Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Request-Id
X-Xss-Protection
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
X-Runtime
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Adblock-Key
X-Check
Alt-Svc
X-Cacheable
X-Generator
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Cache-Status
X-AspNetMvc-Version
X-Permitted-Cross-Domain-Policies
X-Template
X-Iinfo
X-Language
Status
Timing-Allow-Origin
X-Buckets
X-Content-Security-Policy
Content-Encoding
X-Kinja-Server-Push
Xkey
X-Turbo-Charged-By
X-CDN
Upgrade
X-Type
Keep-Alive
X-Request-ID
Access-Control-Expose-Headers
WPE-Backend
X-Pass-Why
X-AH-Environment
X-Backend
Access-Control-Max-Age
X-Age
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Server
X-Proxy-Cache
X-Via
Grace
X-Pingback
X-Nginx-Cache-Status
X-Server-Powered-By
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Hacker
X-Varnish-Cache
X-UA-Device
X-Page-Speed
EagleId
Request-Context
X-LiteSpeed-Cache
Cf-Railgun
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
P3p
X-CST
X-Swift-SaveTime
X-Swift-CacheTime
X-Server-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Ali-Swift-Global-Savetime
X-Device
X-WebKit-CSP
X-Amz-Version-Id
Server-Timing
X-Ac
X-Node
X-OneAgent-JS-Injection
Allow
Feature-Policy
X-Response-Time
X-Rq
X-Cnection
X-Iejgwucgyu
Content-Location
X-Cache-Lookup
X-Backend-Server
Report-To
EagleEye-TraceId
Surrogate-Control
X-Readtime
X-Host
X-Application-Context
Request-Id
X-ORACLE-DMS-ECID
X-Url
X-Rack-Cache
X-Origin-Cache
X-Clacks-Overhead
NEL
X-FTR-Request-ID
Rating
X-Country
X-Country-Code
X-Cloud-Trace-Context
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-DataDome
X-Cdn
X-Ruxit-JS-Agent
X-Instart-Request-ID
X-Px
X-Vhost
X-Mod-Pagespeed
Charset
X-MS-InvokeApp
X-VARITI-CCR
Accept-CH
Edge-Control
X-Goog-Hash
X-GitHub-Request-Id
Verso
X-PC
X-Vname
X-TtlSet
PB-RID
Arc-Version
PB-PID
X-Mobile-Rewrite
X-Server-Name
X-TTL
Pinterest-Generated-By
X-Version
X-Upstream-Env
X-DynaTrace
X-Powered-By-Plesk
X-ESI
X-D2id
X-B3-TraceId
X-Cdn-Fetch
X-Cached
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
X-Kinja-Server
X-Exp-Variant
X-Kinja-Revision
X-Exp-Id
X-Use-Magma
X-Origin-Upstream-Status
X-Dispatcher
SPRequestGuid
X-ORACLE-DMS-RID
X-Varnish-TTL
X-Recruiting
X-SharePointHealthScore
X-Abt-Application-Version
MS-Author-Via
X-Powered-CMS
RTSS
Accept-CH-Lifetime
X-Navigation-Version
X-T
Content-MD5
X-Shield-Request-Id
AR-PoweredBy
AR-CACHE
AR-ATIME
Public-Key-Pins
X-Trace
X-DynaTrace-JS-Agent
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Client-IP
X-Forwarded-Proto
X-Amz-Rid
Arr-Disable-Session-Affinity
X-HW
X-Fastly-Request-ID
X-Wix-Server-Artifact-Id
X-Accel-Buffering
SPIisLatency
SPRequestDuration
Realpath
X-DIS-Request-ID
X-Oracle-Dms-Rid
Service-Worker-Allowed
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Upstream
X-F-Cache
X-B
X-Amz-Meta-S3cmd-Attrs
Paypal-Debug-Id
Front-End-Https
AR-Request-ID
X-Ser
X-Pinterest-Rid
Pinterest-Version
X-Via-JSL
X-FTR-Cache-Status
X-FTR-Balancer
X-Country-Code-Real
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Realm
X-FTR-Expires
X-Id
X-Dns-Prefetch-Control
X-Dw-Request-Base-Id
X-XRDS-Location
X-Vcap-Request-Id
X-Debug
X-Varnish-Age
Ar-Sid
X-Acc-Meta-Resource-Type
X-Goog-Storage-Class
X-MSEdge-Ref
X-Kinsta-Cache
Nginx-Cache
X-N
X-Hits
X-NF-Request-ID
X-Ttl
X-FTR-Cache-Host
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Logged-In
X-TEC-API-VERSION
X-DataStream-Cache-Status
S
X-Akam-SW-Version
MRF-Tech
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-NewRelic-App-Data
Tracecode
Alternate-Protocol
X-Frontend
X-Server-ID
X-PressLabs-Stats
X-HS-Hub-Id
X-User-Agent
X-HS-Content-Id
X-Grace
X-Amzn-Trace-Id
X-Forwarded-For
X-CACHE-GROUP
X-FastCGI-Cache
AMP-Access-Control-Allow-Source-Origin
Server-Name
X-Content-Digest
X-Content-Options
Refresh
X-Pad
TCN
X-Content-Type
DynaTrace
Powered-By-ChinaCache
X-Middleton-Display
Display
X-Cache-Key
X-Sol
Access-Control-Request-Method
MicrosoftSharePointTeamServices
Backend-Timing
X-Analytics
X-Zen-Fury
X-Debug-Info
X-IPLB-Instance
Accept-Charset
X-LB-Cache
X-Rid
X-AppVersion
X-Activity-Id
X-Az
FilterID
Fastcgi-Cache
Host
X-CF-Powered-By
X-Page-Id
X-Middleton-Response
Response
MS-CV
ServerID
Cache-Status
TP-L2-Cache
TP-Cache
X-Cache-Hit
X-Magnolia-Registration
X-RateLimit-Remaining
X-Hostname
X-Fastcgi-Cache
X-VCache
X-Content-Powered-By
X-Srv
X-Seen-By
X-Mobile
X-WA-Info
X-GUploader-UploadID
X-Revision
X-ATG-Version
X-Cached-By
Surrogate-Key
X-Varnish-Backend
X-B3-Sampled
X-Request-Received
X-Request-Processing-Time
Host-Header
X-SS-Set-Cookie
X-Whom
Server-Info
X-Cache-Action
X-TA-CDN-Provider
X-Signature
X-Instance
X-B-Cache
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Handled-By
X-Cluster
VIX-Pulpo-Node
X-Tumblr-User
X-Drupal-Cache-Tags
X-Platform-Server
VIX-Pulpo-Upstream-Status
ViewerVersion
X-Content-Security-Policy-Report-Only
X-PHP-Backend
Cleartype
Rt-Fastcgi-Cache
X-Wix-Request-Id
Source
X-Request-Guid
X-Cache-Age
X-Akamai-Edgescape
DC
X-Origin-Server
X-TT
X-Framework
X-App-Environment
X-Amz-Apigw-Id
X-Amzn-RequestId
Fusion-Source
Fusion-Component-Id
X-Geo-Country
X-Generated-By
Fusion-Content-Source
Fusion-Template-Id
Fusion-Content-Id
X-BCube-Filmed-By
X-Cache-Control
X-Oneagent-Js-Injection
X-App-Server
X-FW-Hash
X-FW-Type
X-Edge-Location
X-FW-Serve
X-FW-Static
X-FW-Server
X-Varnish-Server
X-AOL-HN
Server-Node
X-XRDS-LOCATION
X-Real-IP
X-Ruxit-Js-Agent
X-Cache-Rule
X-NWS-LOG-UUID
X-Varnish-Hostname
Retry-After
X-Correlation-Id
X-Cache-2
X-Amz-Server-Side-Encryption
Payment
Eomportal-Instance
X-Varnish-Grace
X-FB-Debug
X-Response-Served-From
X-Amz-Replication-Status
Access-Control-Allow-Method
Actual-Object-TTL
X-TT-TIMESTAMP
Webserver
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Cacheable-TTL
AsisCache
GEO-INFO
X-Varnish-Hits
ServedBy
X-Region
X-UUID
Content-Style-Type
X-Jobs
NGB
Content-Script-Type
Healthy
X-Drupal-Cache-Contexts
Ms-Operation-Id
X-Cache-Config
X-RTag
X-TX-ID
Filters
Viewport
Upgrade-Insecure-Requests
X-Adobe-Loc
X-UA-Device-Type
X-Varnish-IP
X-VG-WebCache
X-Adobe-Content
X-WebKit-CSP-Report-Only
X-Contextid
Cache-Tv-Group
X-Ezoic-Cdn
X-RequestSource
X-Locale
Country
X-Rendered-As
From-Origin
X-Device-Type
X-Servedby
X-Accel-Expires
HitType
X-SERVER
X-Upstream-Proxy
X-Cache-TTL
X-Esi
X-BACKEND-TTL
X-Cache-TTL-Remaining
Fastcgi-Useragent
X-WPE-Loopback-Upstream-Addr
X-FW-Dynamic
X-Cache-Server
Edge-Cache-Tag
Cache
X-Cache-Remote
Pagespeed
X-Content-Age
X-APP-VERSION
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Cache-Tags
X-Cache-Operation
X-Redis-Cache
X-Upgrade-Enabled
X-Hit
X-RateLimit-Limit
X-Source
Fastly-Restarts
X-Storage
X-S
X-Mode
X-DataStream-Origin-MEX-Latency
Cache-Tag
Served-By
X-DataStream-MidMile-RTT
X-GeoIP
Datacenter
Machine
Load-Balancing
SRV
X-Generated
X-Origin-Response-Time
X-Path-Route
X-Internal-Host
X-NGENIX-Cache
X-Is-Bot
X-Labrador-Cache-Channel
X-NCache
X-Detected-As
X-Pubstack
X-Time-Microsecs
X-Akamai-Request-ID
Meta-Geo
X-Tb
X-Cache-Var
X-Cache-Var-Map
X-RN-RSRV
Origin-Edge-Control
Origin-Cache-Control
X-CACHE-KEY
X-Loop
X-Agile-Id
X-Agile-Age
X-ProxyCache-Status
X-Agile
X-TNCMS
X-Proxy-Build
X-ProxyCache-Key
X-CDN-Cache
X-Cache-Category-Id
X-BYPASS-REASON
Vix-Hermes-Req-Id
X-Status
X-Varnish-Cacheable
X-Web-Node
X-Backend-Name
X-Birta-Served
X-Birta-Cache-Post
X-Www-Served-By
X-Edge-IP
X-Varnish-Cache-Hits
X-Hosted-By
X-Hl-Ver
Selected-FE
X-Environment-Context
X-Timing-Wait
X-L-Path
X-JoinUs
X-Origin-Host
X-Grey
X-Proxy
X-Rule
Cache-Key
X-FC-Vary-Parameters
X-Daa-Tunnel
X-ServerID
Webcakes-App-Version
S-Rt
Property-Id
Webcakes-App-Name
TWC-Privacy
Webcakes-Region
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Device-Class
Cache-Name
TWC-Connection-Speed
X-Cache-Enabled
X-IP
X-Human
NtCoent-Length
X-ProcessESI
X-PERF
X-OCL
X-Origin-Hint
X-PCL
X-VG-TLSProxy
X-Format
X-Viewer-Country
X-Via-Fastly
X-ApacheServer
X-Akamai-Transformed
X-RemovedCookies
Now
X-CCM
X-Access
Public-Key-Pins-Report-Only
X-Debug-Cache
X-MP-GENERATED-AT
X-Site-Version
Azure-Version
DB-Nickname
Azure-SlotName
Azure-SiteName
Azure-InstanceId
Azure-RegionName
Access-Control-Request-Headers
X-Section
X-Pc-Appver
X-Microcachable
X-Pc-Hit
X-Pc-Key
Fastcgi-X-Cache-Version
X-GEO
X-App-Name
X-Proxied
X-Xfnlog-Site
X-Zipkin-Id
Mail-Subject
We-Hiring
X-Routing-Service
X-App-Version
Xserver
Cache-Hits
X-EdgeConnect-Cache-Status
Liferay-Portal
X-Origin
X-Original-Request
User-Agent
X-Cache-NE
X-Guploader-Uploadid
S-Cnection
X-Protected-By
X-Sucuri-ID
X-ES-SERVER
X-Node-Name
User-Cache-Control
X-Ocache
X-FW-Version
X-Nginx-Cache
LB
X-Request-Time
X-UA
X-Proto
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-GRACE
PageSpeed
X-Varnish-Ttl
X-Trace-Id
X-Cdn-Forward
CACHE
Powered
Ohc-File-Size
X-Webstats-RespID
X-Correlation-ID
X-Tumblr-Pixel-3
X-Forwarded-Host
X-Endurance-Cache-Level
X-Ua
X-LJ-Flow-ID
X-AWS-Id
X-VWS-Id
L5d-Success-Class
X-Unique-ID
X-FB-TRIP-ID
Frame-Options
Section-Io-Cache
X-Origin-CC
X-V
X-Nc
X-Cluster-Node
X-Webkit-Csp
X-Varnish-Beresp-Status
X-Time
X-Varnish-Beresp-Grace
AR-SID
X-OVcl-Cache
X-OVcl
OT-Force-Account-Verify
X-Origin-TTL
Nel
IBM-Web2-Location
X-ElasticPress-Search
X-Parent-Response-Time
X-EIG-Tracking-Id
X-Cache-Backend
X-R9-Blue-Green-Version
X-Varnish-Beresp-Ttl
Cache-Prefix
X-From
Country-Code
X-Gen-Mode
BehaviorPad-Version
X-Generated-In
Decoy-Debug-Key
Decoy-Debug-TTL
Fastly-SWR
Fly-Cache
Fastly-SIE
X-Fetched-On
X-Goog-Meta-Goog-Reserved-File-Mtime
Ec-Rule-Version
Decoy-Debug-Status
X-Hnp-Log
X-Request-UUID
X-LI-UUID
Www
X-Region-Sid
VivaBuild
X-Micro-Cache
X-LI-Proto
X-Li-Pop
X-IN-APIGATEWAY
Fly-Request-Id
X-IN-WAF
X-Accel-Expires-Debug
X-Li-Fabric
Arc-Country
X-External-Request-Id
Node
On-Server
X-Cache-Bucket
X-Cache-FS-Status
Mobile-Detection-Method
X-Cache-Host
X-Cache-Grace
X-Block-Status
Powered-By
X-Application
X-Amz-Meta-Cache-Control
X-ARC
Rendered-Blocks
X-BB-ID
X-B-Cookie
X-Cache-Id
X-Cache-Info
X-Destination
X-Date
X-Node-Id
X-Developer
GMS-Ver
X-DPWN-IS-SECURE
X-Connection-Hash
X-CF-Lambda-Version
X-Cache-URL
Meta-Geo-Continent
Memcached
MD5-Digest
X-CF-Lambda-Fn
X-Cdn-Srv
X-Aed
X-Irp-Debug
X-Rewrite-Enabled
X-Origin-Expires
X-Rojux
X-Server-Group
Viewtype
X-Upstream-CT
X-Rocket-Nginx-Bypass
X-VG-WebServer
X-ServiceProvider
X-Wikidot-Backend
X-S-Maxage
X-PAYTM-SRV-ID
X-PHP-Host
X-S-Cookie
X-We-Are-Hiring
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-SRCache-Key
X-Server-By
X-Origin-Date
X-Trv-Group
X-Transaction
X-ScT
X-NU-AKA-ACS-Version
X-Wikidot-Static-Cache
X-TT-LOGID
X-Upstream-HT
Xc-Version
X-Twitter-Response-Tags
X-User
X-UE-Client-Country
X-Reboot
X-Vgn-Hpd-Reason
X-Pc-Date
X-Pc-Host
X-Pc-Subdomain
X-Newrelic-App-Data
X-A
X-Sorting-Hat-ShopId
X-A-Ccd
X-Sorting-Hat-PodId
X-A-Dcw
X-SIPLIST1
X-A-Dam
Who
Web-Mar-Node
X-Thinkindot-L3
X-Swa-Ws
X-RateLimit-Limit-Second
X-Stale
X-Svr
X-A-Dgt
X-A-Wwc
X-Auto-Login
X-ShopId
X-Sf
X-ShardId
X-Backend-Url
X-Backend-Host
X-Server-IP
X-C
X-RateLimit-Remaining-Second
X-Actual-URL
X-Alternate-Cache-Key
X-Cache-Expires
X-Shopify-Stage
X-Cache-Debug
X-TrackingId
X-Dispatcher-Server
X-Secret
X-LAGOON
X-Level-Front-Cache
X-Returned-From-PostProcessResponse
X-Info
X-Hash
X-Generated-On
X-Passed-To-BeforeDispatch
X-GeoIP-Country-Code
X-Passed-To
SD-X-WS
X-Location
X-Response-By
X-Backend-State
X-NX-Host
X-Returned-From-DLL
X-Matched-Rule
X-Returned-From-BeforeDispatch
X-Request-URI
X-Returned-From
X-Logtrace-Id
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Debug-Log
X-Nginx-Cache-Key
X-Distil-CS
X-Distributor
X-Debug-Cookies
X-D
X-Clientip
X-Core-Mission
X-Crawler
X-CUA
X-Epic-Correlation-Id
X-Eu-Site
X-Proxy-Cache-Status
X-FireWall-Port
X-G
X-Gannett-Site-Version
X-Fastly-Cache
X-Varnish-Action
X-Var-Ttl
X-Proxy-Upstream
X-Variation
X-CGP
Thinkindot-CacheControl
IsBot
Is-Eu
HA-Ipaddr
Lfy
Magicmarker
Proxy-Connection
Platform
Origin
Ha-Gx-Prefs
Fastly-Soc-X-Request-Id
Ajk
Adler-Geo
X-TIME
Backend
CDCHOST
Countrycode
Content-Disposition
Request-Time
Fastly-Backend-Name
True-Client-Country-4JS
Thinkindot-CacheControl-Type
Server-Host
Resin-Trace
Thinkindot-Control
Warning
X-Sucuri-Cache
X-HS-Cache-Config
Apple-News-Services-Request-Url
Cache-Cookie-Set-Lfrom
X-Generation-Time
Cache-Cookie-Set-From
X-Via-CDN
SS
X-Device-Os
X-Developers
Server-Int
GW-Server
Fastly-SSL
X-Fstrz
Server-Surrogate-Control
X-F5-Cache
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
X-Thanos
X-No-Session
X-MSEdge-Flight
X-Server-Cache
X-Platform
X-Qloud-Router
X-Policy
X-MSEdge-Features
X-UnsetCookies
AKAMAI
X-Debug-Cache-Store
X-IN-SSL-APIGATEWAY
X-Varnish-Authentication
X-Instart-Isnd
X-Up
X-Key
Apple-News-Services-Host
Cache-Cookie-Set-Idcheck
X-Croise-Owner
Server-Cache-Control
Release
X-Bip
Heartbleed
Pramga
X-Core-Value
RNT-Machine
X-Amz-Meta-Surrogate-Control
Mn-Server-Ip
Pagetype
X-Debug-Cache-Fetch
X-Cache-ASPX
RNT-Time
X-Debug-Cache-Expiry
X-Dc
X-Varnish-Url
Kp-EeAlive
NGX
SID
X-Page-Type
X-Server-Time
Server-ID
REQUESTUUID
X-Be
Fastcgi-X-Cache
X-Owner
X-Servername
X-SN
HostName
X-B3-Traceid
X-Sedo-Request-Id
X-Via-NSCOPI
X-Died
X-Cache-Miss-From
X-CDN-Forward
X-Edge-Cache
X-Edge-Cache-Key
Odigeo-Trace-Id
X-Pjax-Url
RequestId
MIME-Version
X-NC
X-Refresh
Version
X-URL
Hostname
X-B3-SpanId
HTTPS
PFcat
X-From-Cache
Cteonnt-Length
Cdn-Request-Time
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-FPC
X-Oss-Object-Type
X-Edge-Server
Cdn-Host
X-Oss-Server-Time
X-Servedbyhost
X-Oss-Request-Id
X-Store
Esi-Enabled
Time
X-Cache-CFC
PICS-Label
FastCGI-Cache
X-CSRF-TOKEN
MI-Cache
Cdn
MI-Cache-Age
X-Layer
X-MI-In-Market
X-Real-Ip
X-Req
ProcessTime
X-RCS-CacheZone
MI-API
CF-IPCountry
Mime-Version
X-Webkit-CSP
HA-Georegion
X-RequestId
HA-Geolon
X-Mobile-URL
X-IPS-LoggedIn
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
Processtime
HA-Urlpath
HA-Servedtime
HA-Host
HA-Geocountry
HA-Geocity
HA-Cloudapp
HA-Geolat
X-Hyper-Cache
X-GZip
X-COUNTRY
X-CLOUD-TRACE-CONTEXT
X-NodeID
Cross-Origin-Window-Policy
Memory
X-Wa
X-Dynatrace-Js-Agent
X-VServer
X-Ratelimit-Remaining
CDN
X-DC
X-HS-Combine-CSS
Backend-Name
X-Atg-Version
XServer
Cf-Ipcountry
X-Skip-Cache
X-Lb-Id
X-Aicache-OS
X-Ratelimit-Limit
X-CMS-Context
X-Geo
X-HTML-Minification-Powered-By
X-Pf-Uncompressing
X-Varnish-Beresp-TTL
X-Load-Cache
X-WR-MODIFICATION
X-FORWARDED-FOR
X-Mshield-Cache-Status
X-Mrs-Age
X-Mrs-Cache
X-Unique-Id-Primal
X-Mrs-Cache-Hits
X-Newrelic-Synthetics
X-Instart-Info
X-B3-Spanid
Ohc-Cache-HIT
X-Fastly-Country-Code
URI
Uber-Trace-Id
X-WebServer
X-VC-Cache
X-Phone
Ohc-Response-Time
X-WA
X-Request-Start
GeoIP-Country-Code
X-Tb-Optimization-Total-Bytes-Saved
X-Release
X-PF-Uncompressing
X-Cms-Context
Amp-Access-Control-Allow-Source-Origin
X-Gateway-Cache-Key
X-Nananana
X-Gateway-Cache-Status
N-Cache
X-Gateway-Skip-Cache
GeoIP-Latitude
Accept-Ch-Lifetime
T-Server
X-UCC
X-APP
X-Oracle-Dms-Ecid
X-Server-W
Pics-Label
X-MServer
X-LB-ID
X-Processor
Rt-Proxy-Cache
X-BBXSRF
X-Hp-Webp
X-Worker
X-ND-Cache
DataCenter
X-CSRF-Token
X-Served-From
X-Unique-Id
X-Datadome
X-GoCache-CacheStatus
X-SRV
X-Shard
A
X-LiteSpeed-Cache-Control
X-ServedByHost
X-SERVER-NAME
X-CACHE-AGE
X-UPSTREAM-Address
X-Fastly-Cache-Hits
X-VCT
X-Requestid
X-Check-Cacheable
X-GZIP
X-Cdn-Origin
X-HS-Status
X-Sn-Servicetimems
X-Optimization
Host-ID
X-Amzn-Remapped-Content-Length
X-GeoIP-City
V-Age
X-Cache-HT
X-Geo-Header
X-NGINX-Cache
X-Vcache
WP-Super-Cache
UCS
X-PJAX-URL
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
Geoip-Latitude
X-Git-Hash
Proxy-Firewall
Cneonction
Dnion-Transfer-Encoding
X-BE
X-ID
X-Backend-TTL
Is-Session-Tracking
X-ServerName
Get-Access-Time
Request-Country
X-Varnish-URL
Request-EU
X-PAGE-TYPE
X-Csrf-Token
X-Port
GeoIp-Country-Code
X-P-T
Requestid
Serverid
X-NWS-UUID-VERIFY
ServerName
Cache-Provider
X-Fpc
X-Fastly-Backend-Reqs
FSS-Cache
Pragrma
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Gen-Id
X-Dw-Trace-Id
FSS-Proxy
RequestUuid
X-Fe
X-HostName
X-StackifyID
Server-Id
X-LiteSpeed-Tag
409pxxline
X-GDPR
X-Html-Edge-Cache
X-Org
Xxline
X-RCS-Backend
355prline
352pxline
188prxHost
178proxuri
X-RAMCache
X-CS
WZWS-RAY
219prxHost
X-Request-Url
DSUID
286prxHost
Inserted-Into-Cache-At
225prxHost
189phosttRef