
X-Oss-Object-Type
Cdn-Request-Time
X-Oss-Hash-Crc64ecma
Cdn
PFcat
MIME-Version
Cdn-Host
X-Oss-Storage-Class
X-Oss-Request-Id
X-Edge-Server
X-Oss-Server-Time
X-B3-SpanId
X-NC
Mime-Version
X-FPC
X-Servedbyhost
Time
ProcessTime
X-Store
X-Req
PICS-Label
Esi-Enabled
X-Cache-CFC
X-Ratelimit-Remaining
FastCGI-Cache
X-RCS-CacheZone
X-Layer
MI-Cache-Age
MI-Cache
X-Mobile-URL
X-CSRF-TOKEN
MI-API
X-MI-In-Market
X-Hyper-Cache
X-GZip
Cross-Origin-Window-Policy
HA-Host
HA-Geocity
HA-Georegion
X-RequestId
HA-Geolat
HA-Geocountry
HA-Cloudapp
X-NodeID
Memory
X-Webkit-CSP
X-IPS-LoggedIn
HA-Geolon
Processtime
X-Amzn-Remapped-Date
HA-Urlpath
X-Amzn-Remapped-Connection
X-VServer
HA-Servedtime
X-Load-Cache
CF-IPCountry
X-CLOUD-TRACE-CONTEXT
X-HS-Combine-CSS
X-Wa
X-Geo
X-Ratelimit-Limit
X-Dynatrace-Js-Agent
Cf-Ipcountry
X-Real-Ip
X-Varnish-Beresp-TTL
X-Skip-Cache
X-Aicache-OS
X-Lb-Id
Backend-Name
X-HTML-Minification-Powered-By
X-B3-Spanid
CDN
X-Pf-Uncompressing
X-DC
X-CMS-Context
X-Newrelic-Synthetics
X-Mshield-Cache-Status
X-Unique-Id-Primal
X-WR-MODIFICATION
Ohc-Cache-HIT
X-Mrs-Cache-Hits
X-Mrs-Age
Uber-Trace-Id
X-Mrs-Cache
X-Instart-Info
X-VC-Cache
XServer
X-PF-Uncompressing
X-WA
X-Cms-Context
X-Phone
Ohc-Response-Time
X-Atg-Version
X-Tb-Optimization-Total-Bytes-Saved
X-WebServer
X-Fastly-Country-Code
URI
X-Gateway-Skip-Cache
X-Gateway-Cache-Key
X-Gateway-Cache-Status
X-UCC
X-Release
GeoIP-Country-Code
X-Request-Start
N-Cache
Amp-Access-Control-Allow-Source-Origin
X-FORWARDED-FOR
T-Server
GeoIP-Latitude
Accept-Ch-Lifetime
X-Nananana
Pics-Label
X-Server-W
X-Processor
X-LB-ID
X-Oracle-Dms-Ecid
X-Unique-Id
X-APP
X-CSRF-Token
X-COUNTRY
X-BBXSRF
X-MServer
X-Hp-Webp
X-Shard
X-SRV
X-ServedByHost
X-Datadome
X-GoCache-CacheStatus
Rt-Proxy-Cache
X-ND-Cache
X-Served-From
X-Worker
A
X-VHOST
X-LiteSpeed-Cache-Control
X-SERVER-NAME
X-VCT
X-Fastly-Cache-Hits
DataCenter
X-UPSTREAM-Address
X-CACHE-AGE
Host-ID
X-Geo-Header
X-GeoIP-City
X-Amzn-Remapped-Content-Length
X-HS-Status
X-GZIP
UCS
X-Cache-HT
X-Cdn-Origin
X-Sn-Servicetimems
X-Optimization
V-Age
X-Requestid
X-Check-Cacheable
X-NGINX-Cache
Cneonction
Request-Country
X-BE
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
Geoip-Latitude
Dnion-Transfer-Encoding
X-Vcache
Request-EU
Proxy-Firewall
X-ID
X-Backend-TTL
X-P-T
X-Varnish-URL
X-Gen-Id
X-PAGE-TYPE
X-Planisys-CDN-Cache
X-ServerName
X-Fastly-Backend-Reqs
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Git-Hash
WZWS-RAY
Pragrma
Requestid
FSS-Proxy
WP-Super-Cache
X-Port
X-Fpc
FSS-Cache
X-PJAX-URL
Get-Access-Time
Is-Session-Tracking
X-Csrf-Token
GeoIp-Country-Code
X-NWS-UUID-VERIFY
Serverid
Cache-Provider
X-Fe
X-Org
X-StackifyID
Server-Id
X-HostName
RequestUuid
ServerName
X-Dw-Trace-Id
X-LiteSpeed-Tag
X-Via-SSL
X-Via-Edge
X-Html-Edge-Cache
X-CS
286prxHost
225prxHost
219prxHost
352pxline
Xxline
X-GDPR
355prline
X-Request-Url
189phosttRef
X-RCS-Backend
X-RAMCache
409pxxline
DSUID
188prxHost
178proxuri
Inserted-Into-Cache-At