Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Request-Id
X-Xss-Protection
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
X-Runtime
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Adblock-Key
X-Check
Alt-Svc
X-Cacheable
X-Generator
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Cache-Status
X-AspNetMvc-Version
X-Permitted-Cross-Domain-Policies
X-Iinfo
X-Template
Status
X-Language
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Buckets
X-Content-Security-Policy
Content-Encoding
X-CDN
X-Kinja-Server-Push
Xkey
X-Turbo-Charged-By
Upgrade
X-Type
X-Request-ID
Access-Control-Expose-Headers
Keep-Alive
WPE-Backend
X-Pass-Why
Access-Control-Max-Age
CF-Ray
X-Backend
X-AH-Environment
X-Ua-Compatible
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Age
X-Server
X-Via
X-Proxy-Cache
Grace
X-Pingback
X-Nginx-Cache-Status
X-Amz-Request-Id
X-Amz-Id-2
X-Server-Powered-By
X-Robots-Tag
X-Hacker
X-UA-Device
X-Varnish-Cache
EagleId
X-Page-Speed
Request-Context
X-LiteSpeed-Cache
Cf-Railgun
X-Envoy-Upstream-Service-Time
X-CST
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Server-Id
X-Device
X-Amz-Version-Id
X-Ac
X-OneAgent-JS-Injection
X-Node
Server-Timing
Feature-Policy
X-Iejgwucgyu
X-Cnection
X-Response-Time
Allow
X-Rq
X-Cache-Lookup
Content-Location
X-Backend-Server
Report-To
EagleEye-TraceId
X-Readtime
Surrogate-Control
X-Host
X-Application-Context
Request-Id
X-ORACLE-DMS-ECID
X-Url
X-Rack-Cache
X-Origin-Cache
X-Clacks-Overhead
X-Country
NEL
X-FTR-Request-ID
Rating
X-Country-Code
X-Cloud-Trace-Context
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-DataDome
X-Instart-Request-ID
X-Px
X-Ruxit-JS-Agent
X-Vhost
X-MS-InvokeApp
Charset
X-Mod-Pagespeed
X-VARITI-CCR
Edge-Control
Accept-CH
X-Varnish-TTL
X-Goog-Hash
X-GitHub-Request-Id
PB-RID
X-Mobile-Rewrite
PB-PID
Verso
Arc-Version
X-DynaTrace
X-ESI
X-Version
X-Cdn
X-TtlSet
X-Vname
X-PC
X-Server-Name
X-B3-TraceId
Pinterest-Generated-By
X-Powered-By-Plesk
X-D2id
X-Kinja-Build
X-Kinja-Revision
X-Use-Magma
X-Kinja
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-TTL
X-GoogleNews-Bot
X-Kinja-Server
X-Cached
SPRequestGuid
X-ORACLE-DMS-RID
X-Dispatcher
X-Origin-Upstream-Status
X-Upstream-Env
X-Powered-CMS
X-SharePointHealthScore
X-Abt-Application-Version
X-T
MS-Author-Via
RTSS
X-Recruiting
Accept-CH-Lifetime
X-Trace
X-Navigation-Version
Public-Key-Pins
X-Shield-Request-Id
Content-MD5
AR-ATIME
AR-CACHE
AR-PoweredBy
SPRequestDuration
SPIisLatency
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Amz-Rid
X-DIS-Request-ID
X-Fastly-Request-ID
X-HW
X-Client-IP
Realpath
Arr-Disable-Session-Affinity
X-Wix-Server-Artifact-Id
X-Server-ID
X-Accel-Buffering
X-Forwarded-Proto
X-DynaTrace-JS-Agent
X-F-Cache
X-B
X-Oracle-Dms-Rid
X-Upstream
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Ser
X-Amz-Meta-S3cmd-Attrs
X-Via-JSL
Service-Worker-Allowed
Pinterest-Version
X-Pinterest-Rid
X-Dw-Request-Base-Id
X-Id
X-Dns-Prefetch-Control
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Balancer
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-DC
X-Ttl
X-Vcap-Request-Id
X-FTR-Expires
Front-End-Https
AR-Request-ID
X-Varnish-Age
Paypal-Debug-Id
X-Debug
X-Goog-Storage-Class
Nginx-Cache
X-Acc-Meta-Resource-Type
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-MSEdge-Ref
X-XRDS-Location
X-Hits
Ar-Sid
X-Kinsta-Cache
X-N
X-NF-Request-ID
X-Logged-In
X-NewRelic-App-Data
X-FTR-Cache-Host
X-Mrf-Item-Lastmod
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Mrf-Section-Lastmod
S
X-Akam-SW-Version
X-Frontend
X-Forwarded-For
X-HS-Content-Id
X-HS-Hub-Id
X-PressLabs-Stats
Alternate-Protocol
X-User-Agent
AMP-Access-Control-Allow-Source-Origin
Tracecode
X-TA-CDN-Provider
X-CACHE-GROUP
X-FastCGI-Cache
X-DataStream-Cache-Status
DynaTrace
X-Grace
X-Amzn-Trace-Id
X-Pad
Server-Name
X-Content-Digest
X-Cache-Key
Refresh
X-Content-Options
X-Analytics
Backend-Timing
Accept-Charset
MicrosoftSharePointTeamServices
Display
Powered-By-ChinaCache
X-Activity-Id
X-Sol
X-Middleton-Display
X-AppVersion
X-Az
X-Debug-Info
FilterID
Access-Control-Request-Method
X-Page-Id
X-Zen-Fury
X-CF-Powered-By
MS-CV
X-LB-Cache
X-IPLB-Instance
X-Rid
Fastcgi-Cache
Host
X-Content-Type
X-Magnolia-Registration
ServerID
TP-L2-Cache
TP-Cache
Response
X-Middleton-Response
TCN
Cache-Status
X-ATG-Version
X-Mobile
X-Cache-Hit
X-Content-Powered-By
X-Hostname
X-RateLimit-Remaining
Surrogate-Key
X-Srv
X-WA-Info
X-Seen-By
Rt-Fastcgi-Cache
X-GUploader-UploadID
X-B3-Sampled
X-Fastcgi-Cache
X-VCache
X-Cached-By
X-Revision
X-Request-Received
X-Varnish-Backend
X-Request-Processing-Time
X-Cache-Age
VIX-Pulpo-Upstream-Status
X-Cache-Action
X-Cluster
X-Signature
VIX-Pulpo-Node
X-B-Cache
X-SS-Set-Cookie
X-Content-Security-Policy-Report-Only
X-Instance
X-XRDS-LOCATION
X-Request-Guid
X-Whom
X-Tumblr-Pixel
X-Platform-Server
X-Tumblr-User
X-Tumblr-Pixel-0
X-PHP-Backend
Cleartype
Source
X-Edge-Location
X-Drupal-Cache-Tags
X-Akamai-Edgescape
X-Ruxit-Js-Agent
X-Handled-By
X-TT
X-Framework
X-Origin-Server
X-App-Environment
X-Wix-Request-Id
ViewerVersion
X-Cache-Control
Server-Info
Host-Header
X-NWS-LOG-UUID
X-BCube-Filmed-By
X-Cache-Rule
DC
X-Generated-By
X-Cache-2
X-AOL-HN
X-Varnish-Hostname
X-Amzn-RequestId
X-Amz-Apigw-Id
X-App-Server
Retry-After
X-Geo-Country
X-FW-Type
X-FW-Static
X-FW-Serve
X-FW-Hash
X-FW-Server
Server-Node
X-Varnish-Server
Eomportal-Instance
Fusion-Component-Id
Fusion-Content-Id
Fusion-Source
X-Real-IP
Fusion-Template-Id
Fusion-Content-Source
X-Correlation-Id
X-FB-Debug
Payment
Webserver
X-Device-Type
X-Response-Served-From
X-Amz-Server-Side-Encryption
Actual-Object-TTL
Access-Control-Allow-Method
ServedBy
X-TT-TIMESTAMP
AsisCache
X-Varnish-Hits
Content-Style-Type
X-Cacheable-TTL
Filters
Edge-Cache-Tag
NGB
Ms-Operation-Id
X-Jobs
GEO-INFO
X-Region
X-Varnish-Grace
X-Tumblr-Pixel-2
X-TX-ID
Content-Script-Type
X-Tumblr-Pixel-1
X-UUID
X-WebKit-CSP-Report-Only
X-RTag
Healthy
X-Amz-Replication-Status
X-Servedby
X-Contextid
Upgrade-Insecure-Requests
X-Drupal-Cache-Contexts
X-Varnish-IP
Viewport
X-Adobe-Content
X-Adobe-Loc
X-Rendered-As
X-Locale
From-Origin
Country
X-Accel-Expires
X-WPE-Loopback-Upstream-Addr
X-Cache-Config
X-UA-Device-Type
Cache-Tv-Group
Cache
X-RequestSource
X-Cache-TTL-Remaining
X-BACKEND-TTL
HitType
X-Ezoic-Cdn
X-Cache-Server
X-Cache-Operation
Pagespeed
X-VG-WebCache
X-Cache-Remote
X-Cache-TTL
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Oneagent-Js-Injection
Fastly-Restarts
X-Storage
X-Content-Age
X-Upgrade-Enabled
X-Esi
Fastcgi-Useragent
X-Hit
Cache-Tags
X-APP-VERSION
X-FW-Dynamic
X-S
X-Redis-Cache
X-RateLimit-Limit
X-App-Version
X-Daa-Tunnel
X-Mode
Served-By
Datacenter
Cache-Tag
X-Cache-NE
X-Rule
X-NGENIX-Cache
X-Cache-Var
Load-Balancing
X-Detected-As
Machine
X-JoinUs
X-Path-Route
X-Internal-Host
X-Cache-Var-Map
X-Backend-Name
X-Is-Bot
SRV
X-RN-RSRV
Meta-Geo
X-Generated
X-Source
Origin-Cache-Control
X-Hl-Ver
Origin-Edge-Control
X-Environment-Context
X-Origin-Response-Time
X-Agile-Id
X-TNCMS
X-FC-Vary-Parameters
X-Agile
Vix-Hermes-Req-Id
X-Web-Node
X-CDN-Cache
X-Akamai-Request-ID
X-Grey
X-Hosted-By
X-Timing-Wait
X-Www-Served-By
X-ServerID
X-Labrador-Cache-Channel
X-ProxyCache-Status
Now
X-Loop
X-BYPASS-REASON
X-Proxy-Build
X-ProxyCache-Key
X-Edge-IP
X-Pubstack
X-Agile-Age
X-NCache
Cache-Key
X-Birta-Cache-Post
X-Birta-Served
X-L-Path
X-Cache-Category-Id
X-Origin-Host
X-Time-Microsecs
Selected-FE
X-Status
NtCoent-Length
X-CACHE-KEY
X-RemovedCookies
Cache-Name
X-GeoIP
X-PERF
X-PCL
X-ProcessESI
X-Pc-Hit
X-IP
X-Human
X-ApacheServer
X-OCL
X-Origin
X-Tb
X-Pc-Appver
X-Pc-Key
X-Proxy
Xserver
X-Viewer-Country
X-Via-Fastly
X-Varnish-Cache-Hits
X-Varnish-Cacheable
X-Site-Version
X-Akamai-Transformed
S-Rt
X-Original-Request
Public-Key-Pins-Report-Only
DB-Nickname
X-CCM
X-Format
X-Debug-Cache
X-VG-TLSProxy
X-Section
X-Access
X-App-Name
Azure-RegionName
X-Xfnlog-Site
X-Proxied
X-Routing-Service
X-Zipkin-Id
Azure-InstanceId
Azure-SlotName
Azure-SiteName
Azure-Version
X-MP-GENERATED-AT
Mail-Subject
We-Hiring
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-GRACE
TWC-Connection-Speed
X-Cache-Enabled
Property-Id
TWC-Device-Class
TWC-Locale-Group
X-Origin-Hint
TWC-Privacy
Webcakes-Region
Webcakes-App-Name
Webcakes-App-Version
X-Ocache
X-Sucuri-ID
User-Cache-Control
Fastcgi-X-Cache-Version
S-Cnection
Liferay-Portal
Access-Control-Request-Headers
X-Microcachable
X-Request-Time
X-Guploader-Uploadid
X-Cdn-Forward
X-Protected-By
X-Nginx-Cache
X-EdgeConnect-Cache-Status
X-GEO
X-UA
X-DataStream-Origin-MEX-Latency
X-Webstats-RespID
X-Tumblr-Pixel-3
X-DataStream-MidMile-RTT
X-Upstream-Proxy
X-FW-Version
X-FB-TRIP-ID
X-Origin-CC
User-Agent
X-Upstream-HT
X-Upstream-CT
X-Proto
X-Correlation-ID
X-Ua
X-Trace-Id
LB
X-Yottaa-Optimizations
X-Yottaa-Metrics
Cache-Hits
X-Nc
X-Node-Name
PageSpeed
X-Varnish-Beresp-Grace
Powered
X-Varnish-Beresp-Status
X-ES-SERVER
X-Forwarded-Host
X-Varnish-Beresp-Ttl
Ohc-File-Size
X-Unique-ID
X-Endurance-Cache-Level
AR-SID
X-Edge-Cache
X-Pc-Date
X-Pc-Host
X-Cache-Backend
X-ElasticPress-Search
X-Edge-Cache-Key
Frame-Options
Nel
X-Rocket-Nginx-Bypass
X-Server-Cache
X-Time
L5d-Success-Class
X-Origin-TTL
Section-Io-Cache
X-Vgn-Hpd-Reason
X-TIME
X-V
X-Parent-Response-Time
X-OVcl
X-OVcl-Cache
IBM-Web2-Location
Fastcgi-X-Cache
X-Pc-Subdomain
CACHE
OT-Force-Account-Verify
Decoy-Debug-Status
Decoy-Debug-TTL
Decoy-Debug-Key
Country-Code
X-Cache-Host
Mobile-Detection-Method
Node
GMS-Ver
X-Application
Meta-Geo-Continent
X-ARC
X-Auto-Login
Memcached
Resin-Trace
X-Amz-Meta-Cache-Control
VivaBuild
Www
Viewtype
X-Aed
X-B-Cookie
MD5-Digest
Rendered-Blocks
X-Cache-FS-Status
Powered-By
Fastly-SIE
Fastly-SWR
Fly-Cache
X-BB-ID
X-Block-Status
Fly-Request-Id
X-Cache-Bucket
Ec-Rule-Version
X-From
X-Request-UUID
X-Region-Sid
X-Rewrite-Enabled
X-Rojux
X-S-Maxage
X-S-Cookie
X-Reboot
X-Rebelmouse-Surrogate-Control
X-Origin-Expires
X-Origin-Date
X-PAYTM-SRV-ID
X-PHP-Host
X-Rebelmouse-Cache-Control
X-ScT
X-Server-By
X-User
X-UE-Client-Country
X-VG-WebServer
X-We-Are-Hiring
Xc-Version
X-Twitter-Response-Tags
X-TT-LOGID
X-ServiceProvider
X-Server-Group
X-SRCache-Key
X-Transaction
X-Trv-Group
X-NU-AKA-ACS-Version
X-LI-UUID
X-Developer
X-Destination
X-Died
X-Distil-CS
X-External-Request-Id
X-DPWN-IS-SECURE
X-Date
X-Connection-Hash
X-Cache-URL
X-Cache-Info
X-Cdn-Srv
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Fetched-On
Cache-Prefix
X-Irp-Debug
X-Info
X-Li-Fabric
X-Li-Pop
X-LI-Proto
X-IN-WAF
X-IN-SSL-APIGATEWAY
X-Generated-In
X-Gen-Mode
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hnp-Log
X-IN-APIGATEWAY
X-Cache-Id
X-Accel-Expires-Debug
Arc-Country
HostName
BehaviorPad-Version
X-R9-Blue-Green-Version
X-Sucuri-Cache
X-Cache-Debug
X-Cache-Expires
X-Backend-Url
X-Passed-To
X-Sorting-Hat-ShopId
X-Bip
X-Sorting-Hat-PodId
X-SIPLIST1
X-ShopId
X-ShardId
X-Sf
Mn-Server-Ip
X-Shopify-Stage
X-Backend-Host
X-SERVER
X-Cache-Grace
X-Location
X-A-Dam
X-A-Dcw
X-A-Wwc
X-A-Ccd
X-A
X-Via-NSCOPI
Web-Mar-Node
X-Thinkindot-L3
X-VWS-Id
X-Actual-URL
X-AWS-Id
X-Svr
X-Server-Time
X-Swa-Ws
X-Alternate-Cache-Key
X-LJ-Flow-ID
X-Thanos
X-Stale
X-Passed-To-BeforeDispatch
X-Level-Front-Cache
X-Generated-On
X-GeoIP-Country-Code
X-Request-URI
X-Passed-To-PostProcessResponse
X-Response-By
X-G
X-Gannett-Site-Version
X-Dc
X-LAGOON
X-Proxy-Cache-Status
X-Policy
X-Platform
X-Proxy-Upstream
X-RateLimit-Limit-Second
X-Hash
X-RateLimit-Remaining-Second
X-FireWall-Port
X-Returned-From
X-D
X-Via-CDN
X-Debug-Cookies
X-CUA
X-Crawler
X-Var-Ttl
X-Core-Mission
X-Debug-Log
X-Secret
X-Returned-From-DLL
X-Epic-Correlation-Id
X-Returned-From-BeforeDispatch
X-Distributor
X-Returned-From-PostProcessResponse
X-Passed-To-DLL
X-Dispatcher-Server
X-Server-IP
X-A-Dgt
X-Wikidot-Static-Cache
X-Wikidot-Backend
Platform
Proxy-Connection
Adler-Geo
Ajk
X-Logtrace-Id
Request-Time
Origin
On-Server
X-Nginx-Cache-Key
Lfy
Magicmarker
IsBot
X-Micro-Cache
X-Matched-Rule
Is-Eu
Fastly-Backend-Name
X-Node-Id
Thinkindot-Control
Backend
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Variation
X-NX-Host
True-Client-Country-4JS
SD-X-WS
X-Varnish-Action
Server-Host
Content-Disposition
X-HS-Cache-Config
Warning
Cache-Cookie-Set-Lfrom
X-Debug-Cache-Store
X-Debug-Cache-Expiry
X-Device-Os
X-Instart-Isnd
X-Debug-Cache-Fetch
Kp-EeAlive
HA-Ipaddr
GW-Server
X-Fstrz
X-No-Session
X-Key
AKAMAI
X-Generation-Time
X-Fastly-Cache
X-Qloud-Router
Fastly-SSL
Heartbleed
Ha-Gx-Prefs
Cache-Cookie-Set-From
X-Eu-Site
Cache-Cookie-Set-Idcheck
X-Clientip
Fastly-Soc-X-Request-Id
Countrycode
Who
X-Amz-Meta-Surrogate-Control
RNT-Time
Pramga
X-Cache-ASPX
CDCHOST
X-Backend-State
X-Varnish-Authentication
X-Croise-Owner
RNT-Machine
Release
Server-Cache-Control
Version
X-C
X-Up
X-Core-Value
X-CGP
X-UnsetCookies
Pagetype
Server-Int
Server-Surrogate-Control
SS
X-Cluster-Node
X-Varnish-Url
Server-ID
REQUESTUUID
Apple-News-Services-Handled
X-F5-Cache
PFcat
X-Developers
X-Servername
X-Page-Type
X-MSEdge-Flight
X-MSEdge-Features
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Sedo-Request-Id
NGX
X-Pjax-Url
X-TrackingId
X-Dynatrace-Js-Agent
X-Cache-Miss-From
X-B3-Traceid
X-Store
RequestId
X-Newrelic-App-Data
X-Be
Esi-Enabled
X-Cache-CFC
X-EIG-Tracking-Id
X-Refresh
MI-API
X-Layer
X-RCS-CacheZone
MI-Cache-Age
MI-Cache
X-MI-In-Market
X-CDN-Forward
X-URL
X-Oss-Request-Id
X-SN
Time
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
SID
X-Oss-Server-Time
X-Oss-Object-Type
X-IPS-LoggedIn
MIME-Version
X-Ratelimit-Remaining
X-NC
X-B3-SpanId
HA-Geocity
HA-Georegion
HA-Geocountry
HA-Geolat
HA-Geolon
HA-Cloudapp
X-RequestId
HA-Urlpath
X-From-Cache
HA-Servedtime
X-Owner
HA-Host
Cdn
X-Mshield-Cache-Status
X-Mrs-Cache
X-Unique-Id-Primal
X-Mrs-Cache-Hits
X-Mrs-Age
X-Real-Ip
X-Servedbyhost
Cteonnt-Length
Mime-Version
Odigeo-Trace-Id
FastCGI-Cache
X-Geo
Backend-Name
X-Hyper-Cache
X-CMS-Context
PICS-Label
X-Ratelimit-Limit
X-Webkit-Csp
X-Webkit-CSP
X-CSRF-TOKEN
X-FPC
HTTPS
CF-IPCountry
X-CLOUD-TRACE-CONTEXT
X-Wa
X-WebServer
X-Edge-Server
Cdn-Host
Cdn-Request-Time
Memory
X-Instart-Info
X-Req
X-Phone
Processtime
X-B3-Spanid
Cf-Ipcountry
Hostname
X-Request-Start
CDN
X-WR-MODIFICATION
X-Aicache-OS
X-Release
GeoIP-Country-Code
X-DC
ProcessTime
X-Amzn-Remapped-Connection
Ohc-Response-Time
X-Load-Cache
X-Amzn-Remapped-Date
GeoIP-Latitude
X-HS-Combine-CSS
X-Pf-Uncompressing
X-Mobile-URL
X-Newrelic-Synthetics
XServer
X-VServer
X-NodeID
X-Atg-Version
Cross-Origin-Window-Policy
X-HTML-Minification-Powered-By
Rt-Proxy-Cache
X-Fastly-Country-Code
X-Varnish-Beresp-TTL
X-Varnish-Ttl
X-PF-Uncompressing
X-ND-Cache
X-Served-From
X-GZip
X-Server-W
T-Server
Accept-Ch-Lifetime
X-FORWARDED-FOR
X-Lb-Id
X-GoCache-CacheStatus
X-WA
X-Skip-Cache
URI
X-Nananana
X-Tb-Optimization-Total-Bytes-Saved
X-Oracle-Dms-Ecid
X-LB-ID
X-Unique-Id
X-MServer
X-Sn-Servicetimems
Pics-Label
X-VC-Cache
V-Age
X-CSRF-Token
X-COUNTRY
X-Cdn-Origin
Ohc-Cache-HIT
X-UPSTREAM-Address
X-SRV
X-APP
Proxy-Firewall
X-ServedByHost
X-Datadome
X-SVT-ORM-RULES
X-Worker
X-SVT-ORM-VERSION
X-Cms-Context
N-Cache
X-Gateway-Cache-Key
X-Gateway-Cache-Status
X-Gateway-Skip-Cache
Uber-Trace-Id
X-LiteSpeed-Cache-Control
A
X-UCC
X-P-T
Is-Session-Tracking
Get-Access-Time
X-Fastly-Cache-Hits
Amp-Access-Control-Allow-Source-Origin
X-SERVER-NAME
X-Check-Cacheable
X-CACHE-AGE
ServerName
DataCenter
X-HS-Status
X-Requestid
X-GZIP
X-Processor
X-RCS-Backend
X-NGINX-Cache
X-BE
X-Optimization
X-ID
Geoip-Latitude
X-Cache-HT
Dnion-Transfer-Encoding
X-Hp-Webp
X-Vg-Webcache
X-Backend-TTL
X-PAGE-TYPE
X-Org
GeoIp-Country-Code
X-PJAX-URL
X-Port
X-GDPR
X-Fe
WZWS-RAY
X-StackifyID
X-Vcache
Cneonction
X-Varnish-URL
Requestid
X-BBXSRF
X-Csrf-Token
X-NWS-UUID-VERIFY
Serverid
X-Via-SSL
X-HostName
Server-Id
RequestUuid
X-Dw-Trace-Id
X-ServerName
X-LiteSpeed-Tag
Cache-Provider
X-Via-Edge
X-Git-Hash
WP-Super-Cache
X-VCT
X-Amzn-Remapped-Content-Length
X-RAMCache
Host-ID
X-Fpc
X-Geo-Header
X-GeoIP-City
DSUID
X-Planisys-CDN-Cache
178proxuri
188prxHost
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Gdpr
Pragrma
X-Instance-Name
189phosttRef
219prxHost
Correlation-Id
Xxline
X-Request-Url
409pxxline
355prline
225prxHost
286prxHost
352pxline
X-CS