Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Request-Id
X-Xss-Protection
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
X-Runtime
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Adblock-Key
X-Check
Alt-Svc
X-Cacheable
X-Generator
Content-Security-Policy-Report-Only
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-Iinfo
X-Template
X-Language
Status
Timing-Allow-Origin
X-Buckets
X-Content-Security-Policy
Content-Encoding
X-CDN
X-Kinja-Server-Push
Xkey
X-Turbo-Charged-By
Upgrade
X-Type
Access-Control-Expose-Headers
Keep-Alive
WPE-Backend
X-Pass-Why
Access-Control-Max-Age
X-Backend
X-AH-Environment
CF-Ray
X-Age
X-Drupal-Dynamic-Cache
X-Server
X-Ua-Compatible
X-Cache-Group
X-Via
X-Request-ID
X-Proxy-Cache
Grace
X-Pingback
X-Nginx-Cache-Status
X-Server-Powered-By
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Hacker
X-UA-Device
X-Varnish-Cache
X-Page-Speed
EagleId
Request-Context
X-LiteSpeed-Cache
Cf-Railgun
X-Envoy-Upstream-Service-Time
X-CST
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Server-Id
X-Device
X-Amz-Version-Id
X-Ac
X-Node
Server-Timing
X-OneAgent-JS-Injection
Feature-Policy
X-Iejgwucgyu
X-Cnection
X-Response-Time
Allow
X-Rq
Content-Location
X-Cache-Lookup
X-Backend-Server
Report-To
EagleEye-TraceId
Surrogate-Control
X-Readtime
X-Host
X-Application-Context
Request-Id
X-Url
X-ORACLE-DMS-ECID
X-Rack-Cache
X-Origin-Cache
X-Clacks-Overhead
X-Country
NEL
X-FTR-Request-ID
Rating
X-Country-Code
X-Cloud-Trace-Context
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-DataDome
X-Instart-Request-ID
X-Px
X-Vhost
X-MS-InvokeApp
X-Mod-Pagespeed
Charset
X-Ruxit-JS-Agent
X-VARITI-CCR
Edge-Control
Accept-CH
X-Goog-Hash
X-GitHub-Request-Id
PB-RID
Arc-Version
PB-PID
X-Mobile-Rewrite
Verso
X-Varnish-TTL
X-TTL
X-ESI
X-DynaTrace
X-Version
X-Vname
X-TtlSet
X-PC
X-Server-Name
X-Dns-Prefetch-Control
X-Cdn
X-D2id
X-Powered-By-Plesk
Pinterest-Generated-By
X-Exp-Variant
X-Kinja
X-Kinja-Build
X-GoogleNews-Bot
X-Exp-Id
X-Kinja-Revision
X-Use-Magma
X-Cdn-Fetch
X-Kinja-Server
X-Cached
X-B3-TraceId
SPRequestGuid
X-Dispatcher
X-Upstream-Env
X-Origin-Upstream-Status
X-Powered-CMS
X-SharePointHealthScore
X-Abt-Application-Version
X-T
MS-Author-Via
X-Recruiting
Accept-CH-Lifetime
RTSS
X-Trace
X-Navigation-Version
Public-Key-Pins
X-Shield-Request-Id
X-Oracle-Dms-Rid
X-ORACLE-DMS-RID
Content-MD5
AR-CACHE
AR-ATIME
AR-PoweredBy
X-Amz-Rid
X-SRCache-Store-Status
X-SRCache-Fetch-Status
SPRequestDuration
SPIisLatency
X-Fastly-Request-ID
X-HW
X-DIS-Request-ID
X-Client-IP
Realpath
Arr-Disable-Session-Affinity
X-Forwarded-Proto
X-Accel-Buffering
X-Wix-Server-Artifact-Id
X-F-Cache
X-B
X-Server-ID
X-DynaTrace-JS-Agent
X-Upstream
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Ser
X-Amz-Meta-S3cmd-Attrs
X-Via-JSL
Service-Worker-Allowed
Pinterest-Version
X-Pinterest-Rid
X-CACHE-GROUP
X-Dw-Request-Base-Id
X-Id
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Realm
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-DC
X-FTR-Expires
Front-End-Https
X-Vcap-Request-Id
Paypal-Debug-Id
AR-Request-ID
X-Varnish-Age
X-Debug
X-Goog-Storage-Class
X-Acc-Meta-Resource-Type
Nginx-Cache
X-MSEdge-Ref
Ar-Sid
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Hits
X-Kinsta-Cache
X-N
X-NF-Request-ID
X-XRDS-Location
X-NewRelic-App-Data
X-FTR-Cache-Host
X-Logged-In
MRF-Tech
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-Ttl
S
X-Akam-SW-Version
X-Forwarded-For
X-Frontend
X-HS-Content-Id
X-HS-Hub-Id
X-Grace
Alternate-Protocol
X-PressLabs-Stats
X-User-Agent
AMP-Access-Control-Allow-Source-Origin
Tracecode
X-DataStream-Cache-Status
X-Cache-Key
X-Amzn-Trace-Id
DynaTrace
X-TA-CDN-Provider
X-FastCGI-Cache
Server-Name
X-Pad
X-Content-Digest
Refresh
X-Content-Options
Backend-Timing
X-Analytics
Accept-Charset
Fastcgi-Cache
X-Az
Powered-By-ChinaCache
X-AppVersion
MicrosoftSharePointTeamServices
X-Activity-Id
X-Page-Id
X-LB-Cache
X-Zen-Fury
X-Rid
FilterID
Access-Control-Request-Method
X-IPLB-Instance
X-Sol
Display
MS-CV
Host
X-Debug-Info
X-Content-Type
X-Middleton-Display
X-CF-Powered-By
TCN
ServerID
X-Magnolia-Registration
TP-L2-Cache
TP-Cache
Response
X-Middleton-Response
Cache-Status
X-Cache-Hit
X-Mobile
X-Ruxit-Js-Agent
X-Content-Powered-By
X-Fastcgi-Cache
X-Srv
Surrogate-Key
X-VCache
X-ATG-Version
X-Seen-By
X-WA-Info
X-Hostname
X-B3-Sampled
X-RateLimit-Remaining
Rt-Fastcgi-Cache
X-XRDS-LOCATION
X-Cached-By
X-Revision
X-Request-Received
X-Varnish-Backend
X-Request-Processing-Time
X-GUploader-UploadID
X-Cache-Age
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-B-Cache
X-Cluster
X-Cache-Action
X-SS-Set-Cookie
X-Signature
X-Content-Security-Policy-Report-Only
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel
X-Instance
Cleartype
Source
X-PHP-Backend
X-Whom
X-Request-Guid
X-Platform-Server
X-Akamai-Edgescape
X-Edge-Location
X-TT
X-Framework
X-Handled-By
X-Drupal-Cache-Tags
X-Origin-Server
X-App-Environment
ViewerVersion
X-Wix-Request-Id
Server-Info
Host-Header
X-Cache-Control
X-BCube-Filmed-By
DC
X-Generated-By
X-NWS-LOG-UUID
X-Cache-Rule
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Varnish-Hostname
X-AOL-HN
X-Cache-2
X-Geo-Country
X-App-Server
X-Oneagent-Js-Injection
X-FW-Server
X-FW-Static
X-FW-Hash
Retry-After
X-FW-Type
X-FW-Serve
X-Varnish-Server
Server-Node
Eomportal-Instance
X-Real-IP
X-Correlation-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
Fusion-Content-Id
Fusion-Component-Id
X-FB-Debug
Payment
Webserver
X-Device-Type
X-Amz-Server-Side-Encryption
Access-Control-Allow-Method
Actual-Object-TTL
X-Response-Served-From
X-Tumblr-Pixel-1
ServedBy
AsisCache
X-Tumblr-Pixel-2
X-Varnish-Hits
X-TT-TIMESTAMP
X-WebKit-CSP-Report-Only
X-Varnish-Grace
X-TX-ID
X-UUID
Content-Style-Type
Ms-Operation-Id
X-Cacheable-TTL
X-RTag
NGB
Filters
GEO-INFO
X-Jobs
X-Region
Content-Script-Type
Edge-Cache-Tag
X-Amz-Replication-Status
X-Varnish-IP
X-Adobe-Loc
Viewport
Upgrade-Insecure-Requests
X-Contextid
X-Servedby
Healthy
X-Adobe-Content
X-Rendered-As
X-Drupal-Cache-Contexts
Cache
Country
X-Accel-Expires
X-Locale
X-Cache-Config
Cache-Tv-Group
X-UA-Device-Type
From-Origin
X-RequestSource
X-WPE-Loopback-Upstream-Addr
X-Cache-TTL-Remaining
HitType
X-BACKEND-TTL
X-Cache-Server
X-Ezoic-Cdn
X-Cache-Remote
X-VG-WebCache
X-Cache-TTL
X-Cache-Operation
Pagespeed
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Fastly-Restarts
X-Content-Age
Fastcgi-Useragent
X-APP-VERSION
X-Storage
X-FW-Dynamic
X-Hit
Cache-Tags
X-Upgrade-Enabled
X-S
X-Redis-Cache
X-Esi
X-Mode
X-Daa-Tunnel
X-RateLimit-Limit
Cache-Tag
X-App-Version
NtCoent-Length
Served-By
X-Source
X-Internal-Host
X-Hl-Ver
X-Generated
X-Cache-Var-Map
X-Detected-As
X-Backend-Name
X-Cache-Var
X-Path-Route
Origin-Cache-Control
Meta-Geo
Machine
Load-Balancing
X-Rule
X-RN-RSRV
X-JoinUs
X-NCache
X-NGENIX-Cache
Origin-Edge-Control
X-Is-Bot
SRV
X-Cache-NE
X-Environment-Context
X-FC-Vary-Parameters
X-Edge-IP
X-CDN-Cache
X-Grey
X-Hosted-By
X-Loop
X-Labrador-Cache-Channel
X-L-Path
X-Cache-Category-Id
X-Birta-Served
X-Agile
Vix-Hermes-Req-Id
Selected-FE
Now
X-Agile-Age
X-Agile-Id
X-GeoIP
X-Birta-Cache-Post
Datacenter
X-BYPASS-REASON
X-Origin-Host
X-TNCMS
X-Timing-Wait
X-Time-Microsecs
X-Tb
X-Status
X-Web-Node
X-Origin-Response-Time
X-Akamai-Request-ID
X-Www-Served-By
X-Pubstack
X-ServerID
X-Proxy
X-ProxyCache-Status
X-ProxyCache-Key
X-Proxy-Build
Cache-Key
X-ProcessESI
X-PERF
X-Pc-Key
X-Pc-Appver
Cache-Name
X-Varnish-Cacheable
X-Pc-Hit
X-RemovedCookies
X-Human
X-IP
X-ApacheServer
X-Via-Fastly
X-Viewer-Country
DB-Nickname
S-Rt
X-Guploader-Uploadid
X-PCL
X-Varnish-Cache-Hits
X-Debug-Cache
X-CCM
X-Akamai-Transformed
X-OCL
X-Site-Version
We-Hiring
X-Proxied
X-Zipkin-Id
X-Xfnlog-Site
Azure-SlotName
X-MP-GENERATED-AT
Azure-SiteName
X-Format
X-Original-Request
Azure-RegionName
Azure-Version
Azure-InstanceId
X-Routing-Service
Mail-Subject
X-VG-TLSProxy
Public-Key-Pins-Report-Only
Property-Id
Webcakes-Region
X-Origin-Hint
X-Origin
X-Access
Webcakes-App-Version
Webcakes-App-Name
TWC-GeoIP-Country
TWC-Device-Class
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Privacy
Xserver
TWC-Connection-Speed
X-App-Name
X-Cache-Enabled
X-Section
Fastcgi-X-Cache-Version
X-UA
X-Ocache
S-Cnection
Access-Control-Request-Headers
X-Sucuri-ID
X-Microcachable
User-Cache-Control
Liferay-Portal
X-Upstream-Proxy
X-Protected-By
X-Request-Time
X-EdgeConnect-Cache-Status
X-Cdn-Forward
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-CACHE-KEY
X-Webstats-RespID
X-Tumblr-Pixel-3
X-FW-Version
X-Nginx-Cache
X-GEO
User-Agent
X-Origin-CC
X-Proto
X-GRACE
X-FB-TRIP-ID
X-Trace-Id
PageSpeed
X-Yottaa-Metrics
X-Yottaa-Optimizations
LB
Ohc-File-Size
X-Node-Name
Cache-Hits
Powered
X-Correlation-ID
X-Upstream-HT
X-Upstream-CT
X-ES-SERVER
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
X-Forwarded-Host
X-Endurance-Cache-Level
X-Nc
Frame-Options
X-Pc-Date
X-ElasticPress-Search
X-Cache-Backend
X-Pc-Host
X-OVcl
X-OVcl-Cache
X-TIME
X-B3-Traceid
L5d-Success-Class
X-Unique-ID
IBM-Web2-Location
X-V
X-Edge-Cache-Key
X-Rocket-Nginx-Bypass
X-Origin-TTL
Section-Io-Cache
X-Edge-Cache
AR-SID
X-Ua
X-Parent-Response-Time
X-Vgn-Hpd-Reason
X-Server-Cache
X-Pc-Subdomain
OT-Force-Account-Verify
X-Time
HostName
Nel
X-Dynatrace-Js-Agent
X-Generated-In
Decoy-Debug-TTL
Decoy-Debug-Status
Fastly-SIE
Ec-Rule-Version
Fly-Request-Id
X-From
X-Fetched-On
X-External-Request-Id
GMS-Ver
Decoy-Debug-Key
Fastly-SWR
Fly-Cache
X-Gen-Mode
X-IN-APIGATEWAY
X-Li-Fabric
X-Irp-Debug
X-Rebelmouse-Surrogate-Control
X-LI-Proto
X-SRCache-Key
X-LI-UUID
Arc-Country
X-Info
Cache-Prefix
X-Hnp-Log
X-IN-SSL-APIGATEWAY
X-IN-WAF
BehaviorPad-Version
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Developer
X-BB-ID
Rendered-Blocks
X-B-Cookie
X-Block-Status
X-Cache-Bucket
X-Cache-FS-Status
Powered-By
Resin-Trace
X-Auto-Login
X-Accel-Expires-Debug
Www
VivaBuild
X-Aed
X-Amz-Meta-Cache-Control
X-ARC
X-Application
X-Cache-Host
X-Cache-Id
MD5-Digest
Memcached
X-Connection-Hash
X-Date
X-Destination
X-Distil-CS
X-Micro-Cache
Meta-Geo-Continent
X-CF-Lambda-Version
Node
X-Cache-Info
X-Cache-URL
Mobile-Detection-Method
X-CF-Lambda-Fn
X-Cdn-Srv
X-DPWN-IS-SECURE
X-Li-Pop
X-ScT
X-S-Maxage
X-UE-Client-Country
X-S-Cookie
X-Server-By
X-Server-Group
X-PHP-Host
X-Transaction
X-Trv-Group
X-TT-LOGID
X-Rojux
X-Rewrite-Enabled
X-Region-Sid
X-Reboot
Xc-Version
X-Rebelmouse-Cache-Control
Viewtype
X-We-Are-Hiring
X-User
Fastcgi-X-Cache
X-Request-UUID
X-VG-WebServer
X-PAYTM-SRV-ID
X-Twitter-Response-Tags
X-Origin-Expires
CACHE
X-Origin-Date
X-ServiceProvider
X-NU-AKA-ACS-Version
X-LJ-Flow-ID
X-VWS-Id
X-AWS-Id
X-R9-Blue-Green-Version
X-Response-By
X-Varnish-Action
X-Bip
X-Shopify-Stage
X-Backend-Url
X-Backend-Host
X-Proxy-Cache-Status
X-Variation
X-Node-Id
X-Sf
X-Proxy-Upstream
X-Sorting-Hat-PodId
X-Cache-Grace
X-Request-URI
X-Cache-Debug
X-Cache-Expires
X-Logtrace-Id
X-A-Dam
X-A-Dcw
X-A-Dgt
X-A-Ccd
X-A
X-Matched-Rule
Web-Mar-Node
X-Wikidot-Backend
X-A-Wwc
X-ShopId
X-Returned-From
X-Sorting-Hat-ShopId
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Alternate-Cache-Key
X-Actual-URL
X-Nginx-Cache-Key
X-Wikidot-Static-Cache
X-Returned-From-PostProcessResponse
X-FireWall-Port
X-Policy
X-G
X-Server-Time
X-Fastly-Cache
X-Distributor
X-Svr
X-Server-IP
X-Thinkindot-L3
X-Swa-Ws
X-Passed-To-BeforeDispatch
X-Hash
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Generated-On
X-Thanos
X-Dispatcher-Server
X-Died
X-NX-Host
X-Stale
X-Core-Mission
X-Passed-To
X-Location
X-Returned-From-DLL
X-Var-Ttl
X-Crawler
X-CUA
X-ShardId
X-Level-Front-Cache
X-Debug-Log
X-Debug-Cookies
X-D
X-SIPLIST1
X-Returned-From-BeforeDispatch
Thinkindot-Control
Origin
X-Via-NSCOPI
Mn-Server-Ip
Platform
Ajk
Adler-Geo
Proxy-Connection
Backend
Magicmarker
Is-Eu
Country-Code
Fastly-Backend-Name
X-Via-CDN
Content-Disposition
Lfy
IsBot
Request-Time
On-Server
True-Client-Country-4JS
Server-Host
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
SD-X-WS
X-Sucuri-Cache
Warning
X-HS-Cache-Config
Cache-Cookie-Set-Idcheck
Heartbleed
Countrycode
X-Croise-Owner
Who
Kp-EeAlive
X-GeoIP-Country-Code
Cache-Cookie-Set-Lfrom
X-No-Session
CDCHOST
X-Generation-Time
X-Secret
X-Gannett-Site-Version
X-Dc
X-SERVER
X-Fstrz
X-Eu-Site
X-Epic-Correlation-Id
HA-Ipaddr
Ha-Gx-Prefs
Fastly-Soc-X-Request-Id
Fastly-SSL
X-Device-Os
X-C
X-Clientip
Pramga
X-Varnish-Authentication
X-LAGOON
X-Key
X-Cache-ASPX
Server-Cache-Control
RNT-Time
RNT-Machine
X-Backend-State
Release
Pagetype
X-Cluster-Node
X-CGP
Server-Surrogate-Control
X-Qloud-Router
Cache-Cookie-Set-From
SS
X-Core-Value
X-UnsetCookies
AKAMAI
X-Platform
X-Instart-Isnd
Server-Int
GW-Server
X-Page-Type
X-Debug-Cache-Expiry
X-F5-Cache
X-Up
X-MSEdge-Features
X-Debug-Cache-Fetch
X-Varnish-Url
REQUESTUUID
Server-ID
X-Amz-Meta-Surrogate-Control
X-Developers
X-Debug-Cache-Store
X-MSEdge-Flight
Version
Apple-News-Services-Host
X-Cache-Miss-From
Apple-News-Services-Parsed-Url
X-Sedo-Request-Id
Apple-News-Services-Request-Url
NGX
X-Pjax-Url
PFcat
Apple-News-Services-Handled
X-TrackingId
X-Servername
X-EIG-Tracking-Id
X-Be
X-Refresh
RequestId
X-Ratelimit-Remaining
X-CDN-Forward
X-Newrelic-App-Data
X-Store
Esi-Enabled
X-Cache-CFC
X-NC
MIME-Version
X-RCS-CacheZone
SID
X-MI-In-Market
MI-API
MI-Cache
MI-Cache-Age
X-Layer
X-URL
X-B3-SpanId
X-IPS-LoggedIn
X-Owner
Time
X-From-Cache
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-SN
HA-Cloudapp
X-RequestId
PICS-Label
HA-Geocountry
HA-Georegion
HA-Urlpath
HA-Servedtime
HA-Host
HA-Geolon
HA-Geolat
HA-Geocity
Odigeo-Trace-Id
X-Real-Ip
X-Ratelimit-Limit
X-Mrs-Cache-Hits
X-Mrs-Cache
X-Mrs-Age
X-Unique-Id-Primal
X-Mshield-Cache-Status
Cdn
X-Geo
X-FPC
Cteonnt-Length
X-Servedbyhost
X-Hyper-Cache
FastCGI-Cache
Mime-Version
X-CMS-Context
Backend-Name
HTTPS
CF-IPCountry
Cdn-Host
X-CSRF-TOKEN
X-Edge-Server
X-Webkit-Csp
X-Webkit-CSP
Cdn-Request-Time
Processtime
X-Req
X-Varnish-Ttl
X-CLOUD-TRACE-CONTEXT
CDN
X-Instart-Info
X-Wa
Memory
X-WebServer
X-Phone
Hostname
X-B3-Spanid
Cf-Ipcountry
X-DC
Ohc-Response-Time
X-Request-Start
X-Atg-Version
X-WR-MODIFICATION
XServer
X-Mobile-URL
GeoIP-Country-Code
X-Amzn-Remapped-Connection
X-HS-Combine-CSS
X-Release
X-Aicache-OS
X-Newrelic-Synthetics
X-Load-Cache
X-Amzn-Remapped-Date
X-Pf-Uncompressing
ProcessTime
X-NodeID
X-VServer
Cross-Origin-Window-Policy
X-GZip
GeoIP-Latitude
X-HTML-Minification-Powered-By
X-Lb-Id
Rt-Proxy-Cache
X-WA
X-Skip-Cache
X-Varnish-Beresp-TTL
X-ND-Cache
X-Server-W
X-PF-Uncompressing
X-Served-From
X-Fastly-Country-Code
Accept-Ch-Lifetime
URI
X-FORWARDED-FOR
T-Server
X-GoCache-CacheStatus
X-Unique-Id
Ohc-Cache-HIT
X-Tb-Optimization-Total-Bytes-Saved
X-VC-Cache
X-Oracle-Dms-Ecid
X-Nananana
V-Age
X-COUNTRY
X-Sn-Servicetimems
X-ServedByHost
X-MServer
X-Cdn-Origin
X-LB-ID
X-Cms-Context
X-CSRF-Token
X-Gateway-Cache-Status
X-APP
Proxy-Firewall
X-Datadome
Uber-Trace-Id
X-Gateway-Cache-Key
X-UCC
Pics-Label
X-Gateway-Skip-Cache
N-Cache
X-UPSTREAM-Address
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
DataCenter
X-SRV
X-Worker
X-LiteSpeed-Cache-Control
Get-Access-Time
Is-Session-Tracking
X-Fastly-Cache-Hits
A
X-P-T
X-SERVER-NAME
Amp-Access-Control-Allow-Source-Origin
X-CACHE-AGE
X-Requestid
X-Processor
X-NGINX-Cache
X-Check-Cacheable
X-HS-Status
ServerName
X-GZIP
X-Hp-Webp
X-RCS-Backend
X-BBXSRF
X-BE
Dnion-Transfer-Encoding
X-Cache-HT
X-ID
X-HostName
Geoip-Latitude
X-Optimization
X-Backend-TTL
X-Vg-Webcache
X-StackifyID
X-Fe
X-PJAX-URL
X-PAGE-TYPE
X-Port
X-Csrf-Token
X-GDPR
WZWS-RAY
GeoIp-Country-Code
Requestid
X-Varnish-URL
Cneonction
X-Org
Serverid
X-NWS-UUID-VERIFY
Server-Id
X-Git-Hash
X-VCT
X-GeoIP-City
X-LiteSpeed-Tag
X-ServerName
X-Via-SSL
X-Via-Edge
WP-Super-Cache
X-Geo-Header
X-Dw-Trace-Id
X-Amzn-Remapped-Content-Length
Cache-Provider
Host-ID
RequestUuid
X-Fastly-Backend-Reqs
X-RAMCache
X-Request-Url
189phosttRef
219prxHost
225prxHost
188prxHost
178proxuri
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
DSUID
286prxHost
352pxline
Correlation-Id
X-Gdpr
Pragrma
X-Instance-Name
Xxline
355prline
409pxxline
X-Planisys-CDN-Cache
X-CS