Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-FRAME-OPTIONS
X-Timer
CF-Cache-Status
Access-Control-Allow-Headers
X-AspNet-Version
X-Request-Id
Access-Control-Allow-Methods
X-Xss-Protection
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Request-ID
X-Generator
Content-Security-Policy-Report-Only
X-Check
Status
X-AspNetMvc-Version
X-Cache-Status
X-Adblock-Key
Timing-Allow-Origin
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
X-Template
Content-Encoding
X-Language
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
Keep-Alive
X-Buckets
Xkey
X-Backend
X-AH-Environment
Access-Control-Max-Age
WPE-Backend
X-Pass-Why
X-Age
X-Cache-Group
X-Server
CF-Ray
Upgrade
X-POWERED-BY
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Pingback
X-Drupal-Dynamic-Cache
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Grace
X-Hacker
X-Amz-Request-Id
X-Amz-Id-2
X-UA-Device
Ali-Swift-Global-Savetime
X-Robots-Tag
Cf-Railgun
P3p
X-LiteSpeed-Cache
X-Envoy-Upstream-Service-Time
X-Proxy-Cache
X-Page-Speed
X-Ua-Compatible
Request-Context
Content-Location
X-Device
X-Ac
X-Node
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cnection
X-Host
X-Cache-Lookup
Surrogate-Control
X-Amz-Version-Id
X-Server-Id
X-WebKit-CSP
X-Backend-Server
X-Rack-Cache
X-Response-Time
X-Rq
X-Application-Context
X-Readtime
X-CST
EagleEye-TraceId
X-Dns-Prefetch-Control
Server-Timing
Pinterest-Generated-By
X-Url
X-Cloud-Trace-Context
X-TTL
X-Instart-Request-ID
X-OneAgent-JS-Injection
Request-Id
X-Px
Report-To
X-Country
X-ORACLE-DMS-ECID
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Feature-Policy
Rating
Edge-Control
Allow
X-Country-Code
X-DynaTrace-JS-Agent
Charset
X-ESI
X-Server-Name
X-Powered-CMS
X-DataDome
X-FTR-Request-ID
X-PC
X-Vname
X-TtlSet
X-Origin-Cache
X-DynaTrace
NEL
X-MS-InvokeApp
X-ORACLE-DMS-RID
X-Goog-Hash
X-Recruiting
X-Varnish-TTL
X-Cached
X-VARITI-CCR
X-Vhost
Content-MD5
X-GitHub-Request-Id
RTSS
X-F-Cache
X-Version
X-Exp-Id
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-Geo-Segment
X-Exp-Variant
X-Powered-By-Plesk
X-CF-Powered-By
Public-Key-Pins
X-Upstream-Env
X-Pinterest-Rid
Pinterest-Version
PB-RID
PB-PID
X-Mod-Pagespeed
Arc-Version
X-Mobile-Rewrite
Verso
X-Client-IP
SPRequestGuid
X-Abt-Application-Version
X-SRCache-Store-Status
X-SRCache-Fetch-Status
MS-Author-Via
X-D2id
X-N
X-HeyJason
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
Accept-CH
AR-PoweredBy
AR-ATIME
X-Dispatcher
X-SharePointHealthScore
AR-CACHE
X-Amz-Rid
X-T
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
Nginx-Cache
DynaTrace
X-Navigation-Version
Paypal-Debug-Id
X-Dw-Request-Base-Id
X-Trace
X-Grace
X-Upstream
X-Fastly-Request-ID
Arr-Disable-Session-Affinity
X-Varnish-Age
X-Hits
TCN
X-Id
X-Amz-Meta-S3cmd-Attrs
Accept-CH-Lifetime
X-Shield-Request-Id
X-Forwarded-Proto
X-Pad
X-FastCGI-Cache
X-DIS-Request-ID
X-Origin-Upstream-Status
X-XRDS-Location
SPRequestDuration
SPIisLatency
X-Cache-Hit
X-Content-Options
X-Ruxit-JS-Agent
Realpath
X-Logged-In
X-Kinsta-Cache
X-Content-Digest
X-IPLB-Instance
Access-Control-Request-Method
X-Acc-Meta-Resource-Type
X-B
X-NF-Request-ID
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Mrf-Cache-Status
MRF-Tech
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
AR-SID
X-SS-Set-Cookie
X-Server-ID
X-Vcap-Request-Id
X-HW
S
X-MSEdge-Ref
X-Debug
Service-Worker-Allowed
Server-Name
X-Ser
X-PressLabs-Stats
X-Country-Code-Real
X-Frontend
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-Backend
Tracecode
X-Wix-Server-Artifact-Id
Fastcgi-Cache
X-FTR-Expires
Rt-Fastcgi-Cache
X-Cache-Key
Eomportal-Instance
AMP-Access-Control-Allow-Source-Origin
X-GUploader-UploadID
Surrogate-Key
Alternate-Protocol
X-Webkit-CSP
X-Forwarded-For
X-Oneagent-Js-Injection
Cleartype
X-Cache-Rule
X-NewRelic-App-Data
Cache-Status
X-Srv
X-NWS-LOG-UUID
X-HS-Hub-Id
X-HS-Content-Id
Backend-Timing
X-Analytics
Host
X-VCache
TP-L2-Cache
TP-Cache
X-User-Agent
X-Revision
FilterID
X-Rid
X-Debug-Info
X-Whom
X-FTR-Cache-Host
Fastly-Restarts
X-AOL-HN
Public-Key-Pins-Report-Only
X-Akam-SW-Version
X-Via-JSL
X-Cache-2
ServerID
X-Varnish-Backend
X-Content-Powered-By
X-RateLimit-Remaining
X-Request-Received
X-Request-Processing-Time
Accept-Charset
X-Zen-Fury
Viewport
X-Cdn
X-Accel-Buffering
X-Kinja-Server-Push
X-Mobile
Front-End-Https
X-WPE-Loopback-Upstream-Addr
X-Ttl
X-Oracle-Dms-Rid
X-Cached-By
X-Node-Name
Liferay-Portal
X-App-Environment
X-LB-Cache
X-Page-Id
X-Cluster
Host-Header
X-Tumblr-Pixel
X-Varnish-Hostname
X-Tumblr-User
X-Hostname
X-Tumblr-Pixel-0
X-Cache-Control
X-Content-Security-Policy-Report-Only
X-Magnolia-Registration
X-Framework
X-Handled-By
X-Device-Type
X-Akamai-Edgescape
X-TT
X-Request-Guid
X-B-Cache
X-B3-Sampled
X-BCube-Filmed-By
X-Instance
Cache-Tag
X-Platform-Server
X-Signature
DC
Upgrade-Insecure-Requests
X-FB-Debug
X-B3-Traceid
X-Origin-Server
X-Cache-Server
Server-Node
X-TT-TIMESTAMP
X-TA-CDN-Provider
Source
X-XRDS-LOCATION
MicrosoftSharePointTeamServices
Retry-After
X-WA-Info
X-Contextid
X-Servedby
X-Accel-Expires
HitType
HitInfo
Server-Info
X-Cache-Action
X-Amzn-Trace-Id
X-Cache-Operation
X-Varnish-Server
X-Correlation-Id
X-Port
X-Daa-Tunnel
X-Middleton-Display
Display
X-Sol
X-Distil-CS
X-Edge-Location
X-Generated-By
X-Geo-Country
AsisCache
X-APP-VERSION
X-GeoIP
Webserver
X-Hyper-Cache
X-RequestSource
X-Newrelic-App-Data
X-Tumblr-Pixel-1
X-S
X-Tumblr-Pixel-2
GEO-INFO
Content-Script-Type
Content-Style-Type
Actual-Object-TTL
X-Seen-By
X-Wix-Request-Id
X-Locale
X-TX-ID
X-WebKit-CSP-Report-Only
X-Amz-Replication-Status
ServedBy
X-Fastcgi-Cache
X-Region
X-UUID
X-Varnish-Hits
X-Status
X-Jobs
X-FW-Hash
X-Edge-Cache-Key
X-FW-Serve
X-FW-Server
X-FW-Static
X-FW-Type
X-Edge-Cache
Healthy
X-Adobe-Content
X-Adobe-Loc
X-Varnish-Grace
X-Response-Served-From
X-Drupal-Cache-Tags
User-Agent
SRV
Filters
X-DataStream-Cache-Status
X-Amz-Server-Side-Encryption
X-Proxied
Refresh
NGB
S-Cnection
X-Middleton-Response
X-Yottaa-Metrics
Cache
Response
X-Yottaa-Optimizations
X-Cache-TTL-Remaining
IBM-Web2-Location
AR-Request-ID
X-Correlation-ID
X-Cache-Age
X-Activity-Id
X-App-Server
X-Az
X-AppVersion
X-URL
X-Esi
X-CDN-Forward
X-Pc-Hit
X-Pc-Key
X-Cache-Remote
X-Pc-Appver
X-Content-Type
X-Cacheable-TTL
X-Cache-NE
Payment
X-Unique-ID
X-Ruxit-Js-Agent
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Datacenter
X-UA
Country
X-Vg-Webcache
X-Cache-TTL
Served-By
X-Akamai-Transformed
X-ATG-Version
X-Mode
HostName
X-Real-IP
X-HS-Cache-Config
Edge-Cache-Tag
X-Detected-As
X-Sucuri-ID
X-Is-Bot
X-RN-RSRV
X-Rendered-As
Machine
X-Source
Meta-Geo
Load-Balancing
X-ProxyCache-Status
X-Proxy
X-ProxyCache-Key
User-Cache-Control
X-BYPASS-REASON
X-Rocket-Nginx-Bypass
X-ProcessESI
X-RemovedCookies
X-OCL
X-PCL
X-FC-Vary-Parameters
TWC-Locale-Group
Webcakes-App-Version
Cache-Key
Webcakes-Region
Webcakes-App-Name
TWC-Privacy
DB-Nickname
L5d-Success-Class
Property-Id
Now
Mn-Server-Ip
Backend
TWC-Connection-Speed
TWC-GeoIP-Country
TWC-Device-Class
X-Viewer-Country
Cache-Name
TWC-GeoIP-LatLong
X-BB-IP
X-Varnish-Cacheable
X-Hosted-By
X-Cache-Config
X-ServerID
X-Grey
X-EIG-Tracking-Id
X-Debug-Cache
X-Origin-Hint
Access-Control-Allow-Method
X-Cache-Category-Id
X-Tb
X-ApacheServer
X-Amz-Meta-Surrogate-Control
X-Pubstack
X-PERF
X-Origin
X-Human
X-Backend-Name
X-Loop
Azure-SlotName
X-NodeID
Azure-Version
X-L-Path
Azure-SiteName
Azure-RegionName
Access-Control-Request-Headers
X-TNCMS
X-Environment-Context
X-Section
X-Routing-Service
X-Format
X-Hit
X-Generated
X-CDN-Cache
X-CCM
X-Zipkin-Id
X-JoinUs
X-Varnish-IP
X-Access
X-Site-Version
S-Rt
Azure-InstanceId
X-Upgrade-Enabled
X-Storage
X-Agile
X-Varnish-Cache-Hits
ServerName
X-Via-Fastly
Selected-FE
X-Agile-Age
X-Agile-Id
X-Ocache
X-IP
X-Original-Request
X-Proxy-Build
X-Timing-Wait
X-App-Name
X-Xfnlog-Site
X-TWH-CORRELATION-ID
X-Drupal-Cache-Contexts
X-Origin-CC
X-NGENIX-Cache
X-Rule
X-Akamai-Request-ID
X-OVcl-Cache
X-Pc-Host
X-Pc-Date
X-OVcl
X-HS-Combine-CSS
X-LJ-Flow-ID
X-SplitTest
X-AWS-Id
X-Www-Served-By
X-VWS-Id
X-Cache-Var
X-Cache-Var-Map
X-RateLimit-Limit
X-NC
X-Vgn-Hpd-Reason
X-Upstream-HT
X-Upstream-CT
X-PHP-Backend
X-Time-Microsecs
X-UA-Device-Type
From-Origin
XServer
OT-Force-Account-Verify
X-Internal-Host
X-Litespeed-Cache
X-Nginx-Cache
X-NCache
X-Release
X-Microcachable
X-Distributor
X-Mrs-Cache
X-Mshield-Cache-Status
X-Mrs-Age
X-Mrs-Cache-Hits
Ar-Sid
X-Forwarded-Host
X-M-Log
Fastly-SSL
Fastcgi-X-Cache-Version
LB
X-Feature
X-M-Reqid
Fastcgi-Useragent
Fastcgi-X-Cache
X-Qnm-Cache
X-Amzn-RequestId
X-Amz-Apigw-Id
Pagetype
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Ms-Lease-Status
X-Cache-Backend
X-Ms-Blob-Type
X-Ms-Version
X-Ms-Request-Id
X-Birta-Served
Powered-By-ChinaCache
X-Birta-Cache-Post
X-Twitter-Response-Tags
X-Connection-Hash
X-Transaction
MIME-Version
X-Labrador-Cache-Channel
NtCoent-Length
X-V
X-EdgeConnect-Cache-Status
X-Instance-Name
X-Webkit-Csp
X-VG-TLSProxy
Frame-Options
PageSpeed
X-App-Version
X-Varnish-Beresp-Ttl
X-Ah-Environment
X-Web-Node
X-B3-Spanid
Time
Pagespeed
X-GZip
X-Block-Status
X-Redis-Cache
X-IN-APIGATEWAY
X-Cache-Bucket
X-Request-UUID
Ajk
X-CS
Viewtype
VivaBuild
X-Hnp-Log
X-IN-WAF
V-Age
T-Server
Ec-Rule-Version
Host-ID
IsBot
BehaviorPad-Version
Cache-Prefix
Fly-Cache
Fly-Request-Id
MD5-Digest
Meta-Geo-Continent
X-CF-Lambda-Fn
Arc-Country
Server-Int
Rendered-Blocks
NGX
X-PAYTM-SRV-ID
Web-Mar-Node
X-A
X-Org
X-Died
X-Dispatcher-Server
X-DPWN-IS-SECURE
X-Accel-Expires-Debug
X-Region-Sid
X-NU-AKA-ACS-Version
X-Developer
X-B-Cookie
X-Date
X-ARC
X-Application
X-Destination
X-Request-URI
X-A-Wwc
X-Logtrace-Id
X-Irp-Debug
X-A-Dcw
X-CF-Lambda-Version
X-A-Dam
X-A-Ccd
X-BB-ID
X-A-Dgt
X-Generation-Time
X-CUA
X-D
X-From
X-G
X-Generated-In
X-Gen-Mode
Www
X-S-Cookie
X-Server-By
X-Via-SSL
X-Via-Edge
X-IN-SSL-APIGATEWAY
X-SIPLIST1
X-UE-Client-Country
X-WebServer
Xc-Version
X-ScT
X-Server-Time
X-Trv-Group
X-Rewrite-Enabled
X-VG-WebServer
X-Via-CDN
X-Rojux
X-SRCache-Key
X-C
X-FireWall-Port
X-SERVER-NAME
HA-Host
HA-Ipaddr
X-Core-Value
X-CGP
X-Platform
Ha-Gx-Prefs
HA-Urlpath
HA-Servedtime
X-Owner
X-Crawler
X-Origin-TTL
X-RCS-CacheZone
GMS-Ver
HA-Cloudapp
HA-Geolon
HA-Geolat
HA-Geocity
HA-Georegion
On-Server
Request-EU
Request-Country
Release
Proxy-Connection
Request-Time
X-Node-Id
X-NX-Host
SN
X-Amz-Meta-Cache-Control
X-CACHE-GROUP
X-Cache-CFC
X-Phone
NodeID
Magicmarker
True-Client-Country-4JS
Origin-Cache-Control
X-No-Session
X-Cache-Enabled
Origin-Edge-Control
Kp-EeAlive
HA-Geocountry
X-Sf
Backend-Name
X-Csrf-Token
Cache-Tags
CDCHOST
X-Sucuri-Cache
X-S-Maxage
X-Eu-Site
AKAMAI
X-We-Are-Hiring
X-Fastly-Cache
X-UnsetCookies
X-External-Request-Id
X-F5-Cache
X-ElasticPress-Search
X-Key
X-Debug-Log
X-Debug-Cookies
Esi-Enabled
X-Layer
X-Var-Ttl
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-VServer
X-HTML-Minification-Powered-By
X-Varnish-Action
X-Hl-Ver
Country-Code
X-Oss-Request-Id
X-Powered-By-ANYU
X-Oss-Server-Time
X-Oss-Storage-Class
X-HOST
Cneonction
Cteonnt-Length
X-NWS-UUID-VERIFY
X-Oss-Object-Type
WZWS-RAY
X-Webstats-RespID
X-Oss-Hash-Crc64ecma
X-Backend-Url
X-Backend-State
X-GeoIP-Country-Code
X-TT-LOGID
X-Hash
X-Trace-Id
X-Swa-Ws
X-Actual-URL
Mobile-Detection-Method
X-Tumblr-Pixel-3
X-GeoIP-City
X-Alternate-Cache-Key
X-Backend-Host
X-Cache-Expires
X-MSEdge-Features
X-MI-In-Market
X-Content-Age
X-Clientip
X-Variation
X-Device-Os
X-Up
X-Croise-Owner
X-Developers
X-Ckpd-Fst-Backend
X-Worker
X-Cache-Host
X-Nginx-Cache-Key
X-Location
X-Fstrz
X-MSEdge-Flight
X-Cache-Srv
X-Epic-Correlation-Id
X-Cdn-Srv
X-Cache-URL
X-Gannett-Site-Version
RNT-Time
MI-Cache-Age
Odigeo-Trace-Id
MI-Cache
MI-API
X-Sorting-Hat-PodId
Origin
PFcat
Fastly-Backend-Name
Pragrma
Platform
Apple-News-Services-Request-Url
X-ServiceProvider
X-ShardId
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Shopify-Stage
Decoy-Debug-TTL
X-ShopId
Decoy-Debug-Status
X-Passed-To
Is-Eu
Countrycode
X-Skip-Cache
Decoy-Debug-Key
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Request-Time
X-Passed-To-DLL
Apple-News-Services-Handled
X-Secret
X-Returned-From-BeforeDispatch
X-Response-By
Uber-Trace-Id
X-Returned-From
X-Returned-From-PostProcessResponse
X-Sorting-Hat-ShopId
X-Passed-To-BeforeDispatch
Section-Io-Cache
X-Stale
X-Returned-From-DLL
Server-Host
X-Passed-To-PostProcessResponse
X-Server-IP
Server-ID
Adler-Geo
RNT-Machine
X-CACHE-AGE
X-Reboot
X-Fetched-On
X-Servername
X-FW-Version
X-Matched-Rule
X-Rebelmouse-Surrogate-Control
Heartbleed
X-Cdn-Origin
X-Sn-Servicetimems
Thinkindot-CacheControl
Sid
X-VCT
Resin-Trace
Fastly-SIE
X-Backend-TTL
Thinkindot-CacheControl-Type
Fastly-SWR
X-Rebelmouse-Cache-Control
X-Thinkindot-L3
X-Core-Mission
Thinkindot-Control
X-Ua
X-Atg-Version
X-Alicdn-Da-Ups-Status
CDN
X-Store
X-Planisys-CDN-TTL
Content-Disposition
HTTPS
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Iejgwucgyu
WP-Super-Cache
ProcessTime
X-Pf-Uncompressing
X-Policy
X-Ezoic-Cdn
X-Servedbyhost
Warning
X-GEO
X-Proto
Xserver
CF-IPCountry
RequestId
X-B3-TraceId
X-Cache-ASPX
Dnion-Transfer-Encoding
X-Cluster-Node
Mail-Subject
REQUESTUUID
Powered
X-Refresh
We-Hiring
NODE
X-TIME
X-GoCache-CacheStatus
X-Real-Ip
X-DC
X-Pjax-Url
X-Datadome
X-Dc
X-Req
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
ViewerVersion
NnCoection
X-Origin-Date
X-Origin-Expires
X-Page-Type
X-Time
X-Endurance-Cache-Level
X-Varnish-Ttl
X-Edge-IP
X-Newrelic-Synthetics
X-Server-W
X-Varnish-HitMiss
X-Cache-Control-Set-By
X-HCF
X-CLOUD-TRACE-CONTEXT
Geoip-Latitude
GeoIp-Country-Code
X-Surge-Debug
X-COUNTRY
X-Nc
X-Guploader-Uploadid
Hostname
WWW-Authenticate
X-Aed
X-Server-Group
Processtime
X-Oracle-Dms-Ecid
X-Ms-Lease-State
SD-X-WS
Pramga
Geoip-City
MS-CV
X-Cdn-Forward
TSSecure
X-Wix-Route-ID
X-CSRF-Token
X-Varnish-Url
A
X-Wa
PICS-Label
X-Varnish-Beresp-TTL
X-Varnish-URL
X-GRACE
Dont-Set-Cookie
X-Aicache-OS
Cdn-Request-Time
Cdn-Host
X-From-Cache
X-Edge-Server
X-Hello
X-Akamai-Request-ID2
X-DataStream-MidMile-RTT
X-ABtesting
X-Gdpr
X-DataStream-Origin-MEX-Latency
X-Flog
X-Geo
CACHE
X-Nananana
X-WA
Node
Cdn
Lb
Lfy
X-UPSTREAM-Address
X-RTag
Ms-Operation-Id
X-Auto-Login
X-Use-Magma
DataCenter
Mime-Version
X-Env
FSS-Cache
GeoIP-Latitude
Get-Access-Time
FSS-Proxy
COMMERCE-SERVER-SOFTWARE
X-Optimization
GeoIP-Country-Code
Is-Session-Tracking
X-Ratelimit-Limit
X-Cache-HT
X-Load-Cache
X-Sentry-ID
Who
X-Fastly-Backend-Reqs
X-APP
PageType
X-Wix-Petri-Ex
GeoIP-City
X-EC-Security-Audit
X-SRV
X-WR-MODIFICATION
X-Via-NSCOPI
Rt-Proxy-Cache
X-Cache-FS-Status
X-Unique-Id
X-Gen-Id
X-CACHE-KEY
X-PAGE-TYPE
X-Meta-Tbi-Cache-Vertical
X-Check-Cacheable
X-Served-From
X-Ibm-Trace
X-Ver
X-Cache-Id
X-GDPR
X-Cookie
Ws
X-Dynatrace-Js-Agent
X-Thanos
X-Bip
X-MP-GENERATED-AT
X-NGINX-Cache
Memcached
Httpd-Identifier
X-Cache-Info
X-FORWARDED-FOR
Ohc-File-Size
X-Cache-Ttl
X-Swift-Error
Pics-Label
Powered-By
X-PJAX-URL
X-Proxy-Server
X-B3-SpanId
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Path-Route
X-Request-Start
X-HS-Status
X-Be
Memory
X-Fastly-Cache-Hits
Version
X-Fe
V-Cache
Group
X-RateLimit-Reset
X-Dw-Trace-Id
URI
Requestid
X-P-T
X-LiteSpeed-Cache-Control
X-CDN-Pop-IP
X-CDN-Pop
X-Shard
Cf-Ipcountry
X-ServedByHost
X-ID
Amp-Access-Control-Allow-Source-Origin
Apicache-Store
Apicache-Version
Fastly-Soc-X-Request-Id
X-GZIP
Ohc-Response-Time
NX-Cache
X-SB
UCS
GW-Server
AGE-Hash
X-PF-Uncompressing
X-VC
Xet-Cookie
X-Bug-Bounty
Serverid
X-Varnish-Info
X-StackifyID
X-Akamai-ERRuleID
Https
X-Akamai-ERPolicy
If-Modified-Since
X-Ratelimit-Remaining
X-Micro-Cache
N-Cache
CDN-Node
X-Info
X-CacheKey
CDN-Cache-Hit
CDN-Cache
X-Distil-Cs
X-User
X-BE
X-BBXSRF
X-RequestId
X-Cache-Handler
X-SD-PageType
X-RAMCache
X-Litespeed-Cache-Control
X-Flags
X-ServerName
X-Route-Name
X-Providence-Cookie
X-Is-Crawler
X-Grace-Duration