Threat Level: green Handler on Duty: Remco Verhoef

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Accept-Ranges
Last-Modified
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Language
Content-Security-Policy
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Xss-Protection
X-AspNetMvc-Version
Status
X-Check
Timing-Allow-Origin
X-Cache-Status
X-Adblock-Key
X-Iinfo
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-Content-Security-Policy
X-Request-ID
X-Template
X-CDN
X-Language
Content-Encoding
X-Turbo-Charged-By
Keep-Alive
X-Buckets
P3p
X-Type
EagleId
X-Via
Xkey
X-AH-Environment
X-Backend
WPE-Backend
X-Age
X-Pass-Why
Access-Control-Max-Age
X-Server
X-Swift-SaveTime
X-Swift-CacheTime
X-Cache-Group
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-Pingback
Upgrade
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
Grace
Access-Control-Expose-Headers
X-Hacker
X-UA-Device
Cf-Railgun
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Ua-Compatible
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
Request-Context
X-CST
X-Node
X-Cache-Lookup
X-Device
X-Ac
Content-Location
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cnection
CONTENT-SECURITY-POLICY
X-Host
X-Amz-Version-Id
X-WebKit-CSP
Surrogate-Control
X-Backend-Server
X-Rack-Cache
X-Response-Time
X-Rq
X-Px
X-Readtime
X-Application-Context
X-Server-Id
Pinterest-Generated-By
Allow
X-Instart-Request-ID
X-Dns-Prefetch-Control
EagleEye-TraceId
X-Clacks-Overhead
X-OneAgent-JS-Injection
Request-Id
Server-Timing
X-Url
Permitted-Cross-Domain-Policies
X-HeyJason
X-Do-Not-Hack
X-Country
X-Cloud-Trace-Context
X-TTL
Report-To
Rating
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country-Code
X-Varnish-TTL
Charset
Edge-Control
X-Server-ID
X-Powered-CMS
X-PC
X-TtlSet
X-Vname
X-ESI
X-FTR-Request-ID
X-CF-Powered-By
X-DataDome
X-Server-Name
Feature-Policy
X-DynaTrace-JS-Agent
X-MS-InvokeApp
X-Cached
X-Goog-Hash
NEL
X-Vhost
X-Origin-Cache
X-Recruiting
Public-Key-Pins
X-Exp-Variant
X-Kinja
X-Kinja-Server
X-Geo-Segment
X-Kinja-Revision
X-Kinja-Build
X-Cdn-Fetch
X-Exp-Id
X-GoogleNews-Bot
X-VARITI-CCR
X-F-Cache
X-Powered-By-Plesk
X-DynaTrace
X-Version
X-Mod-Pagespeed
X-T
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-D2id
Pinterest-Version
X-Upstream-Env
X-Pinterest-Rid
X-Client-IP
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Content-MD5
Verso
X-Abt-Application-Version
Arc-Version
X-Mobile-Rewrite
PB-RID
PB-PID
X-Dispatcher
X-N
SPRequestGuid
RTSS
AR-ATIME
AR-PoweredBy
X-SharePointHealthScore
AR-CACHE
X-Amz-Rid
X-Cdn
X-Forwarded-Proto
X-Hits
X-GitHub-Request-Id
X-Navigation-Version
Nginx-Cache
X-Dw-Request-Base-Id
X-Ruxit-JS-Agent
X-B
Realpath
Paypal-Debug-Id
X-Upstream
X-Grace
X-Pad
X-Content-Digest
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Content-Options
X-Shield-Request-Id
X-Varnish-Age
X-Id
Arr-Disable-Session-Affinity
SPRequestDuration
SPIisLatency
X-Kinsta-Cache
X-Cache-Hit
MS-Author-Via
X-NWS-LOG-UUID
Access-Control-Request-Method
TCN
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Logged-In
X-Acc-Meta-Resource-Type
X-XRDS-Location
X-Trace
MRF-Tech
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Mrf-Cache-Status
S
DynaTrace
X-Vcap-Request-Id
X-Origin-Upstream-Status
X-HW
X-MSEdge-Ref
X-Zen-Fury
X-Ttl
X-VCache
X-DIS-Request-ID
Front-End-Https
Eomportal-Instance
X-HS-Hub-Id
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-Backend
Surrogate-Key
Cleartype
X-Country-Code-Real
X-FTR-Expires
X-HS-Content-Id
X-FTR-DC
X-Cache-Rule
X-Frontend
X-Oneagent-Js-Injection
X-Via-JSL
X-PressLabs-Stats
X-Fastly-Request-ID
X-NF-Request-ID
Service-Worker-Allowed
Cache-Status
X-User-Agent
X-IPLB-Instance
X-FastCGI-Cache
X-Forwarded-For
Server-Name
X-Request-Received
X-Request-Processing-Time
Tracecode
X-Hostname
Fastcgi-Cache
Alternate-Protocol
X-SS-Set-Cookie
X-Varnish-Backend
Backend-Timing
X-Analytics
X-Cache-2
Host
FilterID
Display
X-Middleton-Display
X-Sol
X-Wix-Server-Artifact-Id
X-Fastcgi-Cache
X-AOL-HN
Rt-Fastcgi-Cache
X-Whom
TP-L2-Cache
Public-Key-Pins-Report-Only
X-FTR-Cache-Host
TP-Cache
Viewport
X-Rid
X-Proxied
X-AppVersion
X-Az
X-Activity-Id
Response
X-Middleton-Response
X-Revision
X-Content-Powered-By
X-Ser
X-Srv
ServerID
X-Debug
X-URL
X-Debug-Info
X-Cache-Control
X-Contextid
AMP-Access-Control-Allow-Source-Origin
MicrosoftSharePointTeamServices
X-Magnolia-Registration
X-Cached-By
Refresh
X-Mobile
X-Akam-SW-Version
X-Cache-Server
X-B3-Traceid
X-Daa-Tunnel
X-Oracle-Dms-Ecid
AR-SID
X-Oracle-Dms-Rid
Ar-Sid
X-WPE-Loopback-Upstream-Addr
X-Instance
Server-Info
HitInfo
HitType
X-Cache-Key
Powered-By-ChinaCache
Accept-Charset
Cache-Tag
X-FB-Debug
X-Generated-By
X-Page-Id
X-App-Server
X-Newrelic-App-Data
X-Cache-Age
X-Framework
Retry-After
X-Varnish-Hostname
X-Geo-Country
X-PHP-Backend
X-LB-Cache
X-Content-Security-Policy-Report-Only
Host-Header
X-Webkit-Csp
X-App-Environment
X-B-Cache
X-Cache-Operation
X-BCube-Filmed-By
X-Signature
X-Request-Guid
X-Handled-By
X-Varnish-Grace
Server-Node
X-Tumblr-User
X-Tumblr-Pixel-0
X-TT
X-Origin-Server
X-Tumblr-Pixel
Source
X-Hyper-Cache
X-RateLimit-Remaining
X-Device-Type
Upgrade-Insecure-Requests
X-Accel-Expires
X-XRDS-LOCATION
X-APP-VERSION
DC
X-Platform-Server
X-WA-Info
X-GUploader-UploadID
X-Amzn-Trace-Id
X-Drupal-Cache-Tags
X-Akamai-Edgescape
X-TT-TIMESTAMP
X-NewRelic-App-Data
X-Correlation-ID
X-CACHE-GROUP
X-Cache-Action
X-Varnish-Server
X-HOST
Liferay-Portal
X-ATG-Version
X-Amz-Meta-S3cmd-Attrs
X-Ruxit-Js-Agent
X-Edge-Location
Webserver
X-Cluster
X-Port
Fastly-Restarts
X-Accel-Buffering
X-B3-Sampled
NGB
X-Node-Name
X-S
X-Cacheable-TTL
X-Source
X-Locale
X-Wix-Request-Id
X-Wix-Petri-Ex
X-Seen-By
X-GeoIP
Filters
X-Jobs
X-WebKit-CSP-Report-Only
ServedBy
Actual-Object-TTL
X-Varnish-Hits
X-FW-Serve
X-FW-Hash
X-FW-Server
AsisCache
X-FW-Static
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
MS-CV
X-FW-Type
X-RequestSource
AR-Request-ID
X-RTag
S-Cnection
X-UA
HostName
X-Esi
Served-By
X-Amz-Replication-Status
GEO-INFO
X-Cache-TTL-Remaining
X-Region
X-Distil-CS
Cache
X-Cache-Config
X-PC-Key
X-UA-Device-Type
X-Cache-Remote
X-Vg-Webcache
X-PC-AppVer
X-PC-Hit
Content-Script-Type
Country
Content-Style-Type
X-Edge-Cache
X-Edge-Cache-Key
Ohc-File-Size
X-Webkit-CSP
X-Ocache
X-TA-CDN-Provider
X-PC-Host
X-PC-Date
X-Adobe-Loc
X-Drupal-Cache-Contexts
X-Sucuri-ID
X-Adobe-Content
Accept-CH
X-Guploader-Uploadid
X-UUID
X-Dynatrace-Js-Agent
X-GZip
X-Internal-Host
Pagespeed
X-Microcachable
X-RateLimit-Limit
X-DataStream-Cache-Status
X-Correlation-Id
Datacenter
X-Unique-ID
X-Varnish-IP
X-Status
X-Real-IP
X-Ezoic-Cdn
X-Akamai-Transformed
X-Amz-Server-Side-Encryption
X-TX-ID
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-ProxyCache-Key
X-Proxy
X-Path-Route
X-Rendered-As
X-Detected-As
Access-Control-Allow-Method
X-ProxyCache-Status
Load-Balancing
X-Cache-Category-Id
Meta-Geo
X-Generated
IBM-Web2-Location
X-Akamai-Request-ID
X-CDN-Forward
X-Grey
LB
X-Agile-Age
X-Agile
X-App-Name
X-BYPASS-REASON
X-RN-RSRV
X-IP
X-Agile-Id
User-Cache-Control
Machine
X-Is-Bot
X-Web-Node
Mn-Server-Ip
X-Mode
Selected-FE
X-Loop
X-Xfnlog-Site
X-Instance-Name
X-CLOUD-TRACE-CONTEXT
X-Proxy-Build
X-TNCMS
X-ServerID
X-Timing-Wait
X-OVcl
X-Origin
X-JoinUs
Healthy
X-OVcl-Cache
X-CCM
X-Debug-Cache
X-Time-Microsecs
X-Cache-Ttl
X-Tb
X-Upgrade-Enabled
Payment
X-Varnish-Cache-Hits
ServerName
S-Rt
X-Viewer-Country
X-BB-IP
Backend
User-Agent
X-OCL
X-NodeID
X-Content-Type
X-Human
X-FC-Vary-Parameters
X-PCL
DB-Nickname
L5d-Success-Class
Cache-Name
X-Hosted-By
Azure-Version
X-Vgn-Hpd-Reason
X-Distributor
X-Varnish-Cacheable
X-Site-Version
X-Via-Fastly
X-Original-Request
X-NCache
Azure-SlotName
X-PERF
X-CDN-Cache
X-ApacheServer
X-EIG-Tracking-Id
X-RemovedCookies
X-ProcessESI
Now
Cache-Key
X-SERVER-NAME
Azure-InstanceId
Azure-SiteName
Azure-RegionName
Webcakes-App-Name
Webcakes-App-Version
X-Access
TWC-Privacy
Webcakes-Region
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-GeoIP-Country
X-AWS-Id
TWC-Locale-Group
X-Origin-Hint
X-VWS-Id
X-Www-Served-By
X-Zipkin-Id
X-TWH-CORRELATION-ID
X-SplitTest
X-LJ-Flow-ID
TWC-Connection-Speed
X-Section
X-Backend-Name
X-Routing-Service
Dont-Set-Cookie
Property-Id
SRV
X-Origin-CC
X-NGENIX-Cache
X-Format
X-Amz-Meta-Surrogate-Control
X-Pubstack
Xserver
X-Time
X-ServedBy
X-Rocket-Nginx-Bypass
X-Servedby
X-Storage
Access-Control-Request-Headers
PageSpeed
WZWS-RAY
X-L-Path
X-Cache-Backend
X-Webstats-RespID
X-HS-Cache-Config
Countrycode
Edge-Cache-Tag
X-Environment-Context
X-Cache-HT
X-Generation-Time
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Proto
X-Sucuri-Cache
X-Labrador-Cache-Channel
X-MP-GENERATED-AT
X-Optimization
X-B3-Spanid
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
Cartoon
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Transaction
X-Connection-Hash
Cache-Hits
X-Nc
X-Twitter-Response-Tags
Apicache-Store
Apicache-Version
X-Cache-NE
X-Newrelic-Synthetics
X-Meta-Tbi-Cache-Vertical
X-Birta-Cache-Post
X-M-Reqid
X-Qnm-Cache
X-M-Log
Ms-Operation-Id
X-Birta-Served
X-Ah-Environment
Cteonnt-Length
X-Hit
X-Tumblr-Pixel-3
From-Origin
Fastly-SSL
X-Geo
X-Real-Ip
NnCoection
Ec-Rule-Version
X-EdgeConnect-Cache-Status
NODE
Ws
X-Varnish-Beresp-Grace
X-Cache-Enabled
X-Dc
XServer
X-Varnish-Beresp-Status
X-Release
X-Upstream-CT
X-Upstream-HT
X-V
X-Alicdn-Da-Ups-Status
X-Rule
X-B-Cookie
X-SVT-ORM-VERSION
GMS-Ver
X-S-Maxage
X-Thinkindot-L3
X-ARC
X-Application
Server-Host
X-NU-AKA-ACS-Version
Meta-Geo-Continent
X-Matched-Rule
X-TT-LOGID
X-Trv-Group
X-Block-Status
X-Org
X-S-Cookie
MI-Cache
X-Rojux
X-Origin-Date
X-BB-ID
X-Origin-Expires
Server-ID
Viewtype
X-MI-In-Market
V-Age
Country-Code
VivaBuild
Warning
Cneonction
X-Sorting-Hat-PodId
SN
Fly-Cache
Fly-Request-Id
Thinkindot-CacheControl
Fastly-Soc-X-Request-Id
Thinkindot-Control
Thinkindot-CacheControl-Type
Web-Mar-Node
Www
X-Accel-Expires-Debug
X-A-Wwc
X-A-Dgt
X-Alternate-Cache-Key
MI-Cache-Age
X-ScT
X-Server-By
X-A-Dcw
BehaviorPad-Version
X-A-Ccd
X-A
Cache-Prefix
X-Sorting-Hat-ShopId
X-A-Dam
X-SRCache-Key
X-SVT-ORM-RULES
MD5-Digest
X-We-Are-Hiring
T-Server
X-Destination
X-WebServer
X-Developer
X-Date
X-Via-Edge
X-VG-WebServer
X-UE-Client-Country
X-D
X-Planisys-CDN-TTL
X-Via-CDN
X-Died
X-Generated-In
X-Wix-Route-ID
X-Planisys-CDN-Rules
X-Worker
Host-ID
X-Env
X-From
Xc-Version
X-DPWN-IS-SECURE
X-Dispatcher-Server
X-Gen-Mode
X-G
Httpd-Identifier
Rendered-Blocks
X-Region-Sid
Request-Country
X-Server-Time
X-Hnp-Log
Request-EU
X-Rewrite-Enabled
X-Varnish-Beresp-Ttl
Kp-EeAlive
Resin-Trace
X-PAYTM-SRV-ID
X-Planisys-CDN-Cache
X-Fetched-On
X-RCS-CacheZone
X-ShardId
X-CF-Lambda-Version
X-ShopId
X-CF-Lambda-Fn
X-Shopify-Stage
X-Response-By
X-SERVER
X-Sf
X-HS-Combine-CSS
X-COUNTRY
X-ServiceProvider
Server-Int
Pragrma
Proxy-Connection
Platform
Release
PFcat
Origin-Cache-Control
RNT-Machine
Origin-Edge-Control
X-Server-IP
RNT-Time
X-Clientip
X-Request-URI
X-Hash
X-Hl-Ver
X-GeoIP-Country-Code
X-GeoIP-City
X-Edge-Server
X-Fstrz
X-IN-APIGATEWAY
X-IN-SSL-APIGATEWAY
X-Origin-TTL
X-P-T
X-Node-Id
X-No-Session
X-IN-WAF
X-Logtrace-Id
X-Edge-IP
X-Device-Os
X-Backend-Url
X-C
X-Backend-State
X-Backend-Host
Uber-Trace-Id
X-Amz-Meta-Cache-Control
X-Cache-Bucket
X-Cache-CFC
X-Crawler
X-CS
X-Content-Age
Odigeo-Trace-Id
X-Cache-Host
X-Cache-URL
True-Client-Country-4JS
Fastly-Backend-Name
Cdn-Host
CDCHOST
Apple-News-Services-Parsed-Url
X-VServer
NGX
Cdn-Request-Time
Decoy-Debug-TTL
Decoy-Debug-Status
Ajk
Decoy-Debug-Key
Apple-News-Services-Host
Apple-News-Services-Request-Url
Adler-Geo
X-SIPLIST1
MI-API
Is-Eu
IsBot
X-Atg-Version
Apple-News-Services-Handled
ProcessTime
X-ElasticPress-Search
X-Ms-Lease-Status
X-Ms-Blob-Type
X-Ms-Request-Id
X-Ms-Version
X-UnsetCookies
X-Returned-From
Time
X-Trace-Id
X-Forwarded-Host
X-Backend-TTL
X-Swa-Ws
X-Info
X-Cache-ASPX
X-Fastly-Cache
X-VG-TLSProxy
X-Core-Value
X-Core-Mission
X-Ver
X-Returned-From-BeforeDispatch
X-Debug-Cookies
X-Wikidot-Backend
X-Returned-From-DLL
X-Developers
X-Debug-Log
X-Epic-Correlation-Id
X-Ckpd-Fst-Backend
X-Cache-Srv
X-Returned-From-PostProcessResponse
X-FireWall-Port
X-Cache-Expires
X-F5-Cache
X-Cdn-Origin
X-CGP
X-Eu-Site
X-Cdn-Srv
X-Up
X-Actual-URL
HA-Geolon
HA-Geolat
Request-Time
HA-Georegion
Ha-Gx-Prefs
HA-Geocountry
HA-Geocity
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Phone
HA-Cloudapp
HA-Host
HA-Ipaddr
X-Rebelmouse-Surrogate-Control
Origin
On-Server
Ohc-Response-Time
HTTPS
Heartbleed
HA-Servedtime
X-Reboot
HA-Urlpath
Powered-By
AKAMAI
X-Passed-To-BeforeDispatch
X-Server-Group
X-NX-Host
Cache-Tags
Backend-Name
X-Wikidot-Static-Cache
Content-Disposition
Who
Fastly-SWR
Fastly-SIE
X-Passed-To
X-Rebelmouse-Cache-Control
Esi-Enabled
X-Sn-Servicetimems
NtCoent-Length
Dnion-Transfer-Encoding
X-HCF
X-Location
X-GoCache-CacheStatus
X-From-Cache
X-Platform
X-Croise-Owner
X-Redis-Cache
X-Refresh
X-Req
X-Varnish-HitMiss
X-Stale
X-Var-Ttl
X-Cache-Control-Set-By
RequestId
X-Skip-Cache
X-App-Version
X-BBXSRF
X-Micro-Cache
X-Via-SSL
X-Cache-Time
X-Nginx-Cache
X-MSEdge-Flight
X-MSEdge-Features
X-Servername
X-Cache-FS-Status
Mime-Version
X-WR-MODIFICATION
X-Csrf-Token
X-CCM-LastModified
Get-Access-Time
WWW-Authenticate
Is-Session-Tracking
X-Powered-By-ANYU
X-Response-Served-From
X-Pjax-Url
X-Pf-Uncompressing
Cdn
X-User
X-B3-TraceId
X-Kong-Upstream-Latency
X-Cdn-Forward
Frame-Options
X-TIME
X-Kong-Proxy-Latency
X-Request-Time
X-Owner
X-Key
WP-Super-Cache
X-GRACE
X-Page-Type
X-NC
X-CUA
CF-IPCountry
X-Litespeed-Cache
Dynatrace
UCS
X-External-Request-Id
NodeID
X-Nf-Srv-Version
PICS-Label
Mail-Subject
GW-Server
We-Hiring
X-Cache-TTL
X-Varnish-Url
X-CSRF-Token
X-DC
X-Cache-Handler
MIME-Version
X-NWS-UUID-VERIFY
Section-Io-Cache
X-Ua
X-GDPR
PageType
GeoIp-Country-Code
Geoip-Latitude
X-Aicache-OS
Geoip-City
X-Varnish-Id
X-LiteSpeed-Cache-Control
Version
Rt-Proxy-Cache
X-Cache-Id
FastCGI-Cache
X-Servedbyhost
X-Thanos
Magicmarker
Memcached
X-Varnish-Action
X-Bip
X-Varnish-Beresp-TTL
X-Nananana
X-Pc-Hit
X-Pc-Key
X-Fastly-Backend-Reqs
Memory
X-Pc-Appver
X-Dynatrace
If-Modified-Since
X-Request-UUID
X-Be
X-ServedByHost
CACHE
X-Via-NSCOPI
X-Pc-Host
Processtime
X-Pc-Date
X-Cluster-Node
X-GEO
X-TId
X-Hail-Hydra
CDN
Pagetype
X-Variation
X-Wa
X-Irp-Debug
Sta2Tusw
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
COMMERCE-SERVER-SOFTWARE
X-CACHE-KEY
X-Ibm-Trace
X-Auto-Login
X-Server-W
X-StackifyID
X-Load-Cache
Sid
Arc-Country
X-UPSTREAM-Address
X-Gdpr
X-BE
GeoIP-Latitude
GeoIP-City
DataCenter
Node
GeoIP-Country-Code
X-Tid
X-Frame-Option
Accept-CH-Lifetime
X-HTML-Minification-Powered-By
X-Sentry-ID
X-Ig-Deployment-Stage
Pics-Label
X-FW-Version
RATING
X-Varnish-Ttl
X-Proxy-Server
X-Shard
X-Layer
X-Nginx-Cache-Key
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-FORWARDED-FOR
URI
X-EC-Security-Audit
X-PAGE-TYPE
X-Varnish-URL
X-Datadome
X-NGINX-Cache
Cf-Ipcountry
V-Cache
Srv
Group
Pramga
X-SRV
X-Bug-Bounty
X-ADI-VCache
X-Shield-Cache-Expires
X-Fastly-Cache-Hits
X-PJAX-URL
X-Ratelimit-Remaining
X-Haproxy-Ip
X-Public
X-Haproxy-Hostname
X-Endurance-Cache-Level
X-Surge-Debug
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-PF-Uncompressing
X-Cache-Debug
X-Akamai-Request-ID2
X-Gen-Id
Cache-Cookie-Set-Lfrom
X-ND-Cache
X-ID
X-Secret
Cache-Provider
X-Gannett-Site-Version
X-Ratelimit-Limit
X-GZIP
X-Litespeed-Cache-Control
X-Sorting-Hat-PodId-Cached
X-Sorting-Hat-FeatureSet
X-CacheKey
X-B3-SpanId
X-RequestId
X-Dw-Trace-Id
X-Sorting-Hat-PrivacyLevel
X-Feature
X-APP
X-Ms-Lease-State
X-Sorting-Hat-ShopId-Cached
X-Sorting-Hat-Section
Serverid
Xet-Cookie
X-SD-PageType
SD-X-WS
Mobile-Detection-Method
REQUESTUUID
N-Cache
OT-Force-Account-Verify
X-RAMCache
X-CDN-Pop-IP
GEO-REGION-INFO
Accept-Ch
X-Akamai-ERPolicy
X-CDN-Pop
X-Distil-Cs
X-Akamai-ERRuleID
Fastcgi-Useragent
X-Policy
X-VG-WebCache
X-Unique-Id
X-Cookie
X-Grace-Duration
X-Varnish-Info
X-VC
Fastcgi-X-Cache-Version
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Varnish-ID
Powered
X-SB
Requestid
X-HS-Status
X-ServerName
X-Fe
X-Request-Start
Fastcgi-X-Cache