Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
X-Request-Id
Access-Control-Allow-Methods
X-Xss-Protection
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
X-Request-ID
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-AspNetMvc-Version
Status
X-Cache-Status
X-Adblock-Key
Timing-Allow-Origin
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
X-Template
Content-Encoding
X-Language
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
Keep-Alive
X-Buckets
Xkey
X-Backend
X-Cache-Group
WPE-Backend
X-AH-Environment
Access-Control-Max-Age
X-Pass-Why
X-Age
CF-Ray
X-Server
X-POWERED-BY
Upgrade
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Pingback
X-Drupal-Dynamic-Cache
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Grace
X-Hacker
X-Amz-Id-2
X-Amz-Request-Id
X-UA-Device
Ali-Swift-Global-Savetime
X-Robots-Tag
P3p
Cf-Railgun
X-LiteSpeed-Cache
X-Envoy-Upstream-Service-Time
X-Proxy-Cache
X-Ua-Compatible
X-Page-Speed
Request-Context
Content-Location
X-Device
X-Ac
X-Node
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cnection
X-Host
X-Cache-Lookup
X-Server-Id
X-Amz-Version-Id
Surrogate-Control
X-WebKit-CSP
X-Backend-Server
X-Rack-Cache
X-Rq
X-Response-Time
X-Application-Context
X-Readtime
X-CST
X-Dns-Prefetch-Control
EagleEye-TraceId
Pinterest-Generated-By
Server-Timing
X-Url
X-Cloud-Trace-Context
X-TTL
X-Instart-Request-ID
Request-Id
X-OneAgent-JS-Injection
X-Px
Report-To
X-Country
X-ORACLE-DMS-ECID
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Feature-Policy
Rating
Edge-Control
Allow
X-Country-Code
X-DynaTrace-JS-Agent
Charset
X-DataDome
X-ESI
X-Server-Name
X-Powered-CMS
X-FTR-Request-ID
X-PC
X-Vname
X-TtlSet
X-Origin-Cache
X-DynaTrace
NEL
X-MS-InvokeApp
X-ORACLE-DMS-RID
X-Goog-Hash
X-Recruiting
X-Varnish-TTL
X-Cached
X-VARITI-CCR
X-Vhost
Content-MD5
X-GitHub-Request-Id
RTSS
X-Version
X-F-Cache
X-Geo-Segment
X-Kinja
X-GoogleNews-Bot
X-Kinja-Build
X-Exp-Id
X-Exp-Variant
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja-Server
X-Powered-By-Plesk
Public-Key-Pins
X-CF-Powered-By
PB-RID
Pinterest-Version
PB-PID
X-Upstream-Env
X-Pinterest-Rid
X-Mod-Pagespeed
X-Mobile-Rewrite
Arc-Version
Verso
SPRequestGuid
X-Client-IP
Accept-CH
X-D2id
X-Abt-Application-Version
MS-Author-Via
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-N
AR-ATIME
AR-PoweredBy
X-Dispatcher
X-SharePointHealthScore
Permitted-Cross-Domain-Policies
X-HeyJason
X-Do-Not-Hack
AR-CACHE
X-Amz-Rid
X-Navigation-Version
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-T
Nginx-Cache
DynaTrace
Accept-CH-Lifetime
Paypal-Debug-Id
X-Dw-Request-Base-Id
X-Trace
X-Fastly-Request-ID
X-Upstream
Arr-Disable-Session-Affinity
X-Varnish-Age
X-Hits
TCN
X-Amz-Meta-S3cmd-Attrs
X-Grace
X-Origin-Upstream-Status
X-Forwarded-Proto
X-Id
X-Shield-Request-Id
X-DIS-Request-ID
X-Pad
X-FastCGI-Cache
SPRequestDuration
SPIisLatency
X-XRDS-Location
X-Cache-Hit
X-Content-Options
X-Logged-In
X-Content-Digest
X-IPLB-Instance
Realpath
X-Kinsta-Cache
Access-Control-Request-Method
X-Acc-Meta-Resource-Type
MRF-Tech
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-NF-Request-ID
Mrf-Cache-Status
X-B
AR-SID
X-Ruxit-JS-Agent
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Generation
X-SS-Set-Cookie
X-Vcap-Request-Id
X-HW
S
X-MSEdge-Ref
X-Debug
X-Ser
Service-Worker-Allowed
Server-Name
X-FTR-DC
X-PressLabs-Stats
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Backend
X-FTR-Balancer
X-Frontend
X-NewRelic-App-Data
X-Server-ID
Tracecode
X-Oneagent-Js-Injection
X-FTR-Expires
X-Wix-Server-Artifact-Id
Fastcgi-Cache
Rt-Fastcgi-Cache
Eomportal-Instance
AMP-Access-Control-Allow-Source-Origin
Alternate-Protocol
Surrogate-Key
Cleartype
X-Cache-Key
X-Cache-Rule
X-Forwarded-For
Cache-Status
X-NWS-LOG-UUID
X-Srv
X-GUploader-UploadID
X-HS-Content-Id
X-HS-Hub-Id
X-Analytics
Backend-Timing
X-VCache
Host
X-User-Agent
X-Revision
TP-Cache
TP-L2-Cache
FilterID
X-Rid
X-Whom
X-FTR-Cache-Host
X-Debug-Info
Fastly-Restarts
Public-Key-Pins-Report-Only
X-AOL-HN
X-Akam-SW-Version
X-Cache-2
X-Via-JSL
ServerID
X-Varnish-Backend
X-RateLimit-Remaining
X-Content-Powered-By
X-Webkit-CSP
X-Request-Processing-Time
X-Request-Received
X-Cdn
X-Kinja-Server-Push
Viewport
Accept-Charset
X-Zen-Fury
X-Accel-Buffering
X-Ttl
X-Oracle-Dms-Rid
X-Mobile
Front-End-Https
X-WPE-Loopback-Upstream-Addr
X-Cached-By
X-Node-Name
Liferay-Portal
X-App-Environment
X-LB-Cache
X-Cluster
X-Magnolia-Registration
X-Cache-Control
X-Hostname
X-Tumblr-User
X-Varnish-Hostname
X-Page-Id
Host-Header
X-Content-Security-Policy-Report-Only
X-Tumblr-Pixel-0
X-Tumblr-Pixel
Cache-Tag
X-Handled-By
X-Framework
X-Device-Type
X-TT
X-B3-Sampled
X-Request-Guid
X-Akamai-Edgescape
Upgrade-Insecure-Requests
X-BCube-Filmed-By
X-B-Cache
X-FB-Debug
X-Signature
X-Instance
X-Platform-Server
DC
X-TA-CDN-Provider
X-Cache-Server
Server-Node
X-Origin-Server
X-TT-TIMESTAMP
X-XRDS-LOCATION
X-B3-Traceid
X-Correlation-Id
Source
MicrosoftSharePointTeamServices
Retry-After
X-WA-Info
X-Servedby
X-Accel-Expires
X-Contextid
HitInfo
HitType
Server-Info
X-Amzn-Trace-Id
X-Cache-Action
X-Varnish-Server
X-Cache-Operation
X-Distil-CS
X-Port
X-Middleton-Display
Display
X-Daa-Tunnel
X-Sol
X-Fastcgi-Cache
X-Geo-Country
X-Edge-Location
X-Generated-By
Content-Script-Type
AsisCache
Content-Style-Type
X-Amz-Replication-Status
Webserver
X-GeoIP
X-TX-ID
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-RequestSource
X-APP-VERSION
X-Hyper-Cache
GEO-INFO
X-S
X-WebKit-CSP-Report-Only
X-Status
Actual-Object-TTL
X-Seen-By
X-Wix-Request-Id
ServedBy
X-Locale
X-FW-Type
X-Edge-Cache-Key
X-Jobs
X-Edge-Cache
Healthy
X-FW-Static
X-Varnish-Hits
X-UUID
X-FW-Hash
X-FW-Serve
X-FW-Server
X-Response-Served-From
X-Drupal-Cache-Tags
User-Agent
X-DataStream-Cache-Status
X-Adobe-Loc
X-Region
X-Adobe-Content
SRV
X-Varnish-Grace
Filters
S-Cnection
X-Amz-Server-Side-Encryption
Refresh
NGB
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Cache-Age
X-Proxied
X-Cache-TTL-Remaining
IBM-Web2-Location
X-Esi
Response
AR-Request-ID
X-Middleton-Response
X-AppVersion
X-Az
X-App-Server
X-Activity-Id
X-Pc-Hit
X-Pc-Key
X-Pc-Appver
X-Cache-Remote
X-Newrelic-App-Data
X-CDN-Forward
X-Cache-NE
X-Content-Type
X-Ruxit-Js-Agent
X-Webkit-Csp
Cache
Payment
X-Cacheable-TTL
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Unique-ID
X-Cache-TTL
X-ATG-Version
Datacenter
X-Correlation-ID
X-Vg-Webcache
Country
X-UA
Served-By
Edge-Cache-Tag
X-HS-Cache-Config
X-Mode
X-Akamai-Transformed
X-Detected-As
X-Is-Bot
Meta-Geo
Load-Balancing
X-Sucuri-ID
X-Rendered-As
X-ProcessESI
Machine
X-RemovedCookies
X-RN-RSRV
User-Cache-Control
X-ProxyCache-Status
X-BYPASS-REASON
X-Source
X-Proxy
X-ProxyCache-Key
X-FC-Vary-Parameters
X-Rocket-Nginx-Bypass
X-PCL
X-OCL
HostName
L5d-Success-Class
Cache-Name
Cache-Key
Backend
X-Origin-Hint
Access-Control-Allow-Method
X-Origin
TWC-Locale-Group
TWC-Privacy
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-PERF
X-Cache-Category-Id
Webcakes-App-Name
X-BB-IP
X-Amz-Meta-Surrogate-Control
X-ApacheServer
Webcakes-Region
Webcakes-App-Version
X-Backend-Name
TWC-Device-Class
TWC-Connection-Speed
Now
X-Viewer-Country
Mn-Server-Ip
X-Varnish-IP
X-Tb
X-Varnish-Cacheable
X-Human
X-Hosted-By
X-Cache-Config
Property-Id
X-Debug-Cache
X-EIG-Tracking-Id
X-Grey
X-ServerID
DB-Nickname
X-OVcl
Access-Control-Request-Headers
Azure-InstanceId
X-Original-Request
X-Upgrade-Enabled
X-Routing-Service
S-Rt
X-Varnish-Cache-Hits
Azure-RegionName
Azure-SiteName
X-Site-Version
X-Section
X-Pubstack
X-OVcl-Cache
X-TNCMS
Azure-SlotName
Azure-Version
X-Via-Fastly
ServerName
X-Access
X-JoinUs
X-Generated
X-Format
X-Environment-Context
X-CDN-Cache
X-CCM
X-Hit
X-L-Path
X-NodeID
X-Loop
X-Zipkin-Id
X-NGENIX-Cache
X-Ocache
Selected-FE
X-App-Name
X-Proxy-Build
X-Agile-Age
X-LJ-Flow-ID
X-Agile-Id
X-IP
X-Timing-Wait
X-Agile
X-Storage
X-TWH-CORRELATION-ID
X-VWS-Id
X-Www-Served-By
X-AWS-Id
X-Rule
X-SplitTest
X-Xfnlog-Site
X-Drupal-Cache-Contexts
X-Origin-CC
X-HS-Combine-CSS
X-URL
X-Cache-Var-Map
X-Real-IP
X-Pc-Host
X-Cache-Var
X-Pc-Date
X-Akamai-Request-ID
X-RateLimit-Limit
X-Upstream-HT
X-Upstream-CT
X-Vgn-Hpd-Reason
X-Time-Microsecs
OT-Force-Account-Verify
X-Litespeed-Cache
X-UA-Device-Type
From-Origin
X-Nginx-Cache
X-Mrs-Age
X-Mshield-Cache-Status
X-Mrs-Cache-Hits
X-Mrs-Cache
X-NCache
X-PHP-Backend
XServer
X-Internal-Host
X-NC
X-Microcachable
Fastcgi-X-Cache
Fastcgi-X-Cache-Version
X-Feature
Fastcgi-Useragent
X-Forwarded-Host
X-Distributor
X-Release
Fastly-SSL
X-M-Log
X-M-Reqid
X-Amz-Apigw-Id
X-Qnm-Cache
X-Amzn-RequestId
LB
Ar-Sid
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Ms-Lease-Status
X-Ms-Request-Id
X-Ms-Version
X-Ms-Blob-Type
X-Birta-Served
Powered-By-ChinaCache
Pagespeed
X-Birta-Cache-Post
X-Cache-Backend
X-Connection-Hash
Pagetype
X-Transaction
NtCoent-Length
X-App-Version
X-Twitter-Response-Tags
X-Labrador-Cache-Channel
X-EdgeConnect-Cache-Status
X-Ah-Environment
X-V
X-VG-TLSProxy
X-B3-Spanid
X-Instance-Name
Frame-Options
X-Varnish-Beresp-Ttl
X-GZip
X-Web-Node
MIME-Version
X-C
Time
X-SERVER-NAME
Fly-Request-Id
Fly-Cache
Ec-Rule-Version
X-Hnp-Log
Arc-Country
X-No-Session
X-Generation-Time
X-NU-AKA-ACS-Version
X-Cache-Bucket
X-Org
Ajk
X-Logtrace-Id
X-IN-WAF
X-IN-SSL-APIGATEWAY
X-Irp-Debug
Cache-Prefix
BehaviorPad-Version
X-IN-APIGATEWAY
X-DPWN-IS-SECURE
X-A-Ccd
X-A-Dam
X-A-Dcw
X-A
Www
Viewtype
VivaBuild
Web-Mar-Node
X-A-Dgt
X-A-Wwc
X-B-Cookie
X-BB-ID
X-Block-Status
X-ARC
X-Application
X-Accel-Expires-Debug
X-CF-Lambda-Version
X-CF-Lambda-Fn
V-Age
X-CS
MD5-Digest
Meta-Geo-Continent
NGX
IsBot
X-From
X-Gen-Mode
X-G
Host-ID
X-Dispatcher-Server
X-Died
T-Server
X-D
X-CUA
X-Date
Server-Int
Rendered-Blocks
X-Developer
X-Destination
X-Generated-In
AKAMAI
X-Rewrite-Enabled
X-Rojux
X-S-Cookie
Xc-Version
X-SIPLIST1
X-UE-Client-Country
X-WebServer
X-VG-WebServer
X-Trv-Group
X-Redis-Cache
X-Region-Sid
X-Request-URI
X-ScT
X-Server-By
X-Server-Time
X-SRCache-Key
X-Via-CDN
X-Via-Edge
X-PAYTM-SRV-ID
X-Via-SSL
X-HOST
X-NWS-UUID-VERIFY
X-FireWall-Port
Cneonction
HA-Host
X-External-Request-Id
X-Eu-Site
HA-Ipaddr
Ha-Gx-Prefs
HA-Geolon
HA-Georegion
NodeID
HA-Servedtime
Magicmarker
Kp-EeAlive
X-RateLimit-Remaining-Second
X-F5-Cache
HA-Urlpath
MI-Cache-Age
MI-Cache
MI-API
X-Fastly-Cache
Pragrma
X-Crawler
X-Core-Value
Cteonnt-Length
True-Client-Country-4JS
SN
X-CGP
X-Sf
X-Cache-Enabled
X-ServiceProvider
X-Amz-Meta-Cache-Control
X-S-Maxage
X-Debug-Cookies
Server-Host
HA-Geolat
Proxy-Connection
X-ElasticPress-Search
Origin-Edge-Control
Origin-Cache-Control
Release
X-Request-UUID
X-Debug-Log
Request-Time
Request-EU
Request-Country
On-Server
X-RCS-CacheZone
X-VServer
X-Layer
X-MI-In-Market
X-We-Are-Hiring
HA-Geocountry
X-Key
Backend-Name
X-HTML-Minification-Powered-By
X-Varnish-Action
CDCHOST
Cache-Tags
X-Powered-By-ANYU
WZWS-RAY
X-NX-Host
Mobile-Detection-Method
X-Origin-TTL
X-Owner
X-Node-Id
X-Cache-CFC
X-Wikidot-Backend
X-Platform
X-Wikidot-Static-Cache
X-Phone
Country-Code
X-Sucuri-Cache
Esi-Enabled
X-UnsetCookies
X-Hl-Ver
X-GeoIP-City
X-RateLimit-Limit-Second
HA-Geocity
HA-Cloudapp
Decoy-Debug-Key
GMS-Ver
Decoy-Debug-Status
X-Var-Ttl
Decoy-Debug-TTL
X-Csrf-Token
X-Webstats-RespID
X-ShardId
X-Tumblr-Pixel-3
X-Ckpd-Fst-Backend
X-Worker
X-TT-LOGID
X-Skip-Cache
X-Content-Age
X-Clientip
X-Gannett-Site-Version
X-Shopify-Stage
X-ShopId
X-Passed-To-DLL
X-Cache-Host
X-Cache-Srv
X-Cache-Expires
X-Server-IP
X-Passed-To
X-Cache-URL
X-Secret
X-Cdn-Srv
X-Cdn-Origin
X-Passed-To-PostProcessResponse
X-Passed-To-BeforeDispatch
X-VCT
X-Returned-From-PostProcessResponse
X-MSEdge-Features
X-GeoIP-Country-Code
X-Device-Os
X-Developers
X-Thinkindot-L3
X-Response-By
X-Hash
X-Matched-Rule
X-Reboot
X-Epic-Correlation-Id
X-Request-Time
X-Trace-Id
X-Location
X-Fetched-On
X-Up
X-Variation
X-FW-Version
X-Croise-Owner
X-Sorting-Hat-ShopId
X-Nginx-Cache-Key
X-Sorting-Hat-PodId
X-Fstrz
X-Returned-From-DLL
X-Swa-Ws
X-Returned-From
X-MSEdge-Flight
X-Stale
X-Returned-From-BeforeDispatch
X-Sn-Servicetimems
Uber-Trace-Id
RNT-Time
RNT-Machine
Countrycode
Section-Io-Cache
Thinkindot-CacheControl
Thinkindot-Control
Thinkindot-CacheControl-Type
Fastly-Backend-Name
Platform
Odigeo-Trace-Id
Is-Eu
Heartbleed
Origin
PFcat
Apple-News-Services-Request-Url
PageSpeed
X-Oss-Storage-Class
Server-ID
Apple-News-Services-Handled
X-Oss-Hash-Crc64ecma
X-Backend-State
X-Oss-Server-Time
X-Alternate-Cache-Key
Adler-Geo
X-Actual-URL
X-Backend-TTL
X-Backend-Url
Apple-News-Services-Parsed-Url
X-Oss-Request-Id
X-Oss-Object-Type
Apple-News-Services-Host
X-Backend-Host
X-Ua
X-Iejgwucgyu
X-Core-Mission
HTTPS
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
Content-Disposition
Fastly-SWR
X-Store
Fastly-SIE
Resin-Trace
Sid
X-GEO
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
ProcessTime
X-Real-Ip
X-Policy
X-Alicdn-Da-Ups-Status
X-Servername
X-CACHE-AGE
X-B3-TraceId
X-Ezoic-Cdn
Xserver
Powered
RequestId
CDN
REQUESTUUID
WP-Super-Cache
X-Servedbyhost
Warning
X-Cluster-Node
X-Atg-Version
X-Cache-ASPX
X-Pf-Uncompressing
X-Proto
X-Refresh
X-TIME
X-Dc
Dnion-Transfer-Encoding
X-GoCache-CacheStatus
Mail-Subject
We-Hiring
CF-IPCountry
NODE
X-Guploader-Uploadid
ViewerVersion
X-Pjax-Url
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
X-Req
X-DC
X-Endurance-Cache-Level
X-Varnish-Ttl
X-Nc
NnCoection
X-Newrelic-Synthetics
X-Origin-Date
X-Surge-Debug
X-Page-Type
X-Origin-Expires
X-GRACE
X-CLOUD-TRACE-CONTEXT
X-HCF
X-Server-W
X-Time
X-Edge-IP
X-COUNTRY
X-Cache-Control-Set-By
X-Varnish-HitMiss
Hostname
Geoip-Latitude
X-Aed
GeoIp-Country-Code
X-Oracle-Dms-Ecid
SD-X-WS
X-Ms-Lease-State
WWW-Authenticate
X-Server-Group
Pramga
X-Cdn-Forward
CACHE
Processtime
Geoip-City
TSSecure
A
X-Varnish-Url
X-CSRF-Token
PICS-Label
X-Wix-Route-ID
MS-CV
X-Varnish-Beresp-TTL
X-Wa
X-Datadome
X-DataStream-MidMile-RTT
X-Aicache-OS
X-Varnish-URL
Cdn
X-DataStream-Origin-MEX-Latency
X-Hello
X-ABtesting
X-Flog
Dont-Set-Cookie
Mime-Version
X-Gdpr
X-Akamai-Request-ID2
Cdn-Request-Time
X-WA
Node
Cdn-Host
X-From-Cache
X-Edge-Server
X-CACHE-KEY
Lfy
Lb
X-Auto-Login
X-Nananana
X-Use-Magma
PageType
DataCenter
X-Ratelimit-Limit
FSS-Cache
GeoIP-Latitude
GeoIP-Country-Code
COMMERCE-SERVER-SOFTWARE
X-Geo
FSS-Proxy
X-UPSTREAM-Address
X-RTag
Ms-Operation-Id
X-FORWARDED-FOR
X-Env
X-Sentry-ID
X-Optimization
X-Cache-HT
X-APP
X-EC-Security-Audit
X-Fastly-Backend-Reqs
Get-Access-Time
GeoIP-City
X-SRV
Is-Session-Tracking
X-WR-MODIFICATION
X-Load-Cache
X-Gen-Id
X-PAGE-TYPE
X-Via-NSCOPI
Rt-Proxy-Cache
X-Unique-Id
Who
X-Served-From
X-Cache-Id
X-Cookie
X-GDPR
X-Check-Cacheable
X-Wix-Petri-Ex
X-Cache-FS-Status
X-Dynatrace-Js-Agent
X-Meta-Tbi-Cache-Vertical
X-Ibm-Trace
Ws
X-Bip
X-Cache-Info
X-Thanos
X-Ver
Memcached
X-PJAX-URL
X-Be
X-MP-GENERATED-AT
Httpd-Identifier
X-Proxy-Server
X-Swift-Error
Pics-Label
X-NGINX-Cache
X-SVT-ORM-VERSION
Cf-Ipcountry
X-Cache-Ttl
X-HS-Status
Group
X-Request-Start
Memory
X-Fe
X-Fastly-Cache-Hits
X-SVT-ORM-RULES
X-B3-SpanId
V-Cache
Powered-By
Ohc-File-Size
X-RateLimit-Reset
X-Path-Route
X-PF-Uncompressing
X-CDN-Pop-IP
X-Dw-Trace-Id
URI
X-ServedByHost
Version
X-Shard
X-CDN-Pop
X-ID
Amp-Access-Control-Allow-Source-Origin
Requestid
GW-Server
UCS
X-GZIP
NX-Cache
AGE-Hash
X-Bug-Bounty
Xet-Cookie
X-SB
X-VC
X-P-T
X-LiteSpeed-Cache-Control
Serverid
X-Varnish-Info
Ohc-Response-Time
X-User
X-Akamai-ERRuleID
X-Ratelimit-Remaining
N-Cache
X-Akamai-ERPolicy
Fastly-Soc-X-Request-Id
X-StackifyID
Apicache-Store
CDN-Cache-Hit
CDN-Node
CDN-Cache
Apicache-Version
X-CacheKey
X-ServerName
X-Route-Name
X-Flags
X-Is-Crawler
X-Info
If-Modified-Since
Https
X-SD-PageType
X-RequestId
X-Micro-Cache
X-Litespeed-Cache-Control
X-Cache-Handler
X-Grace-Duration
X-Providence-Cookie