Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Request-Id
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
X-Runtime
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Adblock-Key
X-Check
Alt-Svc
X-Cacheable
X-Generator
Content-Security-Policy-Report-Only
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-Iinfo
X-Template
Status
X-Language
Timing-Allow-Origin
X-Buckets
X-Content-Security-Policy
Content-Encoding
X-CDN
X-Kinja-Server-Push
Xkey
X-Turbo-Charged-By
Upgrade
X-Type
Keep-Alive
Access-Control-Expose-Headers
WPE-Backend
X-Pass-Why
Access-Control-Max-Age
X-Backend
X-AH-Environment
CF-Ray
X-Age
X-Drupal-Dynamic-Cache
X-Server
X-Ua-Compatible
X-Cache-Group
X-Via
X-Request-ID
X-Proxy-Cache
Grace
X-Pingback
X-Nginx-Cache-Status
X-Server-Powered-By
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Hacker
X-UA-Device
X-Varnish-Cache
X-Page-Speed
EagleId
Request-Context
X-LiteSpeed-Cache
Cf-Railgun
X-Envoy-Upstream-Service-Time
X-CST
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Server-Id
X-Device
X-Amz-Version-Id
X-Ac
X-Node
Server-Timing
X-OneAgent-JS-Injection
Feature-Policy
X-Iejgwucgyu
X-Cnection
X-Response-Time
Allow
X-Rq
Content-Location
X-Cache-Lookup
X-Backend-Server
Report-To
EagleEye-TraceId
X-Readtime
Surrogate-Control
X-Host
X-Application-Context
Request-Id
X-ORACLE-DMS-ECID
X-Url
X-Rack-Cache
X-Origin-Cache
X-Clacks-Overhead
X-Country
NEL
X-FTR-Request-ID
Rating
X-Country-Code
X-Cloud-Trace-Context
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-DataDome
X-Instart-Request-ID
X-Px
X-Vhost
X-MS-InvokeApp
X-Mod-Pagespeed
Charset
X-Ruxit-JS-Agent
X-VARITI-CCR
Edge-Control
Accept-CH
X-Goog-Hash
X-GitHub-Request-Id
PB-RID
Arc-Version
X-Mobile-Rewrite
PB-PID
Verso
X-Varnish-TTL
X-ESI
X-DynaTrace
X-Version
X-PC
X-TtlSet
X-Vname
X-Server-Name
X-TTL
X-Cdn
X-Dns-Prefetch-Control
X-D2id
X-Powered-By-Plesk
Pinterest-Generated-By
X-Exp-Id
X-Exp-Variant
X-Kinja
X-Cdn-Fetch
X-Kinja-Build
X-Use-Magma
X-GoogleNews-Bot
X-Kinja-Server
X-Kinja-Revision
X-Cached
X-B3-TraceId
SPRequestGuid
X-Upstream-Env
X-Origin-Upstream-Status
X-Dispatcher
X-Powered-CMS
X-SharePointHealthScore
X-Abt-Application-Version
X-T
MS-Author-Via
X-Recruiting
Accept-CH-Lifetime
RTSS
X-Navigation-Version
X-Trace
Public-Key-Pins
X-Shield-Request-Id
X-Oracle-Dms-Rid
X-ORACLE-DMS-RID
Content-MD5
AR-CACHE
AR-ATIME
AR-PoweredBy
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Amz-Rid
SPRequestDuration
SPIisLatency
X-Fastly-Request-ID
X-HW
X-DIS-Request-ID
X-Client-IP
Realpath
Arr-Disable-Session-Affinity
X-Wix-Server-Artifact-Id
X-Accel-Buffering
X-Forwarded-Proto
X-F-Cache
X-Server-ID
X-B
X-DynaTrace-JS-Agent
X-Upstream
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Ser
X-Amz-Meta-S3cmd-Attrs
X-Via-JSL
Service-Worker-Allowed
X-Pinterest-Rid
Pinterest-Version
X-CACHE-GROUP
X-Id
X-Dw-Request-Base-Id
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-DC
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-Expires
X-Vcap-Request-Id
Paypal-Debug-Id
Front-End-Https
AR-Request-ID
X-Varnish-Age
X-Ttl
X-Debug
X-Goog-Storage-Class
X-Acc-Meta-Resource-Type
Nginx-Cache
X-MSEdge-Ref
Ar-Sid
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Kinsta-Cache
X-Hits
X-N
X-NF-Request-ID
X-XRDS-Location
X-NewRelic-App-Data
X-FTR-Cache-Host
X-Logged-In
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
MRF-Tech
X-Mrf-Section-Lastmod
Mrf-Cache-Status
S
X-Akam-SW-Version
X-Forwarded-For
X-Frontend
X-HS-Hub-Id
X-HS-Content-Id
X-Grace
X-PressLabs-Stats
Alternate-Protocol
X-User-Agent
Tracecode
X-DataStream-Cache-Status
X-Cache-Key
AMP-Access-Control-Allow-Source-Origin
X-Amzn-Trace-Id
DynaTrace
X-TA-CDN-Provider
X-FastCGI-Cache
X-Pad
Server-Name
X-Content-Digest
Refresh
X-Content-Options
Backend-Timing
X-Analytics
Fastcgi-Cache
MicrosoftSharePointTeamServices
Powered-By-ChinaCache
X-Az
X-AppVersion
X-Activity-Id
Access-Control-Request-Method
X-Zen-Fury
FilterID
Accept-Charset
X-LB-Cache
X-Page-Id
X-Rid
X-Middleton-Display
Display
X-Sol
MS-CV
X-IPLB-Instance
X-Content-Type
Host
X-CF-Powered-By
X-Debug-Info
TCN
X-Magnolia-Registration
ServerID
Response
TP-L2-Cache
TP-Cache
X-Middleton-Response
Cache-Status
X-ATG-Version
X-Cache-Hit
X-Mobile
X-Ruxit-Js-Agent
X-Fastcgi-Cache
X-Content-Powered-By
X-Srv
Surrogate-Key
X-Seen-By
X-VCache
X-WA-Info
X-Hostname
X-B3-Sampled
Rt-Fastcgi-Cache
X-RateLimit-Remaining
X-XRDS-LOCATION
X-Revision
X-Varnish-Backend
X-Request-Received
X-Request-Processing-Time
X-GUploader-UploadID
X-Cached-By
X-Cache-Age
X-B-Cache
X-Signature
X-SS-Set-Cookie
X-Cache-Action
VIX-Pulpo-Node
X-Cluster
VIX-Pulpo-Upstream-Status
X-Tumblr-User
X-Content-Security-Policy-Report-Only
X-Instance
X-Tumblr-Pixel
X-Tumblr-Pixel-0
Source
Cleartype
X-Request-Guid
X-Whom
X-PHP-Backend
X-Drupal-Cache-Tags
X-TT
X-Edge-Location
X-Framework
X-Handled-By
X-Akamai-Edgescape
X-Origin-Server
X-Platform-Server
X-App-Environment
ViewerVersion
X-Wix-Request-Id
Server-Info
Host-Header
X-Cache-Control
X-BCube-Filmed-By
X-NWS-LOG-UUID
X-Generated-By
DC
X-Cache-Rule
X-Varnish-Hostname
X-Cache-2
X-Amz-Apigw-Id
X-Amzn-RequestId
X-App-Server
X-AOL-HN
X-Geo-Country
X-Oneagent-Js-Injection
X-FW-Hash
Retry-After
X-FW-Static
X-FW-Serve
X-FW-Type
X-FW-Server
Server-Node
X-Varnish-Server
Eomportal-Instance
X-Real-IP
Fusion-Content-Id
Fusion-Component-Id
X-Correlation-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Source
X-FB-Debug
Payment
X-Device-Type
Webserver
Access-Control-Allow-Method
X-Response-Served-From
X-Amz-Server-Side-Encryption
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
Actual-Object-TTL
ServedBy
AsisCache
X-Varnish-Hits
X-TT-TIMESTAMP
Content-Script-Type
X-Region
Ms-Operation-Id
X-Varnish-Grace
X-WebKit-CSP-Report-Only
NGB
Filters
X-RTag
Content-Style-Type
GEO-INFO
X-TX-ID
X-Jobs
X-Servedby
Edge-Cache-Tag
Healthy
X-UUID
Viewport
X-Contextid
X-Cacheable-TTL
Upgrade-Insecure-Requests
X-Amz-Replication-Status
X-Varnish-IP
X-Locale
X-Drupal-Cache-Contexts
Cache
Country
X-Adobe-Content
X-Adobe-Loc
X-Accel-Expires
X-Rendered-As
Cache-Tv-Group
X-Cache-Config
X-UA-Device-Type
X-RequestSource
From-Origin
X-WPE-Loopback-Upstream-Addr
X-BACKEND-TTL
X-Cache-TTL-Remaining
HitType
X-Ezoic-Cdn
X-Cache-Server
X-VG-WebCache
X-Cache-Remote
X-Cache-TTL
X-Cache-Operation
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Pagespeed
Fastly-Restarts
Fastcgi-Useragent
X-Content-Age
X-APP-VERSION
X-Storage
Cache-Tags
X-FW-Dynamic
X-Hit
X-Upgrade-Enabled
X-Redis-Cache
X-S
X-Esi
X-Mode
X-Daa-Tunnel
X-RateLimit-Limit
Cache-Tag
X-App-Version
X-Source
NtCoent-Length
Served-By
X-Detected-As
X-Generated
X-Backend-Name
X-Cache-Var-Map
Load-Balancing
X-Cache-Var
X-Hl-Ver
X-Path-Route
X-RN-RSRV
X-Rule
Meta-Geo
Machine
X-NGENIX-Cache
X-Is-Bot
X-NCache
X-Internal-Host
SRV
X-Cache-NE
X-Hosted-By
X-FC-Vary-Parameters
X-Edge-IP
X-JoinUs
X-Labrador-Cache-Channel
X-GeoIP
X-Loop
X-BYPASS-REASON
X-Birta-Cache-Post
Datacenter
Origin-Cache-Control
Now
Origin-Edge-Control
Selected-FE
X-Proxy
Vix-Hermes-Req-Id
X-Birta-Served
X-Origin-Host
X-TNCMS
X-Web-Node
X-Timing-Wait
X-Status
X-Time-Microsecs
X-Tb
X-Pubstack
X-Www-Served-By
X-Origin-Response-Time
X-Akamai-Request-ID
X-Proxy-Build
X-ProxyCache-Status
X-ProxyCache-Key
Cache-Key
Cache-Name
X-Cache-Category-Id
X-Viewer-Country
X-ApacheServer
X-Environment-Context
X-Pc-Appver
X-L-Path
X-Pc-Hit
X-Pc-Key
X-PERF
X-IP
X-Human
X-ProcessESI
X-ServerID
X-Grey
X-RemovedCookies
X-CDN-Cache
X-Via-Fastly
X-PCL
S-Rt
X-Varnish-Cache-Hits
X-Site-Version
DB-Nickname
X-OCL
X-Guploader-Uploadid
X-Debug-Cache
X-Akamai-Transformed
X-CCM
X-Varnish-Cacheable
Public-Key-Pins-Report-Only
X-Xfnlog-Site
X-VG-TLSProxy
X-Agile-Age
X-Proxied
X-Original-Request
X-MP-GENERATED-AT
X-Agile-Id
X-Zipkin-Id
We-Hiring
X-Agile
X-Routing-Service
Azure-InstanceId
Azure-RegionName
X-Format
Mail-Subject
Azure-Version
Azure-SiteName
Azure-SlotName
X-Origin
X-Origin-Hint
X-Access
X-Section
X-Cache-Enabled
Webcakes-Region
Xserver
TWC-Locale-Group
TWC-Connection-Speed
Property-Id
TWC-Device-Class
TWC-GeoIP-Country
TWC-Privacy
TWC-GeoIP-LatLong
Webcakes-App-Name
Webcakes-App-Version
X-App-Name
X-UA
Fastcgi-X-Cache-Version
X-Ocache
X-Sucuri-ID
User-Cache-Control
S-Cnection
Access-Control-Request-Headers
X-Microcachable
Liferay-Portal
X-Upstream-Proxy
X-Protected-By
X-EdgeConnect-Cache-Status
X-Cdn-Forward
X-Request-Time
X-CACHE-KEY
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-FW-Version
X-Tumblr-Pixel-3
X-Nginx-Cache
X-Webstats-RespID
User-Agent
X-GEO
X-GRACE
X-Proto
X-Origin-CC
X-FB-TRIP-ID
X-Trace-Id
X-Yottaa-Metrics
PageSpeed
LB
X-Yottaa-Optimizations
X-Node-Name
Cache-Hits
Ohc-File-Size
X-Correlation-ID
Powered
X-Upstream-HT
X-Upstream-CT
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-ES-SERVER
X-Varnish-Beresp-Ttl
X-Forwarded-Host
X-Endurance-Cache-Level
X-Nc
Frame-Options
X-Cache-Backend
X-Pc-Date
X-ElasticPress-Search
X-Pc-Host
X-Unique-ID
L5d-Success-Class
X-B3-Traceid
X-OVcl-Cache
X-OVcl
X-TIME
AR-SID
X-Edge-Cache-Key
IBM-Web2-Location
X-V
X-Edge-Cache
Section-Io-Cache
X-Rocket-Nginx-Bypass
X-Origin-TTL
X-Ua
X-Parent-Response-Time
X-Vgn-Hpd-Reason
OT-Force-Account-Verify
X-Pc-Subdomain
X-Server-Cache
Nel
X-Time
X-Dynatrace-Js-Agent
X-LI-Proto
X-Origin-Expires
X-LI-UUID
X-CF-Lambda-Version
X-Origin-Date
X-Cdn-Srv
X-Li-Pop
Mobile-Detection-Method
X-Cache-URL
X-NU-AKA-ACS-Version
X-Micro-Cache
Node
X-CF-Lambda-Fn
X-IN-SSL-APIGATEWAY
Fly-Request-Id
X-Gen-Mode
GMS-Ver
Fly-Cache
Fastly-SWR
Fastly-SIE
X-Generated-In
MD5-Digest
X-From
X-Developer
X-Destination
X-Date
X-Distil-CS
X-DPWN-IS-SECURE
X-Fetched-On
X-External-Request-Id
Memcached
X-Goog-Meta-Goog-Reserved-File-Mtime
BehaviorPad-Version
X-IN-WAF
X-IN-APIGATEWAY
X-Info
Arc-Country
Meta-Geo-Continent
X-Irp-Debug
Cache-Prefix
X-Hnp-Log
Decoy-Debug-TTL
Ec-Rule-Version
Decoy-Debug-Status
Decoy-Debug-Key
X-Connection-Hash
Country-Code
X-Li-Fabric
X-PHP-Host
X-B-Cookie
X-Cache-Info
Resin-Trace
X-Auto-Login
X-ARC
X-ServiceProvider
X-Trv-Group
X-Rewrite-Enabled
X-BB-ID
Rendered-Blocks
VivaBuild
Fastcgi-X-Cache
X-Application
X-User
Xc-Version
X-We-Are-Hiring
X-Request-UUID
X-Region-Sid
X-Reboot
Www
X-Rebelmouse-Surrogate-Control
Viewtype
X-Aed
X-Server-Group
X-Rebelmouse-Cache-Control
X-Transaction
X-VG-WebServer
X-Cache-FS-Status
X-SRCache-Key
CACHE
X-Accel-Expires-Debug
X-Cache-Id
X-TT-LOGID
X-PAYTM-SRV-ID
Powered-By
X-S-Maxage
X-Twitter-Response-Tags
X-Server-By
X-Rojux
X-Block-Status
X-S-Cookie
X-Cache-Bucket
X-ScT
X-Dc
X-VWS-Id
X-R9-Blue-Green-Version
X-LJ-Flow-ID
X-AWS-Id
X-Crawler
X-CUA
X-D
X-Core-Mission
X-A-Wwc
X-A-Dgt
X-Backend-Host
X-Cache-Debug
X-Debug-Cookies
X-Cache-Expires
X-Cache-Grace
X-Cache-Host
X-A-Dcw
X-Bip
X-Backend-Url
X-A-Ccd
X-A-Dam
X-A
X-Alternate-Cache-Key
X-Amz-Meta-Cache-Control
Web-Mar-Node
X-Actual-URL
X-Passed-To-BeforeDispatch
X-Thinkindot-L3
X-Thanos
X-Wikidot-Static-Cache
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Swa-Ws
X-Svr
X-Sf
X-Proxy-Cache-Status
X-Proxy-Upstream
X-Server-Time
X-Server-IP
X-Wikidot-Backend
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-UE-Client-Country
X-Returned-From-PostProcessResponse
X-Returned-From
X-Response-By
X-Varnish-Action
X-Variation
X-Var-Ttl
X-Request-URI
X-Stale
X-Sorting-Hat-ShopId
X-Level-Front-Cache
X-Hash
X-Location
X-Logtrace-Id
X-Matched-Rule
X-Generated-On
X-G
X-Died
X-Dispatcher-Server
X-Fastly-Cache
X-FireWall-Port
X-Nginx-Cache-Key
X-Node-Id
X-Shopify-Stage
X-ShopId
X-ShardId
X-Sorting-Hat-PodId
X-Policy
X-SIPLIST1
X-NX-Host
X-Passed-To
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Debug-Log
Thinkindot-CacheControl
Origin
X-Via-NSCOPI
Mn-Server-Ip
Platform
Ajk
Adler-Geo
Proxy-Connection
Backend
Magicmarker
Is-Eu
HostName
Fastly-Backend-Name
X-Via-CDN
Content-Disposition
Lfy
IsBot
Request-Time
On-Server
Thinkindot-Control
Thinkindot-CacheControl-Type
True-Client-Country-4JS
Server-Host
X-HS-Cache-Config
X-Sucuri-Cache
Warning
X-No-Session
GW-Server
CDCHOST
Cache-Cookie-Set-Lfrom
X-Fstrz
Who
X-Croise-Owner
Cache-Cookie-Set-Idcheck
Kp-EeAlive
Heartbleed
X-Device-Os
X-Eu-Site
Fastly-SSL
X-SERVER
X-Gannett-Site-Version
X-Secret
Fastly-Soc-X-Request-Id
X-Distributor
HA-Ipaddr
X-Core-Value
X-Generation-Time
Ha-Gx-Prefs
Countrycode
X-C
X-Clientip
Pramga
X-Varnish-Authentication
X-LAGOON
X-Key
X-Cache-ASPX
Server-Cache-Control
RNT-Machine
RNT-Time
X-Backend-State
Release
SD-X-WS
SS
Pagetype
Server-Surrogate-Control
X-CGP
X-Qloud-Router
Cache-Cookie-Set-From
Server-Int
X-UnsetCookies
AKAMAI
X-Cluster-Node
X-Platform
X-Instart-Isnd
Version
X-Page-Type
X-GeoIP-Country-Code
X-Debug-Cache-Expiry
X-Up
X-MSEdge-Features
X-Debug-Cache-Fetch
X-F5-Cache
REQUESTUUID
X-Amz-Meta-Surrogate-Control
X-Developers
X-Debug-Cache-Store
X-MSEdge-Flight
X-Epic-Correlation-Id
Apple-News-Services-Host
PFcat
Apple-News-Services-Handled
X-Varnish-Url
X-Pjax-Url
Server-ID
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Sedo-Request-Id
NGX
X-Cache-Miss-From
X-TrackingId
X-Servername
X-EIG-Tracking-Id
X-Be
RequestId
X-Ratelimit-Remaining
X-Refresh
X-CDN-Forward
X-Newrelic-App-Data
Esi-Enabled
X-Store
X-Cache-CFC
MIME-Version
X-NC
X-RCS-CacheZone
SID
X-MI-In-Market
X-Layer
MI-Cache
MI-API
MI-Cache-Age
X-URL
X-B3-SpanId
X-IPS-LoggedIn
Time
X-From-Cache
X-Oss-Server-Time
X-Oss-Storage-Class
X-SN
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
HA-Cloudapp
X-RequestId
PICS-Label
HA-Geocountry
HA-Geolat
HA-Host
HA-Georegion
HA-Urlpath
HA-Geolon
HA-Servedtime
HA-Geocity
X-Owner
X-Mshield-Cache-Status
X-Mrs-Age
X-Unique-Id-Primal
X-Mrs-Cache
X-Real-Ip
X-Mrs-Cache-Hits
X-Geo
Cdn
X-Ratelimit-Limit
Cteonnt-Length
X-Hyper-Cache
Odigeo-Trace-Id
X-FPC
X-Servedbyhost
FastCGI-Cache
Mime-Version
X-CMS-Context
Backend-Name
HTTPS
CF-IPCountry
Hostname
Cdn-Host
Cdn-Request-Time
X-Varnish-Ttl
X-Webkit-Csp
X-Req
X-CSRF-TOKEN
Processtime
X-Webkit-CSP
X-Edge-Server
X-CLOUD-TRACE-CONTEXT
Memory
X-Instart-Info
CDN
X-WebServer
X-Phone
X-B3-Spanid
Cf-Ipcountry
X-Request-Start
Ohc-Response-Time
X-Wa
X-WR-MODIFICATION
XServer
X-Pf-Uncompressing
X-Aicache-OS
X-Mobile-URL
X-DC
X-Amzn-Remapped-Connection
X-HS-Combine-CSS
X-Release
X-Newrelic-Synthetics
X-Load-Cache
GeoIP-Country-Code
X-Amzn-Remapped-Date
ProcessTime
X-GZip
X-NodeID
GeoIP-Latitude
X-VServer
Cross-Origin-Window-Policy
X-Lb-Id
X-HTML-Minification-Powered-By
X-Atg-Version
X-WA
X-Skip-Cache
Rt-Proxy-Cache
X-Varnish-Beresp-TTL
X-Server-W
X-Served-From
X-Fastly-Country-Code
X-PF-Uncompressing
X-ND-Cache
Accept-Ch-Lifetime
URI
T-Server
X-GoCache-CacheStatus
X-FORWARDED-FOR
Ohc-Cache-HIT
X-Unique-Id
X-Tb-Optimization-Total-Bytes-Saved
X-VC-Cache
X-Oracle-Dms-Ecid
X-Nananana
Amp-Access-Control-Allow-Source-Origin
X-COUNTRY
X-Sn-Servicetimems
V-Age
X-MServer
X-Cdn-Origin
X-LB-ID
X-ServedByHost
X-Cms-Context
X-CSRF-Token
X-APP
X-Datadome
Pics-Label
X-Gateway-Cache-Key
X-UCC
Uber-Trace-Id
X-Gateway-Cache-Status
X-Worker
X-UPSTREAM-Address
X-Gateway-Skip-Cache
X-SRV
X-SVT-ORM-VERSION
N-Cache
Proxy-Firewall
X-SVT-ORM-RULES
DataCenter
X-LiteSpeed-Cache-Control
A
X-P-T
Get-Access-Time
X-Fastly-Cache-Hits
Is-Session-Tracking
X-SERVER-NAME
X-Requestid
X-HS-Status
ServerName
X-Check-Cacheable
X-CACHE-AGE
X-Processor
X-NGINX-Cache
X-GZIP
X-BBXSRF
X-RCS-Backend
X-Hp-Webp
X-BE
Dnion-Transfer-Encoding
X-Cache-HT
X-ID
X-HostName
Geoip-Latitude
X-Optimization
X-Backend-TTL
X-Vg-Webcache
X-StackifyID
X-Fe
X-PJAX-URL
X-PAGE-TYPE
X-Port
X-Csrf-Token
X-GDPR
WZWS-RAY
GeoIp-Country-Code
Requestid
X-Varnish-URL
Cneonction
Server-Id
X-Org
Serverid
X-NWS-UUID-VERIFY
X-Git-Hash
X-VCT
X-GeoIP-City
X-LiteSpeed-Tag
X-ServerName
X-Via-SSL
X-Via-Edge
WP-Super-Cache
X-Geo-Header
X-Dw-Trace-Id
X-Amzn-Remapped-Content-Length
Cache-Provider
Host-ID
RequestUuid
X-Fastly-Backend-Reqs
X-RAMCache
X-Request-Url
189phosttRef
219prxHost
225prxHost
188prxHost
178proxuri
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
DSUID
286prxHost
352pxline
Correlation-Id
X-Gdpr
Pragrma
X-Instance-Name
Xxline
355prline
409pxxline
X-Planisys-CDN-Cache
X-CS