Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Accept-Ranges
Last-Modified
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Xss-Protection
X-AspNetMvc-Version
Status
Timing-Allow-Origin
X-Check
X-Cache-Status
X-Adblock-Key
X-Iinfo
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-Content-Security-Policy
X-Template
X-CDN
Content-Encoding
X-Language
X-Turbo-Charged-By
X-Request-ID
Keep-Alive
X-Buckets
X-Type
EagleId
Xkey
X-Via
X-Backend
X-AH-Environment
WPE-Backend
X-Age
X-Pass-Why
Access-Control-Max-Age
X-Server
X-Swift-CacheTime
X-Swift-SaveTime
X-Cache-Group
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-Pingback
Upgrade
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
Grace
Access-Control-Expose-Headers
X-Hacker
X-UA-Device
P3p
Cf-Railgun
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Ua-Compatible
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
Request-Context
X-CST
X-Node
X-Cache-Lookup
X-Device
X-Ac
Content-Location
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cnection
X-Host
X-Amz-Version-Id
Surrogate-Control
X-WebKit-CSP
X-Backend-Server
X-Rack-Cache
X-Response-Time
X-Rq
X-Px
X-Readtime
X-Server-Id
X-Application-Context
Pinterest-Generated-By
Allow
X-Instart-Request-ID
X-Dns-Prefetch-Control
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Clacks-Overhead
Server-Timing
Request-Id
X-Url
X-Country
X-Cloud-Trace-Context
X-Do-Not-Hack
X-HeyJason
Permitted-Cross-Domain-Policies
Report-To
Rating
X-TTL
X-Country-Code
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Varnish-TTL
Charset
Edge-Control
X-ESI
X-Powered-CMS
X-PC
X-TtlSet
X-Vname
X-FTR-Request-ID
X-Server-Name
X-Server-ID
X-CF-Powered-By
X-DataDome
Feature-Policy
X-MS-InvokeApp
X-DynaTrace-JS-Agent
X-Goog-Hash
X-Cached
NEL
X-Origin-Cache
X-Vhost
X-Recruiting
Public-Key-Pins
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-VARITI-CCR
X-Cdn-Fetch
X-Exp-Id
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Exp-Variant
X-GoogleNews-Bot
X-Geo-Segment
X-F-Cache
X-DynaTrace
X-Powered-By-Plesk
X-Version
X-Mod-Pagespeed
X-T
X-Upstream-Env
X-Pinterest-Rid
Pinterest-Version
X-D2id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Client-IP
Content-MD5
PB-RID
X-Mobile-Rewrite
PB-PID
Arc-Version
Verso
X-Abt-Application-Version
AR-PoweredBy
AR-ATIME
X-Dispatcher
AR-CACHE
RTSS
X-N
SPRequestGuid
X-SharePointHealthScore
X-Amz-Rid
X-Cdn
X-Forwarded-Proto
X-Hits
X-GitHub-Request-Id
X-Navigation-Version
Nginx-Cache
X-Ruxit-JS-Agent
X-Dw-Request-Base-Id
X-B
Paypal-Debug-Id
Realpath
X-Grace
X-Upstream
X-Pad
X-Content-Digest
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Shield-Request-Id
X-Varnish-Age
X-Id
X-Content-Options
Arr-Disable-Session-Affinity
SPIisLatency
SPRequestDuration
X-Ttl
X-Cache-Hit
MS-Author-Via
X-Kinsta-Cache
X-NWS-LOG-UUID
TCN
X-Goog-Generation
Access-Control-Request-Method
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Logged-In
X-Acc-Meta-Resource-Type
X-XRDS-Location
S
DynaTrace
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Mrf-Cache-Status
MRF-Tech
X-Trace
X-Origin-Upstream-Status
X-Vcap-Request-Id
X-VCache
X-HW
X-MSEdge-Ref
X-DIS-Request-ID
X-Zen-Fury
Cleartype
Eomportal-Instance
Front-End-Https
X-FastCGI-Cache
X-FTR-Backend
X-FTR-Realm
X-HS-Content-Id
X-HS-Hub-Id
X-FTR-Expires
X-FTR-DC
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Cache-Status
Surrogate-Key
X-FTR-Backend-Server
X-Cache-Rule
X-Frontend
X-PressLabs-Stats
Service-Worker-Allowed
X-Fastly-Request-ID
X-NF-Request-ID
X-Via-JSL
X-Oneagent-Js-Injection
Cache-Status
X-IPLB-Instance
X-User-Agent
X-Forwarded-For
Server-Name
Tracecode
X-Request-Received
X-Request-Processing-Time
X-Hostname
X-SS-Set-Cookie
Fastcgi-Cache
X-Varnish-Backend
Alternate-Protocol
Host
Backend-Timing
X-Analytics
X-Cache-2
X-Wix-Server-Artifact-Id
Rt-Fastcgi-Cache
FilterID
Display
X-Middleton-Display
X-Sol
X-AOL-HN
Viewport
X-Whom
Public-Key-Pins-Report-Only
X-FTR-Cache-Host
TP-L2-Cache
TP-Cache
X-Revision
X-Rid
X-Proxied
X-Middleton-Response
Response
X-Content-Powered-By
X-Activity-Id
X-AppVersion
X-Az
X-Srv
ServerID
X-Ser
X-Debug-Info
X-URL
X-Debug
X-Fastcgi-Cache
X-Contextid
X-Cache-Control
AMP-Access-Control-Allow-Source-Origin
AR-SID
X-Magnolia-Registration
MicrosoftSharePointTeamServices
X-Cached-By
X-Daa-Tunnel
X-Akam-SW-Version
X-B3-Traceid
X-Mobile
X-Cache-Server
Refresh
Ar-Sid
X-Instance
HitInfo
Server-Info
HitType
X-Page-Id
X-FB-Debug
Cache-Tag
X-WPE-Loopback-Upstream-Addr
X-Cache-Key
X-Generated-By
X-Framework
X-App-Server
X-Varnish-Hostname
X-Geo-Country
Powered-By-ChinaCache
X-Cache-Age
Retry-After
X-Content-Security-Policy-Report-Only
X-Newrelic-App-Data
X-PHP-Backend
X-LB-Cache
X-RateLimit-Remaining
X-B-Cache
X-App-Environment
X-Signature
X-Request-Guid
X-Cache-Operation
X-BCube-Filmed-By
X-TT
X-Varnish-Grace
Host-Header
X-Webkit-Csp
Accept-Charset
Source
X-Handled-By
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
X-Origin-Server
Server-Node
X-Device-Type
Upgrade-Insecure-Requests
X-XRDS-LOCATION
X-Accel-Expires
X-Hyper-Cache
X-Webkit-CSP
DC
X-Platform-Server
X-WA-Info
X-APP-VERSION
X-GUploader-UploadID
X-Oracle-Dms-Ecid
X-Akamai-Edgescape
X-Oracle-Dms-Rid
X-Amzn-Trace-Id
X-TT-TIMESTAMP
X-Drupal-Cache-Tags
Liferay-Portal
X-NewRelic-App-Data
X-CACHE-GROUP
X-Amz-Meta-S3cmd-Attrs
X-Cache-Action
X-Varnish-Server
X-Cluster
X-Edge-Location
X-ATG-Version
X-Correlation-ID
AR-Request-ID
Fastly-Restarts
Webserver
X-Port
X-Node-Name
X-B3-Sampled
X-Accel-Buffering
NGB
X-Ruxit-Js-Agent
X-S
X-Cacheable-TTL
X-WebKit-CSP-Report-Only
X-GeoIP
X-Seen-By
X-Wix-Request-Id
X-Locale
Filters
X-Wix-Petri-Ex
Actual-Object-TTL
X-Source
ServedBy
X-Jobs
X-RequestSource
X-Tumblr-Pixel-1
X-FW-Hash
X-Tumblr-Pixel-2
X-Varnish-Hits
X-FW-Serve
X-FW-Server
X-FW-Type
AsisCache
X-FW-Static
MS-CV
X-RTag
X-UA
X-Amz-Replication-Status
Accept-CH
S-Cnection
X-Distil-CS
X-Region
GEO-INFO
X-Cache-TTL-Remaining
Served-By
Cache
X-Cache-Config
X-Edge-Cache-Key
X-Edge-Cache
X-Cache-Remote
X-UA-Device-Type
X-Correlation-Id
HostName
Country
Content-Style-Type
Content-Script-Type
X-Vg-Webcache
X-Adobe-Loc
X-Adobe-Content
X-Sucuri-ID
X-Ocache
X-TA-CDN-Provider
Ohc-File-Size
X-PC-Hit
X-PC-AppVer
X-Drupal-Cache-Contexts
X-PC-Key
X-Guploader-Uploadid
X-Dynatrace-Js-Agent
X-Microcachable
X-GZip
X-PC-Host
X-PC-Date
X-UUID
X-RateLimit-Limit
X-Unique-ID
X-Internal-Host
Datacenter
X-Varnish-IP
X-DataStream-Cache-Status
X-Akamai-Transformed
X-Status
X-HOST
X-Esi
X-Ezoic-Cdn
X-Amz-Server-Side-Encryption
X-Real-IP
X-TX-ID
Healthy
Pagespeed
X-CDN-Forward
X-Yottaa-Optimizations
X-Grey
Meta-Geo
X-BYPASS-REASON
X-Cache-Category-Id
X-Detected-As
X-Yottaa-Metrics
X-Generated
X-Agile
X-JoinUs
Load-Balancing
Access-Control-Allow-Method
X-ProxyCache-Key
Machine
X-Rendered-As
X-Agile-Age
IBM-Web2-Location
X-ProxyCache-Status
X-Agile-Id
X-RN-RSRV
X-Is-Bot
X-Akamai-Request-ID
X-IP
X-Web-Node
X-App-Name
User-Cache-Control
X-Loop
Mn-Server-Ip
X-Backend-Name
Selected-FE
X-Mode
X-Proxy-Build
X-Timing-Wait
X-TNCMS
X-Debug-Cache
X-OVcl
X-Proxy
X-Origin
X-OVcl-Cache
X-Xfnlog-Site
X-ServerID
X-CCM
X-Vgn-Hpd-Reason
X-Instance-Name
Cache-Name
DB-Nickname
Backend
X-Hosted-By
X-OCL
X-Varnish-Cache-Hits
L5d-Success-Class
S-Rt
ServerName
Now
X-Human
X-PCL
X-Tb
X-NodeID
X-Upgrade-Enabled
X-Time-Microsecs
X-BB-IP
X-Content-Type
X-Servedby
X-Viewer-Country
X-Varnish-Cacheable
Payment
Azure-Version
Azure-SlotName
Azure-InstanceId
Azure-SiteName
Cache-Key
X-Path-Route
X-RemovedCookies
X-PERF
X-NCache
X-Distributor
X-Site-Version
Azure-RegionName
LB
X-ProcessESI
X-Original-Request
X-FC-Vary-Parameters
X-CDN-Cache
X-EIG-Tracking-Id
User-Agent
X-Via-Fastly
X-ApacheServer
Webcakes-App-Name
TWC-GeoIP-Country
X-AWS-Id
TWC-GeoIP-LatLong
TWC-Privacy
Property-Id
TWC-Connection-Speed
PageSpeed
X-Www-Served-By
TWC-Device-Class
X-SplitTest
X-Routing-Service
X-Section
X-LJ-Flow-ID
TWC-Locale-Group
X-Origin-Hint
X-TWH-CORRELATION-ID
X-NGENIX-Cache
Webcakes-App-Version
X-VWS-Id
Dont-Set-Cookie
Webcakes-Region
X-Access
X-Zipkin-Id
X-Pubstack
X-Amz-Meta-Surrogate-Control
X-Format
X-Rocket-Nginx-Bypass
X-Origin-CC
Xserver
X-Cache-Ttl
SRV
Access-Control-Request-Headers
X-Time
X-Storage
X-L-Path
X-Cache-Backend
X-Environment-Context
WZWS-RAY
X-Webstats-RespID
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Storage-Class
Edge-Cache-Tag
X-ServedBy
X-Sucuri-Cache
X-HS-Cache-Config
X-B3-Spanid
Countrycode
X-Connection-Hash
X-Optimization
X-Proto
X-Labrador-Cache-Channel
X-Generation-Time
X-Transaction
X-Twitter-Response-Tags
X-Cache-HT
X-Amz-Apigw-Id
X-Amzn-RequestId
Cteonnt-Length
X-MP-GENERATED-AT
Ms-Operation-Id
X-M-Reqid
X-M-Log
X-Qnm-Cache
Cache-Hits
X-Newrelic-Synthetics
X-SERVER-NAME
X-Hit
X-Ah-Environment
Apicache-Store
X-Nc
Apicache-Version
X-Birta-Served
X-Birta-Cache-Post
X-Meta-Tbi-Cache-Vertical
X-Cache-NE
X-Tumblr-Pixel-3
X-CLOUD-TRACE-CONTEXT
Fastly-SSL
NnCoection
From-Origin
X-Real-Ip
NODE
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-V
X-Cache-Enabled
X-EdgeConnect-Cache-Status
XServer
X-Release
Ec-Rule-Version
Ws
Cartoon
X-Geo
X-Dc
X-Upstream-HT
X-Upstream-CT
X-Dispatcher-Server
X-Died
Thinkindot-CacheControl-Type
Warning
Fly-Cache
X-Generated-In
Country-Code
Cneonction
Www
X-SERVER
Web-Mar-Node
X-Gen-Mode
X-DPWN-IS-SECURE
V-Age
Request-EU
X-Env
X-Fetched-On
Viewtype
Resin-Trace
VivaBuild
X-G
X-Developer
Request-Country
X-From
X-A-Ccd
T-Server
Thinkindot-CacheControl
SN
X-BB-ID
X-Block-Status
X-B-Cookie
X-ARC
X-Alternate-Cache-Key
X-Accel-Expires-Debug
BehaviorPad-Version
Fly-Request-Id
X-Application
Cache-Prefix
GMS-Ver
X-A-Dam
X-D
X-Date
X-A-Wwc
X-A
Server-Host
Server-ID
X-A-Dgt
X-C
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-A-Dcw
X-Destination
X-Matched-Rule
MI-Cache-Age
X-Shopify-Stage
X-ShopId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-SVT-ORM-RULES
X-SRCache-Key
X-ShardId
X-Sf
X-Varnish-Beresp-Ttl
X-ScT
X-Server-By
Kp-EeAlive
MD5-Digest
X-Server-Time
X-SVT-ORM-VERSION
X-Thinkindot-L3
X-Alicdn-Da-Ups-Status
X-WebServer
X-Wix-Route-ID
X-Worker
Meta-Geo-Continent
Xc-Version
X-We-Are-Hiring
MI-Cache
X-TT-LOGID
X-Trv-Group
X-UE-Client-Country
X-VG-WebServer
X-Via-Edge
X-Via-CDN
X-S-Maxage
X-S-Cookie
X-Origin-Date
X-Origin-Expires
Rendered-Blocks
X-Hnp-Log
X-Org
X-NU-AKA-ACS-Version
Host-ID
Thinkindot-Control
X-MI-In-Market
Httpd-Identifier
X-PAYTM-SRV-ID
X-Planisys-CDN-Cache
X-Response-By
X-Rewrite-Enabled
X-Rojux
X-Rule
X-Region-Sid
X-Hl-Ver
X-Planisys-CDN-TTL
X-RCS-CacheZone
X-Planisys-CDN-Rules
Release
Platform
Proxy-Connection
PFcat
Pragrma
Origin-Cache-Control
NGX
Server-Int
RNT-Time
Odigeo-Trace-Id
RNT-Machine
Origin-Edge-Control
X-Fstrz
X-Logtrace-Id
X-No-Session
X-Node-Id
X-IN-WAF
X-IN-SSL-APIGATEWAY
X-Hash
X-IN-APIGATEWAY
X-Origin-TTL
X-P-T
X-VServer
X-Cache-URL
X-SIPLIST1
X-ServiceProvider
X-Request-URI
X-Server-IP
X-GeoIP-Country-Code
X-GeoIP-City
X-Backend-Url
X-Cache-Bucket
X-Backend-State
X-Backend-Host
Uber-Trace-Id
X-Amz-Meta-Cache-Control
X-Cache-Host
X-Clientip
X-Edge-Server
MI-API
X-Edge-IP
X-Device-Os
X-Content-Age
X-CS
True-Client-Country-4JS
X-Cache-CFC
Decoy-Debug-Key
Cdn-Request-Time
CDCHOST
Decoy-Debug-Status
Decoy-Debug-TTL
Ajk
Fastly-Backend-Name
X-Atg-Version
Apple-News-Services-Request-Url
Cdn-Host
IsBot
Is-Eu
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Adler-Geo
X-ElasticPress-Search
ProcessTime
Time
X-Developers
X-Debug-Log
X-Cache-ASPX
X-Debug-Cookies
X-Croise-Owner
X-CGP
X-Cdn-Srv
X-Cdn-Origin
X-Cache-Srv
X-Ckpd-Fst-Backend
X-Epic-Correlation-Id
X-Crawler
X-Core-Value
X-Core-Mission
X-Cache-Control-Set-By
X-Cache-Expires
X-FireWall-Port
X-Swa-Ws
X-Trace-Id
X-Sn-Servicetimems
X-Server-Group
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-UnsetCookies
X-Up
X-Wikidot-Static-Cache
X-Redis-Cache
X-Wikidot-Backend
X-VG-TLSProxy
X-Varnish-HitMiss
X-Ver
X-Returned-From-BeforeDispatch
X-Returned-From
X-NX-Host
X-Passed-To
X-HCF
X-Forwarded-Host
X-F5-Cache
X-Fastly-Cache
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-Rebelmouse-Surrogate-Control
X-Reboot
X-Rebelmouse-Cache-Control
X-Platform
X-Passed-To-PostProcessResponse
X-Eu-Site
X-Phone
Fastly-SIE
X-Backend-TTL
Powered-By
HA-Servedtime
Esi-Enabled
HA-Cloudapp
Heartbleed
Who
Content-Disposition
HA-Ipaddr
Fastly-Soc-X-Request-Id
Request-Time
HA-Geolat
HA-Geocountry
HA-Geocity
HA-Geolon
HA-Georegion
HA-Host
Fastly-SWR
Ha-Gx-Prefs
HTTPS
HA-Urlpath
On-Server
X-Actual-URL
Cache-Tags
AKAMAI
Origin
Backend-Name
X-HS-Combine-CSS
RequestId
X-Refresh
X-Cache-FS-Status
X-From-Cache
X-App-Version
X-GoCache-CacheStatus
X-Info
X-Location
X-Var-Ttl
X-Via-SSL
X-Stale
X-Skip-Cache
NtCoent-Length
X-Ms-Request-Id
X-BBXSRF
X-Ms-Blob-Type
X-Req
X-Ms-Lease-Status
X-Ms-Version
Ohc-Response-Time
Dnion-Transfer-Encoding
X-Nginx-Cache
X-Response-Served-From
X-Kong-Proxy-Latency
X-MSEdge-Features
X-Micro-Cache
X-MSEdge-Flight
X-Cache-Time
X-Kong-Upstream-Latency
X-Servername
Get-Access-Time
Is-Session-Tracking
X-Powered-By-ANYU
WWW-Authenticate
Frame-Options
X-WR-MODIFICATION
X-Csrf-Token
X-Key
X-NC
X-Pf-Uncompressing
X-Pjax-Url
X-Owner
X-Cdn-Forward
Mime-Version
X-B3-TraceId
X-Request-Time
X-CCM-LastModified
X-CUA
X-User
X-TIME
Cdn
NodeID
X-GRACE
X-Page-Type
WP-Super-Cache
X-Cache-TTL
CF-IPCountry
We-Hiring
Mail-Subject
Dynatrace
X-Litespeed-Cache
MIME-Version
X-Varnish-Url
X-COUNTRY
X-External-Request-Id
PICS-Label
X-NWS-UUID-VERIFY
UCS
X-DC
Section-Io-Cache
GW-Server
X-LiteSpeed-Cache-Control
X-CSRF-Token
X-Cache-Handler
Geoip-City
X-Ua
Geoip-Latitude
X-Aicache-OS
PageType
GeoIp-Country-Code
X-GDPR
X-Servedbyhost
Version
X-Pc-Appver
X-Pc-Key
X-Pc-Hit
X-Varnish-Action
Magicmarker
FastCGI-Cache
X-Nf-Srv-Version
X-Varnish-Id
X-Cache-Id
Rt-Proxy-Cache
X-Varnish-Beresp-TTL
X-Thanos
X-Pc-Host
Memcached
X-Pc-Date
X-Bip
X-Request-UUID
X-Dynatrace
CDN
Accept-CH-Lifetime
CACHE
X-Variation
Memory
Processtime
X-Fastly-Backend-Reqs
X-GEO
X-StackifyID
Pagetype
X-Nananana
X-Irp-Debug
X-Ibm-Trace
X-Via-NSCOPI
If-Modified-Since
COMMERCE-SERVER-SOFTWARE
X-TId
X-Server-W
X-ServedByHost
X-Be
X-CACHE-KEY
X-Gdpr
Sid
Arc-Country
X-UPSTREAM-Address
X-Wa
X-Load-Cache
X-Cluster-Node
DataCenter
X-BE
GeoIP-City
X-Shard
Sta2Tusw
Node
GeoIP-Country-Code
X-Auto-Login
GeoIP-Latitude
X-DataStream-Origin-MEX-Latency
X-HTML-Minification-Powered-By
X-DataStream-MidMile-RTT
X-Hail-Hydra
X-Sentry-ID
X-FW-Version
X-Layer
X-Ig-Deployment-Stage
X-Tid
X-Frame-Option
RATING
X-Varnish-Ttl
X-Proxy-Server
Pics-Label
X-RateLimit-Limit-Second
X-Varnish-URL
X-RateLimit-Remaining-Second
X-Nginx-Cache-Key
X-NGINX-Cache
X-FORWARDED-FOR
X-PAGE-TYPE
URI
X-Fastly-Cache-Hits
X-Datadome
Cf-Ipcountry
X-EC-Security-Audit
Srv
X-SRV
X-Gen-Id
Pramga
X-Secret
X-Bug-Bounty
X-Gannett-Site-Version
X-Akamai-Request-ID2
X-Ratelimit-Remaining
Hostname
Group
V-Cache
X-Haproxy-Hostname
X-ID
Cache-Provider
X-ADI-VCache
X-Shield-Cache-Expires
X-Endurance-Cache-Level
X-PJAX-URL
X-PF-Uncompressing
X-Surge-Debug
X-Public
X-Haproxy-Ip
X-Ratelimit-Limit
X-GZIP
X-Dw-Trace-Id
Mobile-Detection-Method
SD-X-WS
X-APP
X-Litespeed-Cache-Control
X-Fe
X-CacheKey
X-B3-SpanId
Cache-Cookie-Set-Lfrom
X-Cache-Var
X-Cache-Debug
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-ND-Cache
X-Feature
X-Cache-Var-Map
OT-Force-Account-Verify
Xet-Cookie
Serverid
X-Sorting-Hat-FeatureSet
X-Sorting-Hat-PodId-Cached
X-Sorting-Hat-Section
X-Akamai-ERRuleID
X-Distil-Cs
X-RequestId
X-VCT
X-Store
X-Ms-Lease-State
X-Sorting-Hat-ShopId-Cached
X-Sorting-Hat-PrivacyLevel
X-Akamai-ERPolicy
X-RAMCache
X-CDN-Pop-IP
X-CDN-Pop
Lb
X-VG-WebCache
X-Varnish-ID
X-WA
REQUESTUUID
X-SD-PageType
X-Grace-Duration
X-Cookie
X-Request-Start
X-ServerName
Requestid
Accept-Ch
GEO-REGION-INFO
N-Cache
X-Unique-Id