Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Request-Id
X-Xss-Protection
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
X-Runtime
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Adblock-Key
X-Check
Alt-Svc
X-Cacheable
X-Generator
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Cache-Status
X-AspNetMvc-Version
X-Permitted-Cross-Domain-Policies
X-Template
X-Iinfo
X-Language
Status
Timing-Allow-Origin
X-Buckets
X-Content-Security-Policy
Content-Encoding
X-Kinja-Server-Push
Xkey
X-Turbo-Charged-By
Upgrade
X-Type
X-CDN
Keep-Alive
Access-Control-Expose-Headers
WPE-Backend
X-Pass-Why
X-AH-Environment
X-Backend
Access-Control-Max-Age
X-Age
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Server
X-Proxy-Cache
X-Via
X-Request-ID
Grace
X-Pingback
X-Nginx-Cache-Status
X-Server-Powered-By
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Hacker
X-Varnish-Cache
X-UA-Device
X-Page-Speed
EagleId
Request-Context
X-LiteSpeed-Cache
Cf-Railgun
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
X-CST
X-Swift-CacheTime
X-Swift-SaveTime
X-Server-Id
Ali-Swift-Global-Savetime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-Amz-Version-Id
X-WebKit-CSP
Server-Timing
X-Ac
X-Node
X-OneAgent-JS-Injection
Allow
Feature-Policy
X-Response-Time
X-Iejgwucgyu
X-Cnection
X-Rq
Content-Location
X-Cache-Lookup
X-Backend-Server
Report-To
EagleEye-TraceId
Surrogate-Control
X-Readtime
X-Host
X-Application-Context
X-Cdn
Request-Id
X-ORACLE-DMS-ECID
X-Url
P3p
X-Rack-Cache
X-Origin-Cache
X-Clacks-Overhead
NEL
X-Country
X-FTR-Request-ID
Rating
X-Country-Code
X-Cloud-Trace-Context
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-DataDome
X-Ruxit-JS-Agent
X-Instart-Request-ID
X-Px
X-Vhost
X-Mod-Pagespeed
Charset
X-MS-InvokeApp
X-VARITI-CCR
Edge-Control
Accept-CH
X-Goog-Hash
Verso
X-GitHub-Request-Id
X-TTL
PB-RID
Arc-Version
X-Mobile-Rewrite
PB-PID
X-TtlSet
X-Vname
X-PC
Pinterest-Generated-By
X-ESI
X-Server-Name
X-Version
X-DynaTrace
X-Upstream-Env
X-B3-TraceId
X-Powered-By-Plesk
X-D2id
X-Use-Magma
X-GoogleNews-Bot
X-Kinja
X-Exp-Variant
X-Cached
X-Kinja-Revision
X-Kinja-Server
X-Kinja-Build
X-Exp-Id
X-Cdn-Fetch
X-Origin-Upstream-Status
X-Dispatcher
SPRequestGuid
X-Recruiting
X-SharePointHealthScore
X-Abt-Application-Version
X-Varnish-TTL
X-Powered-CMS
MS-Author-Via
Accept-CH-Lifetime
RTSS
X-Navigation-Version
X-T
X-Shield-Request-Id
Content-MD5
Public-Key-Pins
X-ORACLE-DMS-RID
X-Oracle-Dms-Rid
AR-PoweredBy
AR-ATIME
AR-CACHE
X-DynaTrace-JS-Agent
X-Trace
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Client-IP
X-Amz-Rid
X-HW
X-Forwarded-Proto
Arr-Disable-Session-Affinity
X-Fastly-Request-ID
X-Wix-Server-Artifact-Id
X-Accel-Buffering
SPRequestDuration
SPIisLatency
Realpath
X-DIS-Request-ID
Service-Worker-Allowed
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
X-B
X-Upstream
X-Amz-Meta-S3cmd-Attrs
X-F-Cache
X-Ser
Pinterest-Version
X-Pinterest-Rid
Paypal-Debug-Id
X-Via-JSL
AR-Request-ID
Front-End-Https
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-DC
X-Country-Code-Real
X-FTR-Realm
X-Id
X-FTR-Expires
X-XRDS-Location
X-Dw-Request-Base-Id
X-Vcap-Request-Id
X-Varnish-Age
X-Debug
X-Dns-Prefetch-Control
Ar-Sid
X-Acc-Meta-Resource-Type
X-Goog-Storage-Class
X-MSEdge-Ref
X-Kinsta-Cache
Nginx-Cache
X-Hits
X-N
X-NF-Request-ID
X-FTR-Cache-Host
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-NewRelic-App-Data
S
X-Logged-In
X-B3-TraceId-Primal
MRF-Tech
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-Ttl
X-DataStream-Cache-Status
X-Akam-SW-Version
X-Forwarded-For
Alternate-Protocol
X-Frontend
Tracecode
X-PressLabs-Stats
X-HS-Content-Id
X-HS-Hub-Id
X-User-Agent
X-Grace
X-Amzn-Trace-Id
X-Server-ID
Server-Name
X-CACHE-GROUP
X-Pad
X-Content-Digest
X-Content-Options
Refresh
DynaTrace
TCN
Powered-By-ChinaCache
X-Content-Type
X-Fastcgi-Cache
Access-Control-Request-Method
MicrosoftSharePointTeamServices
Backend-Timing
AMP-Access-Control-Allow-Source-Origin
X-Analytics
X-CF-Powered-By
X-LB-Cache
Accept-Charset
Fastcgi-Cache
X-Rid
X-Activity-Id
Display
X-Middleton-Display
X-Zen-Fury
X-Sol
X-AppVersion
X-Debug-Info
FilterID
X-Az
X-IPLB-Instance
Host
X-Page-Id
X-FastCGI-Cache
MS-CV
ServerID
X-RateLimit-Remaining
X-Middleton-Response
Response
X-Magnolia-Registration
TP-Cache
TP-L2-Cache
Cache-Status
X-Cache-Hit
X-Hostname
X-Cache-Key
X-Content-Powered-By
X-Srv
X-VCache
X-Seen-By
X-ATG-Version
X-Mobile
X-WA-Info
X-TA-CDN-Provider
X-Revision
Surrogate-Key
X-Varnish-Backend
X-Cached-By
X-B3-Sampled
X-Request-Received
X-Request-Processing-Time
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-SS-Set-Cookie
X-Whom
Host-Header
X-Instance
X-Signature
X-B-Cache
X-Cache-Action
X-Cluster
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Platform-Server
Rt-Fastcgi-Cache
X-Content-Security-Policy-Report-Only
X-Drupal-Cache-Tags
Server-Info
Source
Cleartype
X-Request-Guid
X-Wix-Request-Id
ViewerVersion
X-PHP-Backend
X-Handled-By
X-Framework
X-Akamai-Edgescape
X-Cache-Age
X-Origin-Server
X-TT
X-App-Environment
X-GUploader-UploadID
DC
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Cache-Control
X-Generated-By
X-Edge-Location
Fusion-Content-Id
X-BCube-Filmed-By
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Source
X-Geo-Country
X-App-Server
X-FW-Static
X-FW-Hash
X-FW-Type
X-FW-Serve
X-FW-Server
X-AOL-HN
X-Varnish-Server
Server-Node
X-Cache-Rule
X-Oneagent-Js-Injection
X-NWS-LOG-UUID
X-Varnish-Hostname
X-Webkit-Csp
X-XRDS-LOCATION
Retry-After
X-Real-IP
X-Ruxit-Js-Agent
X-Correlation-Id
X-Cache-2
Eomportal-Instance
X-Amz-Server-Side-Encryption
Payment
X-Varnish-Grace
X-FB-Debug
Webserver
X-Amz-Replication-Status
Actual-Object-TTL
X-TT-TIMESTAMP
Access-Control-Allow-Method
X-Response-Served-From
X-Cacheable-TTL
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
GEO-INFO
ServedBy
AsisCache
X-Varnish-Hits
Content-Style-Type
Content-Script-Type
Filters
X-Drupal-Cache-Contexts
X-TX-ID
X-UUID
X-WebKit-CSP-Report-Only
X-Cache-Config
X-RTag
X-Region
NGB
Ms-Operation-Id
Healthy
X-Jobs
X-UA-Device-Type
X-Adobe-Loc
X-Varnish-IP
X-Adobe-Content
Viewport
Upgrade-Insecure-Requests
X-Servedby
X-Contextid
X-Rendered-As
Cache-Tv-Group
X-RequestSource
X-Accel-Expires
X-Locale
Country
From-Origin
X-Ezoic-Cdn
X-Device-Type
HitType
X-VG-WebCache
X-WPE-Loopback-Upstream-Addr
X-BACKEND-TTL
X-Cache-TTL
Pagespeed
X-Cache-TTL-Remaining
Fastcgi-Useragent
X-Upstream-Proxy
X-Cache-Server
X-FW-Dynamic
Edge-Cache-Tag
Cache
X-Cache-Remote
X-CACHE-KEY
X-Content-Age
X-Cache-Operation
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Cache-Tags
Fastly-Restarts
X-Redis-Cache
X-RateLimit-Limit
X-Upgrade-Enabled
X-Hit
X-Source
Datacenter
X-Storage
X-Guploader-Uploadid
X-Esi
X-S
X-APP-VERSION
X-App-Version
X-DataStream-MidMile-RTT
X-Mode
X-DataStream-Origin-MEX-Latency
X-GeoIP
Served-By
Cache-Tag
X-Daa-Tunnel
X-Generated
Meta-Geo
Origin-Cache-Control
X-Is-Bot
Origin-Edge-Control
Load-Balancing
X-Status
X-Backend-Name
Vix-Hermes-Req-Id
X-Akamai-Request-ID
SRV
X-Path-Route
X-Detected-As
X-Cache-Var-Map
X-Cache-Var
Machine
Xserver
X-Tb
X-RN-RSRV
X-Internal-Host
X-NCache
X-Hl-Ver
X-Time-Microsecs
X-NGENIX-Cache
X-JoinUs
X-Rule
NtCoent-Length
X-Labrador-Cache-Channel
X-Origin-Response-Time
X-Birta-Cache-Post
X-Birta-Served
X-Cache-Category-Id
Now
X-ProxyCache-Key
X-BYPASS-REASON
X-ServerID
X-Agile
Selected-FE
X-ProxyCache-Status
X-L-Path
X-Loop
Cache-Key
X-Agile-Age
X-TNCMS
X-Agile-Id
X-Timing-Wait
X-Origin-Host
X-Pubstack
X-Varnish-Cache-Hits
X-Web-Node
X-Grey
X-Www-Served-By
X-Hosted-By
X-Environment-Context
X-Proxy
X-CDN-Cache
X-Proxy-Build
X-Varnish-Cacheable
X-FC-Vary-Parameters
X-Akamai-Transformed
X-Edge-IP
TWC-Locale-Group
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-LatLong
S-Rt
X-IP
X-ProcessESI
X-PERF
X-PCL
TWC-Connection-Speed
X-RemovedCookies
X-Human
X-Viewer-Country
X-Pc-Appver
X-Via-Fastly
X-Cache-Enabled
X-OCL
X-Format
X-ApacheServer
Webcakes-App-Name
X-Pc-Key
Webcakes-App-Version
Webcakes-Region
X-Origin-Hint
X-Pc-Hit
TWC-Privacy
Property-Id
Cache-Name
Azure-RegionName
Azure-SiteName
Azure-InstanceId
X-Section
X-GEO
X-VG-TLSProxy
X-Site-Version
X-Access
Azure-SlotName
Public-Key-Pins-Report-Only
Fastcgi-X-Cache-Version
X-Debug-Cache
Azure-Version
X-MP-GENERATED-AT
DB-Nickname
X-CCM
X-Proxied
X-Xfnlog-Site
X-App-Name
X-Routing-Service
X-Zipkin-Id
Mail-Subject
X-Microcachable
We-Hiring
Access-Control-Request-Headers
X-Varnish-Ttl
X-Cache-NE
X-Origin
User-Agent
X-EdgeConnect-Cache-Status
X-Original-Request
Liferay-Portal
X-Protected-By
S-Cnection
X-Cdn-Forward
Cache-Hits
X-Ocache
X-Sucuri-ID
User-Cache-Control
X-Nginx-Cache
X-Node-Name
X-FW-Version
X-Ua
LB
X-Request-Time
X-ES-SERVER
X-Proto
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Trace-Id
Powered
X-Time
X-Tumblr-Pixel-3
X-Nc
X-Webstats-RespID
X-GRACE
CACHE
Ohc-File-Size
X-Forwarded-Host
X-FB-TRIP-ID
X-Unique-ID
X-Endurance-Cache-Level
X-Origin-CC
L5d-Success-Class
X-Correlation-ID
Frame-Options
Section-Io-Cache
X-UA
X-VWS-Id
X-LJ-Flow-ID
X-AWS-Id
PageSpeed
X-V
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Cluster-Node
IBM-Web2-Location
X-Parent-Response-Time
X-OVcl-Cache
X-OVcl
OT-Force-Account-Verify
X-Origin-TTL
AR-SID
X-R9-Blue-Green-Version
X-Cache-Backend
X-Rocket-Nginx-Bypass
X-ElasticPress-Search
Nel
X-Upstream-HT
X-Upstream-CT
Cache-Prefix
X-Gen-Mode
Decoy-Debug-Status
Decoy-Debug-Key
Country-Code
X-Generated-In
X-Li-Pop
Decoy-Debug-TTL
X-Li-Fabric
X-LI-Proto
X-LI-UUID
X-NU-AKA-ACS-Version
X-Micro-Cache
X-Irp-Debug
X-Info
X-Hnp-Log
BehaviorPad-Version
Arc-Country
X-IN-APIGATEWAY
X-IN-WAF
X-Goog-Meta-Goog-Reserved-File-Mtime
X-External-Request-Id
X-Cache-Bucket
X-Block-Status
Powered-By
X-BB-ID
Node
X-Cache-FS-Status
X-Cache-Id
X-Cache-Host
Mobile-Detection-Method
Rendered-Blocks
X-B-Cookie
X-Aed
X-Accel-Expires-Debug
Www
VivaBuild
X-Amz-Meta-Cache-Control
X-Application
X-Auto-Login
X-ARC
Resin-Trace
X-Cache-Info
X-Cache-URL
Fly-Request-Id
GMS-Ver
X-DPWN-IS-SECURE
X-Distil-CS
Fly-Cache
Fastly-SWR
X-From
Fastly-SIE
X-Fetched-On
X-Developer
X-Destination
Memcached
X-Cdn-Srv
Meta-Geo-Continent
MD5-Digest
X-CF-Lambda-Fn
X-Date
X-Connection-Hash
X-CF-Lambda-Version
Ec-Rule-Version
X-EIG-Tracking-Id
X-Twitter-Response-Tags
X-TT-LOGID
X-Rewrite-Enabled
X-Wikidot-Backend
X-We-Are-Hiring
X-Trv-Group
X-Transaction
Xc-Version
X-Reboot
X-Wikidot-Static-Cache
X-Request-UUID
X-Vgn-Hpd-Reason
X-Rojux
X-UE-Client-Country
X-Pc-Subdomain
X-Pc-Host
X-Server-Group
X-User
X-Server-By
X-ScT
X-S-Maxage
X-VG-WebServer
X-S-Cookie
X-ServiceProvider
X-Pc-Date
X-Rebelmouse-Surrogate-Control
X-Region-Sid
Viewtype
X-Rebelmouse-Cache-Control
X-PAYTM-SRV-ID
X-SRCache-Key
X-Origin-Date
X-PHP-Host
X-Origin-Expires
X-Dc
X-Varnish-Beresp-Ttl
X-Sf
X-ShardId
X-Shopify-Stage
X-A-Ccd
X-ShopId
Who
X-Server-IP
X-Var-Ttl
X-CGP
X-TrackingId
Web-Mar-Node
X-Thinkindot-L3
X-A-Dam
X-A
X-A-Wwc
X-Backend-State
X-Stale
X-Backend-Url
X-Clientip
X-Backend-Host
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-SIPLIST1
X-Svr
X-Alternate-Cache-Key
X-Cache-Debug
X-Cache-Expires
X-A-Dgt
X-Thanos
X-Actual-URL
X-Swa-Ws
X-Bip
X-A-Dcw
X-Variation
X-LAGOON
X-Level-Front-Cache
X-Cache-Grace
X-Proxy-Cache-Status
X-Proxy-Upstream
On-Server
X-GeoIP-Country-Code
X-Hash
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Policy
X-Location
X-Node-Id
X-Nginx-Cache-Key
X-Passed-To-BeforeDispatch
X-Passed-To
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Logtrace-Id
X-Matched-Rule
X-Platform
X-Generated-On
X-Request-URI
X-Dispatcher-Server
X-NX-Host
X-Distributor
X-Varnish-Action
X-Debug-Log
X-Debug-Cookies
X-Crawler
X-CUA
X-D
X-Secret
X-Epic-Correlation-Id
X-Eu-Site
X-Returned-From-BeforeDispatch
X-Returned-From
X-Response-By
X-Gannett-Site-Version
X-G
X-Returned-From-DLL
X-Fastly-Cache
X-FireWall-Port
X-Returned-From-PostProcessResponse
X-Core-Mission
X-C
Content-Disposition
Countrycode
Origin
HA-Ipaddr
Platform
Request-Time
Proxy-Connection
Fastly-Backend-Name
Fastly-Soc-X-Request-Id
Ha-Gx-Prefs
Ajk
Is-Eu
IsBot
Magicmarker
Lfy
Backend
CDCHOST
Thinkindot-CacheControl
Server-Host
Thinkindot-CacheControl-Type
Thinkindot-Control
True-Client-Country-4JS
SD-X-WS
Adler-Geo
Warning
X-HS-Cache-Config
X-Device-Os
Apple-News-Services-Request-Url
X-SERVER
X-Key
Cache-Cookie-Set-Idcheck
X-Developers
X-MSEdge-Features
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
AKAMAI
X-Debug-Cache-Store
Cache-Cookie-Set-From
GW-Server
X-F5-Cache
X-MSEdge-Flight
Apple-News-Services-Host
X-Generation-Time
Apple-News-Services-Parsed-Url
X-IN-SSL-APIGATEWAY
X-Fstrz
X-Instart-Isnd
X-Server-Cache
Cache-Cookie-Set-Lfrom
Fastly-SSL
Apple-News-Services-Handled
X-No-Session
X-Qloud-Router
X-Croise-Owner
X-Varnish-Authentication
RNT-Machine
X-Amz-Meta-Surrogate-Control
Pagetype
Release
Pramga
Mn-Server-Ip
X-Cache-ASPX
X-Via-CDN
Server-Cache-Control
RNT-Time
Heartbleed
Server-Int
X-Core-Value
SS
X-UnsetCookies
Server-Surrogate-Control
X-Up
X-Sucuri-Cache
REQUESTUUID
X-Be
Server-ID
Fastcgi-X-Cache
NGX
X-Varnish-Url
Kp-EeAlive
X-Page-Type
X-Server-Time
X-Edge-Cache
X-Edge-Cache-Key
X-Died
X-Pjax-Url
X-Sedo-Request-Id
X-TIME
X-Via-NSCOPI
X-Cache-Miss-From
SID
RequestId
X-B3-Traceid
X-Owner
X-SN
Hostname
HostName
Odigeo-Trace-Id
X-Servername
X-Refresh
Version
X-Newrelic-App-Data
X-From-Cache
PFcat
X-URL
X-CDN-Forward
MIME-Version
HTTPS
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Real-Ip
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Server-Time
X-Servedbyhost
Time
X-B3-SpanId
X-NC
Mime-Version
Cteonnt-Length
Cdn-Host
X-Cache-CFC
Cdn-Request-Time
X-Store
X-Edge-Server
Cdn
Esi-Enabled
ProcessTime
X-MI-In-Market
X-CSRF-TOKEN
X-Layer
MI-API
MI-Cache
X-RCS-CacheZone
X-FPC
MI-Cache-Age
FastCGI-Cache
X-RequestId
HA-Urlpath
X-IPS-LoggedIn
HA-Host
X-Hyper-Cache
HA-Georegion
HA-Geolon
HA-Servedtime
HA-Geolat
HA-Geocountry
HA-Cloudapp
PICS-Label
X-Req
HA-Geocity
Amp-Access-Control-Allow-Source-Origin
X-Webkit-CSP
Memory
X-Amzn-Remapped-Connection
X-Mobile-URL
X-Amzn-Remapped-Date
X-CLOUD-TRACE-CONTEXT
X-GZip
CF-IPCountry
X-Dynatrace-Js-Agent
Cf-Ipcountry
Cross-Origin-Window-Policy
X-NodeID
Backend-Name
X-VServer
Processtime
X-Varnish-Beresp-TTL
X-Ratelimit-Remaining
X-Mrs-Age
X-Mrs-Cache-Hits
X-Mshield-Cache-Status
X-Mrs-Cache
X-B3-Spanid
X-HS-Combine-CSS
X-Wa
X-Load-Cache
X-Lb-Id
X-CMS-Context
X-Unique-Id-Primal
X-WR-MODIFICATION
CDN
X-Aicache-OS
X-DC
X-Ratelimit-Limit
X-Geo
X-HTML-Minification-Powered-By
X-Instart-Info
X-Skip-Cache
X-WebServer
X-Pf-Uncompressing
X-Fastly-Country-Code
X-PF-Uncompressing
X-Phone
Ohc-Response-Time
X-Newrelic-Synthetics
Ohc-Cache-HIT
XServer
X-Request-Start
X-Atg-Version
Uber-Trace-Id
URI
X-VC-Cache
X-WA
GeoIP-Country-Code
X-Release
X-Cms-Context
X-Tb-Optimization-Total-Bytes-Saved
X-Nananana
GeoIP-Latitude
X-UCC
Pics-Label
X-Gateway-Cache-Status
X-Server-W
N-Cache
X-Gateway-Cache-Key
X-FORWARDED-FOR
T-Server
Accept-Ch-Lifetime
X-Gateway-Skip-Cache
X-Oracle-Dms-Ecid
X-APP
X-LB-ID
X-Processor
X-ND-Cache
X-COUNTRY
X-MServer
X-GoCache-CacheStatus
Rt-Proxy-Cache
X-Served-From
X-SRV
X-Hp-Webp
X-BBXSRF
X-Worker
X-CSRF-Token
X-Datadome
X-Unique-Id
X-Shard
X-ServedByHost
X-LiteSpeed-Cache-Control
A
X-SERVER-NAME
V-Age
X-UPSTREAM-Address
X-Cdn-Origin
X-Sn-Servicetimems
X-CACHE-AGE
X-Fastly-Cache-Hits
DataCenter
X-VCT
X-SVT-ORM-RULES
X-Check-Cacheable
X-HS-Status
X-SVT-ORM-VERSION
X-Amzn-Remapped-Content-Length
X-Geo-Header
X-ServerName
X-GeoIP-City
X-Optimization
Host-ID
Proxy-Firewall
X-Requestid
X-Cache-HT
X-GZIP
X-NGINX-Cache
X-Vcache
Get-Access-Time
Cneonction
UCS
Geoip-Latitude
Is-Session-Tracking
X-BE
X-P-T
X-ID
WP-Super-Cache
X-Git-Hash
Dnion-Transfer-Encoding
X-Backend-TTL
GeoIp-Country-Code
X-Varnish-URL
X-PAGE-TYPE
Request-EU
ServerName
X-Fpc
X-Csrf-Token
Request-Country
X-PJAX-URL
X-Port
Requestid
Serverid
X-NWS-UUID-VERIFY
X-Html-Edge-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Gen-Id
FSS-Cache
Cache-Provider
X-Planisys-CDN-TTL
FSS-Proxy
Pragrma
X-HostName
X-StackifyID
X-LiteSpeed-Tag
Server-Id
RequestUuid
X-Fe
X-GDPR
X-RCS-Backend
X-Dw-Trace-Id
X-Vg-Webcache
189phosttRef
188prxHost
DSUID
219prxHost
178proxuri
Inserted-Into-Cache-At
X-RAMCache
X-Request-Url
X-CS
WZWS-RAY
Xxline
409pxxline
225prxHost
286prxHost
352pxline
355prline
X-Fastly-Backend-Reqs