Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
X-Request-Id
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Xss-Protection
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Request-ID
X-Check
X-AspNetMvc-Version
Status
X-Cache-Status
X-Adblock-Key
Timing-Allow-Origin
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
X-Template
Content-Encoding
X-Language
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
Keep-Alive
X-Buckets
Xkey
X-Backend
X-Cache-Group
X-AH-Environment
WPE-Backend
Access-Control-Max-Age
X-Pass-Why
X-Age
CF-Ray
X-Server
X-POWERED-BY
Upgrade
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Pingback
X-Drupal-Dynamic-Cache
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Grace
X-Hacker
X-Amz-Id-2
X-Amz-Request-Id
X-UA-Device
Ali-Swift-Global-Savetime
X-Robots-Tag
P3p
Cf-Railgun
X-LiteSpeed-Cache
X-Envoy-Upstream-Service-Time
X-Proxy-Cache
X-Ua-Compatible
X-Page-Speed
Request-Context
Content-Location
X-Device
X-Ac
X-Node
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cnection
X-Host
X-Cache-Lookup
X-Server-Id
X-Amz-Version-Id
Surrogate-Control
X-WebKit-CSP
X-Backend-Server
X-Rack-Cache
X-Rq
X-Response-Time
X-Application-Context
X-Readtime
X-CST
X-Dns-Prefetch-Control
EagleEye-TraceId
Pinterest-Generated-By
Server-Timing
X-Url
X-Cloud-Trace-Context
X-TTL
X-Instart-Request-ID
X-OneAgent-JS-Injection
Request-Id
X-Px
Report-To
X-Country
X-ORACLE-DMS-ECID
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Feature-Policy
Rating
Edge-Control
Allow
X-Country-Code
X-DynaTrace-JS-Agent
Charset
X-DataDome
X-ESI
X-Server-Name
X-Powered-CMS
X-FTR-Request-ID
X-PC
X-Vname
X-TtlSet
X-Origin-Cache
X-DynaTrace
NEL
X-MS-InvokeApp
X-ORACLE-DMS-RID
X-Goog-Hash
X-Recruiting
X-Varnish-TTL
X-Cached
X-VARITI-CCR
X-Vhost
Content-MD5
X-GitHub-Request-Id
RTSS
X-Version
X-F-Cache
X-Kinja-Revision
X-GoogleNews-Bot
X-Geo-Segment
X-Kinja
X-Kinja-Build
X-Kinja-Server
X-Exp-Id
X-Exp-Variant
X-Cdn-Fetch
X-Powered-By-Plesk
Public-Key-Pins
X-CF-Powered-By
X-Pinterest-Rid
Pinterest-Version
PB-RID
X-Upstream-Env
PB-PID
Arc-Version
X-Mobile-Rewrite
X-Mod-Pagespeed
Verso
X-Client-IP
SPRequestGuid
Accept-CH
X-D2id
X-Abt-Application-Version
MS-Author-Via
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-N
X-Dispatcher
AR-PoweredBy
AR-ATIME
X-SharePointHealthScore
Permitted-Cross-Domain-Policies
X-HeyJason
X-Do-Not-Hack
AR-CACHE
X-Amz-Rid
X-Navigation-Version
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-T
Nginx-Cache
DynaTrace
Accept-CH-Lifetime
Paypal-Debug-Id
X-Dw-Request-Base-Id
X-Trace
X-Fastly-Request-ID
X-Upstream
X-Grace
X-Varnish-Age
Arr-Disable-Session-Affinity
X-Hits
TCN
X-FastCGI-Cache
X-Amz-Meta-S3cmd-Attrs
X-Forwarded-Proto
X-Origin-Upstream-Status
X-Id
X-DIS-Request-ID
X-Shield-Request-Id
X-Pad
SPIisLatency
SPRequestDuration
X-Content-Options
X-Cache-Hit
AR-SID
X-Logged-In
X-Content-Digest
X-IPLB-Instance
Realpath
X-Kinsta-Cache
Access-Control-Request-Method
X-Mrf-Section-Lastmod
X-Acc-Meta-Resource-Type
Mrf-Cache-Status
X-NF-Request-ID
X-Mrf-Item-Lastmod
MRF-Tech
X-B
X-Ruxit-JS-Agent
X-XRDS-Location
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Storage-Class
X-SS-Set-Cookie
X-HW
X-Vcap-Request-Id
S
X-Debug
X-MSEdge-Ref
Service-Worker-Allowed
X-Ser
Server-Name
X-Country-Code-Real
X-FTR-Balancer
X-FTR-DC
X-FTR-Realm
X-PressLabs-Stats
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Backend
X-NewRelic-App-Data
X-Frontend
X-Server-ID
Tracecode
X-Wix-Server-Artifact-Id
X-FTR-Expires
X-Oneagent-Js-Injection
X-Cache-Key
Fastcgi-Cache
Rt-Fastcgi-Cache
Eomportal-Instance
AMP-Access-Control-Allow-Source-Origin
Alternate-Protocol
X-GUploader-UploadID
X-Forwarded-For
Surrogate-Key
Cleartype
X-Cache-Rule
Cache-Status
X-Srv
X-NWS-LOG-UUID
X-HS-Hub-Id
X-HS-Content-Id
X-Analytics
Backend-Timing
X-VCache
Host
TP-L2-Cache
TP-Cache
X-Revision
X-User-Agent
X-Rid
FilterID
X-Whom
Fastly-Restarts
X-FTR-Cache-Host
X-Debug-Info
Public-Key-Pins-Report-Only
X-AOL-HN
X-Akam-SW-Version
X-Cache-2
X-Via-JSL
ServerID
X-Varnish-Backend
X-Content-Powered-By
X-RateLimit-Remaining
X-Webkit-CSP
X-Cdn
X-Request-Received
X-Request-Processing-Time
X-Kinja-Server-Push
Viewport
Accept-Charset
X-Zen-Fury
X-Accel-Buffering
X-Ttl
X-Oracle-Dms-Rid
Front-End-Https
X-Mobile
X-XRDS-LOCATION
X-WPE-Loopback-Upstream-Addr
X-Cached-By
Liferay-Portal
X-Node-Name
X-App-Environment
X-LB-Cache
X-Content-Security-Policy-Report-Only
X-Varnish-Hostname
X-B3-Traceid
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Cluster
X-Cache-Control
Host-Header
X-Magnolia-Registration
X-Tumblr-User
X-Hostname
X-Page-Id
X-B3-Sampled
X-TT
Cache-Tag
X-Request-Guid
X-Akamai-Edgescape
X-Handled-By
X-Framework
X-Device-Type
X-BCube-Filmed-By
Upgrade-Insecure-Requests
X-B-Cache
X-FB-Debug
X-Instance
X-Platform-Server
X-Signature
DC
X-Cache-Server
Server-Node
X-Origin-Server
X-TT-TIMESTAMP
X-Correlation-Id
X-TA-CDN-Provider
Source
MicrosoftSharePointTeamServices
Retry-After
X-Accel-Expires
X-Contextid
X-Servedby
X-WA-Info
X-Amzn-Trace-Id
Server-Info
HitType
HitInfo
X-Cache-Action
X-Varnish-Server
X-Cache-Operation
X-Daa-Tunnel
Display
X-Port
X-Distil-CS
X-Middleton-Display
X-Sol
X-APP-VERSION
X-Geo-Country
X-Generated-By
X-Amz-Replication-Status
Content-Script-Type
X-Edge-Location
AsisCache
Content-Style-Type
X-GeoIP
X-Hyper-Cache
GEO-INFO
X-Seen-By
X-TX-ID
X-S
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
Webserver
X-Wix-Request-Id
X-RequestSource
X-WebKit-CSP-Report-Only
X-Status
ServedBy
Actual-Object-TTL
X-Locale
X-FW-Server
X-FW-Static
Healthy
X-FW-Type
X-Jobs
X-Response-Served-From
X-Region
X-FW-Serve
X-UUID
X-Varnish-Hits
X-Edge-Cache
X-Edge-Cache-Key
X-FW-Hash
X-Drupal-Cache-Tags
X-Adobe-Content
User-Agent
X-DataStream-Cache-Status
X-Adobe-Loc
X-Varnish-Grace
SRV
Filters
S-Cnection
NGB
Refresh
X-Fastcgi-Cache
X-Amz-Server-Side-Encryption
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Cache-Age
IBM-Web2-Location
X-Proxied
X-Esi
X-Cache-TTL-Remaining
X-CDN-Forward
X-Middleton-Response
Response
AR-Request-ID
X-Activity-Id
X-App-Server
X-AppVersion
X-Az
X-Pc-Key
X-Pc-Hit
X-Pc-Appver
X-Cache-Remote
X-Newrelic-App-Data
X-Content-Type
X-Cache-NE
X-Ruxit-Js-Agent
Payment
Cache
X-Cacheable-TTL
X-Kong-Proxy-Latency
X-UA
X-Unique-ID
X-Kong-Upstream-Latency
X-Cache-TTL
X-ATG-Version
Datacenter
X-Correlation-ID
Country
X-Vg-Webcache
Served-By
X-HS-Cache-Config
X-Mode
Edge-Cache-Tag
X-Akamai-Transformed
Meta-Geo
X-Detected-As
Machine
Load-Balancing
X-Is-Bot
X-Sucuri-ID
X-RN-RSRV
X-RemovedCookies
X-ProcessESI
X-Rendered-As
X-ProxyCache-Key
X-ProxyCache-Status
X-Real-IP
X-FC-Vary-Parameters
User-Cache-Control
X-Proxy
X-Source
X-PCL
X-Rocket-Nginx-Bypass
X-OCL
X-BYPASS-REASON
Cache-Name
L5d-Success-Class
X-PERF
Access-Control-Allow-Method
Cache-Key
Backend
Webcakes-App-Name
X-Viewer-Country
X-BB-IP
X-Varnish-IP
X-Varnish-Cacheable
X-ServerID
X-Tb
X-Origin
X-Cache-Category-Id
X-Debug-Cache
X-Cache-Config
X-EIG-Tracking-Id
X-Grey
X-Human
X-Hosted-By
X-Pubstack
X-Backend-Name
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-Connection-Speed
Now
Property-Id
TWC-Locale-Group
TWC-Privacy
X-ApacheServer
X-Origin-Hint
X-Amz-Meta-Surrogate-Control
Webcakes-Region
Webcakes-App-Version
Mn-Server-Ip
DB-Nickname
X-Original-Request
X-Via-Fastly
X-Environment-Context
X-NodeID
X-Access
X-Zipkin-Id
X-OVcl
X-OVcl-Cache
Azure-RegionName
Azure-SiteName
Azure-InstanceId
Access-Control-Request-Headers
Azure-Version
ServerName
Azure-SlotName
S-Rt
X-CDN-Cache
X-CCM
X-Site-Version
X-Hit
X-Format
X-Generated
X-JoinUs
X-L-Path
X-Routing-Service
X-Upgrade-Enabled
X-Varnish-Cache-Hits
X-TNCMS
X-Loop
X-Section
Selected-FE
X-Ocache
X-AWS-Id
X-LJ-Flow-ID
X-IP
X-App-Name
X-Agile-Id
X-NGENIX-Cache
X-Agile
X-Agile-Age
X-Proxy-Build
X-SplitTest
X-Rule
X-TWH-CORRELATION-ID
X-Xfnlog-Site
X-Www-Served-By
X-VWS-Id
X-Storage
X-Timing-Wait
X-HS-Combine-CSS
X-Origin-CC
X-Drupal-Cache-Contexts
HostName
X-URL
X-Cache-Var
X-Akamai-Request-ID
X-Pc-Date
X-Cache-Var-Map
X-Pc-Host
X-Upstream-CT
X-Vgn-Hpd-Reason
X-Upstream-HT
X-Time-Microsecs
XServer
OT-Force-Account-Verify
X-NC
X-Litespeed-Cache
X-RateLimit-Limit
X-Nginx-Cache
X-UA-Device-Type
From-Origin
X-Mshield-Cache-Status
X-Mrs-Age
X-Mrs-Cache
X-Mrs-Cache-Hits
X-PHP-Backend
X-NCache
X-Internal-Host
X-Microcachable
X-Feature
Fastcgi-X-Cache
Fastcgi-Useragent
Fastcgi-X-Cache-Version
X-Distributor
X-Release
X-Forwarded-Host
Fastly-SSL
X-Amz-Apigw-Id
X-Amzn-RequestId
X-M-Reqid
X-Qnm-Cache
X-M-Log
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
LB
X-Ms-Blob-Type
Pagetype
Pagespeed
X-Ms-Request-Id
X-Ms-Lease-Status
X-Ms-Version
X-Birta-Cache-Post
X-Cache-Backend
Powered-By-ChinaCache
X-Birta-Served
X-Labrador-Cache-Channel
X-Transaction
NtCoent-Length
X-Twitter-Response-Tags
X-Webkit-Csp
X-Connection-Hash
X-EdgeConnect-Cache-Status
MIME-Version
X-Ah-Environment
X-VG-TLSProxy
X-Instance-Name
X-V
X-B3-Spanid
Ar-Sid
Frame-Options
X-GZip
X-Web-Node
X-SERVER-NAME
Time
X-C
X-Died
Host-ID
X-ARC
Fly-Cache
X-CUA
X-G
X-Dispatcher-Server
Ec-Rule-Version
X-B-Cookie
X-BB-ID
Xc-Version
Rendered-Blocks
X-PAYTM-SRV-ID
X-WebServer
X-Cache-Bucket
X-Block-Status
X-Server-Time
Ajk
AKAMAI
IsBot
NGX
X-Irp-Debug
Cache-Prefix
X-Logtrace-Id
Arc-Country
BehaviorPad-Version
MD5-Digest
Meta-Geo-Continent
X-IN-WAF
X-IN-SSL-APIGATEWAY
X-Hnp-Log
X-Org
V-Age
X-DPWN-IS-SECURE
X-NU-AKA-ACS-Version
T-Server
X-IN-APIGATEWAY
X-No-Session
X-From
X-Server-By
X-ScT
X-Application
X-A-Dam
X-Request-URI
X-Request-UUID
X-A-Ccd
X-A
X-Rojux
X-A-Dcw
X-Developer
X-Via-SSL
X-Region-Sid
X-Destination
Www
X-SRCache-Key
X-Rewrite-Enabled
Viewtype
X-SIPLIST1
X-Generation-Time
VivaBuild
X-Generated-In
Server-Int
Web-Mar-Node
X-Date
Fly-Request-Id
X-Trv-Group
X-Redis-Cache
X-VG-WebServer
X-Via-CDN
X-D
X-CS
X-Gen-Mode
X-S-Cookie
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Via-Edge
X-Accel-Expires-Debug
X-A-Wwc
X-UE-Client-Country
X-A-Dgt
X-HOST
X-Varnish-Beresp-Ttl
X-FireWall-Port
X-NWS-UUID-VERIFY
X-App-Version
Cneonction
HA-Geolon
Kp-EeAlive
Magicmarker
HA-Georegion
HA-Host
HA-Urlpath
HA-Servedtime
X-Fastly-Cache
Ha-Gx-Prefs
HA-Geocountry
HA-Ipaddr
HA-Geolat
X-Debug-Cookies
HA-Geocity
SN
Server-Host
X-Debug-Log
Request-EU
Request-Time
True-Client-Country-4JS
X-Crawler
X-Cache-Enabled
X-Cache-CFC
X-Amz-Meta-Cache-Control
X-CGP
X-Core-Value
Request-Country
Release
NodeID
X-External-Request-Id
MI-Cache-Age
MI-Cache
MI-API
X-Eu-Site
On-Server
Pragrma
Proxy-Connection
X-ElasticPress-Search
Origin-Edge-Control
Origin-Cache-Control
X-F5-Cache
X-Platform
X-Node-Id
X-NX-Host
X-Origin-TTL
X-Owner
X-VServer
WZWS-RAY
X-MI-In-Market
X-We-Are-Hiring
X-Sucuri-Cache
X-Powered-By-ANYU
X-Var-Ttl
X-Phone
Cteonnt-Length
X-S-Maxage
X-ServiceProvider
X-Sf
HA-Cloudapp
X-UnsetCookies
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-RCS-CacheZone
X-Wikidot-Backend
X-Varnish-Action
Decoy-Debug-Status
Decoy-Debug-Key
X-Wikidot-Static-Cache
Esi-Enabled
X-Hl-Ver
GMS-Ver
X-GeoIP-City
Mobile-Detection-Method
Country-Code
Decoy-Debug-TTL
Cache-Tags
X-Layer
CDCHOST
X-Key
Backend-Name
X-HTML-Minification-Powered-By
X-Webstats-RespID
X-Ckpd-Fst-Backend
X-Swa-Ws
X-VCT
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Content-Age
X-Clientip
X-Thinkindot-L3
X-Stale
X-Tumblr-Pixel-3
X-Variation
X-Cache-URL
X-Cdn-Srv
X-Cdn-Origin
X-Cache-Expires
X-Sn-Servicetimems
X-Cache-Srv
X-TT-LOGID
X-Cache-Host
X-Worker
X-Up
X-Trace-Id
X-Reboot
X-MSEdge-Flight
X-MSEdge-Features
X-Epic-Correlation-Id
X-Nginx-Cache-Key
X-Passed-To-BeforeDispatch
X-Passed-To
X-Matched-Rule
X-Location
X-GeoIP-Country-Code
X-Gannett-Site-Version
X-Hash
X-FW-Version
X-Fetched-On
X-Fstrz
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Server-IP
X-Secret
X-ShardId
X-Croise-Owner
X-Shopify-Stage
X-ShopId
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-Developers
X-Device-Os
X-Request-Time
X-Response-By
X-Returned-From-BeforeDispatch
X-Returned-From
X-Skip-Cache
Uber-Trace-Id
Server-ID
Section-Io-Cache
RNT-Time
Apple-News-Services-Parsed-Url
Thinkindot-CacheControl
Is-Eu
Thinkindot-Control
Thinkindot-CacheControl-Type
RNT-Machine
Apple-News-Services-Request-Url
Heartbleed
Origin
Odigeo-Trace-Id
PFcat
Fastly-Backend-Name
Countrycode
Platform
Apple-News-Services-Handled
Apple-News-Services-Host
X-Oss-Object-Type
X-Backend-Host
Adler-Geo
X-Backend-State
X-Oss-Hash-Crc64ecma
X-Backend-Url
X-Backend-TTL
X-Oss-Request-Id
X-Alternate-Cache-Key
X-Oss-Server-Time
X-Actual-URL
PageSpeed
X-Oss-Storage-Class
X-Rebelmouse-Cache-Control
HTTPS
X-Store
X-Rebelmouse-Surrogate-Control
Fastly-SIE
Content-Disposition
X-Servername
Fastly-SWR
X-Iejgwucgyu
X-Csrf-Token
X-Alicdn-Da-Ups-Status
X-Core-Mission
Sid
Resin-Trace
X-Planisys-CDN-Rules
X-CACHE-AGE
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Policy
CDN
WP-Super-Cache
X-Ezoic-Cdn
REQUESTUUID
X-Ua
X-Servedbyhost
Powered
X-Refresh
X-Pf-Uncompressing
RequestId
ProcessTime
X-Cluster-Node
X-GEO
X-Atg-Version
Warning
X-Cache-ASPX
X-Proto
CF-IPCountry
X-TIME
X-Real-Ip
X-Dc
We-Hiring
Mail-Subject
X-GoCache-CacheStatus
Dnion-Transfer-Encoding
Xserver
NODE
ViewerVersion
X-Req
X-Pjax-Url
X-B3-TraceId
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-Newrelic-Synthetics
X-Endurance-Cache-Level
Hostname
NnCoection
X-Varnish-Ttl
X-DC
X-Origin-Expires
X-Surge-Debug
X-Origin-Date
X-CLOUD-TRACE-CONTEXT
Geoip-Latitude
X-Varnish-HitMiss
X-COUNTRY
X-Server-W
GeoIp-Country-Code
X-Edge-IP
X-Page-Type
X-Cache-Control-Set-By
X-Time
X-HCF
X-Nc
X-Guploader-Uploadid
X-Aed
X-CSRF-Token
X-Oracle-Dms-Ecid
X-Varnish-Beresp-TTL
WWW-Authenticate
X-Server-Group
Processtime
X-Ms-Lease-State
Pramga
SD-X-WS
CACHE
Geoip-City
TSSecure
A
X-Aicache-OS
X-Varnish-Url
X-Wix-Route-ID
X-Datadome
MS-CV
X-GRACE
PICS-Label
X-Varnish-URL
X-Cdn-Forward
X-DataStream-MidMile-RTT
X-ABtesting
X-Wa
X-Hello
X-DataStream-Origin-MEX-Latency
X-Flog
X-WA
X-Ratelimit-Limit
Dont-Set-Cookie
X-Gdpr
Node
Cdn-Request-Time
Cdn-Host
X-From-Cache
Cdn
X-Geo
X-Akamai-Request-ID2
X-Edge-Server
X-Auto-Login
Lfy
Lb
Mime-Version
DataCenter
X-Use-Magma
FSS-Cache
COMMERCE-SERVER-SOFTWARE
X-UPSTREAM-Address
FSS-Proxy
X-RTag
Ms-Operation-Id
X-WR-MODIFICATION
X-Nananana
X-PAGE-TYPE
X-Gen-Id
X-Cache-HT
PageType
X-EC-Security-Audit
GeoIP-City
GeoIP-Country-Code
GeoIP-Latitude
X-Env
Is-Session-Tracking
X-APP
X-Sentry-ID
Get-Access-Time
X-Optimization
X-Fastly-Backend-Reqs
X-SRV
X-Load-Cache
X-CACHE-KEY
X-Check-Cacheable
Who
X-Via-NSCOPI
Rt-Proxy-Cache
X-Unique-Id
X-Cache-Id
X-Served-From
X-Wix-Petri-Ex
X-Cookie
X-GDPR
X-Cache-FS-Status
X-Dynatrace-Js-Agent
X-Ver
X-Bip
X-Meta-Tbi-Cache-Vertical
X-Proxy-Server
X-Thanos
X-Cache-Info
Memcached
X-FORWARDED-FOR
Ws
X-Ibm-Trace
Httpd-Identifier
Pics-Label
X-PJAX-URL
X-Be
X-Swift-Error
X-MP-GENERATED-AT
X-NGINX-Cache
Ohc-File-Size
Powered-By
X-SVT-ORM-VERSION
Group
X-Cache-Ttl
Memory
X-Fe
X-Fastly-Cache-Hits
X-HS-Status
X-B3-SpanId
X-RateLimit-Reset
V-Cache
X-Request-Start
X-SVT-ORM-RULES
X-Path-Route
Cf-Ipcountry
X-CDN-Pop
X-Dw-Trace-Id
URI
X-ServedByHost
X-Shard
Version
X-CDN-Pop-IP
Amp-Access-Control-Allow-Source-Origin
X-ID
NX-Cache
UCS
X-GZIP
GW-Server
Requestid
X-LiteSpeed-Cache-Control
X-P-T
Xet-Cookie
X-SB
X-PF-Uncompressing
X-Bug-Bounty
X-VC
AGE-Hash
Serverid
X-CacheKey
X-StackifyID
Apicache-Version
N-Cache
Apicache-Store
X-Varnish-Info
X-Ratelimit-Remaining
Fastly-Soc-X-Request-Id
X-Akamai-ERPolicy
X-User
CDN-Cache
Ohc-Response-Time
CDN-Cache-Hit
X-Akamai-ERRuleID
CDN-Node
Cache-Hits
X-Cache-Handler
X-SD-PageType
X-RequestId
X-Flags
X-ServerName
X-Route-Name
X-Providence-Cookie
Https
If-Modified-Since
X-Is-Crawler
X-Info
X-Litespeed-Cache-Control
X-Grace-Duration
X-Micro-Cache