Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Request-Id
X-Xss-Protection
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
X-Runtime
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Adblock-Key
X-Check
Alt-Svc
X-Cacheable
X-Generator
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Cache-Status
X-AspNetMvc-Version
X-Permitted-Cross-Domain-Policies
X-Template
X-Iinfo
X-Language
Status
Timing-Allow-Origin
X-Buckets
X-Content-Security-Policy
Content-Encoding
X-Kinja-Server-Push
Xkey
X-Turbo-Charged-By
Upgrade
X-CDN
X-Type
Keep-Alive
Access-Control-Expose-Headers
WPE-Backend
X-Pass-Why
X-AH-Environment
X-Backend
Access-Control-Max-Age
X-Age
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Server
X-Proxy-Cache
X-Via
X-Request-ID
Grace
X-Pingback
X-Nginx-Cache-Status
X-Server-Powered-By
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Hacker
X-Varnish-Cache
X-UA-Device
X-Page-Speed
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
X-LiteSpeed-Cache
X-Ua-Compatible
X-CST
X-Swift-CacheTime
X-Swift-SaveTime
X-Server-Id
Ali-Swift-Global-Savetime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-Amz-Version-Id
X-WebKit-CSP
Server-Timing
X-Ac
X-Node
X-OneAgent-JS-Injection
Allow
Feature-Policy
X-Response-Time
X-Cnection
X-Rq
X-Iejgwucgyu
Content-Location
X-Cache-Lookup
X-Backend-Server
Report-To
EagleEye-TraceId
Surrogate-Control
X-Readtime
X-Host
X-Application-Context
Request-Id
X-ORACLE-DMS-ECID
X-Url
P3p
X-Rack-Cache
X-Origin-Cache
X-Cdn
X-Clacks-Overhead
NEL
X-Country
X-FTR-Request-ID
Rating
X-Country-Code
X-Cloud-Trace-Context
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-DataDome
X-Ruxit-JS-Agent
X-Instart-Request-ID
X-Px
X-Vhost
X-Mod-Pagespeed
Charset
X-MS-InvokeApp
X-VARITI-CCR
Accept-CH
Edge-Control
X-Goog-Hash
Verso
X-GitHub-Request-Id
PB-RID
PB-PID
Arc-Version
X-Mobile-Rewrite
X-TtlSet
X-Vname
X-PC
Pinterest-Generated-By
X-ESI
X-Server-Name
X-Version
X-DynaTrace
X-Upstream-Env
X-TTL
X-Powered-By-Plesk
X-D2id
X-Cdn-Fetch
X-Cached
X-Kinja
X-GoogleNews-Bot
X-Exp-Id
X-Exp-Variant
X-Kinja-Build
X-Use-Magma
X-Kinja-Revision
X-Kinja-Server
X-B3-TraceId
X-Origin-Upstream-Status
X-Dispatcher
X-Varnish-TTL
SPRequestGuid
X-SharePointHealthScore
X-ORACLE-DMS-RID
X-Recruiting
X-Abt-Application-Version
MS-Author-Via
X-Powered-CMS
RTSS
Accept-CH-Lifetime
X-Navigation-Version
X-T
Content-MD5
Public-Key-Pins
X-Shield-Request-Id
AR-ATIME
AR-PoweredBy
AR-CACHE
X-Trace
X-DynaTrace-JS-Agent
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Amz-Rid
X-Client-IP
X-Fastly-Request-ID
Arr-Disable-Session-Affinity
X-Forwarded-Proto
X-HW
X-Accel-Buffering
X-Wix-Server-Artifact-Id
SPRequestDuration
SPIisLatency
Realpath
X-DIS-Request-ID
X-Oracle-Dms-Rid
Service-Worker-Allowed
X-Goog-Metageneration
X-Goog-Generation
X-B
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Upstream
X-Amz-Meta-S3cmd-Attrs
X-F-Cache
X-Ser
Pinterest-Version
X-Pinterest-Rid
Paypal-Debug-Id
AR-Request-ID
Front-End-Https
X-Via-JSL
X-FTR-Backend-Server
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Realm
X-FTR-DC
X-Id
X-FTR-Expires
X-XRDS-Location
X-Dw-Request-Base-Id
X-Vcap-Request-Id
X-Varnish-Age
X-Dns-Prefetch-Control
Ar-Sid
X-Debug
X-Acc-Meta-Resource-Type
X-Ttl
X-Goog-Storage-Class
X-MSEdge-Ref
Nginx-Cache
X-Kinsta-Cache
X-Hits
X-N
X-NF-Request-ID
X-TEC-API-ROOT
X-FTR-Cache-Host
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-NewRelic-App-Data
X-Logged-In
S
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
MRF-Tech
X-Akam-SW-Version
X-DataStream-Cache-Status
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-Forwarded-For
Alternate-Protocol
X-Frontend
Tracecode
X-User-Agent
X-HS-Content-Id
X-PressLabs-Stats
X-Grace
X-HS-Hub-Id
X-Amzn-Trace-Id
X-Server-ID
X-CACHE-GROUP
Server-Name
X-Content-Digest
X-Pad
X-FastCGI-Cache
AMP-Access-Control-Allow-Source-Origin
X-Content-Options
Refresh
TCN
DynaTrace
Powered-By-ChinaCache
X-Content-Type
Access-Control-Request-Method
Backend-Timing
MicrosoftSharePointTeamServices
X-Analytics
Fastcgi-Cache
X-Middleton-Display
X-Sol
X-LB-Cache
Display
X-Debug-Info
X-Az
X-AppVersion
X-Rid
FilterID
X-CF-Powered-By
X-Zen-Fury
X-Activity-Id
X-Page-Id
X-IPLB-Instance
Accept-Charset
Host
X-Cache-Key
MS-CV
ServerID
Response
X-Middleton-Response
X-Fastcgi-Cache
TP-Cache
Cache-Status
X-RateLimit-Remaining
TP-L2-Cache
X-Magnolia-Registration
X-Cache-Hit
X-Hostname
X-VCache
X-Srv
X-Content-Powered-By
X-Seen-By
X-ATG-Version
X-Mobile
X-WA-Info
X-TA-CDN-Provider
X-Revision
Surrogate-Key
X-Cached-By
X-Varnish-Backend
X-B3-Sampled
X-Request-Received
X-Request-Processing-Time
X-GUploader-UploadID
X-Whom
VIX-Pulpo-Node
Host-Header
X-SS-Set-Cookie
VIX-Pulpo-Upstream-Status
X-Cluster
X-Signature
X-Cache-Action
X-B-Cache
X-Instance
Rt-Fastcgi-Cache
X-Tumblr-User
X-Drupal-Cache-Tags
X-Content-Security-Policy-Report-Only
X-Tumblr-Pixel
X-Platform-Server
X-Tumblr-Pixel-0
Server-Info
X-Request-Guid
X-PHP-Backend
Cleartype
X-Handled-By
X-Wix-Request-Id
ViewerVersion
Source
X-Origin-Server
X-Akamai-Edgescape
X-TT
X-Cache-Age
X-Framework
X-App-Environment
DC
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Cache-Control
X-Edge-Location
Fusion-Content-Source
Fusion-Template-Id
Fusion-Content-Id
Fusion-Component-Id
X-BCube-Filmed-By
X-Generated-By
Fusion-Source
X-Geo-Country
X-App-Server
X-FW-Server
X-FW-Hash
X-FW-Static
X-FW-Serve
X-FW-Type
X-AOL-HN
X-Varnish-Server
Server-Node
X-Real-IP
X-Oneagent-Js-Injection
X-Cache-Rule
X-NWS-LOG-UUID
X-Varnish-Hostname
X-XRDS-LOCATION
Retry-After
X-Ruxit-Js-Agent
X-Correlation-Id
X-Cache-2
Eomportal-Instance
Payment
X-Amz-Server-Side-Encryption
X-Varnish-Grace
X-FB-Debug
Webserver
X-Response-Served-From
X-Amz-Replication-Status
X-TT-TIMESTAMP
Access-Control-Allow-Method
Actual-Object-TTL
AsisCache
X-Cacheable-TTL
X-Varnish-Hits
X-Tumblr-Pixel-2
GEO-INFO
ServedBy
X-Tumblr-Pixel-1
NGB
Content-Style-Type
Filters
Content-Script-Type
Ms-Operation-Id
X-Drupal-Cache-Contexts
X-UUID
X-WebKit-CSP-Report-Only
X-Cache-Config
X-TX-ID
X-RTag
X-Jobs
X-Region
Healthy
X-UA-Device-Type
X-Adobe-Loc
X-Varnish-IP
X-Contextid
X-Adobe-Content
Viewport
Upgrade-Insecure-Requests
Country
X-Locale
X-RequestSource
X-Accel-Expires
Cache-Tv-Group
X-Rendered-As
X-Ezoic-Cdn
X-Device-Type
From-Origin
X-Servedby
X-VG-WebCache
HitType
X-WPE-Loopback-Upstream-Addr
X-BACKEND-TTL
X-Cache-TTL-Remaining
X-Cache-TTL
Fastcgi-Useragent
X-Cache-Server
X-Upstream-Proxy
X-FW-Dynamic
Cache
Edge-Cache-Tag
Pagespeed
X-Content-Age
X-Cache-Remote
X-Cache-Operation
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Cache-Tags
Fastly-Restarts
X-Webkit-Csp
X-Redis-Cache
X-Hit
X-RateLimit-Limit
X-Upgrade-Enabled
X-APP-VERSION
X-Source
X-Storage
Datacenter
X-CACHE-KEY
X-Esi
X-S
X-Mode
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-GeoIP
Served-By
Cache-Tag
Load-Balancing
X-Cache-Var
X-Cache-Var-Map
X-Internal-Host
X-NGENIX-Cache
X-NCache
X-Labrador-Cache-Channel
X-Detected-As
X-Time-Microsecs
X-Akamai-Request-ID
Origin-Edge-Control
Origin-Cache-Control
Meta-Geo
Machine
X-Status
SRV
X-Rule
NtCoent-Length
X-JoinUs
Vix-Hermes-Req-Id
X-Backend-Name
X-Tb
X-Daa-Tunnel
X-RN-RSRV
X-Hl-Ver
X-Origin-Response-Time
X-Generated
X-Path-Route
X-Is-Bot
X-Proxy
X-Timing-Wait
X-Agile-Id
Now
X-App-Version
X-Varnish-Cache-Hits
X-Agile-Age
X-Birta-Cache-Post
Cache-Key
X-Www-Served-By
X-Akamai-Transformed
Selected-FE
X-Birta-Served
X-Grey
X-ProxyCache-Status
X-Agile
X-TNCMS
X-Pubstack
X-Edge-IP
X-Varnish-Cacheable
X-ServerID
X-Origin-Host
X-Proxy-Build
X-Loop
X-BYPASS-REASON
X-Hosted-By
X-CDN-Cache
X-FC-Vary-Parameters
X-L-Path
X-Cache-Category-Id
X-ProxyCache-Key
X-Web-Node
X-Environment-Context
TWC-Connection-Speed
X-Via-Fastly
TWC-Device-Class
X-Origin-Hint
X-PCL
TWC-GeoIP-Country
X-ProcessESI
X-OCL
S-Rt
Webcakes-App-Name
X-PERF
X-RemovedCookies
X-Viewer-Country
X-ApacheServer
X-Cache-Enabled
Webcakes-Region
Webcakes-App-Version
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Privacy
X-Format
X-IP
X-Human
Property-Id
Cache-Name
X-Guploader-Uploadid
X-Section
X-Access
X-VG-TLSProxy
X-MP-GENERATED-AT
X-CCM
X-Pc-Key
X-GEO
X-Pc-Appver
X-Debug-Cache
X-Pc-Hit
Fastcgi-X-Cache-Version
X-Site-Version
Azure-Version
Azure-SlotName
Azure-SiteName
Public-Key-Pins-Report-Only
Azure-RegionName
DB-Nickname
Azure-InstanceId
X-App-Name
X-Xfnlog-Site
X-Zipkin-Id
X-Proxied
Xserver
Access-Control-Request-Headers
Mail-Subject
X-Routing-Service
X-Microcachable
We-Hiring
X-Cache-NE
X-Origin
X-Original-Request
User-Agent
X-EdgeConnect-Cache-Status
Liferay-Portal
S-Cnection
X-Protected-By
User-Cache-Control
X-Sucuri-ID
Cache-Hits
X-Ocache
X-Nginx-Cache
X-FW-Version
X-Node-Name
LB
X-ES-SERVER
X-Request-Time
X-Cdn-Forward
X-Proto
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-UA
X-Trace-Id
X-Ua
Powered
X-GRACE
X-Tumblr-Pixel-3
X-Webstats-RespID
PageSpeed
X-Varnish-Ttl
Ohc-File-Size
X-Forwarded-Host
CACHE
X-Unique-ID
X-Endurance-Cache-Level
X-FB-TRIP-ID
X-Correlation-ID
X-Origin-CC
L5d-Success-Class
X-Time
X-Nc
Section-Io-Cache
Frame-Options
X-VWS-Id
X-LJ-Flow-ID
X-AWS-Id
X-V
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
OT-Force-Account-Verify
X-OVcl-Cache
X-Cluster-Node
X-OVcl
AR-SID
X-Origin-TTL
X-Cache-Backend
X-Rocket-Nginx-Bypass
X-B3-Traceid
IBM-Web2-Location
X-R9-Blue-Green-Version
X-Parent-Response-Time
X-ElasticPress-Search
Nel
X-Upstream-CT
X-Upstream-HT
X-ARC
Fastly-SIE
Ec-Rule-Version
Decoy-Debug-TTL
X-Auto-Login
Decoy-Debug-Status
Cache-Prefix
BehaviorPad-Version
Country-Code
X-Block-Status
X-B-Cookie
Decoy-Debug-Key
X-Application
Fastly-SWR
Fly-Request-Id
X-Aed
Memcached
VivaBuild
MD5-Digest
GMS-Ver
Www
Viewtype
X-Amz-Meta-Cache-Control
Node
X-Accel-Expires-Debug
Mobile-Detection-Method
Meta-Geo-Continent
Rendered-Blocks
Fly-Cache
Powered-By
X-Fetched-On
X-Rojux
X-Rewrite-Enabled
X-S-Cookie
X-S-Maxage
X-Server-By
X-ScT
X-Request-UUID
X-Region-Sid
X-PHP-Host
X-PAYTM-SRV-ID
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Reboot
X-Server-Group
X-ServiceProvider
X-We-Are-Hiring
X-VG-WebServer
X-Wikidot-Backend
X-Wikidot-Static-Cache
Xc-Version
X-User
X-UE-Client-Country
X-Transaction
X-SRCache-Key
X-Trv-Group
X-TT-LOGID
X-Twitter-Response-Tags
X-Origin-Expires
X-Origin-Date
X-Date
X-Connection-Hash
X-Destination
X-Developer
X-Distil-CS
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Cache-Id
X-Cache-Host
X-Cache-Info
X-Cache-URL
X-Cdn-Srv
X-DPWN-IS-SECURE
X-External-Request-Id
X-Info
X-IN-WAF
X-Irp-Debug
X-Micro-Cache
X-NU-AKA-ACS-Version
X-IN-APIGATEWAY
X-Hnp-Log
X-From
Arc-Country
X-Gen-Mode
X-Generated-In
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Cache-Bucket
X-BB-ID
X-Vgn-Hpd-Reason
X-Pc-Subdomain
X-EIG-Tracking-Id
X-Pc-Host
X-Pc-Date
X-Dc
X-Varnish-Beresp-Ttl
X-Distributor
X-Debug-Log
X-Dispatcher-Server
X-D
X-Crawler
X-CUA
X-Epic-Correlation-Id
X-Debug-Cookies
X-Varnish-Action
X-Gannett-Site-Version
X-Variation
X-Generated-On
X-G
X-FireWall-Port
X-Fastly-Cache
X-Core-Mission
X-Eu-Site
On-Server
X-A-Dgt
X-A-Wwc
X-Actual-URL
X-Alternate-Cache-Key
X-A-Dcw
X-A-Dam
Who
X-A
X-A-Ccd
X-Backend-Host
X-Backend-State
X-Cache-FS-Status
X-Node-Id
X-GeoIP-Country-Code
X-CGP
X-Cache-Expires
X-Cache-Debug
X-Backend-Url
X-Bip
X-C
X-Clientip
X-Hash
X-RateLimit-Remaining-Second
X-Sorting-Hat-PodId
X-SIPLIST1
X-Shopify-Stage
X-RateLimit-Limit-Second
X-Proxy-Upstream
X-Sorting-Hat-ShopId
X-Platform
X-Policy
X-Proxy-Cache-Status
X-Request-URI
X-Response-By
X-ShardId
X-Secret
X-Sf
X-Server-IP
X-ShopId
X-Returned-From-PostProcessResponse
X-Returned-From
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-Stale
X-Passed-To-PostProcessResponse
X-Li-Pop
X-LI-Proto
X-LI-UUID
X-Location
X-Li-Fabric
X-Level-Front-Cache
Web-Mar-Node
X-TrackingId
X-LAGOON
X-Logtrace-Id
X-Matched-Rule
X-Svr
X-Passed-To
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-Swa-Ws
X-NX-Host
X-Thinkindot-L3
X-Thanos
X-Nginx-Cache-Key
X-Var-Ttl
X-Cache-Grace
Request-Time
Fastly-Backend-Name
Countrycode
Adler-Geo
Content-Disposition
Fastly-Soc-X-Request-Id
Server-Host
Magicmarker
Lfy
Ha-Gx-Prefs
SD-X-WS
Proxy-Connection
IsBot
CDCHOST
Thinkindot-Control
Backend
True-Client-Country-4JS
Is-Eu
Ajk
Thinkindot-CacheControl-Type
Resin-Trace
HA-Ipaddr
Origin
Thinkindot-CacheControl
Platform
X-HS-Cache-Config
Warning
X-IN-SSL-APIGATEWAY
X-Up
X-UnsetCookies
X-Varnish-Authentication
X-Developers
X-Via-CDN
X-Device-Os
Pagetype
Mn-Server-Ip
X-F5-Cache
X-Fstrz
Apple-News-Services-Host
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-Qloud-Router
Cache-Cookie-Set-From
AKAMAI
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Apple-News-Services-Handled
Fastly-SSL
X-TIME
X-MSEdge-Features
Heartbleed
X-Key
X-MSEdge-Flight
X-No-Session
GW-Server
X-Debug-Cache-Store
X-Instart-Isnd
X-Generation-Time
RNT-Machine
Server-Surrogate-Control
Release
X-Core-Value
Server-Int
X-Amz-Meta-Surrogate-Control
X-SERVER
Server-Cache-Control
RNT-Time
X-Cache-ASPX
Pramga
SS
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-Server-Cache
X-Croise-Owner
X-Sucuri-Cache
X-Server-Time
REQUESTUUID
NGX
Fastcgi-X-Cache
Kp-EeAlive
X-Page-Type
X-Be
SID
X-Pjax-Url
X-Cache-Miss-From
X-Edge-Cache-Key
X-Varnish-Url
X-Died
X-Via-NSCOPI
X-Sedo-Request-Id
Server-ID
X-Edge-Cache
RequestId
X-Owner
X-Servername
X-SN
Hostname
HostName
X-CDN-Forward
X-Refresh
Odigeo-Trace-Id
X-Newrelic-App-Data
Version
MIME-Version
X-NC
X-From-Cache
PFcat
X-URL
X-B3-SpanId
X-Oss-Hash-Crc64ecma
X-Servedbyhost
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Storage-Class
HTTPS
X-Oss-Server-Time
Cteonnt-Length
Time
X-Store
Cdn-Host
Cdn-Request-Time
X-Edge-Server
Esi-Enabled
X-FPC
X-Cache-CFC
MI-Cache-Age
X-Litespeed-Cache
X-CSRF-TOKEN
X-RCS-CacheZone
Mime-Version
X-MI-In-Market
PICS-Label
MI-API
Cdn
MI-Cache
X-Layer
FastCGI-Cache
X-Hyper-Cache
ProcessTime
X-RequestId
HA-Geocity
HA-Georegion
HA-Geolon
HA-Geocountry
HA-Host
HA-Servedtime
X-IPS-LoggedIn
X-Req
HA-Urlpath
HA-Cloudapp
HA-Geolat
X-Real-Ip
CF-IPCountry
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
Memory
X-Webkit-CSP
Processtime
X-Mobile-URL
X-GZip
X-CLOUD-TRACE-CONTEXT
Backend-Name
X-NodeID
X-Dynatrace-Js-Agent
X-VServer
Cross-Origin-Window-Policy
CDN
X-Ratelimit-Remaining
X-Varnish-Beresp-TTL
X-HS-Combine-CSS
X-Wa
X-Lb-Id
X-Load-Cache
X-Mrs-Cache
X-CMS-Context
X-Unique-Id-Primal
X-Mrs-Age
Cf-Ipcountry
X-Mrs-Cache-Hits
X-Mshield-Cache-Status
XServer
X-Pf-Uncompressing
X-Instart-Info
X-Aicache-OS
X-B3-Spanid
X-HTML-Minification-Powered-By
X-DC
X-Ratelimit-Limit
X-Skip-Cache
X-Geo
Amp-Access-Control-Allow-Source-Origin
X-WR-MODIFICATION
X-WebServer
Ohc-Response-Time
X-Newrelic-Synthetics
X-Fastly-Country-Code
X-Phone
Ohc-Cache-HIT
X-WA
X-PF-Uncompressing
X-Request-Start
X-VC-Cache
Uber-Trace-Id
URI
GeoIP-Country-Code
X-Atg-Version
X-Release
GeoIP-Latitude
X-Cms-Context
X-Tb-Optimization-Total-Bytes-Saved
T-Server
N-Cache
X-Server-W
X-UCC
X-Nananana
Accept-Ch-Lifetime
X-FORWARDED-FOR
Pics-Label
X-Gateway-Skip-Cache
X-Gateway-Cache-Key
X-Gateway-Cache-Status
X-Oracle-Dms-Ecid
X-APP
X-GoCache-CacheStatus
X-COUNTRY
X-Served-From
X-ND-Cache
X-Processor
X-LB-ID
Rt-Proxy-Cache
X-MServer
X-BBXSRF
X-CSRF-Token
X-Datadome
X-SRV
X-Unique-Id
X-Worker
X-Hp-Webp
X-Shard
A
X-LiteSpeed-Cache-Control
X-ServedByHost
X-SERVER-NAME
X-Fastly-Cache-Hits
DataCenter
X-CACHE-AGE
X-Cdn-Origin
V-Age
X-Sn-Servicetimems
X-UPSTREAM-Address
X-VCT
X-Optimization
X-Geo-Header
X-Amzn-Remapped-Content-Length
X-Cache-HT
X-Requestid
X-SVT-ORM-VERSION
X-GeoIP-City
X-SVT-ORM-RULES
X-GZIP
X-Check-Cacheable
X-HS-Status
Proxy-Firewall
Host-ID
X-NGINX-Cache
X-BE
Get-Access-Time
X-Varnish-URL
X-ID
X-P-T
UCS
Cneonction
WP-Super-Cache
X-Git-Hash
Is-Session-Tracking
Dnion-Transfer-Encoding
X-ServerName
Geoip-Latitude
X-Vcache
X-Backend-TTL
Server-Id
X-PAGE-TYPE
Request-Country
ServerName
X-PJAX-URL
Request-EU
X-Port
X-Csrf-Token
Requestid
GeoIp-Country-Code
X-NWS-UUID-VERIFY
Serverid
Cache-Provider
X-Fastly-Backend-Reqs
Pragrma
X-StackifyID
X-LiteSpeed-Tag
X-Planisys-CDN-TTL
X-Fe
X-HostName
X-RCS-Backend
X-GDPR
X-Dw-Trace-Id
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
FSS-Proxy
FSS-Cache
X-Gen-Id
X-Fpc
RequestUuid
X-Vg-Webcache
Inserted-Into-Cache-At
X-Html-Edge-Cache
X-Org
Xxline
219prxHost
225prxHost
189phosttRef
188prxHost
DSUID
178proxuri
286prxHost
352pxline
X-CS
WZWS-RAY
X-Request-Url
409pxxline
355prline
X-RAMCache