Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
X-Request-Id
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Xss-Protection
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Request-ID
X-Check
X-AspNetMvc-Version
Status
X-Cache-Status
X-Adblock-Key
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-Template
Content-Encoding
X-Language
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
Keep-Alive
X-Buckets
Xkey
X-AH-Environment
X-Backend
X-Cache-Group
WPE-Backend
Access-Control-Max-Age
X-Pass-Why
X-Age
CF-Ray
X-POWERED-BY
X-Server
Upgrade
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Pingback
X-Drupal-Dynamic-Cache
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Grace
X-Hacker
X-Amz-Id-2
X-Amz-Request-Id
X-UA-Device
Ali-Swift-Global-Savetime
X-Robots-Tag
P3p
Cf-Railgun
X-LiteSpeed-Cache
X-Envoy-Upstream-Service-Time
X-Proxy-Cache
X-Ua-Compatible
X-Page-Speed
Request-Context
Content-Location
X-Device
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Node
X-Cnection
X-Cache-Lookup
X-Amz-Version-Id
X-Host
Surrogate-Control
X-Server-Id
X-WebKit-CSP
X-Backend-Server
X-Rack-Cache
X-Rq
X-Response-Time
X-Application-Context
X-Readtime
X-CST
EagleEye-TraceId
Server-Timing
X-Url
Pinterest-Generated-By
X-Cloud-Trace-Context
X-TTL
X-Instart-Request-ID
X-OneAgent-JS-Injection
Request-Id
X-Dns-Prefetch-Control
Report-To
X-Px
X-Country
X-ORACLE-DMS-ECID
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Feature-Policy
Rating
Edge-Control
X-Country-Code
Allow
X-DynaTrace-JS-Agent
Charset
X-DataDome
X-ESI
X-Powered-CMS
X-Server-Name
X-FTR-Request-ID
X-Vname
X-PC
X-TtlSet
X-Origin-Cache
X-DynaTrace
NEL
X-MS-InvokeApp
X-ORACLE-DMS-RID
X-Goog-Hash
X-Recruiting
X-Varnish-TTL
X-Cached
X-VARITI-CCR
X-Vhost
X-GitHub-Request-Id
Content-MD5
RTSS
X-F-Cache
X-Version
X-Exp-Id
X-Kinja-Revision
X-Cdn-Fetch
X-Kinja
X-GoogleNews-Bot
X-Geo-Segment
X-Kinja-Build
X-Exp-Variant
X-Kinja-Server
X-Powered-By-Plesk
Public-Key-Pins
Accept-CH
PB-PID
PB-RID
X-Mobile-Rewrite
X-Pinterest-Rid
Pinterest-Version
Arc-Version
X-Upstream-Env
X-Mod-Pagespeed
X-D2id
Verso
X-Client-IP
X-CF-Powered-By
SPRequestGuid
X-Abt-Application-Version
MS-Author-Via
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-N
X-Dispatcher
X-SharePointHealthScore
AR-ATIME
AR-PoweredBy
X-Amz-Rid
AR-CACHE
X-Navigation-Version
Accept-CH-Lifetime
Nginx-Cache
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-T
Permitted-Cross-Domain-Policies
X-Do-Not-Hack
X-HeyJason
DynaTrace
X-Trace
X-Dw-Request-Base-Id
Paypal-Debug-Id
X-Fastly-Request-ID
X-Grace
X-Upstream
X-Varnish-Age
X-Hits
Arr-Disable-Session-Affinity
TCN
X-Forwarded-Proto
X-Id
X-FastCGI-Cache
X-Amz-Meta-S3cmd-Attrs
X-DIS-Request-ID
X-Origin-Upstream-Status
X-Shield-Request-Id
X-Pad
SPIisLatency
SPRequestDuration
AR-SID
X-Content-Options
X-Cache-Hit
X-Content-Digest
Realpath
X-Logged-In
X-IPLB-Instance
X-Kinsta-Cache
X-Server-ID
X-NF-Request-ID
X-Ruxit-JS-Agent
Access-Control-Request-Method
MRF-Tech
X-Mrf-Item-Lastmod
X-Acc-Meta-Resource-Type
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-B
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Storage-Class
X-SS-Set-Cookie
X-HW
X-Vcap-Request-Id
X-Debug
S
X-XRDS-Location
X-MSEdge-Ref
X-Ser
Service-Worker-Allowed
Server-Name
X-NewRelic-App-Data
X-PressLabs-Stats
X-FTR-Realm
X-FTR-DC
X-FTR-Balancer
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Backend
X-Wix-Server-Artifact-Id
X-Frontend
Tracecode
X-Cache-Key
X-Oneagent-Js-Injection
X-FTR-Expires
AMP-Access-Control-Allow-Source-Origin
Rt-Fastcgi-Cache
Fastcgi-Cache
Eomportal-Instance
X-Forwarded-For
Alternate-Protocol
Surrogate-Key
X-GUploader-UploadID
Cleartype
X-Cache-Rule
Cache-Status
X-Srv
Backend-Timing
X-Analytics
X-NWS-LOG-UUID
X-HS-Hub-Id
X-HS-Content-Id
Host
X-VCache
Fastly-Restarts
TP-L2-Cache
TP-Cache
X-Revision
X-Rid
X-User-Agent
FilterID
X-FTR-Cache-Host
X-Whom
X-Debug-Info
Public-Key-Pins-Report-Only
X-Akam-SW-Version
X-AOL-HN
ServerID
X-Cache-2
X-RateLimit-Remaining
X-Varnish-Backend
X-XRDS-LOCATION
X-Via-JSL
X-Content-Powered-By
X-Accel-Buffering
X-Webkit-CSP
X-Cdn
X-Request-Processing-Time
X-Request-Received
X-Kinja-Server-Push
Accept-Charset
Front-End-Https
X-Zen-Fury
X-Mobile
X-Oracle-Dms-Rid
Viewport
X-Ttl
X-WPE-Loopback-Upstream-Addr
X-Cached-By
X-Node-Name
X-TA-CDN-Provider
Liferay-Portal
X-App-Environment
X-LB-Cache
X-Cache-Control
X-Cluster
Host-Header
X-B3-Traceid
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Varnish-Hostname
X-Content-Security-Policy-Report-Only
X-Page-Id
X-Magnolia-Registration
Cache-Tag
X-Device-Type
X-Framework
X-B3-Sampled
X-TT
X-Akamai-Edgescape
X-Request-Guid
X-Handled-By
X-Correlation-Id
X-Instance
X-FB-Debug
X-BCube-Filmed-By
Upgrade-Insecure-Requests
X-B-Cache
X-Platform-Server
X-Hostname
X-Signature
DC
X-Cache-Server
X-Origin-Server
Server-Node
X-TT-TIMESTAMP
MicrosoftSharePointTeamServices
Source
Retry-After
X-Contextid
X-Accel-Expires
X-Servedby
X-Amzn-Trace-Id
X-WA-Info
HitInfo
X-Varnish-Server
X-Cache-Action
HitType
Server-Info
Display
X-Sol
X-Middleton-Display
X-APP-VERSION
X-Cache-Operation
X-Distil-CS
X-Port
Content-Script-Type
X-Amz-Replication-Status
Content-Style-Type
X-Daa-Tunnel
X-Generated-By
X-Geo-Country
X-Edge-Location
X-GeoIP
X-Seen-By
X-Wix-Request-Id
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-WebKit-CSP-Report-Only
Webserver
GEO-INFO
AsisCache
X-RequestSource
X-S
X-Status
Healthy
X-TX-ID
Actual-Object-TTL
X-Hyper-Cache
X-Locale
X-FW-Static
X-Edge-Cache-Key
X-Edge-Cache
ServedBy
X-FW-Hash
X-FW-Serve
X-FW-Type
X-FW-Server
X-Region
X-Response-Served-From
User-Agent
X-Varnish-Hits
X-Jobs
X-UUID
X-Drupal-Cache-Tags
X-Adobe-Content
X-Adobe-Loc
X-DataStream-Cache-Status
SRV
X-Varnish-Grace
X-Yottaa-Optimizations
Refresh
Filters
X-Yottaa-Metrics
X-Fastcgi-Cache
X-Cache-Age
X-Esi
S-Cnection
X-Amz-Server-Side-Encryption
NGB
IBM-Web2-Location
X-Cache-TTL-Remaining
Response
X-Middleton-Response
X-CDN-Forward
X-Proxied
X-Cache-NE
X-Activity-Id
X-AppVersion
X-Content-Type
X-Az
X-ATG-Version
X-Pc-Appver
X-Newrelic-App-Data
X-Pc-Hit
Payment
X-Pc-Key
X-Ruxit-Js-Agent
AR-Request-ID
X-Cache-Remote
X-App-Server
X-Cacheable-TTL
X-Kong-Proxy-Latency
Datacenter
X-Kong-Upstream-Latency
X-Cache-TTL
X-UA
Cache
Country
X-Vg-Webcache
X-Unique-ID
X-HS-Cache-Config
Served-By
X-Akamai-Transformed
Edge-Cache-Tag
X-Mode
X-Sucuri-ID
X-Varnish-IP
Machine
X-ProcessESI
X-RemovedCookies
X-Is-Bot
X-Rendered-As
Meta-Geo
X-RN-RSRV
X-Detected-As
Load-Balancing
X-Proxy
X-PCL
X-ProxyCache-Status
X-FC-Vary-Parameters
X-OCL
X-Rocket-Nginx-Bypass
X-ProxyCache-Key
X-BYPASS-REASON
X-Varnish-Cacheable
X-ServerID
X-Tb
X-Origin-Hint
TWC-Privacy
User-Cache-Control
X-BB-IP
X-Origin
X-Debug-Cache
X-Cache-Category-Id
TWC-Locale-Group
TWC-GeoIP-LatLong
Property-Id
TWC-Connection-Speed
TWC-Device-Class
Now
Mn-Server-Ip
DB-Nickname
L5d-Success-Class
Webcakes-App-Name
Webcakes-Region
Access-Control-Allow-Method
TWC-GeoIP-Country
Cache-Name
X-Hosted-By
X-Grey
X-Amz-Meta-Surrogate-Control
Webcakes-App-Version
X-EIG-Tracking-Id
X-Human
X-Viewer-Country
Backend
X-Real-IP
X-Pubstack
X-Routing-Service
X-PERF
X-OVcl-Cache
X-Original-Request
X-OVcl
Cache-Key
X-Section
Azure-InstanceId
X-Site-Version
Azure-RegionName
Azure-SiteName
X-Cache-Config
Azure-SlotName
X-NodeID
X-Loop
X-Environment-Context
X-Format
X-Access
X-ApacheServer
X-CDN-Cache
X-Backend-Name
X-Generated
X-Hit
S-Rt
X-L-Path
ServerName
X-JoinUs
X-Correlation-ID
X-TNCMS
Azure-Version
X-Varnish-Cache-Hits
X-Via-Fastly
X-Cache-Var
X-Zipkin-Id
X-Cache-Var-Map
X-Upgrade-Enabled
X-Rule
X-Agile-Age
X-LJ-Flow-ID
X-Agile-Id
X-Proxy-Build
X-IP
X-NGENIX-Cache
X-Xfnlog-Site
X-Timing-Wait
X-Agile
X-Ocache
X-Www-Served-By
Access-Control-Request-Headers
X-TWH-CORRELATION-ID
X-SplitTest
X-HS-Combine-CSS
X-CCM
X-AWS-Id
Selected-FE
X-VWS-Id
X-Source
X-App-Name
X-HOST
X-Origin-CC
X-Drupal-Cache-Contexts
X-URL
HostName
X-Akamai-Request-ID
X-Storage
X-Pc-Host
X-Pc-Date
OT-Force-Account-Verify
X-Upstream-HT
X-Upstream-CT
X-Vgn-Hpd-Reason
X-RateLimit-Limit
X-Nginx-Cache
X-Litespeed-Cache
X-Mrs-Cache-Hits
X-Mrs-Age
X-Mrs-Cache
X-Mshield-Cache-Status
X-Time-Microsecs
Fastcgi-X-Cache-Version
Fastcgi-X-Cache
Fastcgi-Useragent
From-Origin
X-NC
X-NCache
X-UA-Device-Type
X-Forwarded-Host
X-Internal-Host
X-Feature
XServer
X-Amzn-RequestId
X-Microcachable
Fastly-SSL
X-Iejgwucgyu
X-Amz-Apigw-Id
Powered-By-ChinaCache
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Release
X-Distributor
X-M-Log
X-M-Reqid
X-Qnm-Cache
X-PHP-Backend
Pagespeed
X-Ms-Blob-Type
X-Ms-Lease-Status
LB
X-Ms-Version
X-Ms-Request-Id
X-Birta-Served
X-Birta-Cache-Post
Pagetype
X-Cache-Backend
X-Labrador-Cache-Channel
NtCoent-Length
X-Webkit-Csp
X-VG-TLSProxy
X-Connection-Hash
X-EdgeConnect-Cache-Status
X-Twitter-Response-Tags
X-Transaction
X-B3-Spanid
Frame-Options
MIME-Version
Time
X-Instance-Name
X-GZip
X-Web-Node
X-C
X-SERVER-NAME
X-V
X-CS
AKAMAI
Ajk
IsBot
NGX
Fly-Request-Id
X-No-Session
Mobile-Detection-Method
MD5-Digest
X-WebServer
X-CUA
X-Date
Meta-Geo-Continent
X-D
BehaviorPad-Version
Server-Int
X-Logtrace-Id
X-G
X-Developer
X-PAYTM-SRV-ID
Rendered-Blocks
X-Generation-Time
X-Via-SSL
Cneonction
X-Destination
X-IN-WAF
Xc-Version
X-Generated-In
Cache-Prefix
X-NU-AKA-ACS-Version
X-Org
X-Irp-Debug
Host-ID
X-Varnish-Beresp-Ttl
Fly-Cache
X-B-Cookie
X-BB-ID
X-ARC
X-Application
X-SIPLIST1
X-Rojux
X-SRCache-Key
X-Cache-Bucket
Www
X-Via-Edge
X-Rewrite-Enabled
Arc-Country
X-S-Cookie
X-Server-By
X-A-Dam
X-A-Dgt
X-A-Dcw
X-A-Ccd
X-ScT
Ec-Rule-Version
X-A
X-Accel-Expires-Debug
X-A-Wwc
X-DPWN-IS-SECURE
X-IN-SSL-APIGATEWAY
X-Redis-Cache
V-Age
X-Died
X-Region-Sid
VivaBuild
Viewtype
X-CF-Lambda-Fn
T-Server
X-VG-WebServer
X-Via-CDN
X-Server-Time
X-IN-APIGATEWAY
X-CF-Lambda-Version
X-Dispatcher-Server
X-UE-Client-Country
X-From
X-Trv-Group
X-Request-UUID
X-Powered-By-ANYU
X-App-Version
X-FireWall-Port
X-Sucuri-Cache
WZWS-RAY
X-NWS-UUID-VERIFY
HA-Servedtime
HA-Georegion
HA-Geolon
GMS-Ver
HA-Cloudapp
HA-Host
HA-Ipaddr
HA-Geolat
X-Hl-Ver
HA-Geocountry
Ha-Gx-Prefs
HA-Geocity
X-Hnp-Log
HA-Urlpath
X-F5-Cache
X-Block-Status
X-Cache-CFC
X-Amz-Meta-Cache-Control
X-Eu-Site
X-External-Request-Id
X-Cache-Enabled
X-CGP
X-Debug-Log
X-Debug-Cookies
X-Crawler
X-Core-Value
X-Fastly-Cache
Web-Mar-Node
Origin-Cache-Control
Origin-Edge-Control
X-GeoIP-City
NodeID
Magicmarker
Pragrma
Release
SN
Server-Host
X-Gen-Mode
Request-Time
Kp-EeAlive
X-Platform
X-Owner
Backend-Name
X-Key
X-S-Maxage
X-Node-Id
X-Var-Ttl
X-Origin-TTL
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-UnsetCookies
X-RCS-CacheZone
X-NX-Host
X-VServer
X-Varnish-Action
X-Phone
X-Request-URI
X-VCT
Esi-Enabled
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-We-Are-Hiring
X-Layer
Country-Code
X-Webstats-RespID
X-Backend-Host
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Sn-Servicetimems
X-Alternate-Cache-Key
X-Epic-Correlation-Id
X-ServiceProvider
X-Returned-From-PostProcessResponse
X-Secret
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Fetched-On
X-Server-IP
X-Backend-State
X-ShopId
X-Actual-URL
X-ShardId
X-Sf
PageSpeed
X-Thinkindot-L3
X-Variation
X-Ckpd-Fst-Backend
X-Up
X-Cdn-Srv
X-Cdn-Origin
X-Clientip
X-Content-Age
X-Store
X-Developers
X-Hash
X-Worker
X-Croise-Owner
X-Cache-URL
X-Cache-Srv
X-ElasticPress-Search
X-Swa-Ws
X-Stale
X-Sorting-Hat-ShopId
X-Backend-Url
X-Returned-From
X-Trace-Id
X-Cache-Host
X-Tumblr-Pixel-3
X-Cache-Expires
X-TT-LOGID
X-Backend-TTL
True-Client-Country-4JS
Apple-News-Services-Host
Apple-News-Services-Handled
X-GeoIP-Country-Code
Apple-News-Services-Parsed-Url
Cache-Tags
Apple-News-Services-Request-Url
MI-API
MI-Cache
Odigeo-Trace-Id
On-Server
Adler-Geo
X-Nginx-Cache-Key
MI-Cache-Age
Is-Eu
CDCHOST
Decoy-Debug-Status
Decoy-Debug-Key
Decoy-Debug-TTL
Fastly-Backend-Name
X-Location
Countrycode
X-Matched-Rule
X-MSEdge-Flight
X-HTML-Minification-Powered-By
Heartbleed
X-MSEdge-Features
X-MI-In-Market
X-Response-By
Origin
X-FW-Version
Thinkindot-CacheControl
Server-ID
Section-Io-Cache
PFcat
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Request-Time
X-Fstrz
X-Reboot
Uber-Trace-Id
RNT-Machine
RNT-Time
Request-Country
X-Gannett-Site-Version
X-Passed-To-PostProcessResponse
X-Passed-To-DLL
X-Passed-To-BeforeDispatch
X-Passed-To
Platform
X-Device-Os
Request-EU
Proxy-Connection
X-Servername
X-Skip-Cache
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Core-Mission
Sid
X-Alicdn-Da-Ups-Status
Resin-Trace
Fastly-SWR
Cteonnt-Length
Content-Disposition
HTTPS
Fastly-SIE
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
REQUESTUUID
X-Cluster-Node
X-Policy
X-CACHE-AGE
X-Ezoic-Cdn
Powered
X-Csrf-Token
WP-Super-Cache
Ar-Sid
X-Ua
X-Refresh
X-Dc
ProcessTime
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Pf-Uncompressing
ViewerVersion
RequestId
CDN
Warning
Xserver
X-Servedbyhost
CF-IPCountry
X-Proto
X-GEO
X-TIME
X-Real-Ip
Mail-Subject
We-Hiring
X-Cache-ASPX
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
X-Endurance-Cache-Level
X-Newrelic-Synthetics
Dnion-Transfer-Encoding
X-B3-TraceId
X-GoCache-CacheStatus
X-Atg-Version
X-Req
X-Pjax-Url
NODE
X-Surge-Debug
Hostname
X-Varnish-Ttl
X-Nc
CACHE
X-CLOUD-TRACE-CONTEXT
NnCoection
X-Aed
X-CSRF-Token
X-DC
X-Edge-IP
Geoip-Latitude
X-Origin-Date
X-Origin-Expires
X-COUNTRY
X-Time
GeoIp-Country-Code
X-Guploader-Uploadid
X-Server-W
X-Page-Type
Pramga
X-HCF
X-Cache-Control-Set-By
X-Varnish-HitMiss
X-Oracle-Dms-Ecid
X-Varnish-Beresp-TTL
SD-X-WS
TSSecure
X-Ms-Lease-State
WWW-Authenticate
X-Server-Group
A
X-Aicache-OS
Processtime
X-Flog
X-ABtesting
X-Amz-Cf-Pop
X-Hello
MS-CV
X-WA
X-Datadome
X-DataStream-MidMile-RTT
X-GRACE
X-DataStream-Origin-MEX-Latency
X-Varnish-Url
X-Geo
Geoip-City
X-Cdn-Forward
X-Varnish-URL
PICS-Label
X-Wix-Route-ID
Cdn
X-Ratelimit-Limit
X-Auto-Login
X-Akamai-Request-ID2
X-Wa
Lfy
Node
X-From-Cache
Mime-Version
Cdn-Request-Time
Dont-Set-Cookie
Cdn-Host
FSS-Proxy
X-UPSTREAM-Address
X-Edge-Server
FSS-Cache
X-Gdpr
Lb
X-Use-Magma
X-PAGE-TYPE
X-APP
X-Unique-Id
X-Sentry-ID
X-NODE
X-Nananana
X-Gen-Id
Ms-Operation-Id
GeoIP-City
GeoIP-Latitude
PageType
GeoIP-Country-Code
X-SRV
X-RTag
Rt-Proxy-Cache
X-Via-NSCOPI
X-Check-Cacheable
X-EC-Security-Audit
COMMERCE-SERVER-SOFTWARE
X-WR-MODIFICATION
DataCenter
X-Fastly-Backend-Reqs
Is-Session-Tracking
Get-Access-Time
X-Optimization
X-Served-From
X-Cookie
X-Env
X-Cache-Id
X-CACHE-KEY
X-Cache-HT
X-Load-Cache
X-GDPR
X-Cache-Info
Who
X-Proxy-Server
Memcached
X-Thanos
X-Bip
X-Dynatrace-Js-Agent
X-FORWARDED-FOR
X-Be
X-Cache-FS-Status
X-MP-GENERATED-AT
Pics-Label
X-Request-Start
X-Wix-Petri-Ex
X-Swift-Error
X-PJAX-URL
Ws
Memory
X-Ibm-Trace
X-Fastly-Cache-Hits
X-Ver
X-Meta-Tbi-Cache-Vertical
X-HS-Status
Group
X-Fe
V-Cache
X-RateLimit-Reset
Httpd-Identifier
X-B3-SpanId
X-ServedByHost
X-Cache-Ttl
X-SVT-ORM-VERSION
UCS
X-NGINX-Cache
X-Shard
X-SVT-ORM-RULES
X-CDN-Pop-IP
Powered-By
URI
GW-Server
X-CDN-Pop
Cf-Ipcountry
X-Dw-Trace-Id
Amp-Access-Control-Allow-Source-Origin
X-ID
Ohc-File-Size
X-GZIP
NX-Cache
Requestid
X-SB
Version
AGE-Hash
X-PF-Uncompressing
X-Path-Route
X-VC
X-User
X-Bug-Bounty
Serverid
Cache-Hits
X-Varnish-Info
X-P-T
X-Ratelimit-Remaining
X-CacheKey
X-StackifyID
Xet-Cookie
X-LiteSpeed-Cache-Control
CDN-Cache
N-Cache
CDN-Cache-Hit
CDN-Node
X-SD-PageType
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Cache-Handler
X-Providence-Cookie
X-Route-Name
X-Is-Crawler
X-Flags
X-Litespeed-Cache-Control
X-RequestId
X-ServerName
Apicache-Version
Https
X-Grace-Duration
Apicache-Store
Fastly-Soc-X-Request-Id
X-Akamai-ERPolicy
X-Akamai-ERRuleID
Ohc-Response-Time