Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Timer
CF-Cache-Status
X-Request-Id
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Xss-Protection
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Request-ID
X-AspNetMvc-Version
X-Check
Status
X-Cache-Status
X-Adblock-Key
Timing-Allow-Origin
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-Template
Content-Encoding
X-Language
X-DNS-Prefetch-Control
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
Keep-Alive
Xkey
X-Buckets
X-Backend
X-AH-Environment
WPE-Backend
Access-Control-Max-Age
X-Pass-Why
X-Age
X-Cache-Group
X-Server
CF-Ray
Upgrade
X-POWERED-BY
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Pingback
X-Drupal-Dynamic-Cache
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Grace
X-Hacker
X-Amz-Id-2
X-Amz-Request-Id
Ali-Swift-Global-Savetime
X-UA-Device
X-Robots-Tag
Cf-Railgun
P3p
X-Envoy-Upstream-Service-Time
X-Proxy-Cache
X-LiteSpeed-Cache
X-Page-Speed
X-Ua-Compatible
Request-Context
Content-Location
X-Device
X-Ac
X-Node
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cnection
X-Host
X-Server-Id
X-Cache-Lookup
Surrogate-Control
X-Amz-Version-Id
X-WebKit-CSP
X-Dns-Prefetch-Control
X-Backend-Server
X-Rack-Cache
X-Response-Time
X-Rq
X-Application-Context
X-Readtime
X-CST
EagleEye-TraceId
Server-Timing
Pinterest-Generated-By
X-Url
X-Cloud-Trace-Context
X-TTL
X-Instart-Request-ID
X-OneAgent-JS-Injection
X-Px
Request-Id
Report-To
X-Country
X-ORACLE-DMS-ECID
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Feature-Policy
Rating
Edge-Control
Allow
X-Country-Code
X-DynaTrace-JS-Agent
Charset
X-DataDome
X-Powered-CMS
X-FTR-Request-ID
X-TtlSet
X-Vname
X-PC
X-ESI
X-Server-Name
X-Origin-Cache
X-DynaTrace
NEL
X-MS-InvokeApp
X-ORACLE-DMS-RID
X-Goog-Hash
X-Recruiting
X-Varnish-TTL
X-Cached
X-VARITI-CCR
X-Vhost
Content-MD5
X-GitHub-Request-Id
RTSS
X-Version
X-F-Cache
X-Kinja-Server
X-Geo-Segment
X-Kinja
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Revision
X-Exp-Id
X-Kinja-Build
X-Cdn-Fetch
X-Powered-By-Plesk
Public-Key-Pins
X-CF-Powered-By
Pinterest-Version
X-Upstream-Env
X-Pinterest-Rid
PB-RID
PB-PID
X-Mod-Pagespeed
Arc-Version
X-Mobile-Rewrite
Verso
X-Client-IP
X-D2id
SPRequestGuid
X-Abt-Application-Version
X-N
X-SRCache-Fetch-Status
Accept-CH
X-SRCache-Store-Status
MS-Author-Via
Permitted-Cross-Domain-Policies
X-Do-Not-Hack
X-HeyJason
AR-ATIME
AR-PoweredBy
X-Dispatcher
X-SharePointHealthScore
AR-CACHE
X-Amz-Rid
X-Navigation-Version
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-T
X-TEC-API-ROOT
DynaTrace
Nginx-Cache
Paypal-Debug-Id
X-Dw-Request-Base-Id
X-Grace
X-Trace
X-Upstream
X-Fastly-Request-ID
X-Varnish-Age
Arr-Disable-Session-Affinity
Accept-CH-Lifetime
X-FastCGI-Cache
X-Hits
TCN
X-Amz-Meta-S3cmd-Attrs
X-Id
X-Forwarded-Proto
X-Shield-Request-Id
X-DIS-Request-ID
X-Pad
X-Origin-Upstream-Status
X-XRDS-Location
X-Cache-Hit
SPIisLatency
SPRequestDuration
X-Content-Options
X-Content-Digest
X-Ruxit-JS-Agent
Realpath
X-Logged-In
X-Kinsta-Cache
X-IPLB-Instance
Access-Control-Request-Method
X-B
Mrf-Cache-Status
MRF-Tech
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-Acc-Meta-Resource-Type
X-NF-Request-ID
AR-SID
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Generation
X-SS-Set-Cookie
X-HW
X-Vcap-Request-Id
S
X-MSEdge-Ref
X-Debug
Service-Worker-Allowed
Server-Name
X-Ser
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Backend
X-Frontend
X-PressLabs-Stats
Tracecode
X-FTR-Expires
Fastcgi-Cache
X-Wix-Server-Artifact-Id
X-Cache-Key
Eomportal-Instance
Rt-Fastcgi-Cache
X-Server-ID
X-GUploader-UploadID
AMP-Access-Control-Allow-Source-Origin
Alternate-Protocol
X-Webkit-CSP
Surrogate-Key
X-Oneagent-Js-Injection
Cleartype
X-Cache-Rule
X-Forwarded-For
X-NewRelic-App-Data
Cache-Status
X-NWS-LOG-UUID
X-HS-Hub-Id
X-HS-Content-Id
X-Analytics
Backend-Timing
X-VCache
X-Srv
TP-Cache
TP-L2-Cache
Host
X-User-Agent
FilterID
X-Rid
X-Revision
X-Whom
X-FTR-Cache-Host
X-Debug-Info
X-AOL-HN
Public-Key-Pins-Report-Only
Fastly-Restarts
X-Akam-SW-Version
X-Varnish-Backend
X-Cache-2
X-Via-JSL
ServerID
X-Content-Powered-By
X-RateLimit-Remaining
X-Request-Received
X-Request-Processing-Time
X-Zen-Fury
Viewport
Accept-Charset
X-Cdn
X-Accel-Buffering
X-Mobile
X-Kinja-Server-Push
Front-End-Https
X-Ttl
X-WPE-Loopback-Upstream-Addr
X-Oracle-Dms-Rid
Liferay-Portal
X-Cached-By
X-Node-Name
X-B3-Traceid
X-Hostname
X-App-Environment
X-Tumblr-User
Host-Header
X-Varnish-Hostname
X-Tumblr-Pixel
X-Cluster
X-Content-Security-Policy-Report-Only
X-LB-Cache
X-Cache-Control
X-Page-Id
X-Magnolia-Registration
X-Tumblr-Pixel-0
X-B3-Sampled
X-Framework
X-Handled-By
X-Request-Guid
X-TT
X-Signature
X-Instance
X-Platform-Server
X-FB-Debug
X-Device-Type
Upgrade-Insecure-Requests
Cache-Tag
X-Akamai-Edgescape
X-B-Cache
X-BCube-Filmed-By
X-Cache-Server
DC
X-Origin-Server
Server-Node
X-TT-TIMESTAMP
X-TA-CDN-Provider
X-XRDS-LOCATION
Source
Retry-After
X-Contextid
MicrosoftSharePointTeamServices
X-Servedby
X-Accel-Expires
X-WA-Info
HitInfo
HitType
Server-Info
X-Cache-Action
X-Amzn-Trace-Id
X-Cache-Operation
X-Correlation-Id
X-Varnish-Server
X-Middleton-Display
X-APP-VERSION
Display
X-Sol
X-Port
X-Daa-Tunnel
X-Esi
X-Geo-Country
X-Distil-CS
X-Edge-Location
X-Generated-By
AsisCache
X-Hyper-Cache
Content-Script-Type
Webserver
X-Amz-Replication-Status
Content-Style-Type
X-Newrelic-App-Data
X-S
X-WebKit-CSP-Report-Only
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-TX-ID
X-Wix-Request-Id
X-Seen-By
GEO-INFO
X-Locale
ServedBy
Actual-Object-TTL
X-FW-Type
X-Varnish-Hits
X-FW-Static
X-FW-Serve
X-Status
X-FW-Hash
X-FW-Server
X-RequestSource
X-Region
X-UUID
X-Adobe-Loc
X-Drupal-Cache-Tags
X-Adobe-Content
X-Edge-Cache-Key
X-GeoIP
X-Jobs
X-Edge-Cache
X-Response-Served-From
X-Varnish-Grace
X-DataStream-Cache-Status
User-Agent
Healthy
SRV
Filters
Refresh
X-Proxied
X-Amz-Server-Side-Encryption
NGB
X-Middleton-Response
X-Litespeed-Cache
S-Cnection
Response
X-Cache-TTL-Remaining
X-Yottaa-Optimizations
X-Yottaa-Metrics
IBM-Web2-Location
X-CDN-Forward
AR-Request-ID
X-Correlation-ID
X-Fastcgi-Cache
X-Cache-Age
X-AppVersion
X-Activity-Id
X-App-Server
X-Az
X-URL
X-Pc-Key
X-Pc-Appver
X-Pc-Hit
X-Cache-Remote
X-Content-Type
Cache
X-Cacheable-TTL
Payment
X-Cache-NE
X-Unique-ID
X-Kong-Proxy-Latency
X-Ruxit-Js-Agent
X-Kong-Upstream-Latency
X-Cache-TTL
Datacenter
X-UA
Country
X-Vg-Webcache
X-Akamai-Transformed
Served-By
X-Mode
HostName
X-HS-Cache-Config
Edge-Cache-Tag
X-Sucuri-ID
Load-Balancing
X-RemovedCookies
X-Source
Meta-Geo
X-RN-RSRV
X-Is-Bot
X-Rendered-As
X-Detected-As
X-ProcessESI
Machine
X-PCL
X-Rocket-Nginx-Bypass
X-OCL
X-ProxyCache-Key
X-FC-Vary-Parameters
User-Cache-Control
X-BYPASS-REASON
X-ProxyCache-Status
X-Proxy
Backend
X-Viewer-Country
X-Varnish-IP
X-Varnish-Cacheable
X-Amz-Meta-Surrogate-Control
L5d-Success-Class
Now
X-ApacheServer
Cache-Name
Cache-Key
X-Origin
X-PERF
X-Cache-Config
X-Grey
X-Hosted-By
X-Pubstack
X-ServerID
X-Cache-Category-Id
X-Backend-Name
X-Human
X-BB-IP
X-Tb
Access-Control-Allow-Method
DB-Nickname
X-ATG-Version
Azure-InstanceId
Azure-RegionName
Azure-SiteName
Azure-Version
Azure-SlotName
Access-Control-Request-Headers
X-CCM
X-Zipkin-Id
Property-Id
X-Section
X-CDN-Cache
X-Access
X-Routing-Service
Webcakes-Region
TWC-Connection-Speed
TWC-Device-Class
ServerName
Mn-Server-Ip
S-Rt
TWC-GeoIP-Country
TWC-GeoIP-LatLong
Webcakes-App-Version
Webcakes-App-Name
TWC-Privacy
TWC-Locale-Group
X-Debug-Cache
X-Site-Version
X-Varnish-Cache-Hits
X-Upgrade-Enabled
X-Loop
X-JoinUs
X-NodeID
X-Origin-Hint
X-OVcl-Cache
X-OVcl
X-Via-Fastly
X-Original-Request
X-Hit
X-L-Path
X-Format
X-EIG-Tracking-Id
X-TNCMS
X-Generated
X-Environment-Context
X-Agile
X-TWH-CORRELATION-ID
X-Www-Served-By
X-Agile-Age
X-SplitTest
X-Storage
X-Xfnlog-Site
X-VWS-Id
X-Ocache
X-AWS-Id
X-App-Name
X-LJ-Flow-ID
X-NGENIX-Cache
X-IP
X-Real-IP
X-Agile-Id
X-Rule
X-Origin-CC
X-Drupal-Cache-Contexts
Selected-FE
X-Pc-Host
X-Pc-Date
X-Timing-Wait
X-Proxy-Build
X-Akamai-Request-ID
X-HS-Combine-CSS
X-Vgn-Hpd-Reason
X-Cache-Var-Map
X-Cache-Var
X-NC
X-Upstream-CT
X-Upstream-HT
X-Time-Microsecs
X-PHP-Backend
From-Origin
XServer
X-NCache
X-RateLimit-Limit
X-UA-Device-Type
X-Microcachable
OT-Force-Account-Verify
X-Internal-Host
X-Nginx-Cache
X-SERVER-NAME
X-Distributor
X-Release
X-Mrs-Cache-Hits
X-Forwarded-Host
X-Mshield-Cache-Status
Ar-Sid
X-Mrs-Cache
X-Mrs-Age
Fastcgi-Useragent
X-M-Log
X-Feature
LB
X-M-Reqid
Fastcgi-X-Cache
Fastcgi-X-Cache-Version
X-Qnm-Cache
Fastly-SSL
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Ms-Request-Id
X-Ms-Lease-Status
Pagetype
X-Ms-Blob-Type
X-Ms-Version
X-Cache-Backend
Powered-By-ChinaCache
X-Birta-Cache-Post
X-Birta-Served
X-Twitter-Response-Tags
X-Transaction
X-Connection-Hash
Pagespeed
X-Labrador-Cache-Channel
MIME-Version
NtCoent-Length
X-V
X-B3-Spanid
X-Instance-Name
X-EdgeConnect-Cache-Status
X-VG-TLSProxy
X-Webkit-Csp
Frame-Options
X-GZip
X-Web-Node
X-Ah-Environment
X-Varnish-Beresp-Ttl
PageSpeed
X-C
Time
X-Date
X-Block-Status
V-Age
T-Server
Server-Int
Viewtype
VivaBuild
Web-Mar-Node
BehaviorPad-Version
Cache-Prefix
Rendered-Blocks
Ec-Rule-Version
MD5-Digest
IsBot
Host-ID
Meta-Geo-Continent
NGX
Fly-Cache
Fly-Request-Id
Arc-Country
Www
X-B-Cookie
X-ARC
X-Application
X-BB-ID
X-Cache-Bucket
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Accel-Expires-Debug
X-A-Wwc
X-A-Dam
X-A-Ccd
X-A
AKAMAI
Ajk
X-A-Dgt
X-A-Dcw
X-D
X-Generated-In
X-IN-WAF
X-Irp-Debug
X-SIPLIST1
X-IN-SSL-APIGATEWAY
X-Via-SSL
X-PAYTM-SRV-ID
X-Region-Sid
X-Redis-Cache
X-UE-Client-Country
X-Logtrace-Id
X-VG-WebServer
X-Org
X-Via-CDN
X-NU-AKA-ACS-Version
X-Via-Edge
X-Destination
X-No-Session
X-Request-URI
X-IN-APIGATEWAY
X-Server-By
Xc-Version
X-ScT
X-Trv-Group
X-DPWN-IS-SECURE
X-Server-Time
X-Developer
X-Died
X-SRCache-Key
X-Hnp-Log
X-S-Cookie
X-Rojux
X-Gen-Mode
X-Rewrite-Enabled
X-Generation-Time
X-Request-UUID
X-G
X-From
X-FireWall-Port
Cneonction
Request-EU
True-Client-Country-4JS
X-Varnish-Action
On-Server
X-Wikidot-Backend
X-WebServer
MI-API
Magicmarker
X-Wikidot-Static-Cache
HA-Ipaddr
HA-Servedtime
HA-Urlpath
MI-Cache
MI-Cache-Age
Origin-Edge-Control
Pragrma
Proxy-Connection
Origin-Cache-Control
NodeID
X-We-Are-Hiring
X-VServer
Request-Country
X-RateLimit-Remaining-Second
X-Hl-Ver
HA-Host
X-HTML-Minification-Powered-By
X-CUA
X-Core-Value
X-CS
X-Fastly-Cache
X-F5-Cache
X-Dispatcher-Server
X-Debug-Log
X-ElasticPress-Search
X-Eu-Site
X-External-Request-Id
X-Debug-Cookies
X-CGP
X-Key
X-RateLimit-Limit-Second
X-Platform
X-Amz-Meta-Cache-Control
X-RCS-CacheZone
X-ServiceProvider
X-S-Maxage
X-Phone
X-Owner
X-MI-In-Market
X-Layer
X-Cache-CFC
X-Node-Id
X-Origin-TTL
X-NX-Host
X-Sf
SN
X-Csrf-Token
X-Powered-By-ANYU
Decoy-Debug-Key
X-CACHE-GROUP
GMS-Ver
X-Sucuri-Cache
CDCHOST
Backend-Name
Decoy-Debug-Status
Decoy-Debug-TTL
Esi-Enabled
Cache-Tags
HA-Cloudapp
Country-Code
WZWS-RAY
HA-Geolat
HA-Geolon
X-Atg-Version
Ha-Gx-Prefs
HA-Georegion
HA-Geocountry
HA-Geocity
X-Oss-Storage-Class
X-Oss-Server-Time
Cteonnt-Length
X-NWS-UUID-VERIFY
X-HOST
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-App-Version
X-Clientip
X-Content-Age
X-Ckpd-Fst-Backend
X-Skip-Cache
X-Cache-Host
X-Stale
X-Cache-Enabled
X-Swa-Ws
X-Backend-Url
X-Backend-State
X-Backend-TTL
X-Crawler
X-Sorting-Hat-ShopId
X-Cdn-Srv
X-Sorting-Hat-PodId
X-Cdn-Origin
X-Cache-URL
X-Cache-Srv
X-Sn-Servicetimems
X-Server-IP
X-GeoIP-Country-Code
X-Location
X-GeoIP-City
X-Reboot
X-Request-Time
X-Gannett-Site-Version
X-Passed-To-PostProcessResponse
X-Matched-Rule
X-MSEdge-Flight
X-Nginx-Cache-Key
X-MSEdge-Features
X-Passed-To
X-Passed-To-DLL
X-Passed-To-BeforeDispatch
X-FW-Version
X-Fstrz
X-Backend-Host
X-Secret
X-ShardId
X-Developers
X-Shopify-Stage
X-ShopId
X-Epic-Correlation-Id
X-Returned-From-PostProcessResponse
X-Returned-From
X-Response-By
X-Fetched-On
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-Croise-Owner
X-Thinkindot-L3
Odigeo-Trace-Id
Server-ID
Server-Host
Section-Io-Cache
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Variation
Uber-Trace-Id
Fastly-Backend-Name
RNT-Time
RNT-Machine
Release
X-Worker
Platform
PFcat
Countrycode
Request-Time
X-Trace-Id
Mobile-Detection-Method
Origin
X-Var-Ttl
Thinkindot-Control
Apple-News-Services-Handled
Is-Eu
X-TT-LOGID
Kp-EeAlive
Adler-Geo
X-Tumblr-Pixel-3
X-Actual-URL
X-Alternate-Cache-Key
Apple-News-Services-Host
Heartbleed
X-UnsetCookies
X-Up
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Webstats-RespID
X-CACHE-AGE
Fastly-SWR
X-Rebelmouse-Surrogate-Control
HTTPS
Fastly-SIE
Resin-Trace
X-Device-Os
X-Servername
X-Rebelmouse-Cache-Control
Content-Disposition
X-Core-Mission
Sid
X-Hash
X-Cache-Expires
X-Store
X-Ezoic-Cdn
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-VCT
X-Iejgwucgyu
X-Alicdn-Da-Ups-Status
CDN
X-Ua
X-Policy
X-Pf-Uncompressing
ProcessTime
WP-Super-Cache
X-Cache-ASPX
RequestId
X-Real-Ip
X-Servedbyhost
X-TIME
Warning
X-GEO
CF-IPCountry
REQUESTUUID
X-Proto
Powered
X-Cluster-Node
Xserver
Dnion-Transfer-Encoding
X-GoCache-CacheStatus
NODE
Mail-Subject
X-Refresh
We-Hiring
X-DC
X-Req
Cache-Cookie-Set-Lfrom
ViewerVersion
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-Dc
X-B3-TraceId
X-Pjax-Url
NnCoection
X-Origin-Expires
X-Origin-Date
X-Page-Type
X-Varnish-Ttl
X-HCF
X-Endurance-Cache-Level
X-Newrelic-Synthetics
X-Edge-IP
X-Surge-Debug
X-Cache-Control-Set-By
X-Varnish-HitMiss
X-Server-W
X-CLOUD-TRACE-CONTEXT
GeoIp-Country-Code
X-Time
Geoip-Latitude
X-COUNTRY
X-Nc
Hostname
X-Guploader-Uploadid
WWW-Authenticate
X-Aed
X-Server-Group
X-Oracle-Dms-Ecid
Processtime
X-Ms-Lease-State
SD-X-WS
Geoip-City
Pramga
CACHE
MS-CV
PICS-Label
X-Wix-Route-ID
A
X-Varnish-Url
X-CSRF-Token
TSSecure
X-Wa
X-GRACE
X-Varnish-URL
X-Aicache-OS
X-Varnish-Beresp-TTL
X-Datadome
Dont-Set-Cookie
X-Cdn-Forward
Cdn-Request-Time
Cdn-Host
X-From-Cache
X-Gdpr
X-DataStream-Origin-MEX-Latency
X-ABtesting
X-Edge-Server
X-Akamai-Request-ID2
X-Flog
X-DataStream-MidMile-RTT
X-Hello
X-Ratelimit-Limit
Node
X-WA
X-Geo
Cdn
X-SRV
Lfy
Ms-Operation-Id
X-Nananana
X-UPSTREAM-Address
X-RTag
Lb
X-Auto-Login
DataCenter
Mime-Version
X-Use-Magma
X-Cache-HT
FSS-Cache
Get-Access-Time
COMMERCE-SERVER-SOFTWARE
X-Optimization
X-Env
FSS-Proxy
Is-Session-Tracking
X-Load-Cache
PageType
X-Wix-Petri-Ex
Who
X-APP
X-FORWARDED-FOR
X-Sentry-ID
GeoIP-Latitude
X-Fastly-Backend-Reqs
X-EC-Security-Audit
GeoIP-Country-Code
GeoIP-City
X-WR-MODIFICATION
X-Gen-Id
X-PAGE-TYPE
X-CACHE-KEY
X-Via-NSCOPI
X-Cache-FS-Status
Rt-Proxy-Cache
X-Unique-Id
X-GDPR
X-Ibm-Trace
X-Ver
X-Cache-Id
Ws
X-Check-Cacheable
X-Meta-Tbi-Cache-Vertical
X-Served-From
X-Dynatrace-Js-Agent
X-NGINX-Cache
X-PJAX-URL
X-Thanos
X-Cookie
Httpd-Identifier
X-Bip
Memcached
X-Cache-Info
X-MP-GENERATED-AT
Ohc-File-Size
Powered-By
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
Pics-Label
X-Swift-Error
X-Path-Route
X-Proxy-Server
X-Dw-Trace-Id
X-Cache-Ttl
URI
X-Be
X-HS-Status
Group
X-RateLimit-Reset
V-Cache
X-Fastly-Cache-Hits
X-Fe
Memory
X-B3-SpanId
Version
X-Request-Start
X-LiteSpeed-Cache-Control
Cf-Ipcountry
X-Shard
X-CDN-Pop
X-P-T
X-CDN-Pop-IP
X-ServedByHost
Apicache-Version
Apicache-Store
X-ID
Amp-Access-Control-Allow-Source-Origin
Requestid
X-GZIP
X-SB
Ohc-Response-Time
Fastly-Soc-X-Request-Id
Xet-Cookie
NX-Cache
X-PF-Uncompressing
X-VC
UCS
X-Bug-Bounty
AGE-Hash
GW-Server
Serverid
X-User
X-Varnish-Info
X-Akamai-ERRuleID
CDN-Cache
CDN-Cache-Hit
X-Akamai-ERPolicy
X-CacheKey
N-Cache
If-Modified-Since
X-StackifyID
CDN-Node
X-Micro-Cache
X-Info
X-Ratelimit-Remaining
X-Distil-Cs
X-RAMCache
X-BBXSRF
X-SD-PageType
X-RequestId
X-Route-Name
X-ServerName
Https
X-Providence-Cookie
X-Is-Crawler
X-Grace-Duration
X-Litespeed-Cache-Control
X-Flags
X-Cache-Handler