Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
X-Request-Id
Access-Control-Allow-Methods
X-Xss-Protection
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
X-Request-ID
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-AspNetMvc-Version
Status
X-Cache-Status
X-Adblock-Key
Timing-Allow-Origin
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
X-Template
Content-Encoding
X-Language
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
Keep-Alive
X-Buckets
Xkey
X-Backend
X-Cache-Group
X-AH-Environment
Access-Control-Max-Age
WPE-Backend
X-Pass-Why
X-Age
CF-Ray
X-Server
X-POWERED-BY
Upgrade
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Pingback
X-Drupal-Dynamic-Cache
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Grace
X-Hacker
X-Amz-Id-2
X-Amz-Request-Id
X-UA-Device
Ali-Swift-Global-Savetime
X-Robots-Tag
P3p
Cf-Railgun
X-LiteSpeed-Cache
X-Envoy-Upstream-Service-Time
X-Proxy-Cache
X-Ua-Compatible
X-Page-Speed
Request-Context
Content-Location
X-Device
X-Ac
X-Node
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cnection
X-Host
X-Cache-Lookup
X-Server-Id
X-Amz-Version-Id
Surrogate-Control
X-WebKit-CSP
X-Backend-Server
X-Rack-Cache
X-Response-Time
X-Rq
X-Application-Context
X-Readtime
X-CST
X-Dns-Prefetch-Control
EagleEye-TraceId
Pinterest-Generated-By
Server-Timing
X-Url
X-Cloud-Trace-Context
X-TTL
X-Instart-Request-ID
Request-Id
X-OneAgent-JS-Injection
X-Px
Report-To
X-Country
X-ORACLE-DMS-ECID
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Rating
Feature-Policy
Edge-Control
X-Country-Code
Allow
X-DynaTrace-JS-Agent
Charset
X-DataDome
X-ESI
X-Server-Name
X-Powered-CMS
X-FTR-Request-ID
X-PC
X-TtlSet
X-Vname
X-Origin-Cache
X-DynaTrace
NEL
X-MS-InvokeApp
X-ORACLE-DMS-RID
X-Goog-Hash
X-Recruiting
X-Varnish-TTL
X-VARITI-CCR
X-Cached
X-Vhost
Content-MD5
X-GitHub-Request-Id
RTSS
X-F-Cache
X-Version
X-Kinja-Revision
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Server
X-Exp-Id
X-Exp-Variant
X-Geo-Segment
X-Cdn-Fetch
X-Kinja
X-Powered-By-Plesk
Public-Key-Pins
X-CF-Powered-By
PB-RID
Pinterest-Version
X-Upstream-Env
X-Pinterest-Rid
PB-PID
X-Mod-Pagespeed
X-Mobile-Rewrite
Arc-Version
Verso
SPRequestGuid
X-Client-IP
Accept-CH
X-D2id
X-Abt-Application-Version
X-SRCache-Store-Status
MS-Author-Via
X-SRCache-Fetch-Status
X-N
AR-PoweredBy
AR-ATIME
X-SharePointHealthScore
X-Dispatcher
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
X-HeyJason
AR-CACHE
X-Amz-Rid
X-Navigation-Version
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-T
DynaTrace
Nginx-Cache
Accept-CH-Lifetime
Paypal-Debug-Id
X-Dw-Request-Base-Id
X-Fastly-Request-ID
X-Trace
X-Upstream
Arr-Disable-Session-Affinity
X-Varnish-Age
X-Hits
TCN
X-Amz-Meta-S3cmd-Attrs
X-Grace
X-Id
X-Origin-Upstream-Status
X-Forwarded-Proto
X-Shield-Request-Id
X-DIS-Request-ID
X-Pad
X-FastCGI-Cache
SPRequestDuration
SPIisLatency
X-Content-Options
X-Cache-Hit
X-XRDS-Location
X-Logged-In
X-IPLB-Instance
X-Content-Digest
Realpath
Access-Control-Request-Method
X-Kinsta-Cache
X-Mrf-Section-Lastmod
Mrf-Cache-Status
MRF-Tech
X-NF-Request-ID
X-Mrf-Item-Lastmod
X-Acc-Meta-Resource-Type
X-B
AR-SID
X-Ruxit-JS-Agent
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Storage-Class
X-SS-Set-Cookie
X-HW
X-Vcap-Request-Id
S
X-Debug
X-MSEdge-Ref
X-Ser
Service-Worker-Allowed
Server-Name
X-PressLabs-Stats
X-FTR-Realm
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-Frontend
X-FTR-Cache-Status
X-FTR-DC
X-NewRelic-App-Data
X-Server-ID
Tracecode
X-Oneagent-Js-Injection
X-Wix-Server-Artifact-Id
Fastcgi-Cache
X-FTR-Expires
Rt-Fastcgi-Cache
AMP-Access-Control-Allow-Source-Origin
Eomportal-Instance
Surrogate-Key
Alternate-Protocol
Cleartype
X-Cache-Key
X-Cache-Rule
X-Forwarded-For
Cache-Status
X-NWS-LOG-UUID
X-GUploader-UploadID
X-Srv
X-HS-Content-Id
X-HS-Hub-Id
Backend-Timing
X-Analytics
X-VCache
Host
X-Revision
TP-L2-Cache
X-User-Agent
TP-Cache
X-Rid
X-Debug-Info
X-Whom
FilterID
Fastly-Restarts
X-FTR-Cache-Host
Public-Key-Pins-Report-Only
X-AOL-HN
X-Akam-SW-Version
X-Cache-2
X-Via-JSL
ServerID
X-Varnish-Backend
X-RateLimit-Remaining
X-Content-Powered-By
X-Webkit-CSP
X-Request-Processing-Time
X-Cdn
X-Request-Received
X-Kinja-Server-Push
Viewport
Accept-Charset
X-Zen-Fury
X-Accel-Buffering
X-Ttl
X-Oracle-Dms-Rid
X-Mobile
Front-End-Https
X-WPE-Loopback-Upstream-Addr
X-Cached-By
X-Node-Name
Liferay-Portal
X-App-Environment
X-Magnolia-Registration
X-Tumblr-Pixel
X-Hostname
X-LB-Cache
X-Varnish-Hostname
X-Content-Security-Policy-Report-Only
X-Tumblr-Pixel-0
X-Cluster
X-Cache-Control
X-Tumblr-User
Cache-Tag
X-Akamai-Edgescape
Host-Header
X-Framework
X-TT
X-Device-Type
X-B3-Sampled
X-Handled-By
X-FB-Debug
X-BCube-Filmed-By
X-B-Cache
X-Platform-Server
X-Signature
Upgrade-Insecure-Requests
X-Instance
X-Page-Id
DC
X-TA-CDN-Provider
X-Request-Guid
X-Cache-Server
X-Origin-Server
Server-Node
X-B3-Traceid
X-TT-TIMESTAMP
X-XRDS-LOCATION
X-Correlation-Id
Source
MicrosoftSharePointTeamServices
Retry-After
X-WA-Info
X-Accel-Expires
X-Contextid
X-Servedby
HitInfo
Server-Info
HitType
X-Cache-Action
X-Amzn-Trace-Id
X-Varnish-Server
X-Cache-Operation
X-Distil-CS
X-Port
X-Daa-Tunnel
X-Sol
X-Middleton-Display
Display
X-Generated-By
Content-Style-Type
Content-Script-Type
AsisCache
X-Geo-Country
X-Fastcgi-Cache
X-GeoIP
Webserver
X-Amz-Replication-Status
X-Edge-Location
X-Hyper-Cache
GEO-INFO
X-WebKit-CSP-Report-Only
X-Tumblr-Pixel-2
X-TX-ID
X-APP-VERSION
X-RequestSource
X-Tumblr-Pixel-1
X-Seen-By
Actual-Object-TTL
X-Wix-Request-Id
X-Status
ServedBy
X-S
X-FW-Static
X-Jobs
X-Region
X-Response-Served-From
X-FW-Server
X-FW-Serve
X-Edge-Cache
X-Edge-Cache-Key
X-FW-Hash
X-UUID
X-FW-Type
X-Varnish-Hits
Healthy
X-Adobe-Loc
X-DataStream-Cache-Status
X-Drupal-Cache-Tags
X-Adobe-Content
X-Locale
User-Agent
SRV
Filters
S-Cnection
X-Varnish-Grace
NGB
Refresh
X-Amz-Server-Side-Encryption
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Cache-Age
X-Esi
X-Proxied
IBM-Web2-Location
X-Cache-TTL-Remaining
AR-Request-ID
Response
X-Middleton-Response
X-Az
X-App-Server
X-AppVersion
X-Activity-Id
X-Pc-Appver
X-Pc-Hit
X-Cache-NE
X-Pc-Key
X-Newrelic-App-Data
X-Cache-Remote
X-Content-Type
X-CDN-Forward
X-Ruxit-Js-Agent
Payment
Cache
X-Webkit-Csp
X-Cacheable-TTL
X-Unique-ID
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Cache-TTL
X-ATG-Version
Datacenter
X-Correlation-ID
Country
X-Vg-Webcache
X-UA
Served-By
X-Akamai-Transformed
Edge-Cache-Tag
X-HS-Cache-Config
X-Mode
X-ProcessESI
X-RemovedCookies
X-RN-RSRV
X-Detected-As
Load-Balancing
X-Rendered-As
X-Sucuri-ID
X-Is-Bot
Machine
Meta-Geo
X-ProxyCache-Status
X-OCL
X-Source
HostName
X-PCL
X-Proxy
X-Rocket-Nginx-Bypass
X-FC-Vary-Parameters
X-ProxyCache-Key
X-BYPASS-REASON
Mn-Server-Ip
L5d-Success-Class
Backend
X-Origin
Property-Id
X-Amz-Meta-Surrogate-Control
X-ApacheServer
X-Origin-Hint
X-EIG-Tracking-Id
Access-Control-Allow-Method
X-Hosted-By
DB-Nickname
X-PERF
Cache-Name
Cache-Key
X-Grey
TWC-Connection-Speed
X-Cache-Config
X-Cache-Category-Id
Webcakes-App-Name
TWC-GeoIP-LatLong
TWC-GeoIP-Country
User-Cache-Control
X-Varnish-Cacheable
TWC-Locale-Group
X-Viewer-Country
X-Varnish-IP
TWC-Privacy
X-Debug-Cache
X-Tb
Webcakes-App-Version
X-Pubstack
X-Backend-Name
X-ServerID
Webcakes-Region
Now
TWC-Device-Class
X-BB-IP
ServerName
X-L-Path
X-Zipkin-Id
Azure-Version
X-Human
X-Access
X-Via-Fastly
X-NodeID
X-JoinUs
X-OVcl-Cache
X-Section
Azure-SlotName
Access-Control-Request-Headers
Azure-InstanceId
X-Original-Request
X-Routing-Service
Azure-RegionName
X-Upgrade-Enabled
X-OVcl
Azure-SiteName
X-CCM
X-Environment-Context
X-Format
X-Rule
X-Generated
X-CDN-Cache
X-Hit
X-Loop
X-AWS-Id
X-App-Name
X-Timing-Wait
X-SplitTest
X-Site-Version
X-Proxy-Build
X-Storage
Selected-FE
X-TNCMS
S-Rt
X-LJ-Flow-ID
X-VWS-Id
X-Www-Served-By
X-Xfnlog-Site
X-NGENIX-Cache
X-Varnish-Cache-Hits
X-Ocache
X-TWH-CORRELATION-ID
X-Drupal-Cache-Contexts
X-URL
X-Agile
X-Agile-Age
X-HS-Combine-CSS
X-Origin-CC
X-Agile-Id
X-Cache-Var-Map
X-Real-IP
X-Akamai-Request-ID
X-Cache-Var
X-Pc-Date
X-IP
X-Pc-Host
X-RateLimit-Limit
X-Upstream-HT
X-Upstream-CT
X-Vgn-Hpd-Reason
X-Time-Microsecs
OT-Force-Account-Verify
X-Litespeed-Cache
X-Nginx-Cache
From-Origin
X-UA-Device-Type
X-Mshield-Cache-Status
X-PHP-Backend
X-NCache
X-Mrs-Age
X-Mrs-Cache-Hits
X-Mrs-Cache
X-Internal-Host
X-NC
XServer
X-Microcachable
Fastcgi-X-Cache
Fastcgi-X-Cache-Version
Fastcgi-Useragent
X-Feature
X-Forwarded-Host
X-Release
X-Distributor
Fastly-SSL
X-M-Log
X-M-Reqid
X-Qnm-Cache
X-Varnish-Beresp-Grace
Ar-Sid
X-Amz-Apigw-Id
X-Amzn-RequestId
LB
X-Varnish-Beresp-Status
X-Ms-Lease-Status
X-Ms-Blob-Type
X-Ms-Version
X-Ms-Request-Id
Powered-By-ChinaCache
X-Birta-Cache-Post
X-Birta-Served
Pagespeed
X-Cache-Backend
X-Transaction
X-Twitter-Response-Tags
X-Connection-Hash
NtCoent-Length
X-Labrador-Cache-Channel
Pagetype
X-Ah-Environment
X-EdgeConnect-Cache-Status
X-App-Version
X-V
X-B3-Spanid
X-Instance-Name
X-VG-TLSProxy
Frame-Options
X-GZip
MIME-Version
X-Varnish-Beresp-Ttl
X-C
X-SERVER-NAME
X-Via-Edge
X-Via-SSL
X-A
X-VG-WebServer
X-A-Ccd
X-SRCache-Key
Www
BehaviorPad-Version
X-Rojux
X-CF-Lambda-Fn
X-D
X-Date
Cache-Prefix
X-CUA
X-CS
X-Block-Status
Ajk
X-CF-Lambda-Version
X-Trv-Group
X-BB-ID
X-Via-CDN
X-Application
X-WebServer
Web-Mar-Node
X-Accel-Expires-Debug
X-S-Cookie
VivaBuild
X-A-Dgt
Time
AKAMAI
X-ARC
X-B-Cookie
X-A-Wwc
X-A-Dcw
Server-Int
Viewtype
V-Age
Arc-Country
X-A-Dam
Ec-Rule-Version
X-Irp-Debug
X-IN-WAF
Xc-Version
Fly-Request-Id
X-Logtrace-Id
X-IN-SSL-APIGATEWAY
X-IN-APIGATEWAY
X-Server-Time
X-Hnp-Log
Fly-Cache
Rendered-Blocks
X-No-Session
NGX
X-ScT
Host-ID
X-Region-Sid
X-Request-URI
IsBot
MD5-Digest
X-NU-AKA-ACS-Version
X-Org
Meta-Geo-Continent
X-PAYTM-SRV-ID
X-Server-By
X-SIPLIST1
X-Destination
X-Web-Node
X-Rewrite-Enabled
X-Developer
T-Server
X-Dispatcher-Server
X-DPWN-IS-SECURE
X-Died
X-From
X-UE-Client-Country
X-Generation-Time
X-Generated-In
X-G
X-Gen-Mode
Cneonction
X-FireWall-Port
X-NWS-UUID-VERIFY
X-HOST
Magicmarker
Request-Country
HA-Urlpath
Request-EU
Release
X-Var-Ttl
Kp-EeAlive
NodeID
On-Server
Pragrma
Server-Host
Origin-Cache-Control
X-UnsetCookies
Origin-Edge-Control
MI-API
MI-Cache-Age
Proxy-Connection
Request-Time
X-Crawler
X-Node-Id
X-NX-Host
X-Origin-TTL
X-ServiceProvider
X-Sf
X-Layer
X-MI-In-Market
X-Owner
X-Phone
X-Redis-Cache
X-Request-UUID
X-RCS-CacheZone
X-RateLimit-Remaining-Second
X-Platform
X-RateLimit-Limit-Second
X-HTML-Minification-Powered-By
X-Hl-Ver
X-CGP
X-Core-Value
HA-Servedtime
X-Cache-Enabled
X-Cache-CFC
X-Amz-Meta-Cache-Control
X-Cache-Bucket
X-Debug-Cookies
X-Debug-Log
X-Fastly-Cache
X-GeoIP-City
X-F5-Cache
X-External-Request-Id
X-ElasticPress-Search
X-Eu-Site
True-Client-Country-4JS
MI-Cache
Decoy-Debug-Key
CDCHOST
X-S-Maxage
Decoy-Debug-Status
Decoy-Debug-TTL
HA-Ipaddr
Esi-Enabled
Cache-Tags
X-Wikidot-Static-Cache
X-VServer
Mobile-Detection-Method
X-Sucuri-Cache
X-We-Are-Hiring
Backend-Name
X-Wikidot-Backend
X-Varnish-Action
Country-Code
Ha-Gx-Prefs
Cteonnt-Length
HA-Geocity
GMS-Ver
HA-Geolat
HA-Georegion
HA-Geolon
HA-Cloudapp
HA-Geocountry
HA-Host
X-Webstats-RespID
WZWS-RAY
X-Powered-By-ANYU
X-Csrf-Token
X-Skip-Cache
X-ShardId
X-Matched-Rule
X-Swa-Ws
X-Oss-Hash-Crc64ecma
X-Thinkindot-L3
PageSpeed
X-MSEdge-Features
X-Gannett-Site-Version
X-Nginx-Cache-Key
X-FW-Version
X-MSEdge-Flight
X-Backend-Host
X-Backend-TTL
X-Alternate-Cache-Key
X-Backend-Url
X-ShopId
X-Clientip
X-Ckpd-Fst-Backend
X-Developers
X-Server-IP
X-Content-Age
X-Returned-From-PostProcessResponse
X-GeoIP-Country-Code
X-Croise-Owner
X-Hash
X-Shopify-Stage
X-Worker
X-Key
X-Cache-Host
X-Stale
X-Cache-Expires
X-Cache-Srv
X-Cache-URL
X-Secret
X-Trace-Id
X-Cdn-Origin
X-Device-Os
Apple-News-Services-Handled
Platform
X-Sn-Servicetimems
PFcat
X-Epic-Correlation-Id
Fastly-Backend-Name
Countrycode
RNT-Machine
X-Passed-To-PostProcessResponse
X-VCT
X-Fetched-On
Origin
X-Request-Time
Is-Eu
X-Returned-From-DLL
X-Variation
Heartbleed
X-Up
X-Returned-From-BeforeDispatch
X-Sorting-Hat-ShopId
Odigeo-Trace-Id
X-Returned-From
X-Actual-URL
RNT-Time
X-Fstrz
X-Oss-Storage-Class
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-TT-LOGID
Adler-Geo
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Server-Time
X-Sorting-Hat-PodId
X-Tumblr-Pixel-3
Apple-News-Services-Request-Url
SN
X-Passed-To-BeforeDispatch
Server-ID
X-Passed-To-DLL
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Passed-To
Thinkindot-Control
Section-Io-Cache
X-Ua
X-Servername
X-Reboot
X-Response-By
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Location
X-Store
X-Iejgwucgyu
X-Core-Mission
Sid
Content-Disposition
Uber-Trace-Id
X-Cdn-Srv
X-Backend-State
Fastly-SIE
Resin-Trace
Fastly-SWR
HTTPS
X-Planisys-CDN-Cache
X-Policy
X-Planisys-CDN-TTL
X-CACHE-AGE
X-Planisys-CDN-Rules
X-Alicdn-Da-Ups-Status
X-GEO
ProcessTime
X-Ezoic-Cdn
X-B3-TraceId
X-Real-Ip
Powered
X-Servedbyhost
REQUESTUUID
Xserver
CDN
WP-Super-Cache
RequestId
X-Cluster-Node
X-Atg-Version
Warning
X-Cache-ASPX
X-Refresh
X-Pf-Uncompressing
X-Dc
X-TIME
X-Proto
Mail-Subject
CF-IPCountry
We-Hiring
Dnion-Transfer-Encoding
X-GoCache-CacheStatus
X-Guploader-Uploadid
NODE
Cache-Cookie-Set-From
ViewerVersion
Cache-Cookie-Set-Lfrom
X-Pjax-Url
Cache-Cookie-Set-Idcheck
X-Req
X-Varnish-Ttl
X-DC
X-Endurance-Cache-Level
X-Nc
NnCoection
X-Origin-Date
X-Origin-Expires
X-Newrelic-Synthetics
X-Page-Type
X-Surge-Debug
X-GRACE
X-CLOUD-TRACE-CONTEXT
X-Cache-Control-Set-By
X-Varnish-HitMiss
X-Time
X-COUNTRY
X-Server-W
X-HCF
Hostname
X-Edge-IP
X-Aed
Geoip-Latitude
GeoIp-Country-Code
X-Oracle-Dms-Ecid
SD-X-WS
X-Server-Group
WWW-Authenticate
X-Ms-Lease-State
Pramga
CACHE
X-Cdn-Forward
A
X-Varnish-Url
TSSecure
X-CSRF-Token
Geoip-City
Processtime
X-Wix-Route-ID
PICS-Label
X-Datadome
X-Wa
X-Varnish-Beresp-TTL
MS-CV
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Aicache-OS
X-Varnish-URL
Cdn
Dont-Set-Cookie
X-ABtesting
X-Gdpr
X-Akamai-Request-ID2
X-Edge-Server
X-Flog
X-WA
Cdn-Host
Node
X-From-Cache
Cdn-Request-Time
Mime-Version
X-Hello
X-CACHE-KEY
Lb
X-Auto-Login
DataCenter
X-Use-Magma
X-Nananana
X-Geo
X-Ratelimit-Limit
COMMERCE-SERVER-SOFTWARE
X-UPSTREAM-Address
PageType
GeoIP-Latitude
GeoIP-Country-Code
Lfy
X-RTag
Ms-Operation-Id
X-FORWARDED-FOR
FSS-Cache
Get-Access-Time
FSS-Proxy
X-Sentry-ID
X-Optimization
X-Env
X-Fastly-Backend-Reqs
GeoIP-City
Is-Session-Tracking
X-SRV
X-Cache-HT
X-Load-Cache
X-WR-MODIFICATION
X-Gen-Id
X-PAGE-TYPE
X-EC-Security-Audit
X-APP
Rt-Proxy-Cache
X-Unique-Id
Who
X-Served-From
X-Cache-Id
X-Cookie
X-Check-Cacheable
X-Via-NSCOPI
X-GDPR
X-Wix-Petri-Ex
X-Cache-FS-Status
X-Dynatrace-Js-Agent
X-Meta-Tbi-Cache-Vertical
X-Ibm-Trace
Ws
X-Bip
X-Cache-Info
X-Ver
X-Thanos
Pics-Label
Httpd-Identifier
X-Be
X-PJAX-URL
X-Swift-Error
X-MP-GENERATED-AT
Memcached
X-Proxy-Server
X-NGINX-Cache
X-Request-Start
Cf-Ipcountry
X-HS-Status
Ohc-File-Size
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
Powered-By
X-Fastly-Cache-Hits
X-Fe
X-RateLimit-Reset
X-B3-SpanId
V-Cache
X-Cache-Ttl
Group
X-Path-Route
X-CDN-Pop
X-PF-Uncompressing
Version
X-Shard
URI
X-CDN-Pop-IP
X-ServedByHost
X-Dw-Trace-Id
Memory
X-ID
Amp-Access-Control-Allow-Source-Origin
UCS
X-P-T
X-LiteSpeed-Cache-Control
Requestid
X-GZIP
AGE-Hash
X-SB
X-Bug-Bounty
X-VC
NX-Cache
Xet-Cookie
GW-Server
Serverid
X-Varnish-Info
X-StackifyID
Apicache-Store
X-User
X-Ratelimit-Remaining
X-Akamai-ERRuleID
CDN-Cache
CDN-Cache-Hit
CDN-Node
X-Akamai-ERPolicy
Apicache-Version
Ohc-Response-Time
X-CacheKey
N-Cache
Fastly-Soc-X-Request-Id
X-SD-PageType
X-Litespeed-Cache-Control
If-Modified-Since
X-Flags
X-Micro-Cache
X-Cache-Handler
Https
X-Info
X-RequestId
X-ServerName
X-Is-Crawler
X-Providence-Cookie
X-Route-Name
X-Grace-Duration