Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Accept-Ranges
Last-Modified
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Xss-Protection
X-AspNetMvc-Version
Status
Timing-Allow-Origin
X-Check
X-Cache-Status
X-Adblock-Key
X-Iinfo
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-Content-Security-Policy
X-Template
X-CDN
Content-Encoding
X-Language
X-Turbo-Charged-By
X-Request-ID
Keep-Alive
X-Buckets
X-Type
EagleId
Xkey
X-Via
X-Backend
X-AH-Environment
WPE-Backend
X-Age
X-Pass-Why
Access-Control-Max-Age
X-Server
X-Swift-SaveTime
X-Swift-CacheTime
X-Cache-Group
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-Pingback
Upgrade
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
Grace
Access-Control-Expose-Headers
X-Hacker
X-UA-Device
P3p
Cf-Railgun
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Ua-Compatible
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
Request-Context
X-CST
X-Node
X-Device
X-Cache-Lookup
X-Ac
Content-Location
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cnection
X-Host
X-Amz-Version-Id
Surrogate-Control
X-WebKit-CSP
X-Backend-Server
X-Rack-Cache
X-Response-Time
X-Rq
X-Px
X-Readtime
X-Server-Id
X-Application-Context
Pinterest-Generated-By
Allow
X-Instart-Request-ID
X-Dns-Prefetch-Control
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Clacks-Overhead
Server-Timing
Request-Id
X-Url
X-Cloud-Trace-Context
X-HeyJason
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
X-Country
Report-To
Rating
X-TTL
X-Country-Code
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Varnish-TTL
Charset
Edge-Control
X-Powered-CMS
X-Vname
X-TtlSet
X-PC
X-ESI
X-FTR-Request-ID
X-Server-ID
X-DataDome
X-CF-Powered-By
X-Server-Name
Feature-Policy
X-MS-InvokeApp
X-DynaTrace-JS-Agent
X-Goog-Hash
X-Cached
NEL
X-Origin-Cache
X-Vhost
X-Recruiting
Public-Key-Pins
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Geo-Segment
X-Cdn-Fetch
X-Exp-Variant
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Server
X-Kinja-Revision
X-Kinja
X-VARITI-CCR
X-F-Cache
X-Powered-By-Plesk
X-Version
X-Mod-Pagespeed
X-T
X-DynaTrace
Pinterest-Version
X-Upstream-Env
X-Pinterest-Rid
X-D2id
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Client-IP
Content-MD5
Verso
X-Mobile-Rewrite
PB-RID
PB-PID
Arc-Version
X-Abt-Application-Version
AR-ATIME
AR-PoweredBy
X-Dispatcher
RTSS
X-N
AR-CACHE
SPRequestGuid
X-SharePointHealthScore
X-Amz-Rid
X-Cdn
X-Forwarded-Proto
X-GitHub-Request-Id
X-Hits
X-Navigation-Version
Nginx-Cache
X-Dw-Request-Base-Id
X-Ruxit-JS-Agent
X-B
Paypal-Debug-Id
Realpath
X-Upstream
X-Grace
X-Pad
X-Content-Digest
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Shield-Request-Id
X-TEC-API-VERSION
X-Varnish-Age
X-Content-Options
X-Id
Arr-Disable-Session-Affinity
X-Ttl
SPRequestDuration
SPIisLatency
MS-Author-Via
X-Cache-Hit
X-Kinsta-Cache
TCN
X-NWS-LOG-UUID
Access-Control-Request-Method
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Logged-In
X-Acc-Meta-Resource-Type
X-XRDS-Location
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-Mrf-Item-Lastmod
MRF-Tech
S
X-Trace
X-Origin-Upstream-Status
X-Vcap-Request-Id
DynaTrace
X-VCache
X-HW
X-MSEdge-Ref
X-DIS-Request-ID
X-Zen-Fury
Cleartype
Front-End-Https
X-FastCGI-Cache
X-FTR-Backend-Server
X-FTR-Expires
X-FTR-Realm
X-HS-Content-Id
X-HS-Hub-Id
X-FTR-DC
X-FTR-Cache-Status
Surrogate-Key
X-Country-Code-Real
X-FTR-Balancer
Eomportal-Instance
X-FTR-Backend
X-Cache-Rule
X-Frontend
X-PressLabs-Stats
X-Fastly-Request-ID
X-Oneagent-Js-Injection
Service-Worker-Allowed
X-NF-Request-ID
X-Via-JSL
Cache-Status
X-IPLB-Instance
X-User-Agent
X-Forwarded-For
Server-Name
Tracecode
X-Request-Received
X-Request-Processing-Time
X-Hostname
X-SS-Set-Cookie
Fastcgi-Cache
X-Varnish-Backend
Alternate-Protocol
Backend-Timing
X-Analytics
Host
X-Wix-Server-Artifact-Id
X-Cache-2
FilterID
Rt-Fastcgi-Cache
X-AOL-HN
Display
X-Sol
Viewport
X-Middleton-Display
X-Whom
TP-L2-Cache
TP-Cache
X-FTR-Cache-Host
Public-Key-Pins-Report-Only
X-Proxied
Response
X-Revision
X-Middleton-Response
X-Rid
X-AppVersion
X-Activity-Id
X-Content-Powered-By
X-Az
X-Srv
ServerID
X-Debug-Info
X-Debug
X-URL
X-Ser
X-Fastcgi-Cache
X-Contextid
X-Cache-Control
AR-SID
AMP-Access-Control-Allow-Source-Origin
X-Magnolia-Registration
MicrosoftSharePointTeamServices
X-Cached-By
X-B3-Traceid
X-Daa-Tunnel
X-Cache-Server
X-Mobile
Refresh
X-Akam-SW-Version
Ar-Sid
Server-Info
HitInfo
X-Instance
HitType
X-Page-Id
Accept-Charset
X-Cache-Key
Cache-Tag
X-FB-Debug
X-WPE-Loopback-Upstream-Addr
X-App-Server
X-Generated-By
X-Varnish-Hostname
X-Newrelic-App-Data
Retry-After
X-Content-Security-Policy-Report-Only
X-PHP-Backend
X-Cache-Age
X-Geo-Country
X-Framework
Powered-By-ChinaCache
X-App-Environment
X-B-Cache
X-BCube-Filmed-By
X-RateLimit-Remaining
X-Cache-Operation
Host-Header
X-Varnish-Grace
X-LB-Cache
X-Request-Guid
X-Signature
X-TT
X-Webkit-Csp
X-Handled-By
Server-Node
X-Origin-Server
Source
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
X-Device-Type
Upgrade-Insecure-Requests
X-XRDS-LOCATION
X-Accel-Expires
X-Hyper-Cache
DC
X-Platform-Server
X-APP-VERSION
X-GUploader-UploadID
X-WA-Info
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Akamai-Edgescape
X-Amzn-Trace-Id
X-TT-TIMESTAMP
X-Drupal-Cache-Tags
Liferay-Portal
X-NewRelic-App-Data
X-Amz-Meta-S3cmd-Attrs
X-Cache-Action
X-CACHE-GROUP
X-Varnish-Server
X-ATG-Version
X-Correlation-ID
X-Edge-Location
Fastly-Restarts
X-Node-Name
X-Port
X-B3-Sampled
X-Cluster
AR-Request-ID
Webserver
NGB
X-Accel-Buffering
X-Cacheable-TTL
X-Ruxit-Js-Agent
X-S
Filters
X-WebKit-CSP-Report-Only
X-GeoIP
X-Seen-By
X-Locale
X-Wix-Request-Id
X-Wix-Petri-Ex
X-Source
ServedBy
X-Jobs
Actual-Object-TTL
X-FW-Server
X-FW-Serve
X-RequestSource
AsisCache
X-Varnish-Hits
X-FW-Hash
X-FW-Type
X-FW-Static
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
MS-CV
X-Esi
X-UA
X-RTag
Accept-CH
X-Amz-Replication-Status
S-Cnection
GEO-INFO
X-Region
X-Distil-CS
X-Cache-TTL-Remaining
Cache
Served-By
HostName
X-Cache-Config
X-Edge-Cache-Key
X-Edge-Cache
X-UA-Device-Type
X-Cache-Remote
X-Correlation-Id
Content-Style-Type
Content-Script-Type
X-Vg-Webcache
Country
X-Webkit-CSP
X-Adobe-Content
X-Adobe-Loc
X-Ocache
X-Sucuri-ID
X-TA-CDN-Provider
X-Drupal-Cache-Contexts
Ohc-File-Size
X-PC-Key
X-Guploader-Uploadid
X-PC-Hit
X-PC-AppVer
X-Dynatrace-Js-Agent
X-GZip
X-Microcachable
X-PC-Date
X-PC-Host
X-UUID
X-Internal-Host
X-RateLimit-Limit
Datacenter
X-Unique-ID
X-Varnish-IP
X-DataStream-Cache-Status
X-Status
X-Akamai-Transformed
X-HOST
X-Ezoic-Cdn
X-Real-IP
X-Amz-Server-Side-Encryption
X-TX-ID
Pagespeed
IBM-Web2-Location
Healthy
X-CDN-Forward
X-IP
X-Agile
X-Detected-As
X-RN-RSRV
X-Agile-Age
X-Rendered-As
Meta-Geo
Machine
Load-Balancing
X-Agile-Id
X-Yottaa-Optimizations
X-JoinUs
X-Yottaa-Metrics
X-Is-Bot
User-Cache-Control
X-Web-Node
X-Grey
X-Akamai-Request-ID
X-App-Name
X-Cache-Category-Id
X-Generated
Access-Control-Allow-Method
X-ProxyCache-Key
Mn-Server-Ip
X-Timing-Wait
Selected-FE
X-Mode
X-CCM
X-OVcl-Cache
X-Origin
X-Loop
X-TNCMS
X-BYPASS-REASON
X-Proxy-Build
X-OVcl
X-ProxyCache-Status
X-Instance-Name
X-Debug-Cache
X-Xfnlog-Site
X-NodeID
DB-Nickname
X-BB-IP
X-Servedby
X-SERVER-NAME
X-FC-Vary-Parameters
X-PCL
X-Varnish-Cache-Hits
Backend
X-Viewer-Country
Cache-Name
X-Proxy
X-Tb
X-Vgn-Hpd-Reason
ServerName
Payment
X-ServerID
S-Rt
X-Human
X-Upgrade-Enabled
X-OCL
X-Varnish-Cacheable
L5d-Success-Class
X-Hosted-By
X-Time-Microsecs
X-Content-Type
X-Backend-Name
Azure-SiteName
Azure-RegionName
X-CDN-Cache
X-Distributor
X-NCache
User-Agent
Now
Azure-InstanceId
X-ApacheServer
Azure-Version
Cache-Key
Azure-SlotName
X-PERF
X-Via-Fastly
X-Path-Route
X-ProcessESI
X-RemovedCookies
X-EIG-Tracking-Id
X-Original-Request
X-Site-Version
LB
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-Connection-Speed
X-Zipkin-Id
TWC-Locale-Group
Property-Id
TWC-Privacy
X-Access
X-Routing-Service
Webcakes-Region
Webcakes-App-Version
X-Section
Webcakes-App-Name
X-Www-Served-By
X-AWS-Id
Dont-Set-Cookie
X-VWS-Id
X-NGENIX-Cache
X-LJ-Flow-ID
X-TWH-CORRELATION-ID
X-Origin-Hint
X-SplitTest
PageSpeed
X-Pubstack
X-Origin-CC
X-Amz-Meta-Surrogate-Control
X-Format
X-Rocket-Nginx-Bypass
SRV
X-Cache-Ttl
Xserver
X-Time
Access-Control-Request-Headers
X-Storage
X-L-Path
X-Cache-Backend
X-Environment-Context
WZWS-RAY
X-Oss-Object-Type
X-Sucuri-Cache
X-Webstats-RespID
X-B3-Spanid
X-ServedBy
Edge-Cache-Tag
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Server-Time
Countrycode
X-HS-Cache-Config
X-Generation-Time
X-Proto
X-Twitter-Response-Tags
X-Labrador-Cache-Channel
X-Cache-HT
X-Connection-Hash
X-Optimization
X-Transaction
Cteonnt-Length
X-Amz-Apigw-Id
X-Amzn-RequestId
Ms-Operation-Id
X-MP-GENERATED-AT
Cache-Hits
X-Ah-Environment
Apicache-Version
X-M-Log
X-Nc
X-M-Reqid
X-Hit
Apicache-Store
X-Qnm-Cache
X-Newrelic-Synthetics
X-Cache-NE
X-Meta-Tbi-Cache-Vertical
X-Birta-Cache-Post
X-Birta-Served
X-Tumblr-Pixel-3
X-CLOUD-TRACE-CONTEXT
Fastly-SSL
X-Real-Ip
NnCoection
From-Origin
NODE
X-Varnish-Beresp-Status
X-EdgeConnect-Cache-Status
Ws
X-Release
X-V
Ec-Rule-Version
XServer
X-Varnish-Beresp-Grace
X-Cache-Enabled
X-Geo
X-Upstream-CT
Cartoon
X-Upstream-HT
X-Dc
Resin-Trace
GMS-Ver
Request-EU
Request-Country
Rendered-Blocks
Server-Host
Server-ID
Fly-Request-Id
X-CF-Lambda-Version
SN
X-D
X-Date
Host-ID
Httpd-Identifier
Kp-EeAlive
MI-Cache
X-COUNTRY
Meta-Geo-Continent
MD5-Digest
X-DPWN-IS-SECURE
X-Dispatcher-Server
X-Developer
X-Destination
MI-Cache-Age
X-SERVER
X-Died
X-CF-Lambda-Fn
Fly-Cache
Warning
Web-Mar-Node
VivaBuild
X-A-Wwc
Viewtype
X-A-Dgt
Cache-Prefix
X-A
Www
X-A-Ccd
X-A-Dam
X-A-Dcw
X-Accel-Expires-Debug
BehaviorPad-Version
Thinkindot-CacheControl-Type
X-Block-Status
Thinkindot-CacheControl
X-C
T-Server
X-BB-ID
Thinkindot-Control
X-Application
X-Alternate-Cache-Key
X-ARC
X-B-Cookie
V-Age
Cneonction
X-Env
X-Sf
X-Server-Time
X-Server-By
X-ShardId
X-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Varnish-Beresp-Ttl
X-ScT
X-Rewrite-Enabled
X-Response-By
X-Region-Sid
X-Rojux
X-Rule
X-S-Maxage
X-Fetched-On
X-Sorting-Hat-ShopId
X-SRCache-Key
X-WebServer
X-We-Are-Hiring
X-Via-Edge
X-Alicdn-Da-Ups-Status
X-Wix-Route-ID
Xc-Version
X-Worker
X-Via-CDN
X-VG-WebServer
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Thinkindot-L3
X-Trv-Group
X-UE-Client-Country
X-TT-LOGID
X-RCS-CacheZone
X-S-Cookie
X-MI-In-Market
X-NU-AKA-ACS-Version
X-Org
X-Origin-Date
X-Hnp-Log
X-Generated-In
X-From
X-G
X-Gen-Mode
X-Origin-Expires
X-Matched-Rule
X-PAYTM-SRV-ID
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
Proxy-Connection
Pragrma
Platform
Release
X-VServer
RNT-Time
RNT-Machine
X-GeoIP-City
PFcat
Origin-Cache-Control
X-Edge-Server
X-Backend-State
X-Cache-URL
MI-API
X-Fstrz
NGX
X-Device-Os
X-Edge-IP
X-Backend-Host
Odigeo-Trace-Id
Origin-Edge-Control
X-Hash
X-Crawler
X-CS
X-Cache-CFC
X-SIPLIST1
X-ServiceProvider
X-Content-Age
X-Origin-TTL
X-P-T
X-Clientip
X-Server-IP
Uber-Trace-Id
True-Client-Country-4JS
X-Request-URI
X-Hl-Ver
Server-Int
X-Cache-Host
X-Logtrace-Id
X-Backend-Url
X-Node-Id
X-No-Session
X-Amz-Meta-Cache-Control
X-GeoIP-Country-Code
X-Cache-Bucket
Country-Code
Cdn-Host
Decoy-Debug-Key
Decoy-Debug-Status
Fastly-Backend-Name
Decoy-Debug-TTL
CDCHOST
Apple-News-Services-Request-Url
Ajk
Adler-Geo
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Atg-Version
Cdn-Request-Time
Is-Eu
IsBot
X-ElasticPress-Search
ProcessTime
X-Cache-ASPX
X-F5-Cache
X-Fastly-Cache
X-Passed-To-DLL
X-Cache-Expires
X-Passed-To-PostProcessResponse
X-Sn-Servicetimems
X-Eu-Site
X-Epic-Correlation-Id
X-IN-SSL-APIGATEWAY
X-Swa-Ws
X-IN-WAF
HTTPS
AKAMAI
X-Backend-TTL
X-IN-APIGATEWAY
X-Server-Group
X-Passed-To-BeforeDispatch
X-Phone
X-Croise-Owner
Time
X-Core-Value
X-Core-Mission
X-Returned-From
X-Reboot
X-Developers
X-Debug-Log
X-Debug-Cookies
X-Rebelmouse-Surrogate-Control
X-Returned-From-BeforeDispatch
X-Cdn-Origin
X-Cache-Srv
X-Returned-From-PostProcessResponse
X-Cdn-Srv
X-Rebelmouse-Cache-Control
X-Ckpd-Fst-Backend
X-CGP
X-Returned-From-DLL
Backend-Name
X-Actual-URL
X-Wikidot-Backend
X-Wikidot-Static-Cache
HA-Cloudapp
X-NX-Host
X-VG-TLSProxy
HA-Ipaddr
Fastly-SWR
X-Ver
HA-Geocity
Request-Time
X-Redis-Cache
HA-Host
Powered-By
Ha-Gx-Prefs
HA-Georegion
HA-Geocountry
HA-Geolat
HA-Geolon
Fastly-SIE
Fastly-Soc-X-Request-Id
X-Passed-To
Who
X-UnsetCookies
HA-Servedtime
On-Server
Cache-Tags
X-FireWall-Port
X-Trace-Id
X-Forwarded-Host
Origin
Content-Disposition
HA-Urlpath
Heartbleed
Esi-Enabled
X-Up
X-HS-Combine-CSS
X-From-Cache
X-HCF
X-Info
X-Refresh
X-App-Version
X-GoCache-CacheStatus
X-Location
X-Platform
X-Stale
X-Var-Ttl
X-Cache-Control-Set-By
X-Varnish-HitMiss
X-Skip-Cache
X-Nginx-Cache
RequestId
X-Via-SSL
NtCoent-Length
X-Ms-Request-Id
X-Ms-Lease-Status
Ohc-Response-Time
Dynatrace
X-Cache-FS-Status
X-Ms-Blob-Type
X-Req
X-Ms-Version
X-BBXSRF
Dnion-Transfer-Encoding
X-Kong-Proxy-Latency
X-Micro-Cache
Get-Access-Time
Frame-Options
X-Powered-By-ANYU
Is-Session-Tracking
X-MSEdge-Features
X-MSEdge-Flight
X-Response-Served-From
X-Servername
X-Cache-Time
X-Kong-Upstream-Latency
X-WR-MODIFICATION
X-Csrf-Token
X-NC
X-Pjax-Url
WWW-Authenticate
X-Pf-Uncompressing
Mime-Version
X-Cdn-Forward
X-B3-TraceId
X-Key
X-User
X-Request-Time
X-TIME
X-Owner
X-CUA
Cdn
X-CCM-LastModified
X-GRACE
X-Varnish-Url
CF-IPCountry
NodeID
X-Dynatrace
WP-Super-Cache
X-Page-Type
X-Cache-TTL
MIME-Version
X-Litespeed-Cache
Mail-Subject
X-External-Request-Id
We-Hiring
PICS-Label
X-NWS-UUID-VERIFY
GW-Server
X-CSRF-Token
X-DC
Section-Io-Cache
UCS
X-LiteSpeed-Cache-Control
X-Cache-Handler
X-Ua
Geoip-Latitude
Geoip-City
PageType
X-Aicache-OS
GeoIp-Country-Code
X-Servedbyhost
X-Pc-Hit
X-GDPR
Magicmarker
X-Pc-Appver
X-Varnish-Action
X-Pc-Key
Version
FastCGI-Cache
X-Nf-Srv-Version
Rt-Proxy-Cache
X-Varnish-Id
X-Cache-Id
X-Varnish-Beresp-TTL
X-Bip
X-Pc-Host
X-Pc-Date
X-Request-UUID
Memcached
X-Thanos
CDN
Accept-CH-Lifetime
X-Variation
CACHE
X-Fastly-Backend-Reqs
Memory
Processtime
X-GEO
Pagetype
X-StackifyID
X-Nananana
If-Modified-Since
X-Via-NSCOPI
COMMERCE-SERVER-SOFTWARE
X-ServedByHost
X-Server-W
X-TId
X-Ibm-Trace
X-Be
X-CACHE-KEY
X-Irp-Debug
X-Wa
Arc-Country
X-Gdpr
Sid
X-UPSTREAM-Address
X-Cluster-Node
X-Load-Cache
X-BE
X-DataStream-Origin-MEX-Latency
GeoIP-Latitude
GeoIP-Country-Code
X-HTML-Minification-Powered-By
Sta2Tusw
X-DataStream-MidMile-RTT
X-Auto-Login
DataCenter
Node
GeoIP-City
X-Shard
X-Hail-Hydra
X-FW-Version
X-Layer
X-Tid
X-Frame-Option
X-Ig-Deployment-Stage
X-Sentry-ID
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Proxy-Server
RATING
Pics-Label
X-Varnish-Ttl
X-Nginx-Cache-Key
X-Fastly-Cache-Hits
X-Varnish-URL
X-PAGE-TYPE
X-FORWARDED-FOR
URI
X-Datadome
Srv
X-Gen-Id
X-SRV
Cf-Ipcountry
X-EC-Security-Audit
X-NGINX-Cache
X-PJAX-URL
X-Bug-Bounty
Pramga
X-Gannett-Site-Version
X-Akamai-Request-ID2
X-Ratelimit-Remaining
X-Secret
Group
V-Cache
X-Endurance-Cache-Level
Cache-Provider
X-ADI-VCache
X-Haproxy-Hostname
X-ID
X-Surge-Debug
X-Shield-Cache-Expires
X-PF-Uncompressing
X-Haproxy-Ip
X-Public
X-GZIP
X-Ratelimit-Limit
OT-Force-Account-Verify
X-CacheKey
Mobile-Detection-Method
SD-X-WS
X-APP
X-Litespeed-Cache-Control
X-Dw-Trace-Id
X-ND-Cache
X-Feature
X-B3-SpanId
X-Cache-Debug
X-Cache-Var-Map
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
X-Cache-Var
Xet-Cookie
Serverid
Hostname
X-Ms-Lease-State
X-Sorting-Hat-ShopId-Cached
Lb
X-Sorting-Hat-Section
X-Sorting-Hat-PrivacyLevel
X-Sorting-Hat-PodId-Cached
X-Sorting-Hat-FeatureSet
X-Distil-Cs
X-Akamai-ERPolicy
X-RAMCache
X-CDN-Pop
X-RequestId
X-Akamai-ERRuleID
X-Fe
X-VCT
X-Store
X-CDN-Pop-IP
N-Cache
X-WA
X-Cookie
X-SD-PageType
X-VG-WebCache
Requestid
X-Varnish-ID
X-ServerName
REQUESTUUID
X-Request-Start
Accept-Ch
GEO-REGION-INFO
X-Unique-Id
X-Grace-Duration