Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Request-Id
X-Xss-Protection
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
X-Runtime
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Adblock-Key
X-Check
Alt-Svc
X-Cacheable
X-Generator
Content-Security-Policy-Report-Only
X-AspNetMvc-Version
X-Cache-Status
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-Template
X-Iinfo
X-Language
Status
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Buckets
X-Content-Security-Policy
Content-Encoding
X-Kinja-Server-Push
Xkey
X-CDN
X-Turbo-Charged-By
Upgrade
X-Type
Keep-Alive
Access-Control-Expose-Headers
WPE-Backend
X-Pass-Why
X-AH-Environment
X-Backend
Access-Control-Max-Age
X-Age
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Server
X-Request-ID
X-Proxy-Cache
X-Via
Grace
X-Pingback
X-Nginx-Cache-Status
X-Server-Powered-By
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Hacker
X-Varnish-Cache
X-UA-Device
X-Page-Speed
EagleId
Request-Context
X-LiteSpeed-Cache
X-Envoy-Upstream-Service-Time
Cf-Railgun
X-Ua-Compatible
X-CST
X-Swift-SaveTime
X-Swift-CacheTime
X-Server-Id
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Ali-Swift-Global-Savetime
X-Device
X-Amz-Version-Id
X-WebKit-CSP
Server-Timing
X-Ac
X-Node
Allow
X-OneAgent-JS-Injection
Feature-Policy
X-Response-Time
X-Rq
X-Cnection
X-Iejgwucgyu
Content-Location
X-Backend-Server
X-Cache-Lookup
Report-To
EagleEye-TraceId
Surrogate-Control
X-Readtime
X-Host
X-Application-Context
Request-Id
P3p
X-ORACLE-DMS-ECID
X-Rack-Cache
X-Url
X-Origin-Cache
X-Clacks-Overhead
X-Country
NEL
X-FTR-Request-ID
Rating
X-Country-Code
X-Cloud-Trace-Context
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-DataDome
X-Cdn
X-Ruxit-JS-Agent
X-Px
X-Instart-Request-ID
X-Mod-Pagespeed
Charset
X-Vhost
X-MS-InvokeApp
X-VARITI-CCR
Accept-CH
Edge-Control
X-Goog-Hash
Verso
X-GitHub-Request-Id
X-Vname
X-PC
X-TtlSet
PB-PID
Arc-Version
PB-RID
X-Mobile-Rewrite
X-Server-Name
X-Upstream-Env
X-TTL
X-ESI
Pinterest-Generated-By
X-Dns-Prefetch-Control
X-Version
X-DynaTrace
X-Powered-By-Plesk
X-D2id
X-Origin-Upstream-Status
X-Kinja-Build
X-Exp-Id
X-Exp-Variant
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-Cached
X-B3-TraceId
X-Dispatcher
SPRequestGuid
X-Recruiting
X-Varnish-TTL
X-SharePointHealthScore
X-Abt-Application-Version
MS-Author-Via
X-Powered-CMS
Accept-CH-Lifetime
RTSS
X-Navigation-Version
X-ORACLE-DMS-RID
Content-MD5
X-T
X-Shield-Request-Id
AR-CACHE
AR-ATIME
AR-PoweredBy
Public-Key-Pins
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Trace
X-DynaTrace-JS-Agent
X-Forwarded-Proto
X-Client-IP
Arr-Disable-Session-Affinity
X-HW
X-Amz-Rid
X-Fastly-Request-ID
X-Oracle-Dms-Rid
X-Accel-Buffering
X-Wix-Server-Artifact-Id
SPIisLatency
SPRequestDuration
Realpath
X-DIS-Request-ID
Service-Worker-Allowed
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
Paypal-Debug-Id
X-Amz-Meta-S3cmd-Attrs
AR-Request-ID
Front-End-Https
X-B
X-Upstream
X-Ser
X-FTR-Cache-Status
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Realm
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-DC
X-F-Cache
Pinterest-Version
X-Pinterest-Rid
X-FTR-Expires
X-Via-JSL
X-Id
X-XRDS-Location
X-Dw-Request-Base-Id
X-Vcap-Request-Id
Ar-Sid
X-Debug
X-Varnish-Age
X-Acc-Meta-Resource-Type
X-Goog-Storage-Class
X-MSEdge-Ref
X-N
X-Kinsta-Cache
X-Hits
Nginx-Cache
X-NF-Request-ID
X-FTR-Cache-Host
X-Ttl
X-DataStream-Cache-Status
S
X-NewRelic-App-Data
X-Logged-In
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Akam-SW-Version
Mrf-Cache-Status
MRF-Tech
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
X-Forwarded-For
X-Grace
Tracecode
Alternate-Protocol
X-Server-ID
X-User-Agent
X-Frontend
X-PressLabs-Stats
X-HS-Hub-Id
X-HS-Content-Id
X-Amzn-Trace-Id
X-CACHE-GROUP
AMP-Access-Control-Allow-Source-Origin
X-FastCGI-Cache
Server-Name
TCN
X-Content-Options
X-Content-Digest
Refresh
Powered-By-ChinaCache
X-Content-Type
X-Middleton-Display
X-Sol
X-Pad
Display
DynaTrace
Access-Control-Request-Method
X-Cache-Key
X-Analytics
Backend-Timing
MicrosoftSharePointTeamServices
X-LB-Cache
X-Zen-Fury
Accept-Charset
X-IPLB-Instance
X-Rid
X-Debug-Info
Fastcgi-Cache
FilterID
X-AppVersion
Host
X-Az
X-Activity-Id
X-CF-Powered-By
X-Page-Id
X-Middleton-Response
Response
ServerID
MS-CV
X-Cache-Hit
Cache-Status
X-Hostname
X-VCache
TP-Cache
TP-L2-Cache
X-Magnolia-Registration
X-RateLimit-Remaining
X-Fastcgi-Cache
X-Srv
X-Content-Powered-By
X-Seen-By
X-Mobile
X-Revision
X-WA-Info
X-GUploader-UploadID
X-Cached-By
X-ATG-Version
Surrogate-Key
X-Request-Processing-Time
X-Request-Received
X-Varnish-Backend
Host-Header
X-Whom
X-B3-Sampled
Server-Info
X-SS-Set-Cookie
X-Instance
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Cache-Action
X-Cluster
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
Source
X-Content-Security-Policy-Report-Only
X-Platform-Server
X-Request-Guid
DC
X-Handled-By
X-B-Cache
Cleartype
X-Drupal-Cache-Tags
X-Signature
X-Framework
X-TT
X-Akamai-Edgescape
X-Real-IP
X-PHP-Backend
ViewerVersion
X-Wix-Request-Id
X-Origin-Server
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Cache-Age
X-App-Environment
Rt-Fastcgi-Cache
Fusion-Source
Fusion-Content-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Template-Id
X-Geo-Country
X-Generated-By
X-FW-Static
X-FW-Type
X-Oneagent-Js-Injection
X-FW-Server
X-FW-Hash
X-App-Server
X-BCube-Filmed-By
X-FW-Serve
X-Varnish-Server
X-AOL-HN
X-Cache-Control
X-TA-CDN-Provider
X-Edge-Location
Server-Node
X-XRDS-LOCATION
X-Ruxit-Js-Agent
X-Cache-Rule
X-NWS-LOG-UUID
X-Varnish-Hostname
Retry-After
X-Varnish-Grace
X-Amz-Server-Side-Encryption
X-Correlation-Id
Payment
X-Cache-2
X-Upstream-Proxy
X-Amz-Replication-Status
Eomportal-Instance
Access-Control-Allow-Method
X-TT-TIMESTAMP
X-Response-Served-From
Actual-Object-TTL
ServedBy
GEO-INFO
AsisCache
X-Cache-Config
X-Cacheable-TTL
X-Varnish-Hits
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
Content-Script-Type
Content-Style-Type
X-TX-ID
X-UA-Device-Type
X-Ezoic-Cdn
X-WebKit-CSP-Report-Only
Healthy
X-FB-Debug
X-UUID
Filters
NGB
Webserver
X-Contextid
X-Drupal-Cache-Contexts
X-Adobe-Loc
X-VG-WebCache
X-Adobe-Content
X-Varnish-IP
Viewport
X-Region
Ms-Operation-Id
X-RTag
Upgrade-Insecure-Requests
X-Jobs
From-Origin
X-Locale
Cache-Tv-Group
X-RequestSource
Country
HitType
X-Accel-Expires
X-Rendered-As
X-Cache-TTL
X-Device-Type
X-Cache-TTL-Remaining
Fastcgi-Useragent
X-BACKEND-TTL
X-FW-Dynamic
X-Servedby
X-Cache-Server
X-WPE-Loopback-Upstream-Addr
Edge-Cache-Tag
Pagespeed
X-Content-Age
X-Kong-Upstream-Latency
Cache-Tags
X-Cache-Remote
X-Kong-Proxy-Latency
X-APP-VERSION
Cache
X-Cache-Operation
X-Redis-Cache
X-Upgrade-Enabled
X-Source
X-Esi
X-RateLimit-Limit
X-Hit
Fastly-Restarts
X-Storage
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-GeoIP
Datacenter
X-Mode
Cache-Tag
NtCoent-Length
X-S
Served-By
Machine
X-Labrador-Cache-Channel
X-Time-Microsecs
X-RN-RSRV
X-Cache-Var
X-Cache-Var-Map
X-NGENIX-Cache
Meta-Geo
X-Tb
X-Path-Route
X-Is-Bot
Vix-Hermes-Req-Id
X-Pubstack
X-Akamai-Request-ID
X-Agile
X-Agile-Id
X-Agile-Age
X-Hl-Ver
X-Origin-Response-Time
X-Backend-Name
X-Detected-As
X-NCache
Load-Balancing
X-Internal-Host
X-Edge-IP
X-Status
X-Birta-Cache-Post
X-TNCMS
Cache-Key
X-CDN-Cache
X-Varnish-Cacheable
X-Proxy-Build
X-Rule
X-BYPASS-REASON
X-Hosted-By
X-Cache-Category-Id
X-Grey
Selected-FE
SRV
X-Timing-Wait
X-Origin-Host
X-Birta-Served
X-JoinUs
X-ProxyCache-Status
Now
X-L-Path
X-Proxy
X-Loop
X-Environment-Context
X-ProxyCache-Key
X-FC-Vary-Parameters
Origin-Edge-Control
X-ServerID
X-Www-Served-By
Origin-Cache-Control
X-Varnish-Cache-Hits
X-CACHE-KEY
Webcakes-App-Name
TWC-Privacy
Webcakes-App-Version
Webcakes-Region
X-ApacheServer
TWC-Locale-Group
TWC-GeoIP-LatLong
Property-Id
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-Country
X-Cache-Enabled
X-Format
X-Via-Fastly
X-IP
X-Viewer-Country
S-Rt
X-VG-TLSProxy
X-RemovedCookies
Cache-Name
X-Origin-Hint
X-PERF
X-ProcessESI
X-Microcachable
X-Web-Node
X-OCL
X-PCL
X-Access
Azure-SiteName
X-MP-GENERATED-AT
Azure-RegionName
X-CCM
X-Human
Access-Control-Request-Headers
Azure-InstanceId
X-Section
Public-Key-Pins-Report-Only
DB-Nickname
Azure-SlotName
Fastcgi-X-Cache-Version
Azure-Version
X-Akamai-Transformed
X-Generated
X-Debug-Cache
We-Hiring
X-App-Name
X-Daa-Tunnel
X-Proxied
X-Routing-Service
X-Zipkin-Id
Mail-Subject
Cache-Hits
X-GEO
X-Xfnlog-Site
X-Site-Version
Xserver
X-App-Version
X-ES-SERVER
User-Agent
Liferay-Portal
X-Pc-Hit
X-Pc-Key
X-Pc-Appver
X-Origin
X-Guploader-Uploadid
X-Node-Name
S-Cnection
X-Original-Request
X-Protected-By
X-EdgeConnect-Cache-Status
LB
X-FW-Version
CACHE
X-Sucuri-ID
X-Cache-NE
PageSpeed
X-Ocache
X-Proto
X-UA
X-Yottaa-Optimizations
X-Request-Time
X-Nginx-Cache
X-Yottaa-Metrics
User-Cache-Control
X-Trace-Id
X-Varnish-Ttl
X-Cdn-Forward
X-VWS-Id
X-AWS-Id
Powered
X-LJ-Flow-ID
Ohc-File-Size
X-Correlation-ID
X-Endurance-Cache-Level
X-Tumblr-Pixel-3
X-Ua
X-Forwarded-Host
X-Webstats-RespID
L5d-Success-Class
Frame-Options
X-Cluster-Node
X-Unique-ID
Section-Io-Cache
X-FB-TRIP-ID
X-URL
X-Origin-CC
X-V
X-Nc
X-GRACE
OT-Force-Account-Verify
X-Webkit-Csp
AR-SID
X-B3-Traceid
X-Varnish-Beresp-Status
X-EIG-Tracking-Id
X-Varnish-Beresp-Grace
X-OVcl-Cache
X-Time
X-OVcl
Nel
X-Origin-TTL
X-ElasticPress-Search
X-Cache-Backend
X-From
Decoy-Debug-TTL
Decoy-Debug-Key
X-Rocket-Nginx-Bypass
Decoy-Debug-Status
IBM-Web2-Location
X-R9-Blue-Green-Version
Ec-Rule-Version
X-Developer
X-Distil-CS
X-DPWN-IS-SECURE
X-External-Request-Id
Cache-Prefix
X-Destination
Fastly-SIE
GMS-Ver
X-Connection-Hash
X-Date
Fly-Request-Id
Fastly-SWR
Fly-Cache
BehaviorPad-Version
X-Fetched-On
X-Li-Fabric
X-Irp-Debug
X-Li-Pop
X-LI-Proto
X-ServiceProvider
X-LI-UUID
X-Info
X-Rewrite-Enabled
X-Generated-In
Arc-Country
X-Goog-Meta-Goog-Reserved-File-Mtime
X-IN-WAF
X-UE-Client-Country
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Amz-Meta-Cache-Control
Powered-By
X-Application
X-ARC
X-B-Cookie
X-Auto-Login
X-Aed
X-Accel-Expires-Debug
VivaBuild
Viewtype
SD-X-WS
Www
Rendered-Blocks
On-Server
Node
X-Cache-Host
X-Cache-Grace
X-Cache-Id
X-Cache-Info
X-Cdn-Srv
X-Cache-URL
X-Cache-FS-Status
MD5-Digest
X-Backend-State
Mobile-Detection-Method
Meta-Geo-Continent
X-BB-ID
Memcached
X-User
X-IN-APIGATEWAY
X-Rebelmouse-Cache-Control
X-VG-WebServer
X-We-Are-Hiring
X-Rebelmouse-Surrogate-Control
X-Rojux
X-Region-Sid
X-Reboot
X-NU-AKA-ACS-Version
X-S-Maxage
X-TT-LOGID
X-Wikidot-Static-Cache
X-PHP-Host
X-ScT
X-Twitter-Response-Tags
X-Wikidot-Backend
X-PAYTM-SRV-ID
Xc-Version
X-Trv-Group
X-S-Cookie
X-Node-Id
X-Request-UUID
X-Micro-Cache
X-Transaction
X-Server-Group
X-SRCache-Key
X-Varnish-Beresp-Ttl
X-Server-By
X-Parent-Response-Time
X-TIME
X-Cache-Debug
X-Cache-Expires
X-C
X-Policy
X-Block-Status
X-Cache-Bucket
X-Stale
True-Client-Country-4JS
Thinkindot-Control
X-Proxy-Cache-Status
X-Bip
Thinkindot-CacheControl-Type
X-Returned-From-BeforeDispatch
Who
X-A-Dcw
X-A-Dam
X-Platform
X-Returned-From
X-Varnish-Action
X-A-Wwc
X-Actual-URL
X-Alternate-Cache-Key
X-A
X-RateLimit-Remaining-Second
X-Backend-Url
X-A-Dgt
Thinkindot-CacheControl
X-Vgn-Hpd-Reason
X-Backend-Host
X-RateLimit-Limit-Second
X-Request-URI
X-Proxy-Upstream
X-D
X-Response-By
X-Hnp-Log
X-Thinkindot-L3
X-Secret
X-Swa-Ws
X-Svr
X-GeoIP-Country-Code
X-ShardId
X-Gannett-Site-Version
X-Gen-Mode
X-Generated-On
X-Var-Ttl
X-LAGOON
X-SIPLIST1
X-Matched-Rule
X-Logtrace-Id
X-Location
X-Returned-From-PostProcessResponse
X-Sf
X-Level-Front-Cache
X-Nginx-Cache-Key
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-G
X-Variation
X-Debug-Cookies
X-Debug-Log
X-Passed-To-BeforeDispatch
X-Passed-To
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Clientip
X-Crawler
X-CUA
X-Server-IP
X-Origin-Expires
X-Returned-From-DLL
X-Eu-Site
X-Shopify-Stage
X-Fastly-Cache
X-ShopId
X-NX-Host
X-Epic-Correlation-Id
X-Dispatcher-Server
X-Origin-Date
X-Distributor
X-Thanos
X-CGP
X-A-Ccd
Lfy
IsBot
Is-Eu
Magicmarker
Origin
Proxy-Connection
Platform
Adler-Geo
HA-Ipaddr
Ha-Gx-Prefs
Fastly-Backend-Name
Fastly-Soc-X-Request-Id
Fastly-SSL
Countrycode
Country-Code
CDCHOST
Content-Disposition
Request-Time
Ajk
Server-Host
X-SERVER
X-Pc-Host
X-Pc-Date
X-Upstream-CT
X-Pc-Subdomain
X-Sucuri-Cache
X-Via-CDN
X-Upstream-HT
X-HS-Cache-Config
Mn-Server-Ip
Warning
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
SS
X-Up
X-TrackingId
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-UnsetCookies
X-F5-Cache
X-Device-Os
X-Developers
X-Varnish-Authentication
Backend
AKAMAI
Apple-News-Services-Handled
X-Debug-Cache-Expiry
X-Instart-Isnd
X-MSEdge-Flight
X-No-Session
Apple-News-Services-Host
SID
X-Qloud-Router
X-FireWall-Port
X-Fstrz
X-MSEdge-Features
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Cache-Cookie-Set-From
X-Hash
Resin-Trace
RNT-Machine
Web-Mar-Node
Release
Pramga
X-Cache-ASPX
X-Amz-Meta-Surrogate-Control
Heartbleed
Server-Cache-Control
RNT-Time
Server-Int
X-Core-Mission
GW-Server
X-Croise-Owner
Server-Surrogate-Control
X-Core-Value
X-Dc
X-Key
Pagetype
X-IN-SSL-APIGATEWAY
X-SN
X-Server-Time
Server-ID
NGX
Kp-EeAlive
X-Owner
X-Varnish-Url
X-Page-Type
X-Server-Cache
REQUESTUUID
X-Be
X-Pjax-Url
X-Cache-Miss-From
Odigeo-Trace-Id
X-Sedo-Request-Id
X-Generation-Time
X-Servername
Hostname
X-CDN-Forward
X-Newrelic-App-Data
X-Died
Fastcgi-X-Cache
X-Via-NSCOPI
RequestId
MIME-Version
X-NC
HostName
X-Refresh
HTTPS
X-Edge-Cache
X-B3-SpanId
X-Edge-Cache-Key
X-Oss-Storage-Class
Version
Cdn-Host
X-Oss-Hash-Crc64ecma
X-Edge-Server
X-From-Cache
X-Oss-Server-Time
Cdn-Request-Time
X-Oss-Request-Id
X-Oss-Object-Type
Cteonnt-Length
X-Servedbyhost
X-FPC
PFcat
PICS-Label
ProcessTime
FastCGI-Cache
Time
X-Store
X-Req
X-Cache-CFC
X-Mobile-URL
Cdn
Esi-Enabled
X-CSRF-TOKEN
Mime-Version
X-GZip
CF-IPCountry
MI-API
MI-Cache
MI-Cache-Age
X-RCS-CacheZone
X-VServer
X-Webkit-CSP
X-Layer
Cross-Origin-Window-Policy
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-NodeID
X-MI-In-Market
Processtime
X-CLOUD-TRACE-CONTEXT
X-Load-Cache
HA-Geocity
X-Dynatrace-Js-Agent
X-Wa
X-Hyper-Cache
CDN
HA-Host
HA-Georegion
HA-Servedtime
HA-Urlpath
X-IPS-LoggedIn
X-RequestId
Memory
HA-Geocountry
HA-Cloudapp
X-HS-Combine-CSS
HA-Geolat
HA-Geolon
X-Ratelimit-Remaining
X-DC
X-Atg-Version
X-Skip-Cache
X-Lb-Id
XServer
X-Varnish-Beresp-TTL
Backend-Name
X-Ratelimit-Limit
X-HTML-Minification-Powered-By
Cf-Ipcountry
X-Geo
X-Pf-Uncompressing
Uber-Trace-Id
Ohc-Cache-HIT
X-VC-Cache
X-CMS-Context
X-Newrelic-Synthetics
X-Aicache-OS
X-Real-Ip
X-Tb-Optimization-Total-Bytes-Saved
X-Cms-Context
X-Mshield-Cache-Status
X-Mrs-Cache
X-Mrs-Cache-Hits
X-Unique-Id-Primal
X-WR-MODIFICATION
X-Mrs-Age
X-Instart-Info
X-B3-Spanid
X-PF-Uncompressing
X-Phone
Ohc-Response-Time
X-WA
X-UCC
X-Gateway-Skip-Cache
X-Gateway-Cache-Status
X-Gateway-Cache-Key
N-Cache
X-WebServer
X-Fastly-Country-Code
Amp-Access-Control-Allow-Source-Origin
X-Release
GeoIP-Country-Code
X-Nananana
X-Request-Start
T-Server
Accept-Ch-Lifetime
URI
X-Processor
X-Server-W
X-LB-ID
X-Oracle-Dms-Ecid
GeoIP-Latitude
X-Shard
Pics-Label
X-MServer
X-BBXSRF
X-Hp-Webp
X-COUNTRY
X-Unique-Id
X-CSRF-Token
X-APP
X-FORWARDED-FOR
X-Worker
X-Datadome
X-SRV
DataCenter
A
X-GoCache-CacheStatus
X-LiteSpeed-Cache-Control
X-VHOST
X-ServedByHost
X-ND-Cache
Rt-Proxy-Cache
X-Served-From
X-VCT
X-SERVER-NAME
X-HS-Status
X-Geo-Header
X-NGINX-Cache
X-CACHE-AGE
X-GeoIP-City
Host-ID
X-Amzn-Remapped-Content-Length
X-Cache-HT
X-GZIP
UCS
X-Optimization
X-UPSTREAM-Address
X-Fastly-Cache-Hits
X-Requestid
X-Vcache
Request-EU
X-BE
V-Age
Geoip-Latitude
X-Sn-Servicetimems
X-Check-Cacheable
Dnion-Transfer-Encoding
Request-Country
Cneonction
X-Cdn-Origin
X-ID
X-Backend-TTL
X-PAGE-TYPE
X-Varnish-URL
X-Git-Hash
X-ServerName
X-Fpc
FSS-Cache
FSS-Proxy
X-Fastly-Backend-Reqs
X-Planisys-CDN-Cache
Pragrma
WZWS-RAY
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
WP-Super-Cache
X-Port
X-SVT-ORM-VERSION
Requestid
X-Csrf-Token
X-PJAX-URL
X-SVT-ORM-RULES
GeoIp-Country-Code
Proxy-Firewall
Serverid
Server-Id
Cache-Provider
X-Gen-Id
X-Org
Get-Access-Time
X-P-T
X-LiteSpeed-Tag
RequestUuid
Is-Session-Tracking
X-HostName
X-Dw-Trace-Id
X-NWS-UUID-VERIFY
X-Html-Edge-Cache
188prxHost
X-StackifyID
178proxuri
DSUID
X-Via-SSL
X-Via-Edge
ServerName
189phosttRef
X-Fe
286prxHost
Xxline
X-CS
X-RAMCache
X-Request-Url
Inserted-Into-Cache-At
409pxxline
225prxHost
352pxline
355prline
219prxHost