Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Timer
X-Xss-Protection
CF-Cache-Status
X-Request-Id
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Request-ID
X-Check
X-AspNetMvc-Version
Status
X-Cache-Status
X-Adblock-Key
Timing-Allow-Origin
X-Iinfo
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-Template
Content-Encoding
X-Language
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
Keep-Alive
X-Buckets
Xkey
X-Backend
X-Cache-Group
WPE-Backend
X-AH-Environment
Access-Control-Max-Age
X-Pass-Why
X-Age
X-Server
CF-Ray
Upgrade
X-POWERED-BY
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Pingback
X-Drupal-Dynamic-Cache
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Grace
X-Hacker
X-Amz-Id-2
X-Amz-Request-Id
X-UA-Device
Ali-Swift-Global-Savetime
X-Robots-Tag
Cf-Railgun
P3p
X-LiteSpeed-Cache
X-Envoy-Upstream-Service-Time
X-Proxy-Cache
X-Page-Speed
X-Ua-Compatible
Request-Context
Content-Location
X-Device
X-Ac
X-Node
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cnection
X-Host
X-Cache-Lookup
X-Amz-Version-Id
Surrogate-Control
X-Server-Id
X-WebKit-CSP
X-Backend-Server
X-Rack-Cache
X-Rq
X-Response-Time
X-Application-Context
X-Readtime
X-CST
EagleEye-TraceId
X-Dns-Prefetch-Control
Pinterest-Generated-By
Server-Timing
X-Url
X-Cloud-Trace-Context
X-TTL
X-OneAgent-JS-Injection
X-Instart-Request-ID
Request-Id
X-Px
Report-To
X-Country
X-ORACLE-DMS-ECID
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Feature-Policy
Rating
Edge-Control
X-Country-Code
Allow
X-DynaTrace-JS-Agent
Charset
X-DataDome
X-ESI
X-Server-Name
X-Powered-CMS
X-FTR-Request-ID
X-Vname
X-PC
X-TtlSet
X-Origin-Cache
X-DynaTrace
NEL
X-MS-InvokeApp
X-ORACLE-DMS-RID
X-Goog-Hash
X-Recruiting
X-Cached
X-VARITI-CCR
X-Vhost
X-Varnish-TTL
Content-MD5
X-GitHub-Request-Id
RTSS
X-Version
X-F-Cache
X-Cdn-Fetch
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja-Server
X-Exp-Id
X-Geo-Segment
X-Kinja-Revision
X-Exp-Variant
X-Kinja
X-Powered-By-Plesk
Public-Key-Pins
X-Upstream-Env
PB-PID
X-Pinterest-Rid
PB-RID
Pinterest-Version
Arc-Version
X-Mod-Pagespeed
X-Mobile-Rewrite
X-CF-Powered-By
Accept-CH
Verso
X-Client-IP
X-D2id
SPRequestGuid
X-Abt-Application-Version
MS-Author-Via
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-N
X-Dispatcher
X-SharePointHealthScore
AR-ATIME
AR-PoweredBy
X-Amz-Rid
AR-CACHE
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
X-HeyJason
X-Navigation-Version
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-T
Nginx-Cache
DynaTrace
Accept-CH-Lifetime
X-Dw-Request-Base-Id
Paypal-Debug-Id
X-Trace
X-Fastly-Request-ID
X-Upstream
X-Varnish-Age
Arr-Disable-Session-Affinity
X-Hits
TCN
X-Forwarded-Proto
X-Amz-Meta-S3cmd-Attrs
X-Grace
X-Id
X-DIS-Request-ID
X-Shield-Request-Id
X-Origin-Upstream-Status
X-FastCGI-Cache
X-Pad
SPRequestDuration
SPIisLatency
X-Content-Options
X-Ruxit-JS-Agent
X-Cache-Hit
AR-SID
X-Logged-In
Realpath
X-Content-Digest
X-Kinsta-Cache
X-IPLB-Instance
Access-Control-Request-Method
X-NF-Request-ID
X-XRDS-Location
Mrf-Cache-Status
MRF-Tech
X-Mrf-Item-Lastmod
X-Acc-Meta-Resource-Type
X-Mrf-Section-Lastmod
X-B
X-Server-ID
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Generation
X-SS-Set-Cookie
X-HW
X-Vcap-Request-Id
S
X-Debug
X-MSEdge-Ref
Service-Worker-Allowed
X-Ser
Server-Name
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-DC
X-Country-Code-Real
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Realm
X-PressLabs-Stats
X-Frontend
X-Wix-Server-Artifact-Id
Tracecode
X-FTR-Expires
X-Cache-Key
X-NewRelic-App-Data
Fastcgi-Cache
AMP-Access-Control-Allow-Source-Origin
Rt-Fastcgi-Cache
X-GUploader-UploadID
Eomportal-Instance
Alternate-Protocol
X-Forwarded-For
Surrogate-Key
X-Oneagent-Js-Injection
Cleartype
X-Cache-Rule
Cache-Status
X-HS-Hub-Id
X-HS-Content-Id
X-NWS-LOG-UUID
Backend-Timing
X-Analytics
X-VCache
Host
X-User-Agent
X-Srv
TP-L2-Cache
TP-Cache
X-Revision
FilterID
X-Rid
Fastly-Restarts
X-Debug-Info
X-Whom
X-FTR-Cache-Host
Public-Key-Pins-Report-Only
X-Akam-SW-Version
X-AOL-HN
X-Cache-2
X-Via-JSL
X-Varnish-Backend
X-RateLimit-Remaining
X-Content-Powered-By
X-Accel-Buffering
ServerID
X-Request-Processing-Time
X-Request-Received
Accept-Charset
Front-End-Https
X-Webkit-CSP
X-Zen-Fury
Viewport
X-Mobile
X-Cdn
X-Kinja-Server-Push
X-Ttl
X-Oracle-Dms-Rid
X-WPE-Loopback-Upstream-Addr
X-Cached-By
Liferay-Portal
X-Node-Name
X-XRDS-LOCATION
X-App-Environment
X-LB-Cache
X-Cache-Control
Host-Header
X-Page-Id
X-Magnolia-Registration
X-Cluster
X-Content-Security-Policy-Report-Only
X-Tumblr-Pixel-0
X-Framework
X-Request-Guid
X-Tumblr-Pixel
X-Tumblr-User
Cache-Tag
X-Hostname
X-Device-Type
X-B3-Sampled
X-TT
X-Handled-By
X-Varnish-Hostname
X-Instance
X-Signature
X-B-Cache
X-Akamai-Edgescape
X-Platform-Server
X-BCube-Filmed-By
X-FB-Debug
Upgrade-Insecure-Requests
DC
X-B3-Traceid
X-Cache-Server
X-Origin-Server
Server-Node
X-TT-TIMESTAMP
Source
X-Correlation-Id
MicrosoftSharePointTeamServices
Retry-After
X-TA-CDN-Provider
X-Accel-Expires
X-Servedby
X-Contextid
X-WA-Info
X-Amzn-Trace-Id
HitType
Server-Info
HitInfo
X-Varnish-Server
X-Cache-Action
X-Sol
X-Middleton-Display
Display
X-Cache-Operation
X-Distil-CS
X-Daa-Tunnel
X-Port
X-APP-VERSION
X-Amz-Replication-Status
X-Generated-By
Content-Style-Type
AsisCache
X-Edge-Location
X-Geo-Country
Content-Script-Type
X-Seen-By
X-Wix-Request-Id
X-S
X-RequestSource
GEO-INFO
X-GeoIP
X-Hyper-Cache
Webserver
X-TX-ID
X-WebKit-CSP-Report-Only
X-Status
X-Tumblr-Pixel-1
X-Locale
ServedBy
X-Tumblr-Pixel-2
Actual-Object-TTL
X-Jobs
X-Fastcgi-Cache
X-Edge-Cache
X-FW-Type
X-Varnish-Hits
Healthy
X-FW-Static
X-FW-Server
X-Edge-Cache-Key
X-UUID
X-Response-Served-From
X-FW-Serve
X-FW-Hash
X-Adobe-Loc
X-Drupal-Cache-Tags
X-Adobe-Content
User-Agent
X-Region
X-DataStream-Cache-Status
X-Varnish-Grace
SRV
Filters
S-Cnection
Refresh
X-Amz-Server-Side-Encryption
X-Newrelic-App-Data
X-Yottaa-Optimizations
X-Yottaa-Metrics
NGB
IBM-Web2-Location
X-Proxied
X-Cache-TTL-Remaining
Response
X-Middleton-Response
X-Cache-Age
X-Az
X-AppVersion
AR-Request-ID
X-Esi
X-Activity-Id
X-App-Server
Cache
X-Pc-Key
X-URL
X-Content-Type
X-Pc-Hit
X-Pc-Appver
X-CDN-Forward
X-Cache-NE
X-Cache-Remote
Payment
X-Cacheable-TTL
X-Correlation-ID
X-Unique-ID
X-ATG-Version
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Ruxit-Js-Agent
X-Cache-TTL
Datacenter
X-UA
Country
X-Vg-Webcache
Served-By
Edge-Cache-Tag
X-Akamai-Transformed
X-HS-Cache-Config
X-Mode
X-Real-IP
X-Sucuri-ID
X-RemovedCookies
X-ProcessESI
X-Rendered-As
X-Is-Bot
Load-Balancing
X-Varnish-IP
Machine
Meta-Geo
X-Detected-As
X-RN-RSRV
X-OCL
X-Rocket-Nginx-Bypass
X-PCL
User-Cache-Control
X-FC-Vary-Parameters
X-ProxyCache-Status
X-BYPASS-REASON
X-ProxyCache-Key
X-Proxy
Webcakes-App-Name
Access-Control-Allow-Method
TWC-Privacy
TWC-Locale-Group
X-Origin
X-Origin-Hint
X-Source
X-BB-IP
Now
X-EIG-Tracking-Id
X-Debug-Cache
X-Cache-Category-Id
X-Grey
X-ApacheServer
Webcakes-Region
X-Amz-Meta-Surrogate-Control
X-Human
X-Hosted-By
Webcakes-App-Version
X-PERF
X-Viewer-Country
X-Tb
Cache-Key
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Varnish-Cacheable
TWC-Device-Class
Backend
X-ServerID
Property-Id
X-Cache-Config
Mn-Server-Ip
TWC-Connection-Speed
X-Pubstack
L5d-Success-Class
ServerName
S-Rt
X-Backend-Name
Cache-Name
Azure-RegionName
Access-Control-Request-Headers
Azure-SiteName
Azure-SlotName
Azure-InstanceId
Azure-Version
DB-Nickname
X-Generated
X-OVcl-Cache
X-Routing-Service
X-CCM
X-Original-Request
X-NodeID
X-Site-Version
X-TNCMS
X-Zipkin-Id
X-Via-Fastly
X-Varnish-Cache-Hits
X-Upgrade-Enabled
X-Loop
X-OVcl
X-Format
X-Environment-Context
X-JoinUs
X-Hit
X-L-Path
X-NGENIX-Cache
X-AWS-Id
X-TWH-CORRELATION-ID
X-VWS-Id
X-Www-Served-By
X-Rule
X-CDN-Cache
X-Xfnlog-Site
Selected-FE
X-App-Name
X-Timing-Wait
X-Proxy-Build
X-Agile-Id
X-Agile
X-Access
HostName
X-IP
X-SplitTest
X-LJ-Flow-ID
X-Section
X-Ocache
X-Agile-Age
X-HS-Combine-CSS
X-Origin-CC
X-Drupal-Cache-Contexts
X-Storage
X-Pc-Host
X-Cache-Var
X-Cache-Var-Map
X-Pc-Date
X-Akamai-Request-ID
X-Upstream-CT
X-Upstream-HT
X-Vgn-Hpd-Reason
X-NC
OT-Force-Account-Verify
X-RateLimit-Limit
X-Time-Microsecs
From-Origin
X-Nginx-Cache
X-Mshield-Cache-Status
X-Mrs-Cache-Hits
X-Mrs-Age
X-Mrs-Cache
XServer
X-UA-Device-Type
X-Litespeed-Cache
X-NCache
X-Microcachable
X-Internal-Host
Fastcgi-X-Cache
Fastcgi-Useragent
Fastcgi-X-Cache-Version
X-PHP-Backend
X-Forwarded-Host
X-Amzn-RequestId
Powered-By-ChinaCache
X-Amz-Apigw-Id
Fastly-SSL
X-Release
X-Distributor
X-Feature
X-Qnm-Cache
X-Varnish-Beresp-Status
X-M-Reqid
X-M-Log
X-Varnish-Beresp-Grace
X-Iejgwucgyu
LB
X-Ms-Version
X-Ms-Lease-Status
Pagetype
X-Ms-Blob-Type
X-Ms-Request-Id
X-Birta-Cache-Post
X-Birta-Served
X-Cache-Backend
Pagespeed
X-Labrador-Cache-Channel
X-EdgeConnect-Cache-Status
X-Twitter-Response-Tags
X-Transaction
NtCoent-Length
X-Connection-Hash
MIME-Version
X-VG-TLSProxy
X-App-Version
X-V
X-Webkit-Csp
X-Ah-Environment
Frame-Options
Time
X-Instance-Name
X-Web-Node
X-C
X-B3-Spanid
Ar-Sid
X-Varnish-Beresp-Ttl
X-Generation-Time
X-A
X-A-Dcw
X-A-Dgt
X-Gen-Mode
X-Hnp-Log
X-Generated-In
X-A-Dam
X-A-Ccd
X-No-Session
Rendered-Blocks
X-Org
Server-Int
NGX
X-Request-URI
Meta-Geo-Continent
X-Request-UUID
T-Server
V-Age
X-Region-Sid
Fly-Request-Id
Web-Mar-Node
X-NU-AKA-ACS-Version
Viewtype
VivaBuild
Www
Fly-Cache
X-CF-Lambda-Version
MD5-Digest
Host-ID
X-CS
X-CUA
X-Date
X-D
AKAMAI
X-CF-Lambda-Fn
IsBot
X-B-Cookie
X-PAYTM-SRV-ID
X-Block-Status
X-ARC
X-Cache-Bucket
X-Logtrace-Id
Arc-Country
Ajk
X-Destination
Ec-Rule-Version
X-IN-WAF
X-Irp-Debug
X-IN-SSL-APIGATEWAY
X-From
X-G
X-BB-ID
X-Redis-Cache
Cache-Prefix
X-A-Wwc
X-Died
X-Application
X-Developer
X-Dispatcher-Server
X-Accel-Expires-Debug
X-DPWN-IS-SECURE
BehaviorPad-Version
X-IN-APIGATEWAY
X-S-Cookie
X-SRCache-Key
X-Server-By
Xc-Version
PageSpeed
X-VG-WebServer
X-WebServer
X-SIPLIST1
X-Via-Edge
X-Server-Time
X-UE-Client-Country
X-Via-CDN
X-Via-SSL
X-ScT
X-GZip
X-Trv-Group
X-Rewrite-Enabled
Cneonction
X-Rojux
X-SERVER-NAME
X-Powered-By-ANYU
X-Sucuri-Cache
WZWS-RAY
X-FireWall-Port
Request-Country
Origin-Edge-Control
X-Owner
Release
Origin-Cache-Control
Proxy-Connection
Pragrma
X-Origin-TTL
MI-Cache-Age
Kp-EeAlive
Magicmarker
X-ServiceProvider
X-Fastly-Cache
HA-Urlpath
X-Sf
X-Debug-Log
NodeID
Request-EU
MI-Cache
MI-API
X-Debug-Cookies
Server-Host
X-Key
X-Amz-Meta-Cache-Control
X-MI-In-Market
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Varnish-Action
X-Core-Value
X-Var-Ttl
X-Cache-Enabled
X-Layer
X-CGP
X-Eu-Site
X-External-Request-Id
SN
X-F5-Cache
X-Cache-CFC
X-VServer
X-We-Are-Hiring
True-Client-Country-4JS
X-Node-Id
HA-Servedtime
X-Crawler
X-NX-Host
Request-Time
On-Server
Cteonnt-Length
X-S-Maxage
X-Platform
Country-Code
Decoy-Debug-Status
Esi-Enabled
Decoy-Debug-TTL
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
Backend-Name
X-HTML-Minification-Powered-By
X-GeoIP-City
HA-Ipaddr
Cache-Tags
X-RCS-CacheZone
CDCHOST
Mobile-Detection-Method
Decoy-Debug-Key
HA-Cloudapp
X-Hl-Ver
Ha-Gx-Prefs
HA-Geocity
HA-Georegion
HA-Geolon
HA-Geolat
HA-Geocountry
X-Phone
GMS-Ver
HA-Host
X-HOST
X-NWS-UUID-VERIFY
X-Webstats-RespID
X-Variation
X-MSEdge-Features
X-UnsetCookies
X-Matched-Rule
X-Worker
X-MSEdge-Flight
X-Backend-TTL
X-Alternate-Cache-Key
Adler-Geo
X-Reboot
X-Secret
X-Returned-From-BeforeDispatch
X-Backend-State
X-Returned-From-DLL
X-GeoIP-Country-Code
X-Stale
X-VCT
X-Thinkindot-L3
X-Swa-Ws
X-Cdn-Srv
X-Ckpd-Fst-Backend
X-Clientip
X-Returned-From-PostProcessResponse
X-Request-Time
X-Content-Age
X-Cdn-Origin
X-Cache-URL
X-Cache-Expires
X-Croise-Owner
X-Hash
X-Trace-Id
X-Device-Os
X-Cache-Host
X-Actual-URL
X-Cache-Srv
X-Response-By
X-Up
X-Sn-Servicetimems
X-Gannett-Site-Version
PFcat
X-Server-IP
Origin
Platform
Fastly-Backend-Name
X-Sorting-Hat-ShopId
X-Returned-From
Countrycode
X-FW-Version
X-Passed-To
Is-Eu
X-Passed-To-PostProcessResponse
X-Fetched-On
Heartbleed
X-Passed-To-DLL
X-Passed-To-BeforeDispatch
Odigeo-Trace-Id
X-Fstrz
X-ShardId
RNT-Time
RNT-Machine
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Section-Io-Cache
X-Nginx-Cache-Key
X-Epic-Correlation-Id
Apple-News-Services-Handled
X-Sorting-Hat-PodId
X-ElasticPress-Search
X-TT-LOGID
X-Skip-Cache
Thinkindot-CacheControl
X-ShopId
Server-ID
Thinkindot-CacheControl-Type
Thinkindot-Control
Uber-Trace-Id
X-Shopify-Stage
X-CACHE-AGE
X-Csrf-Token
X-Tumblr-Pixel-3
X-Developers
X-Store
Resin-Trace
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
Sid
X-Rebelmouse-Cache-Control
Fastly-SIE
Content-Disposition
X-Servername
Fastly-SWR
X-Rebelmouse-Surrogate-Control
X-Backend-Url
X-Location
X-Core-Mission
X-Oss-Object-Type
X-Backend-Host
X-Oss-Hash-Crc64ecma
X-Alicdn-Da-Ups-Status
X-Ua
WP-Super-Cache
HTTPS
X-Varnish-Ttl
X-Policy
X-Ezoic-Cdn
X-Servedbyhost
X-Refresh
X-Planisys-CDN-Rules
REQUESTUUID
X-Planisys-CDN-TTL
X-Pf-Uncompressing
Powered
X-Planisys-CDN-Cache
CDN
X-Cluster-Node
ProcessTime
Warning
X-Proto
CF-IPCountry
Xserver
ViewerVersion
RequestId
X-GEO
X-B3-TraceId
X-Atg-Version
X-Cache-ASPX
We-Hiring
Mail-Subject
X-Real-Ip
X-Dc
X-TIME
X-GoCache-CacheStatus
Dnion-Transfer-Encoding
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
X-Pjax-Url
X-Endurance-Cache-Level
X-Req
NODE
X-DC
X-Newrelic-Synthetics
X-Surge-Debug
Hostname
NnCoection
X-Edge-IP
X-Page-Type
X-Origin-Date
X-Time
X-Origin-Expires
X-CLOUD-TRACE-CONTEXT
X-GRACE
X-Server-W
X-HCF
X-Aed
X-Cache-Control-Set-By
X-COUNTRY
GeoIp-Country-Code
Geoip-Latitude
X-Varnish-HitMiss
X-Nc
X-Guploader-Uploadid
Pramga
X-Ms-Lease-State
X-CSRF-Token
X-Oracle-Dms-Ecid
Processtime
X-Server-Group
TSSecure
X-Varnish-Beresp-TTL
SD-X-WS
WWW-Authenticate
X-Cdn-Forward
MS-CV
CACHE
X-Varnish-Url
A
Geoip-City
X-Aicache-OS
X-Geo
X-Datadome
X-Wa
X-DataStream-Origin-MEX-Latency
PICS-Label
X-ABtesting
X-Wix-Route-ID
X-Hello
X-Amz-Cf-Pop
X-Varnish-URL
X-DataStream-MidMile-RTT
X-Flog
X-WA
X-Ratelimit-Limit
Dont-Set-Cookie
X-Gdpr
Node
Cdn-Request-Time
X-From-Cache
Lfy
X-Akamai-Request-ID2
Cdn-Host
X-Auto-Login
X-Edge-Server
Cdn
X-SRV
Lb
FSS-Proxy
X-UPSTREAM-Address
FSS-Cache
X-RTag
Mime-Version
Ms-Operation-Id
DataCenter
X-Use-Magma
X-Gen-Id
X-APP
GeoIP-Country-Code
COMMERCE-SERVER-SOFTWARE
GeoIP-Latitude
X-EC-Security-Audit
X-Sentry-ID
X-WR-MODIFICATION
X-Nananana
X-Via-NSCOPI
X-Fastly-Backend-Reqs
GeoIP-City
Get-Access-Time
X-PAGE-TYPE
Is-Session-Tracking
X-Optimization
Rt-Proxy-Cache
X-Env
X-Check-Cacheable
PageType
X-Cache-HT
X-Load-Cache
X-Served-From
X-Cache-Id
X-Cookie
X-Unique-Id
Who
X-CACHE-KEY
X-Wix-Petri-Ex
X-Cache-Info
X-Thanos
Memcached
X-GDPR
X-Cache-FS-Status
X-Proxy-Server
X-Bip
X-Dynatrace-Js-Agent
X-FORWARDED-FOR
X-Ver
X-Meta-Tbi-Cache-Vertical
Ws
X-Ibm-Trace
X-Swift-Error
X-Be
Pics-Label
X-B3-SpanId
X-PJAX-URL
X-MP-GENERATED-AT
X-Request-Start
Memory
Httpd-Identifier
X-NGINX-Cache
X-SVT-ORM-RULES
X-Fe
Ohc-File-Size
X-RateLimit-Reset
X-Cache-Ttl
X-Fastly-Cache-Hits
V-Cache
X-SVT-ORM-VERSION
X-HS-Status
Powered-By
Group
Serverid
X-Path-Route
X-CDN-Pop
UCS
URI
X-CDN-Pop-IP
X-Shard
Version
X-GZIP
X-Dw-Trace-Id
Cf-Ipcountry
X-ServedByHost
Amp-Access-Control-Allow-Source-Origin
X-ID
AGE-Hash
Xet-Cookie
Requestid
X-Bug-Bounty
X-P-T
X-LiteSpeed-Cache-Control
X-PF-Uncompressing
X-VC
X-User
GW-Server
NX-Cache
X-SB
X-StackifyID
Cache-Hits
X-CacheKey
X-Akamai-ERPolicy
X-Varnish-Info
X-Akamai-ERRuleID
N-Cache
Ohc-Response-Time
Apicache-Version
CDN-Cache-Hit
CDN-Cache
CDN-Node
Apicache-Store
Fastly-Soc-X-Request-Id
X-Ratelimit-Remaining
X-Is-Crawler
X-RequestId
X-Flags
X-Cache-Handler
X-Providence-Cookie
X-Goog-Meta-Goog-Reserved-File-Mtime
X-ServerName
Https
X-Grace-Duration
X-Litespeed-Cache-Control
X-SD-PageType
X-Micro-Cache
X-Info
If-Modified-Since
X-Route-Name