Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Timer
CF-Cache-Status
X-Request-Id
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Xss-Protection
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Request-ID
X-Check
X-AspNetMvc-Version
Status
X-Cache-Status
X-Adblock-Key
Timing-Allow-Origin
X-Iinfo
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-Template
Content-Encoding
X-Language
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
Keep-Alive
X-Buckets
Xkey
X-Backend
X-Cache-Group
X-AH-Environment
WPE-Backend
Access-Control-Max-Age
X-Pass-Why
X-Age
X-Server
CF-Ray
Upgrade
X-POWERED-BY
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Pingback
X-Drupal-Dynamic-Cache
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Grace
X-Hacker
X-Amz-Request-Id
X-Amz-Id-2
X-UA-Device
Ali-Swift-Global-Savetime
X-Robots-Tag
Cf-Railgun
P3p
X-LiteSpeed-Cache
X-Envoy-Upstream-Service-Time
X-Proxy-Cache
X-Page-Speed
X-Ua-Compatible
Request-Context
Content-Location
X-Device
X-Ac
X-Node
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cnection
X-Host
X-Cache-Lookup
X-Amz-Version-Id
Surrogate-Control
X-Server-Id
X-WebKit-CSP
X-Backend-Server
X-Rack-Cache
X-Rq
X-Response-Time
X-Application-Context
X-Readtime
X-CST
EagleEye-TraceId
X-Dns-Prefetch-Control
Pinterest-Generated-By
Server-Timing
X-Url
X-Cloud-Trace-Context
X-OneAgent-JS-Injection
X-Instart-Request-ID
Request-Id
X-TTL
X-Px
Report-To
X-Country
X-Clacks-Overhead
X-ORACLE-DMS-ECID
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Feature-Policy
Rating
Edge-Control
X-Country-Code
Allow
X-DynaTrace-JS-Agent
Charset
X-ESI
X-Server-Name
X-Powered-CMS
X-FTR-Request-ID
X-DataDome
X-PC
X-TtlSet
X-Vname
X-Origin-Cache
X-DynaTrace
NEL
X-MS-InvokeApp
X-Goog-Hash
X-Recruiting
X-Varnish-TTL
X-ORACLE-DMS-RID
X-Cached
X-Vhost
X-VARITI-CCR
Content-MD5
X-GitHub-Request-Id
RTSS
X-Version
X-F-Cache
X-Exp-Variant
X-Kinja-Build
X-Exp-Id
X-Kinja
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Server
X-Geo-Segment
X-Powered-By-Plesk
Public-Key-Pins
PB-PID
PB-RID
Pinterest-Version
Arc-Version
X-Pinterest-Rid
X-Mobile-Rewrite
X-Upstream-Env
X-Mod-Pagespeed
X-CF-Powered-By
Verso
Accept-CH
X-D2id
X-Client-IP
SPRequestGuid
MS-Author-Via
X-Abt-Application-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-N
X-Dispatcher
X-SharePointHealthScore
AR-PoweredBy
AR-ATIME
X-Amz-Rid
AR-CACHE
X-HeyJason
Permitted-Cross-Domain-Policies
X-Do-Not-Hack
X-Navigation-Version
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
Nginx-Cache
X-T
DynaTrace
Accept-CH-Lifetime
X-Dw-Request-Base-Id
X-Trace
Paypal-Debug-Id
X-Fastly-Request-ID
X-Upstream
X-Grace
Arr-Disable-Session-Affinity
X-Varnish-Age
X-Hits
TCN
X-FastCGI-Cache
X-Forwarded-Proto
X-Amz-Meta-S3cmd-Attrs
X-Id
X-DIS-Request-ID
X-Shield-Request-Id
X-Origin-Upstream-Status
X-Pad
SPIisLatency
SPRequestDuration
X-Content-Options
X-Ruxit-JS-Agent
X-Cache-Hit
AR-SID
Realpath
X-Content-Digest
X-Logged-In
Access-Control-Request-Method
X-IPLB-Instance
X-NF-Request-ID
Mrf-Cache-Status
X-Mrf-Item-Lastmod
MRF-Tech
X-Kinsta-Cache
X-Mrf-Section-Lastmod
X-Acc-Meta-Resource-Type
X-XRDS-Location
X-B
X-Server-ID
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Storage-Class
X-SS-Set-Cookie
X-HW
X-Vcap-Request-Id
S
X-Debug
X-MSEdge-Ref
Service-Worker-Allowed
X-Ser
Server-Name
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Balancer
X-PressLabs-Stats
X-Frontend
X-Wix-Server-Artifact-Id
Tracecode
X-FTR-Expires
X-Cache-Key
X-NewRelic-App-Data
Fastcgi-Cache
AMP-Access-Control-Allow-Source-Origin
Rt-Fastcgi-Cache
X-GUploader-UploadID
Eomportal-Instance
Alternate-Protocol
X-Forwarded-For
Surrogate-Key
X-Oneagent-Js-Injection
Cleartype
X-Cache-Rule
Cache-Status
X-Srv
X-HS-Content-Id
X-HS-Hub-Id
X-Analytics
Backend-Timing
X-NWS-LOG-UUID
X-VCache
TP-L2-Cache
X-Revision
X-User-Agent
TP-Cache
Host
X-Rid
FilterID
X-Ttl
X-FTR-Cache-Host
Fastly-Restarts
X-Debug-Info
X-Whom
Public-Key-Pins-Report-Only
X-AOL-HN
X-Akam-SW-Version
X-Oracle-Dms-Rid
ServerID
X-Via-JSL
X-Cache-2
X-Varnish-Backend
X-RateLimit-Remaining
X-Content-Powered-By
X-Accel-Buffering
X-Request-Processing-Time
X-Request-Received
X-Zen-Fury
Accept-Charset
Front-End-Https
X-Webkit-CSP
Viewport
X-Cdn
X-Mobile
X-Kinja-Server-Push
X-Cached-By
X-WPE-Loopback-Upstream-Addr
Liferay-Portal
X-Node-Name
X-App-Environment
X-XRDS-LOCATION
X-B3-Traceid
X-LB-Cache
X-Cache-Control
X-Page-Id
X-Magnolia-Registration
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Varnish-Hostname
X-Content-Security-Policy-Report-Only
X-Cluster
Cache-Tag
X-Handled-By
X-Request-Guid
X-Hostname
X-TT
X-Framework
Host-Header
X-Akamai-Edgescape
X-Device-Type
X-B3-Sampled
X-Platform-Server
X-Signature
X-B-Cache
Upgrade-Insecure-Requests
X-BCube-Filmed-By
X-FB-Debug
X-Instance
DC
X-Cache-Server
Server-Node
X-Origin-Server
X-TT-TIMESTAMP
Source
X-TA-CDN-Provider
X-Correlation-Id
Retry-After
MicrosoftSharePointTeamServices
X-Accel-Expires
X-Servedby
X-Contextid
X-Amzn-Trace-Id
X-WA-Info
HitType
HitInfo
Server-Info
X-Cache-Action
X-APP-VERSION
X-Varnish-Server
X-Cache-Operation
X-Sol
X-Middleton-Display
Display
X-Distil-CS
X-Port
X-Daa-Tunnel
X-Amz-Replication-Status
X-Generated-By
X-Geo-Country
AsisCache
Content-Style-Type
X-Edge-Location
Content-Script-Type
X-GeoIP
X-Wix-Request-Id
X-Seen-By
X-RequestSource
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-S
X-Hyper-Cache
GEO-INFO
X-WebKit-CSP-Report-Only
Webserver
X-TX-ID
X-Status
X-Locale
Actual-Object-TTL
ServedBy
X-Edge-Cache-Key
X-Jobs
X-FW-Type
X-FW-Server
X-Region
X-Response-Served-From
Healthy
X-UUID
X-FW-Serve
X-FW-Static
X-FW-Hash
X-Edge-Cache
X-Drupal-Cache-Tags
X-Adobe-Content
X-Adobe-Loc
X-Varnish-Hits
User-Agent
X-DataStream-Cache-Status
SRV
X-Varnish-Grace
Filters
X-Newrelic-App-Data
S-Cnection
X-Yottaa-Metrics
X-Amz-Server-Side-Encryption
Refresh
X-Yottaa-Optimizations
NGB
X-Proxied
IBM-Web2-Location
X-Middleton-Response
Response
X-Fastcgi-Cache
X-Cache-TTL-Remaining
X-Cache-Age
X-Az
X-AppVersion
X-Activity-Id
Cache
AR-Request-ID
X-Esi
X-App-Server
X-CDN-Forward
X-Pc-Hit
X-Pc-Key
X-Cache-NE
X-Pc-Appver
X-Content-Type
Payment
X-Cache-Remote
X-Correlation-ID
X-Cacheable-TTL
X-Unique-ID
X-Cache-TTL
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Ruxit-Js-Agent
Datacenter
Served-By
X-Vg-Webcache
X-UA
Country
X-ATG-Version
X-Akamai-Transformed
Edge-Cache-Tag
X-HS-Cache-Config
X-Mode
X-Sucuri-ID
X-Real-IP
X-Detected-As
Machine
X-Is-Bot
X-RN-RSRV
X-Rendered-As
X-RemovedCookies
Load-Balancing
X-Varnish-IP
X-ProcessESI
Meta-Geo
X-PCL
User-Cache-Control
X-Proxy
X-ProxyCache-Key
X-BYPASS-REASON
X-FC-Vary-Parameters
X-ProxyCache-Status
X-OCL
X-Rocket-Nginx-Bypass
Webcakes-App-Name
X-Pubstack
X-ApacheServer
X-Tb
X-ServerID
Mn-Server-Ip
Property-Id
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Device-Class
TWC-Connection-Speed
X-Viewer-Country
X-Origin
Now
X-Amz-Meta-Surrogate-Control
X-Grey
X-Cache-Config
X-Cache-Category-Id
Backend
TWC-Privacy
Cache-Name
X-EIG-Tracking-Id
Cache-Key
X-Hosted-By
X-Human
Access-Control-Allow-Method
L5d-Success-Class
Webcakes-Region
X-Origin-Hint
X-PERF
Webcakes-App-Version
X-BB-IP
X-Debug-Cache
DB-Nickname
X-Source
X-Backend-Name
X-Access
X-CCM
X-Environment-Context
X-Generated
X-Format
X-CDN-Cache
ServerName
Azure-RegionName
Azure-InstanceId
Azure-SiteName
Azure-SlotName
S-Rt
Azure-Version
X-Hit
X-JoinUs
X-Upgrade-Enabled
X-TNCMS
X-Varnish-Cache-Hits
X-Varnish-Cacheable
X-Zipkin-Id
X-Via-Fastly
X-Site-Version
X-Section
X-Loop
X-L-Path
X-NodeID
X-OVcl
X-Routing-Service
X-OVcl-Cache
Access-Control-Request-Headers
X-Original-Request
X-Xfnlog-Site
X-App-Name
X-Www-Served-By
X-Agile-Id
X-Agile-Age
Selected-FE
HostName
X-Agile
X-VWS-Id
X-TWH-CORRELATION-ID
X-NGENIX-Cache
X-Ocache
X-Proxy-Build
X-LJ-Flow-ID
X-IP
X-Timing-Wait
X-SplitTest
X-Rule
X-AWS-Id
X-Storage
X-HS-Combine-CSS
X-Drupal-Cache-Contexts
X-Origin-CC
X-Cache-Var-Map
X-Cache-Var
X-Pc-Date
X-Pc-Host
X-Akamai-Request-ID
X-URL
X-Upstream-CT
X-Upstream-HT
X-NC
X-Vgn-Hpd-Reason
X-RateLimit-Limit
OT-Force-Account-Verify
X-Time-Microsecs
X-Mrs-Cache
X-Mrs-Cache-Hits
X-Mshield-Cache-Status
X-Mrs-Age
From-Origin
X-Nginx-Cache
X-UA-Device-Type
XServer
X-Litespeed-Cache
X-NCache
X-Internal-Host
Fastcgi-X-Cache-Version
Fastcgi-X-Cache
Fastcgi-Useragent
X-Microcachable
X-PHP-Backend
X-Amz-Apigw-Id
X-Forwarded-Host
X-Amzn-RequestId
Powered-By-ChinaCache
X-Distributor
Fastly-SSL
Pagespeed
X-Release
X-M-Log
X-Feature
X-M-Reqid
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Qnm-Cache
X-Iejgwucgyu
LB
X-Ms-Blob-Type
X-Ms-Lease-Status
X-Ms-Request-Id
X-Ms-Version
Pagetype
X-Birta-Served
X-Birta-Cache-Post
X-Cache-Backend
X-Labrador-Cache-Channel
X-EdgeConnect-Cache-Status
X-Connection-Hash
X-Twitter-Response-Tags
NtCoent-Length
MIME-Version
X-Transaction
X-VG-TLSProxy
X-Webkit-Csp
X-Instance-Name
X-V
X-B3-Spanid
X-Ah-Environment
Frame-Options
Time
X-GZip
X-Web-Node
Ar-Sid
X-C
X-Varnish-Beresp-Ttl
X-DPWN-IS-SECURE
X-Dispatcher-Server
X-Died
X-PAYTM-SRV-ID
Host-ID
Cneonction
X-A-Ccd
X-A
Www
X-From
Web-Mar-Node
X-SRCache-Key
X-G
Arc-Country
X-Cache-Bucket
X-SIPLIST1
Viewtype
VivaBuild
X-Hnp-Log
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Trv-Group
X-IN-APIGATEWAY
Ajk
IsBot
NGX
X-Accel-Expires-Debug
Cache-Prefix
BehaviorPad-Version
MD5-Digest
X-Logtrace-Id
Meta-Geo-Continent
X-A-Wwc
X-Irp-Debug
X-A-Dcw
X-IN-SSL-APIGATEWAY
X-Org
X-A-Dam
X-NU-AKA-ACS-Version
X-A-Dgt
X-No-Session
X-IN-WAF
X-UE-Client-Country
V-Age
X-Gen-Mode
X-ARC
X-Rewrite-Enabled
Rendered-Blocks
X-VG-WebServer
X-WebServer
Server-Int
X-S-Cookie
X-Application
Fly-Cache
Ec-Rule-Version
X-Request-URI
X-Request-UUID
X-Developer
X-Destination
X-Region-Sid
X-B-Cookie
X-Redis-Cache
Xc-Version
Fly-Request-Id
X-Rojux
T-Server
X-Via-CDN
X-Block-Status
X-D
X-ScT
X-CS
X-CUA
X-Via-Edge
X-Generated-In
X-Via-SSL
X-Date
X-Generation-Time
X-Server-By
X-Server-Time
X-BB-ID
X-SERVER-NAME
X-Powered-By-ANYU
X-Sucuri-Cache
X-FireWall-Port
WZWS-RAY
Kp-EeAlive
HA-Host
HA-Urlpath
HA-Georegion
HA-Geolat
HA-Servedtime
HA-Geolon
HA-Geocountry
Ha-Gx-Prefs
X-Fastly-Cache
HA-Ipaddr
Request-EU
Server-Host
X-Cache-Enabled
X-Debug-Log
HA-Geocity
Request-Country
Request-Time
X-Debug-Cookies
X-Amz-Meta-Cache-Control
X-Core-Value
X-CGP
X-Crawler
True-Client-Country-4JS
SN
Release
X-Cache-CFC
NodeID
X-External-Request-Id
MI-Cache-Age
MI-Cache
X-F5-Cache
MI-API
X-Eu-Site
On-Server
Pragrma
Proxy-Connection
X-ElasticPress-Search
Origin-Edge-Control
Origin-Cache-Control
Magicmarker
X-RateLimit-Limit-Second
X-NX-Host
X-Sf
X-Origin-TTL
X-Owner
X-Node-Id
X-VServer
X-MI-In-Market
X-Wikidot-Backend
X-We-Are-Hiring
X-ServiceProvider
X-Phone
X-UnsetCookies
HA-Cloudapp
Cteonnt-Length
X-S-Maxage
X-Var-Ttl
X-Platform
X-RateLimit-Remaining-Second
X-RCS-CacheZone
X-Wikidot-Static-Cache
AKAMAI
Country-Code
Mobile-Detection-Method
X-HTML-Minification-Powered-By
X-Hl-Ver
Decoy-Debug-Key
Decoy-Debug-TTL
Esi-Enabled
Decoy-Debug-Status
X-GeoIP-City
GMS-Ver
X-Key
X-Layer
Backend-Name
Cache-Tags
CDCHOST
X-NWS-UUID-VERIFY
X-HOST
X-App-Version
X-Webstats-RespID
X-Content-Age
X-Thinkindot-L3
X-Sorting-Hat-PodId
X-Trace-Id
X-Stale
X-Swa-Ws
X-Clientip
X-Sorting-Hat-ShopId
X-Ckpd-Fst-Backend
X-Cache-URL
X-Cache-Host
X-Cache-Srv
X-Cache-Expires
X-Worker
X-VCT
X-Sn-Servicetimems
X-Cdn-Origin
X-Up
X-Tumblr-Pixel-3
X-Variation
X-Varnish-Action
X-Cdn-Srv
X-TT-LOGID
X-Response-By
X-MSEdge-Flight
X-MSEdge-Features
X-Nginx-Cache-Key
X-Epic-Correlation-Id
X-Passed-To-BeforeDispatch
X-Passed-To
X-Matched-Rule
X-Location
X-GeoIP-Country-Code
X-Gannett-Site-Version
X-Hash
X-FW-Version
X-Fetched-On
X-Fstrz
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Server-IP
X-Secret
X-ShardId
X-ShopId
X-Shopify-Stage
X-Croise-Owner
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-Request-Time
X-Reboot
X-Device-Os
X-Developers
X-Returned-From-BeforeDispatch
X-Returned-From
X-Skip-Cache
Uber-Trace-Id
RNT-Machine
Adler-Geo
Platform
RNT-Time
Section-Io-Cache
Heartbleed
Thinkindot-CacheControl
Server-ID
Apple-News-Services-Handled
Apple-News-Services-Host
Countrycode
Fastly-Backend-Name
Is-Eu
Odigeo-Trace-Id
Origin
Apple-News-Services-Parsed-Url
PFcat
Apple-News-Services-Request-Url
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Backend-TTL
X-Actual-URL
X-Backend-State
X-Backend-Host
X-Alternate-Cache-Key
X-Backend-Url
X-CACHE-AGE
X-Csrf-Token
Fastly-SWR
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
Fastly-SIE
X-Store
Content-Disposition
X-Oss-Server-Time
PageSpeed
Sid
X-Core-Mission
X-Servername
X-Alicdn-Da-Ups-Status
Resin-Trace
X-Oss-Request-Id
X-Rebelmouse-Surrogate-Control
X-Oss-Storage-Class
X-Rebelmouse-Cache-Control
X-Ua
X-Atg-Version
WP-Super-Cache
X-Policy
CDN
HTTPS
X-Oracle-Dms-Ecid
X-Ezoic-Cdn
X-Cluster-Node
X-Planisys-CDN-TTL
ProcessTime
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Pf-Uncompressing
X-Refresh
X-Servedbyhost
Powered
Warning
Xserver
REQUESTUUID
RequestId
X-Proto
CF-IPCountry
ViewerVersion
X-GEO
Mail-Subject
We-Hiring
X-Cache-ASPX
X-Real-Ip
X-TIME
X-Dc
Cache-Cookie-Set-Idcheck
X-GoCache-CacheStatus
X-Pjax-Url
Cache-Cookie-Set-Lfrom
Dnion-Transfer-Encoding
Cache-Cookie-Set-From
X-Req
X-Datadome
X-Endurance-Cache-Level
NODE
X-Newrelic-Synthetics
X-B3-TraceId
X-DC
X-Surge-Debug
NnCoection
X-Time
Hostname
X-Varnish-Ttl
X-Server-W
X-Edge-IP
X-Page-Type
X-Origin-Date
X-Origin-Expires
X-CLOUD-TRACE-CONTEXT
X-Aed
X-COUNTRY
X-Cache-Control-Set-By
X-Varnish-HitMiss
GeoIp-Country-Code
X-HCF
Geoip-Latitude
X-Nc
X-Guploader-Uploadid
X-Ms-Lease-State
Pramga
X-CSRF-Token
SD-X-WS
X-Varnish-Beresp-TTL
TSSecure
X-Server-Group
WWW-Authenticate
Processtime
MS-CV
CACHE
X-Cdn-Forward
X-Aicache-OS
A
X-Varnish-Url
Geoip-City
PICS-Label
X-Varnish-URL
X-Hello
X-Wix-Route-ID
X-GRACE
X-ABtesting
X-Flog
X-Geo
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Wa
X-Amz-Cf-Pop
X-WA
Dont-Set-Cookie
X-Ratelimit-Limit
Cdn
X-From-Cache
Cdn-Request-Time
X-Akamai-Request-ID2
Cdn-Host
Node
X-Auto-Login
X-Gdpr
Lfy
X-Edge-Server
FSS-Cache
FSS-Proxy
Lb
X-Use-Magma
DataCenter
Ms-Operation-Id
X-RTag
Mime-Version
X-Sentry-ID
X-Gen-Id
GeoIP-Country-Code
X-EC-Security-Audit
X-APP
GeoIP-Latitude
X-UPSTREAM-Address
COMMERCE-SERVER-SOFTWARE
X-WR-MODIFICATION
X-Nananana
X-PAGE-TYPE
Is-Session-Tracking
X-Fastly-Backend-Reqs
X-SRV
Rt-Proxy-Cache
PageType
Get-Access-Time
GeoIP-City
X-Optimization
X-Env
X-Via-NSCOPI
X-Check-Cacheable
X-Cache-HT
X-Load-Cache
X-Cache-Id
Who
X-Cookie
X-CACHE-KEY
X-Served-From
X-Unique-Id
X-Thanos
Memcached
X-Bip
X-Wix-Petri-Ex
X-Proxy-Server
X-Cache-Info
X-Cache-FS-Status
X-GDPR
X-Dynatrace-Js-Agent
X-Meta-Tbi-Cache-Vertical
X-FORWARDED-FOR
Ws
X-MP-GENERATED-AT
X-Ibm-Trace
X-Ver
Pics-Label
X-Be
X-Swift-Error
Httpd-Identifier
Memory
X-Request-Start
X-PJAX-URL
X-NGINX-Cache
X-HS-Status
X-Fe
X-SVT-ORM-RULES
Ohc-File-Size
X-Fastly-Cache-Hits
Powered-By
X-Cache-Ttl
V-Cache
X-B3-SpanId
X-RateLimit-Reset
Group
X-SVT-ORM-VERSION
X-Path-Route
GW-Server
UCS
X-CDN-Pop
X-CDN-Pop-IP
Requestid
X-Dw-Trace-Id
X-Shard
Cf-Ipcountry
X-ServedByHost
Version
URI
Amp-Access-Control-Allow-Source-Origin
X-ID
X-GZIP
AGE-Hash
NX-Cache
X-P-T
Xet-Cookie
X-VC
X-User
X-Bug-Bounty
X-PF-Uncompressing
X-LiteSpeed-Cache-Control
X-SB
Serverid
X-Ratelimit-Remaining
X-Varnish-Info
N-Cache
Fastly-Soc-X-Request-Id
X-StackifyID
Https
Apicache-Version
CDN-Cache
CDN-Cache-Hit
CDN-Node
Ohc-Response-Time
Cache-Hits
X-Akamai-ERPolicy
Apicache-Store
X-Akamai-ERRuleID
X-CacheKey
X-BE
X-Info
RequestUuid
X-Goog-Meta-Goog-Reserved-File-Mtime
If-Modified-Since
X-Is-Crawler
X-Flags
X-Litespeed-Cache-Control
X-Micro-Cache
X-Providence-Cookie
X-Route-Name
X-Cache-Handler
X-Grace-Duration
X-RequestId
X-ServerName
X-SD-PageType